Privacy Policy

PREFACE

This charter (hereinafter the "Charter") aims to provide you with all the necessary information to understand how Keyrus Foundation collects, processes, and protects your Personal Data as the Data Controller within the scope of its activity. Keyrus Foundation is committed to complying with the applicable regulations on the processing of personal data, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter the "GDPR") as well as any applicable national regulations (hereinafter the "Regulations").

DEFINITIONS

Here are some definitions to better understand this Charter:

• "Recipient"

  means the natural or legal person, public authority, service, or any other body that receives personal data, whether or not it is a third party.

• "Personal Data"

  means any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). An "identifiable natural person" is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

• "Keyrus Foundation"

  refers to the foundation registered under SIREN number 841005671 and headquartered at LEVALLOIS-PERRET (92300).

• "Participant"

  refers to any person having a relationship with Keyrus Foundation (e.g., volunteers, partners, managers, etc.).

• "Data Controller"

  means the natural or legal person, public authority, service, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.

• "Processing"

  means any operation or set of operations performed upon personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

1. PRINCIPLES RELATING TO PROCESSING

In the context of its activity, Keyrus Foundation ensures continuous compliance with the essential principles of the GDPR and assures all Participants of Keyrus Foundation that the Personal Data provided is processed lawfully, fairly, and transparently. Personal Data is collected for specified, explicit, and legitimate purposes, and Keyrus Foundation commits not to process the data for purposes incompatible with these objectives. Keyrus Foundation adheres to the principle of data minimization as outlined in Article 5-c of the GDPR, which states that only adequate, relevant, and necessary Personal Data shall be processed concerning the defined purposes.

2. PURPOSES AND LEGAL BASIS OF PROCESSING BY KEYRUS FOUNDATION

3. PERSONAL DATA PROCESSED

The data processed varies depending on the type of processing carried out by Keyrus Foundation. You will be informed of the data collected directly at the time of collection. Keyrus Foundation collects only the data necessary. For example, on the website, the data collected via cookies pertains to audience measurement. For questions regarding the data collected about you, please contact: dpo-Fondation@keyrus.com.

4. RECIPIENTS

Keyrus Foundation is committed to preserving the confidentiality and security of your Personal Data in accordance with current regulations and ensuring that each Recipient provides appropriate guarantees of security and confidentiality. The Recipients who may receive your Personal Data include:

• Keyrus Group companies;

• Authorized staff within Keyrus Foundation;

• Associative partners;

• The Data Protection Officer (DPO).

Authorized service providers, such as subcontractors, may also access your Personal Data as part of the services they provide, including software solutions or IT systems used to process your Personal Data (maintenance, support, hosting, security, and monitoring). In case of a dispute, Personal Data may be shared with legal advisors and authorities.

5. RETENTION PERIODS

The retention period of your Personal Data depends on the legal and regulatory deadlines as well as the type of data concerned.

6. SECURITY AND CONFIDENTIALITY

Keyrus Foundation implements all technical and organizational measures, in accordance with Article 32 of the GDPR, to ensure the security and confidentiality of your Personal Data.

7. DATA TRANSFERS

Exceptionally, if your Personal Data is transferred to a Recipient located in a non-EU country, appropriate safeguards will be implemented, in compliance with GDPR provisions. For example:

• For data collected through Google cookies, the safeguard is Google’s adherence to the Privacy Framework.

• For data collected via Hubspot cookies, standard contractual clauses have been signed.

8. RIGHTS OF DATA SUBJECTS

Under the GDPR, you can access your Personal Data, request its rectification or deletion, and exercise your rights to object, restrict processing, and data portability. You also have the right to define instructions regarding the use of your Personal Data after your death. To exercise these rights, please contact our Data Protection Officer (DPO):

• By mail

  : FONDATION KEYRUS – 157 rue Anatole France – 92300 LEVALLOIS-PERRET, specifying "Personal Data" as the subject.

• By email

  :

  dpo-Fondation@keyrus.com

Additionally, you have the right to lodge a complaint with the CNIL, the supervisory authority, at the following address: 3 place de Fontenoy, 75007 Paris.

9. CHANGES TO THE CHARTER

This Charter may be modified to take into account CNIL recommendations, changes to applicable regulations, case law, technological developments, and any other changes to implemented processing operations. Last updated on December 4, 2024.