1 Data protection policy

  • 1.1- PURPOSE AND SCOPE OF APPLICATION

The French Red Cross (hereinafter “FRC” or “us”) is committed to protecting the privacy of internet users (hereinafter “visitors” or “you”), and wishes to ensure that the personal data you entrust it with will be protected at the best possible level.

The purpose of this policy is to inform you how we treat the personal data you provide us with, collected when you use the PIROI website (hereinafter the “website”). The policy complies with prevailing and applicable data protection regulations, in particular the General Data Protection Regulations of 27 April 2016 and the French Data Protection Act of 6 January 1978 as amended.

This policy applies to processing of personal data by FRC on PIROI’s website.

  • 1.2- PURPOSES AND REASONS FOR PROCESSING YOUR PERSONAL DATA

We collect and process your personal data, which is required for the following purposes:

  • Processing and following up of enquiries you have sent via the contact form on this website
  • Processing and following up an interest you have expressed in participating in PIROI’s volunteer activities, as stated in a request you have sent using the relevant form on this website.

  • 1.3 – Data processed and retention period

The categories of personal data about you that may be collected on the website are as follows:

  • Identification data: surname, first name, email address, telephone number

All this information is mandatory in order to answer your message or request.

It will be kept as long as is needed to process your request for a period not exceeding 12 months and will then be deleted.

  • 1.4 – Recipients of your personal data

Your personal data is intended for departments and persons authorised by FRC in the context of processing your request, in particular for PIROI and certain head office departments if necessary. 

However, it may occur that we disclose some of your personal data if requested to do so by judicial, law enforcement, or administrative authorities, or by any legally authorised third party.

  • 1.5 – Security of your personal data

FRC takes due care to guarantee the security of your personal data. As such, we adopt appropriate technical or organisational measures in order to ensure a level of security adapted to the risk, in particular:

  • admission restrictions (security staff, access badges) 
  • fire alarm 
  • video surveillance
  • encryption
  • management of authorisations and access
  • authentication 
  • awareness raising about data protection and data security issues

FRC has drawn up an IT Charter and a General Information Systems Security Policy (“PGSSI”) which sets out these measures.

In addition, our staff members are committed to confidentiality and have been made aware of the principles of applicable data protection regulations. 

Your personal data processed by FRC is stored on our servers (in mainland France).

Procedures for personal data breaches: 

In accordance with GDPR, the FRC has set up two personal data breach procedures, one applicable to headquarters and the other applicable elsewhere.

According to the data breach procedure, any breach to the availability, integrity or confidentiality of personal data must be notified immediately after becoming aware of it.

The DPO should notify the French data protection authority (Commission nationale de l’informatique et des libertés, CNIL) not later than 72 hours after having become aware of it. If it is likely that the impact on your personal data is of high risk, FRC also undertakes to inform you as soon as possible.

  • 1.6 – Your rights to protect your data

Pursuant to applicable data protection regulations, you have the right to access and rectify your personal data. Under specific conditions you have the right to have your data erased, to restrict processing and to data portability. You also have the right to object to processing of your personal data, and the right to object to the use of your data for prospecting purposes. In addition, you can define general guidelines regarding what happens to your personal data and how you wish your rights to be exercised after your death.

You can exercise your rights by sending an email directly to PIROI at the following address piroi@croix-rouge.fr

In case of difficulty, you can also write to the French Red Cross data protection officer at: dpo@croix-rouge.fr, or by post at the following address:

Croix-Rouge française
Délégué à la protection des données
98, rue Didot
75014 Paris

You can also lodge a complaint with the French data protection authority (CNIL) online, or by post at the following address:

CNIL
3 Place de Fontenoy 
TSA 80715
75334 PARIS CEDEX 07

  • 1.7 – Information Governance

The data controller is responsible for all processing operations carried out within the FRC. 

At the FRC, the data controller is the President of the French Red Cross and, by delegation, the Director General, Mr Jean-Christophe Combe.

FRC’s head office is located at 98, Rue Didot – 75014 Paris. 

  • 1.8 – Cookie policy

 

What is a cookie? 

A cookie is a small file that a website stores on your hard drive when you visit a site. Their main purpose is to collect information when you browse the website and to remember your preferences. 

Refusing cookies. 

Please note that changing cookie settings may restrict access to certain services that require use of them, such as access to your account. 

You are free to disable cookies at any time in your browser settings. You can accept or refuse cookies on a case-by-case basis or refuse them systematically once and for all.

(latest update : 18.02.2021)