Version of March 27, 2023

PROTECTION OF PERSONAL DATA (RGPD and Data Protection Act)

In accordance with the provisions of the law known as “Informatique et Libertés” of January 6, 1978, amended by the law of October 7, 2016, is applicable whenever there is an automated processing or a manual file (i.e. a computer file or a “paper” file) containing personal information relating to natural persons. It defines the principles to be respected when collecting, processing and storing such data and guarantees a number of rights for individuals. You are informed that the Publishers of the site proceed to automated processing of your personal data, in particular when you connect to the site in a context requiring the collection of your personal data.

The purpose of this privacy policy is to explain to the users of the site: citizencode.net

– What data we collect, considering as personal data “any information relating to an identified or identifiable natural person”;

– For what purposes this data is collected (purpose);

– With whom we share this data;

– How long and where we keep this data;

– Who is responsible for processing the personal data collected and processed;

– What are the rights of the Users regarding their data;

– The site’s policy on “cookies”;

– Justification of the processing (Legality of the processing).

This privacy policy complements the legal notice and the General Terms of Use defined by the data controller.

1. What data do we collect?

We collect the following data on the site citizencode.net, whose controller is Tralalere. :

Questionnaire response data:

Age, number of participants, satisfaction scores, quiz answers, NPS.

Browser and connection data: The request headers (User-Agent, Origin and Referer), the software version, the date of the request 

This data is collected when users create an account, when they log in and when students perform activities on the site.

This data is likely to evolve for the needs of the proper functioning of the project and the product.

2. For what purposes is this data collected?

The processing of personal data concerning users consists of the collection and storage of information concerning their use of the site. This information is collected for the following purposes:

• To produce statistics
• To manage complaints and requests from users
• To manage requests for access, rectification and opposition rights.
• To manage the security of the site to avoid SPAM and abuse

3. Limitation and relevance

We undertake to limit our collection of data to that which is strictly necessary for the purpose of the envisaged processing, without which we would not be able to provide the service of the site in a qualitative manner.

4. With whom do we share this data?

In order to ensure the best possible quality of service, we are led to communicate the data collected to various recipients, duly authorized for this purpose, namely

Our internal services: technical and functional administrators involved in the development, improvement and maintenance of the site.

Our subcontractors:

Cloud-Infinity for server hosting. These subcontractors are central to the solution, they allow the hosting of servers, storage and calculations.

The data controller guarantees that its subcontractors are compliant with the RGPD and that no transfer outside the European Union will be made of personal data.

5. How long do we keep your data?

Your data is kept in our databases for the time necessary for the intended processing. After this period, the data is destroyed or archived according to the legislation in force.

For more details on these durations, we provide you with a summary table below:

6. Where is your data hosted?

The citizencode.net website is hosted by : Cloud Infinity Communications SAS, whose registered office is located at the following address 32 Boulevard de Vaugirard 75015 Paris. The host can be contacted at the following telephone number: +33 (0) 9 70 75 02 30 -https://www.cloud- infinity.com/en . The data collected and processed by the site are exclusively hosted and processed in France.

7. Who is responsible for data processing?

The data controller for the site is Tralalere.

The data protection officer can be reached at dpo@tralalere.com.

Tralalere, the data controller, is responsible for determining the purposes and means used to process personal data.

The data controller undertakes to protect the personal data collected, not to transmit them to third parties without the user’s knowledge and to respect the purposes for which the data were collected.

In the event that the integrity, confidentiality or security of the user’s personal data is compromised, the data controller undertakes to inform the user by any means.

8. What are your rights regarding your data?

Any modification of personal data is your right.

You can access and obtain a copy of the data concerning you, oppose the processing of this data, have it rectified or permanently deleted. You have the right to limit the processing of your data.

The Data Protection Officer (DPO) of TRALALERE is your contact for any request to exercise your rights on this processing.

Contact the DPO by electronic means: dpo@tralalere.com

Contact the DPO by mail :

The Data Protection Officer

TRALALERE

4 rue de Braque

75003 Paris

Understand your rights to data processing and liberties: https://www.cnil.fr/fr/les-droits-pour-maitriser-vos-donnees-personnelles

9. Security

We implement all technical and organizational measures that are useful in view of the nature of the personal data that you entrust to us and the risks presented by their processing, in order to preserve the security of your data and prevent it from being distorted, destroyed, damaged or accessed by unauthorized third parties.

To this end, we implement technical measures such as firewalls; organizational measures with a unique identifier and password system for each of our employees, internal or external; physical protection means, etc.

The site has an SSL certificate to ensure that the information and data transfer through the site is secure.

The purpose of an SSL certificate (“Secure Socket Layer” Certificate) is to secure the data exchanged between the user and the site.

10. Cookies and tracers

We are likely to use cookies installed in your machine for the purpose of maintaining your connection to the service of the site, on the one hand, and statistics, on the other hand.

The cookies are the following:

pages consulted, searches on the site, downloads, geographical origins, peripherals, browser, timestamp, user ID, Google Tag Manager

They correspond to the measures strictly necessary for the good administration of the site.

The solution implemented are :

• Matomo Analytics in self-hosted mode, configured to fall within the scope of the exemption from the collection of consent.
• Google Tag Manager which is used only after the collection of consent.

Moreover, the parameter setting of the navigation software allows to inform of the presence of cookie and possibly, to refuse in the way described at the following address: https://www.cnil.fr/fr/les-conseils-de-la-cnil-pour-maitriser-votre-navigateur 

Refusing to install a cookie may make it impossible to access certain services. The user can however configure his computer to refuse the installation of cookies. He can also delete them from his browser after accepting them.

11. Conditions for changes to the privacy policy

This privacy policy can be consulted at any time at the following address: https://www.citizencode.net/en/privacy-policy/

The data controller reserves the right to modify it in order to ensure its compliance with the law in force.

Therefore, the user is invited to consult this privacy policy regularly in order to be informed of the latest changes.

12. Complaint to the CNIL

If you believe, after having contacted us, that your rights on your data are not respected, you can address a complaint to the CNIL:

https://www.cnil.fr/fr/webform/adresser-une-plainte