General Conditions of Use

These General Conditions of Use (GCU) define the relationship between the Association SERPA, whose registered office is Société d'Enseignement et de Recherche en Pneumologie et Allergologie - Institut Coeur Poumon - CHU de Lille - Boulevard Professeur Jules Leclerc 53037 LILLE CEDEX PARIS, registered under SIRET n°: 42921036200019, (hereinafter the "Association") on one hand, and any individual or legal entity wishing to make a request (hereinafter the "User") on the other hand.

The User expressly acknowledges having read and being bound by these General Terms and Conditions of Use.

Personal Data and Privacy

The website does not collect any personal data. The "ImmunoToon" web application does not collect any personal data, only cookies, which are necessary for the WebApp to work properly. Read more about the nature and use of cookies in the "Legal Notice" section.

Personal Data Protection Policy

Definitions

• "Control Authority" refers to an independent public authority that is established by a Member State and deals with the processing of personal data. In France, la CNIL (Commission Nationale de l'Informatique et des Libertés) is the "Control Authority".
• "Collect" refers to collecting personal data. This collect may be achieved, in particular, by online surveys or forms.
• "Consent", your consent means any expression of free, specific, informed and unambiguous agreement whereby you accept, by a declaration or by a clear positive act, that your personal data may be used for any processing.
• "Data of a Personal Nature" or " Personal Data" refers to any information about an identified or identifiable physical person who can be identified, directly or indirectly, by reference to an identifier, such as a name, an identification number, a location data, an online identifier, or to one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity.
• "Access rights" : refers to the fundamental rights as described in European Regulations, relating to : information rights; access rights; rectification rights; erasure rights or forgotten rights; portability rights; opposition rights; processing limitation rights; definition of directives relating to the conservation, removal and communication of their personal data.
• "User" refers to any Internet User that has access to the Website.
• "Data controller" refers to the person or body that, alone or jointly, determines the purposes and methods of processing your personal data.
• "GDPR" refers to the European Parliament and Council Regulation (EU) 2016/679 of April 27, 2016 relating to individuals protection regarding to the personal data processing and the free movement of these data, revoking Directive 95/46/EC.
• "Sub-processor" refers to the entity that processes personal data on the data controller's behalf.
• "Third-party" refers to any person other than the parties involved.
• "Personal data processing" refers to any operation or group of operations applied to your data, regardless of the online service medium and the process involved.

Users can provide specific personal data by filling out the forms provided. These informations will be used to manage user accounts.

They may be communicated to subcontractors or third parties to process files or to fulfill legal and regulatory obligations.

Our commitment

Through this Personal Data Protection Charter, Association SERPA, engages, through its activities, to ensure that collecting and processing your data, made from its websites, complies with General Data Protection Regulation (GDPR) and Data Protection Act of January 6, 1978 to ensure all precautions are taken to preserve the protection, confidentiality and security of nominative information provided and to respect the privacy of users.

To comply with the regulations mentioned previously, Association SERPA has established this Personal Data Protection Charter.

Accordingly, in conformity to current legal provisions, Association SERPA is attached all the essential principles listed below :

• Transparency : We provide all relevant information on the purposes and recipients of the collected data;
• Legitimacy and accuracy : We only collect and process essential data for the declared purposes;
• Confidentiality and integrity : We establish every technical and operational reasonable measure to protect your personal data against disclosure, loss, alteration or access by unauthorized third parties;
• Storage : We only store personal data for the necessary period of time required for the purposes specified in the data processing or service, or until the data is no longer required for the purposes it was collected for;
• Right to inquire about modifying/deleting your personal data : We allow you to request modification or deletion of your personal data.

Association SERPA may modify or correct its Privacy Policy occasionally. Please consult it carefully in order to keep yourself updated of any changes and of how they might affect you.

According to GDPR Article 13, we inform you that the Data Controller is Association SERPA.

Consent

Through the use of the website www.immunotoon.com and/or the WebApplication "ImmunoToon", you may consent to the processing of your personal data in conformity with the present Personal Data Protection Charter. If you do not consent that your personal data may be collected and processed in this way, please do not provide any personal information.

The Association only collect and use your Personal Information where relevant and lawful for such purpose. Your explicit consent will always be required for data processing. You are not obliged to consent, but if you decide not to, your ability to take part in some of our activities may be restricted.

Data Security Measures

Respecting your right to protect, secure and preserve the confidentiality of your data is our priority.

The Association promises both to maintain a secure IT environment and to implement appropriate measures to protect your personal data against malicious intrusion, loss, alteration or disclosure to unauthorized third parties.

Because all personal data are strictly confidential, their access is limited to the Association's members or service providers acting for The Association, and who require them in the execution of their duties. All those having access to your personal data are under a strict confidentiality agreement and must apply the Association's Personal Data Protection Charter.

Furthermore, subcontractors who have access to your personal data are contractually responsible for their security and for ensuring that your rights are respected under identical conditions.

Retention period of collected data

We remind you that you have the right to have your personal data deleted at any time.

If you have not requested to have your personal data deleted, it will be kept only for as long as is reasonably necessary to provide the service, improve it and meet applicable legal requirements. This means that we may keep your personal data for some time after you stop using the www.immunotoon.com website and/or WebApplication "ImmunoToon". After this period, your personal data will be deleted from all our databases.

In accordance with the legal obligations The Association stores your account data only as long as required for processing or as necessary for fulfilling on purpose for which it was collected.

Location of collected data storage and transfer

The Association processes data on its own or on its subcontractors' datacenters, according to the French and European Legislation. In case subcontracting, service providers are contractually linked to The Association.

This contract provides high levels of confidentiality, and also requires the subcontractor constantly to maintain all necessary technical measures to keep personal data safe and secure.

In all instances, the data are stored in processing centers located in France or in European Union.

Subcontractors and service providers may receive your personal data within the strict scope of the services we entrust to them (e.g. hosting the Website and WebApplication).

These subcontractors are systematically located in France or in European Union and are contractually and legally responsible to protect the confidentiality and security of your personal data and to only process it in accordance with our specific instructions.

Some personal data processing may also involve third parties in order to legally, contractually or otherwise fulfill obligations relating to data processing or to comply with legally authorized authorities.