Privacy policy and cookies
Purpose
This policy is applied by the library of the following association:
CENTRE EUROPEEN D'ETUDES JAPONAISES D'ALSACE: established under SIREN number 435 399 985 with registered office at 1, rue Camille Schlumberger 68000 Colmar
The library management, Regine Mathias-Pauer and Erich Pauer, are responsible for the processing and content of the pages. Hereinafter referred to as "persons responsible for processing".
The purpose of this policy is to inform visitors to the website: ceeja-japan-library.eu (hereinafter "the Website") about how the data is collected and processed by the person responsible for the data processing.
This policy is part of the desire of the data controller to act transparently and in accordance with its national provisions and with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the "General Data Protection Regulation").
The data controllers pay particular attention to the protection of the privacy of their users and therefore undertake to take the necessary appropriate precautions to protect the personal data collected from loss, theft, disclosure or unauthorized use.
"Personal data" is defined as all personal data relating to the User, that is, any information that allows the User to be identified, directly or indirectly, as a natural person.
If the User wishes to respond to any of the practices described below, he can contact the Data Controller at the postal address or email address indicated in the "Contact Details" section of this Policy.
What data do we collect?
The Data Controllers collect and process the following personal data concerning Users, in accordance with the methods and principles described below:
- His IP address;
- His/her email address, if the User has previously disclosed it, for example by sending messages or questions about the Services or by communicating with the Controller by email or via the contact form;
- All information relating to the pages consulted by the user on the website of the library of the Centre Europeen d'Études Japonaises d'Alsace;
It is possible that the data controllers also collect non-personal data. These data are called non-personal data because they do not allow the direct or indirect identification of a specific person. They can therefore be used for any purpose, such as improving the website, products and services or advertising of the data controller.
In the event that non-personal data is combined with personal data so that identification of the data subjects is possible, these data are treated as personal data until they can no longer be assigned to a specific person.
Methods of collection/treatment
The controllers may process personal data in the following ways:
- contact form;
- Cookies.
Categories of data collected, purpose, legal basis of processing and retention period
Personal data is collected and processed only for the purposes stated below:
| Treatment | category of data | Purpose | Legal basis | duration of storage |
|---|---|---|---|---|
| contact form for Internet users | Last name, first name, telephone number, email, postal address. | Answering Internet users' queries | The legal basis is the legitimate interest in providing support to Internet users. | - 3 years from the last contact with the user. - Mandatory request to the Internet user to extend the retention period of the data collected by 3 years. |
| Cookies | IP and connection data | - Operation of the website - Keeping users logged in - Web analysis - Conversion tracking | The legal basis is the consent | 13 months maximum |
The Data Controllers may, under certain circumstances, carry out processing operations not yet provided for in this policy. In this case, they will contact the User before further processing of their Personal Data in order to inform them of the changes and, where appropriate, give them the opportunity to oppose further use.
Recipient of the data and transfer to third parties
Internal recipients:
The recipients of the data are exclusively the employees authorized by the data controller who are responsible for security, business relations and development.
External recipients:
| Third | Transmitted data |
|---|---|
| AWS -Amazon (web hosting provider) | All data stored on the server. |
| Tiz administration, support and maintenance of the website | All data |
In addition, Amazon, as a data processor under the web server hosting agreement, may have access to certain data under certain conditions. Its servers are located in the US. Amazon confirms that it adheres to the PRIVACY SHIELD principles and can therefore lawfully receive data from the EU.
In the event that the data is communicated to third parties for the purposes of direct marketing or commercial advertising, the user will be informed in advance so that he can decide whether to consent to the communication of his data to third parties.
Once this transmission is based on the user’s consent, the user may withdraw his or her consent for this specific purpose at any time.
The data controllers will comply with applicable legal and regulatory provisions and will in any case ensure that partners, employees, processors or other third parties who have access to such personal data comply with this Policy.
The data controllers will disclose the user's personal data if required to do so by law, legal proceedings or an order from a public authority.
Enforcement of rights
For all rights listed below, the controller reserves the right to verify the identity of the user in order to enforce the rights listed below.
This request for additional information shall be made within one month of the user submitting the request.
access to data and copying
The user can obtain, free of charge, a written communication or a copy of the personal data collected about him.
The controller may charge a reasonable fee based on the administrative costs for each additional copy requested by the user.
If the User makes this request electronically, the information will be provided in a commonly used electronic format, unless the User requests otherwise.
Except for the exceptions provided for in the General Data Protection Regulation, the User will be provided with a copy of his/her data no later than one month after receipt of the request.
Right to withdraw consent
For all processing operations based on consent, in this case cookies, the data subject has the right to withdraw his or her consent at any time, in particular directly at the end of the e-mail.
Right to rectification
The User may request, as soon as possible and at the latest within one month, the rectification of his/her personal data which are inaccurate, incomplete or irrelevant, as well as their completion if they prove to be incomplete, free of charge.
Unless the General Data Protection Regulation provides for an exception, the request to exercise the right to rectification will be processed within one month of its submission.
Right to object to processing
The User may object to the processing of his or her personal data at any time and free of charge for reasons related to his or her particular situation, except when:
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (in particular where the data subject is a child).
The Data Controllers may refuse to exercise the User's right of objection if they demonstrate compelling and legitimate grounds for the processing which override the interests or rights and freedoms of the User, or for the establishment, exercise or defense of a legal claim in court. In case of dispute, the User may file a complaint in accordance with the "Claims and complaints" section of this Policy.
The User may also object at any time, without giving any reason and free of charge, to the processing of his/her personal data when his/her data is collected for commercial advertising purposes (including profiling).
Where personal data is processed for scientific or historical research purposes or for statistical purposes in accordance with the General Data Protection Regulation, the user shall have the right to object to processing of personal data concerning him or her for reasons related to his or her particular situation, unless the processing is necessary to perform a task carried out in the public interest.
Except for the exceptions provided for in the General Data Protection Regulation, the controller is obliged to respond to the user's request as soon as possible and at the latest within one month, giving reasons for its response if it intends not to comply with such a request.
Right to restriction of processing
The user can request the restriction of the processing of his personal data in the following cases:
- If the user contests the accuracy of information and only for as long as the controller can verify the information;
- Where the processing is unlawful and the user prefers restriction of processing rather than erasure;
- If the User no longer needs the Data for the purposes of the processing, but requires them to establish, exercise or defend his or her rights in court;
- For the time necessary to examine the merits of a request for objection submitted by the User, i.e. for the time during which the Controller carries out the balancing of interests between the legitimate interests of the Controller and those of the User.
The controller shall inform the user when the restriction on processing is lifted.
Right to erasure (right to be forgotten)
The user may request the erasure of personal data concerning him or her if one of the following reasons applies:
- The data are no longer necessary for the purposes of the processing;
- The User has withdrawn his consent to the processing of his Data and there is no other legal basis for the processing;
- The User objects to the processing and there are no compelling legitimate grounds for the processing and/or the User exercises his/her specific right to object to direct marketing (including profiling);
- The personal data were processed unlawfully;
- Personal data must be erased in order to comply with a legal obligation (of Union or Member State law) to which the controller is subject;
- The personal data were collected in connection with the provision of information society services aimed at children.
- However, the deletion of data does not apply in the following cases:
- Where processing is necessary for the exercise of the right to freedom of expression and information;
- Where processing is necessary for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- Where processing is necessary for reasons of public interest in the area of public health;
- Where processing is necessary for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, and the right to erasure is likely to render impossible or seriously compromise the achievement of the objectives of the processing in question;
- If processing is necessary for the establishment, exercise or defense of legal claims in court.
Except for the exceptions provided for in the General Data Protection Regulation, the controller is obliged to respond to the user's request as soon as possible and at the latest within one month, giving reasons for its response if it intends not to comply with such a request.
Right to "data portability"
The User may at any time request to receive his/her personal data free of charge in a structured, commonly used and machine-readable format, in particular for the purpose of transmitting it to another controller, when:
the data processing is carried out using automated procedures; and if
the processing is based on the user's consent or on a contract between the user and the controller.
Under the same conditions and in the same manner, the User shall have the right to request from the Controllers that the Personal Data concerning him or her be transmitted directly to another Personal Data Controller, where technically feasible.
The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Security
The controller shall implement appropriate technical and organizational measures to ensure a level of security of the processing and of the data collected that is appropriate to the risks presented by the processing and the nature of the data to be protected and proportionate to the risk. In doing so, it shall take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing as well as the risks to the rights and freedoms of users.
The data controllers have implemented appropriate security measures to protect and prevent the loss, misuse or alteration of information obtained on the website.
In the event that the personal data under the controller’s control is compromised, they will act promptly to determine the cause of the breach and take appropriate remedial action.
The controllers shall inform the user about this incident if they are legally obliged to do so.
Complaint and appeal
If the User wishes to react to any of the practices described in this Policy, he should contact the Data Controller directly.
The user may also lodge a complaint with his national supervisory authority, you can lodge a complaint online with the CNIL or by post:
National Commission for Information Technology and Freedoms (CNIL)
3 Place de Fontenoy
TSA 80715
75334 Paris cedex 07
Tel: 33 1 53 73 22 22
In addition, the user has the possibility to bring an action before the competent national courts.
contact details
For questions and/or complaints related to this Policy, the User may contact the Data Controller at the following email address:
bibliotheque@ceeja-japon.com, or by post to the address :
CEEJA Japan Library
6, rue Louis Blériot (ZAC aerodrome) 68000 COLMAR. bibliotheque@ceeja-japon.com
Changes
The Controller reserves the right to modify the provisions of this Policy at any time. Any modifications will be published directly on the Controller's website.
Applicable law and competent jurisdiction
This Directive is governed by the national law of the place where the controller has its main place of business.
Any dispute relating to the interpretation or enforcement of this Directive shall be submitted to the courts of that national law.
The current version of the directive is dated August 21, 2024.