The present document supplements MAKE.ORG’s Terms of Service and concerns Make.org’s commitments relative to the respect of the regulations in force concerning the processing of personal data and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and applicable as of 25 May 2018 (hereinafter “the GDPR”).
In this framework, Make.org will be the data controller.
DESCRIPTION OF PROCESSING
Make.org is particularly sensitive to the protection of personal data in general and of its users’ personal data in particular. For Make.org, this is one of the fundamental digital values and an essential condition for the freedom of conscience. To this end, Make.org is committed to limiting the quantity of personal data collected to that which is strictly necessary for the functioning of its site and its services.
Make.org has filed a declaration with the CNIL under number 2005312 and has chosen to name a DPO in order to guarantee the best level of protection possible.
Make.org will only process personal data that is strictly necessary to carry out its activities.
It will do so for the following purposes:
- the use and improvement of Make.org’s site and services;
- the implementation of Make.org’s campaigns.
The personal data processed consists of:
- elements of identification;
- contact information;
- data necessary for the use of Make.org’s site and services as well as for the implementations of campaigns.
OBLIGATIONS OF MAKE.ORG
Make.org commits to :
- processing data solely for the objective of its activity ;
- guaranteeing the confidentiality of personal data ;
- ensuring that third parties authorised to process personal data :
- are committed to respecting confidentiality or have an appropriate legal obligation to respect confidentiality;
- have the necessary training as concerns the protection of personal data ;
- take into account the principles of Privacy by Design, whether in terms of tools, products, applications or services.
The following may, within the limits of their respective functions, have access to personal data:
- people responsible for operating the service, those with the responsibility of dealing with users and complaints, those responsible for logistical and IT services as well as their superiors ;
- data processors – once a contract is signed between data processors and Make.org that details the responsibilities of data processors in terms of the protection of the security and confidentiality of data ;
- the partners for campaigns, about which users will have been informed of their participation.
COMMUNICATION TO THIRD PARTIES
Personal data processed in connection with Make.org’s activity cannot be divulged to third parties, except for the cases allowed for above or by legal or regulatory provisions.
In order for the User to not have to sign in each time he/she accesses the Service, apart from the first time accessing it, Make.org uses session cookies. These files are stored on the computer and make it possible to identify the User each time he/she connects to the Site. Moreover, in order to improve the Service, Make.org uses audience measurement cookies that provide measurements such as the number of page views, the number of visits, the activity of visitors on the Site and how often they return.
These cookies only enable the improvement of the site’s functioning and services as well as the establishing of statistical studies on the traffic of visitors to the Site, the results of which are completely anonymous.
EXERCISE OF USER RIGHTS
Make.org implements all user rights, such as: the right of access, rectification, deletion and objection, the right to restriction of processing, the right to data portability, the right not to be subject to automated decision-making (including profiling).
These rights can be exercised by any means, and notably by sending an e-mail to the following address : email@example.com
SECURITY AND CONFIDENTIALITY OF PROCESSING
Make.org will take all necessary measures to preserve and ensure the respect of the integrity and confidentiality of personal data.
Make.org is committed notably to implementing technical and organisational measures making it possible to ensure, to the extent that is possible, a level of appropriate security and confidentiality with respect to the risks associated with processing and the nature of personal data.
Data is retained:
- for as long as is necessary for the implementation of the campaign ;
- for a duration of three years following the end of the use of the site or services, or from the de-registration of the user.
- Data will not be retained any longer than is legally required if the user so requests.
DATA PROTECTION OFFICER
The data protection officer designated pursuant to Article 37 of the European Data Protection Regulation is the law firm FWPA, located at 18 Rue des Pyramides, 75001, Paris, represented by Jean-Baptiste Soufron.
The DPO can be contacted at the following address: firstname.lastname@example.org
RECORDS OF PROCESSING ACTIVITIES
Make.org affirms that it maintains written records of all processing activities carried out in the framework of the performance of its activities.