Aller au contenu

About us

Our projects

Donation

Contact

Privacy policy

Introduction

The Data Controller of your personal data is the Maïa Baudelaire Foundation (here in after « the Data Controller »).

As part of our collections and their follow-ups, you provide us with information by signing up, giving (directly, through bequests or donations), participating in a project, or communicating with us on our website or via social media, for example. The mandatory fields are marked as such in the forms. We are committed to ensuring that the collection and processing of your data are carried out in a lawful, fair, and transparent manner, in accordance with the General Data Protection Regulation (GDPR) and the amended Data Protection Act of 1978 (DPA). These information collections are limited to what is necessary, in accordance with the principle of data minimization. The definitions provided in Article 4 of the GDPR are applicable here. In the event of an update, we will not lower the level of confidentiality substantially without prior notification to the individuals concerned. You will find our commitments regarding subcontracting, transfers, communication to third parties, and in case of a security breach. For any clarification or complaint, please do not hesitate to contact us.

1. Glossary of terms used regarding the GDPR in this document

Data file : A personal data file is characterized by a structured set of personal data accessible according to determined criteria, whether this set is centralized, decentralized, or functionally or geographically distributed. It is the container of personal data.

Personal data : Any information relating, directly or indirectly, to a concerned natural person, in this case, you.

Data subject (« You ») : A data subject, in the sense of the GDPR, is deemed to be an « identifiable natural person, » a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or one or more specific elements related to their physical, physiological, genetic, mental, economic, cultural, or social identity.

Data processing : Personal data processing (processing) is characterized by any operation or set of operations performed or not performed by automated means and applied to data or sets of Personal Data, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination, or any other form of making available, reconciliation or interconnection, restriction, erasure, or destruction. This word encompasses all the operations and actions that can be performed on your data files.

Data Controller (« the Maïa Baudelaire Foundation ») : The Data Controller is the natural or legal person, the public authority, the service, or another body that, alone or jointly with others, determines the purposes and means of the processing; when the purposes and means of such processing are determined by Union law or the law of a Member State, the Data Controller may be designated or the specific criteria applicable to its designation may be provided for by Union law or the law of a Member State.

2. Scope of application of this policy preamble

By accessing our websites and using the services offered, you acknowledge that you have read and understood this General Policy on the protection of personal data, as well as the practices of obtaining consent when necessary, collecting, and processing the information described in this document. In general, you can visit our Sites without necessarily having to provide us with data. However, in order to be able to provide you with certain services, we may ask you to provide us with certain Data. This personal data protection policy applies in particular to all data processing collected through our websites, but also to all information you may provide in « paper » format.

Legal basis for our processing : This Policy sets out the principles and guidelines for the protection of your Personal Data and aims in particular to inform you about :

  • The Personal Data we collect and the reasons for these collections.
  • The way in which this Personal Data will be used ;
  • Your rights regarding this Data and how to exercise them.

This policy is also intended to inform you of our choices and practices regarding privacy, the options you can exercise regarding how your data is collected, and to understand how it will be used.

3. Our commitment to data protection our ethical commitment

Your privacy is a priority for us. The Heritage Foundation is committed to respecting all legal obligations regarding the protection of personal data, particularly by publicly committing to compliance with the Data Protection Act and the Regulation (EU) 2016/679, known as the General Data Protection Regulation (« GDPR »). Aware that providing information online involves a significant mark of trust from users, we take this trust very seriously and make it a major priority to ensure the security and confidentiality of the personal data you provide to us when you visit our website and use our services. Each employee and volunteer of the Maïa Baudelaire Foundation commits by signing the Ethical Charter.

Our commitment to the principles of the LIL and the GDPR, In this regard, we commit to adhering to the following principles :

  • We only collect the data we need.
  • We only process data that has been collected fairly and lawfully.
  • We only process your data for explicit, legitimate, and determined purposes.
  • We only process data that is adequate, relevant, and not excessive in relation to the purpose of our processing.
  • We only retain your data for the duration necessary to carry out the processing for which it was collected or for the duration set by law. We take all necessary precautions to preserve the security of your data, particularly to prevent it from being distorted, altered, or damaged.
  • We only share your data with service providers or partners who need to know it in the context of our activities.
  • We do not share this data with third parties outside the Foundation without informing you beforehand.
  • We rigorously ensure the implementation of appropriate and enhanced security measures to guarantee a high level of protection for your data.

Our current policy aims to inform you in the most transparent manner possible about how we will collect and use your data, as well as your various rights.

Specifics of our « business » commitments : This policy applies to all our websites and our humanitarian actions. Strengthening our security measures and good governance of our data We have taken measures to prevent any personal data breaches, including :

  • Appointment of a Data Protection Officer responsible for compliance monitoring ;
  • Raising awareness among teams about the protection of personal data and good security practices ;
  • Security audit of the information system ;
  • Implementation of a general data protection policy ;
  • Right to demand that your data be kept secure.

We ensure the security and longevity of your Personal Data by implementing a series of physical and logical protections in the storage and backup of your data, to prevent it from being destroyed, corrupted, modified, diverted, or altered.

4. Terms of use for our websites

The content of our site, the general structure, the hierarchy, the textual content, the animated or non-animated images, and the logos that the site is composed of are the exclusive property of the Maïa Baudelaire Foundation. Any total or partial representation of this site or its content, on any medium, for collective or professional use, even internally, by any means whatsoever, without the prior express and written authorization of the Foundation is prohibited and would constitute an infringement punishable by articles L.335-2 and following of the Intellectual Property Code. Similarly, the violation of these provisions subjects the offender and all responsible persons to the criminal and civil penalties provided for by French Law.

Terms of use for our online services, REMINDER : Our Platform is designed to allow you to directly manage your personal data.

Our partners and external links : The Maïa Baudelaire Foundation offers links to other sites, mainly official sites. The Maïa Baudelaire Foundation systematically specifies which site you are being directed to. Conversely, many sites promote the Maïa Baudelaire Foundation on their own spaces. However, these web pages, whose addresses are regularly checked, are not part of the Maïa Baudelaire Foundation portal. They therefore do not hold the Foundation Maïa Baudelaire responsible for their content. We recommend that you consult the privacy policy of these sites as their terms may differ from those of the Maïa Baudelaire Foundation. The Maïa Baudelaire Foundation is in no way responsible for the processing of data by these other websites.

Use of your content Personalized : The Maïa Baudelaire Foundation may collaborate with trusted partners to offer you useful and interesting content through our services and through third-party sites and services. We may also share information with these partners via cookies or any other technology. The list of said trusted partners is regularly updated.

Cookie policy on the sites : You are informed that during your visits to our sites, a cookie may automatically install itself on your browser software. Our cookies consist of sets of data that will not allow you to be identified, but their main purpose is to record information related to your browsing. The configuration of your browser settings allows you to be informed of the presence of our cookie and you have the right to refuse it.

Applicable law and jurisdiction : Our website(s) and our activity are governed by French law. In the event of a dispute arising from your use of our websites or their activities, French courts will have exclusive jurisdiction.

5. Collected data and purposes of the implemented processes data collected

The Maïa Baudelaire Foundation may be required to collect different categories of personal data: Direct collection The data you provide to us directly, particularly when you fill out a contact form or make a donation. When you fill out a form, the data marked with an asterisk (*) is mandatory and necessary for processing your requests :

  • Identification data (last name, first name, title).
  • Contact data (adresse postale, email).
  • Data related to your interests.
  • Transaction and payment data (transaction details, bank account information).

Indirect collection : The data we obtain indirectly, particularly through cookies or trackers (and subject to your choices). Connection logs. Usage data (IP addresses, connection and usage logs) are automatically collected on the Platform.

Respect for the principles of proportionality and minimization of data collection : We refrain, with regard to the personal information you entrust to us, from any indirect collection, any misappropriation of use, and, in general, any act likely to harm your privacy or reputation. We ensure that we only collect data that is strictly necessary for the declared purpose of the various processes implemented by the company.

Purposes of the implemented processes : The personal data collected are intended for the management of services offered to donors and potential donors as well as to testators and potential testators for the benefit of the Foundation. Detail of sub-objectives :

  • Registration and authentication of users (donors, potential donors, testators, potential testators, members, and project leaders) to their personal web interface.
  • Management of user contact details.
  • For each user, access, rectification, deletion of their personal information.
  • For each donor, production and provision of tax receipts related to their donations.
  • For each donor, access to the history of donations made.
  • Management of donors’ payment methods.
  • Solicitation of donors and potential donors to make donations.
  • Solicitation of testators and potential testators to make donations.
  • For each project leader, the opportunity to introduce themselves.
  • Institutional communication with users.
  • Communication within the framework of charitable solicitations.
  • Respond to your requests made via the contact form.
  • Production of statistics on the use of the service.

In general, communicate with you, particularly when you contact us by any means.

6. Legal bases for our processing we are only entitled to process your data from the moment :

  • Legitimate interest in charitable solicitation. The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Foundation – Article 6.1.e of the GDPR.
  • You have given your informed and explicit consent – Article 6.1.a of the GDPR. Where you explicitly give us permission by checking the box « I accept… » (or any other similar mention) present on the data collection forms.
  • We have entered into a Contract with you – Article 6.1.b of the GDPR.
  • The processing is subject to a Legal Obligation – Article 6.1.c of the GDPR.
  • In certain cases, and particularly with regard to our employees, the processing may be necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject prevail – Article 6.1.f of the GDPR.

7. Retention period of your information

The Maïa Baudelaire Foundation, in compliance with the applicable legislation, will only retain Personal Data for the duration necessary for processing.

General principles :

  • Regarding the processing and monitoring of applications from project leaders, the Maïa Baudelaire Foundation, in compliance with current legislation, will retain candidates’ data in an active database for a maximum period of 3 years after the last contact. These data will then be stored in an intermediate database for 3 years.
  • Regarding communication and the management of contact requests, the Maïa Baudelaire Foundation, in compliance with current legislation, will delete the data of its contacts within a maximum period of 10 years after the last contact.
  • The identification data and financial data of donors will be kept in an active database for 10 years plus the current year, starting from the last donation made, in accordance with the law.
  • The identification data of potential donors will be kept in an active database for 10 years, starting from the last incoming contact for prospects, in accordance with the law.
  • The identification data of declared testators will be kept in the active database until the execution of the will or until the concerned person changes their mind.
  • The data of potential testators will be kept in the active database for 10 years, starting from the last expressed interest. (demande de brochure ou autre).
  • For connection data, the retention period is 12 months.
  • For the data related to our newsletter, the data is retained until the donor or testator subscriber unsubscribes, which can happen at any time and must be offered during the sending of each email or letter.

Anonymization of your data for statistical processing : Beyond this period, the data may be anonymized and kept for exclusively statistical purposes and will not be subject to any exploitation, of any kind whatsoever. In the event that your collected Data cannot be anonymized, it will be destroyed.

8. Reminder of your various rights and the principles defined by the GDPR

Our Platform is designed to allow you to directly manage your personal data. They cannot be shared, transferred, resold, or retransmitted. Under the provisions of the GDPR, you have the right to obtain clear, concise, and transparent information from the Foundation. The purpose of this document is primarily to meet the obligations of conciseness and transparency referred to in Article 13. The GDPR guarantees you a foundation of rights :

  • The general rights that we must respect as soon as we process your data.
  • The rights granted to you, allowing you to control the use made of your data, and then to concretely exercise these rights by making a request to the Data Controller or the DPO of the organization.
  • Right to know the purpose of a processing that concerns you : art. 5.1.b of the GDPR (What is the purpose of this program that processes my information?) You have the right to ensure that all the processing we implement serves a determined, explicit, and legitimate purpose. We must inform you of the purpose, the objectives, and any possible sub-objectives of each personal data processing.
  • Right to compatible further purposes : art. 5.1.b of the GDPR (I want to know if my data is not used for « other purposes ») You have the right to ensure that your data cannot be processed subsequently in a manner incompatible with the originally determined purposes, and that they are only processed for those purposes.
  • Right to data minimization : art. 5.1.c of the GDPR (Why are they asking me for so much information about myself) The data collected must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed. Not beyond that.
  • Right to the accuracy of collected and stored data : Art. 5.1.d of the GDPR (Am I sure that my information is up to date?) You have the right to have the collected data be accurate and, if necessary, kept up to date. In particular, all reasonable measures must be taken to ensure that personal data which are inaccurate, with regard to the purposes for which they are processed, are erased or rectified without delay if necessary.
  • Right to have your data not stored indefinitely : art. 5.1.e of the GDPR (How long are my information kept?) The collected data must be kept in a form that allows identification for a duration not exceeding that necessary for the purposes for which they are processed. (limitation of retention).
  • Right to demand that your data be kept secure : Article 5.1.f of the GDPR – Article 32 of the GDPR (How can I be sure that my personal information is protected?) You have the right to have your data processed in a way that ensures appropriate security, including protection against unauthorized or unlawful processing, loss, alteration, unwanted modification, destruction, or protection from accidental damage, using appropriate technical or organizational measures (integrity). We ensure the security and longevity of your Personal Data by implementing a series of documented physical and logical protections in the storage and backup of your data, in order to prevent them from being destroyed, corrupted, modified, diverted, or altered.
  • Right to have your data remain strictly confidential : Article 5.1.f of the GDPR (Am I sure that everything will remain confidential?) You have the right for your data to remain confidential and for only authorized persons, according to the purposes, to have access to it. (strict confidentiality of your information).
  • Right to have processing lawful : Article 6.1 of the GDPR (Under what conditions do we have the right to process my data?) The processing of your data will only be lawful if :
    Consent : you have consented to the processing of your personal data for one or more specific purposes,
    Contract : or the processing is necessary for the performance of a contract to which you are a party or for the performance of pre-contractual measures taken at your request,
    Legal obligation : or the processing is necessary to comply with a legal obligation to which we are subject
    Vital interest : or the processing is necessary for the protection of the vital interests of a natural person
    Public interes t: the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
    Legitimate interest : the processing is necessary for the purposes of the legitimate interests pursued, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail, particularly when the data subject is a child.

The exercise of rights allowing you to control your data

  • Right to be informed about the existence of processing : Art. 15-1 of the GDPR (I want to know if I am present in the company’s files) You have the right to obtain confirmation that personal data concerning you is or is not being processed, and to know, in one way or another, whether you appear in our files.
  • Rights of access to your data : Articles 15-3 & 4 of the GDPR (I want to obtain a copy of the information held about me) You have the right to obtain confirmation that your Personal Data is or is not being processed, and, if it is, to access all the information concerning you by obtaining an electronic or paper copy. You have the right to have this request propagated to all departments of our company and to all our subcontractors.
  • Rights to obtain any information related to a processing concerning you : art. 15-3 & 4 of the GDPR (I want to know the reasons and details of the processing) For each processing of personal data concerning you, present in our company or with any of our subcontractors, you have the right to be informed of the following information : The purposes of the processing; (Art. 15-1a of the GDPR), The categories of personal data concerned; (Art. 15-1b of the GDPR), The recipients or categories of recipients to whom the personal data have been or will be communicated; (Art. 15-1c of the GDPR).
  • When possible, the envisaged retention period for personal data, or the criteria used to determine this period; (Art. 15-1d of the GDPR)

You can direct any such request to the data Protection Officer mentioned below

  • Right to rectification : Article 16 of the GDPR (I want to have the data held about me modified) You have the right to obtain the rectification of inaccurate, erroneous, incomplete, or outdated data. The rectification of personal data must be carried out without delay. You also have the right to obtain that personal data be completed, including by providing a supplementary statement.
  • Right to erasure or « right to be forgotten » : Art. 17 of the GDPR (I want to have all the data held about me deleted) You have the right to obtain the erasure, without undue delay, of Personal Data concerning you. You have the right to request the deletion of your data for the reasons provided by the applicable regulations and in particular when :
  • The Data is no longer necessary for the purposes for which it was collected or processed in another manner ;
  • You have withdrawn the consent on which the processing is based, and there is no other legal basis for the processing ;
  • You object to the processing and there are no overriding legitimate grounds for the processing ;
  • You consider that your data has been subject to unlawful processing ;
  • Your data must be deleted to comply with a legal obligation.
  • General right to object : Art. 21.1 of the GDPR (I oppose a data processing to which I have not consented) You have the right to object, at any time, for reasons related to your particular situation, to the processing of personal data concerning you based on legitimate interest or a task carried out in the public interest. We will no longer process this personal data, unless there are legitimate and compelling reasons for the processing that override your interests and the rights and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.
  • Right to withdraw previously given consent : Article 7-3 of the GDPR (I now oppose a data processing to which I had initially consented) You have the right to: (i) withdraw your consent at any time (ii) to be informed of this right at the time you give it (iii) that the withdrawal is as easy to perform as when you initially gave your consent. The withdrawal of this consent does not affect the lawfulness of the processing based on the consent given before this withdrawal.
  • Right to restrict the processing of your data : Art. 18 of the GDPR (I want to « freeze » my data without deleting it to exercise a right later) You have the right to obtain the limitation of processing when one of the following applies :
  • You contest the accuracy of the Data concerning you ;
  • You consider that the processing is unlawful and oppose the deletion of your data ;
  • The data concerned is still necessary for you to establish, exercise, or defend legal rights, even though we no longer need it.
  • Right to data portability : Article 20 of the GDPR (I want to send a copy of my data to another organization) You have the right to receive the Personal Data concerning you that you have provided to us, in a structured, commonly used, and machine-readable format, and to transmit this data to another organization without us being able to prevent it, when :
  • The processing is based on consent or a contract ;
  • The processing is carried out using automated processes.
  • Right to know if the provision of information concerning you is mandatory : Article 13-2-e (ii) of the GDPR (I want to know if I am required to respond to requests for information) You have the right to know if the requirement to provide personal data is a condition for concluding a contract and how you may be required to provide your information.
  • Right to know the consequences of refusing to provide information : art. 13-2-e (iii) of the GDPR (I want to know what will happen if I refuse to answer) You should be aware of the potential consequences of not providing this data. In accordance with Article 32 of the Data Protection Act, the information you provide to us through our collection forms is necessary to respond to your request and is intended for the services responsible for addressing your request for follow-up purposes. You do, however, have the right to refuse to provide us with this data, but you are informed that in this case, we may in turn refuse to respond to your requests or refuse to contact you.
  • Right to know the origin of the data we hold about you : Art. 15-1g of the GDPR (I want to know how you obtained my data and from whom) When your personal data is not collected directly from you, you have the right to know any information available to us regarding its origin.
  • Right to be informed in case of data transfer outside the EU : art. 15-2 of the GDPR (I want to know if my data is or is not transferred outside of Europe) You have the right to be informed about the appropriate safeguards taken by our organization if your data is transferred to a third country outside the European Union.
  • Right to give the RT directives in case of death : art. 40-1 of the Data Protection Act (I wish to make arrangements for my data in case of death) You have the right to give us instructions regarding the fate of your personal data after your death.
  • Right to be notified of a data breach in case of high risk: Article 34 of the GDPR (I must be informed in case of a data breach) You have the right to be notified, without undue delay, if we experience a personal data breach that is likely to result in a high risk to your rights and freedoms. In the event that we become aware of unauthorized access to personal data concerning you and corresponding to processing for which we are responsible, we commit to notifying you of the incident as soon as possible if this meets a legal requirement.
  • Right to lodge a complaint with the supervisory authority : art. 15-1f of the GDPR – art. 77 of the GDPR (My rights are not being respected, I am filing a complaint) You have the right to file a complaint with a supervisory authority if you believe your rights have been violated. However, we suggest that you first contact the designated DPO within our organization to request information or clarification and to share your comments.
  • Right to object to automated profiling : art. 22-1 of the GDPR – art. 15-1h of the GDPR (I refuse to let a robot make decisions for me) You have the right to know and verify the existence of automated decision-making, including profiling, and in this case, the significance and potential consequences of this processing. You have the right not to be subject to a decision based exclusively on automated processing, including profiling, producing legal effects concerning you. You can then request that a person review your assessment, and that the decision be made by a human. While it is common for non-profit organizations to use profiling techniques to target recipients of a fundraising campaign (the organization performs scoring by assigning ratings in certain areas or choosing specific criteria such as the donation amount, age, or professional status), these techniques are not comparable to profiling « producing legal effects concerning a natural person or significantly affecting them in a similar manner » as per Article 22.
  • Right not to be subject to automated decision-making : Article 22-1 of the GDPR (I refuse to have a robot evaluate my information) You have the right not to be subject to a decision based solely on automated processing, which may produce legal effects concerning you. You can request that a person reassess your evaluation, and that the decision be made by a human.
  • Right to de-referencing of published data : Art. 17-2 of the GDPR (I wish to have public information removed from my account.) You have the right, when personal data has been made public and it is required to erase it, to demand from the data controller, taking into account the available technologies and implementation costs, to take reasonable measures, including technical ones, to inform the data controllers who process this personal data that you have requested the deletion by these data controllers of any link to this Personal Data, or any copy or reproduction of it. This measure shall not apply if the published data is necessary: a) for the exercise of the right to freedom of expression and information; b) to comply with a legal obligation requiring processing under Union law or the law of the Member State to which the data controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the data controller; c) for reasons of public interest in the field of public health. d) for archival purposes in the public interest, for scientific or historical research, or for statistical purposes, to the extent that the exercise of this right is likely to make it impossible or seriously compromise the achievement of the objectives of such processing e) for the establishment, exercise, or defense of legal claims.

Appointment of a DPO with the CNIL : Articles 37 to 39 of the GDPR (Who will be responsible for exercising my rights?) The Foundation, as the Data Controller, has appointed a Data Protection Officer (DPO) and has committed to complying with the applicable regulations for the processing of personal data, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 known as the « General Data Protection Regulation » (GDPR), and Law 78-17 of 6 January 1978 amended by Law No. 2018-493 of 21 June 2018, known as the « Data Protection Act » as amended. In accordance with this regulation, by proving your identity, you have the right to access, rectify, delete, or transfer your personal data, as well as the right to withdraw your previously given consent to processing. You can also, for legitimate reasons, object totally or partially to data processing, or request its limitation. You will find complete information on your various rights in this CNIL document: https://www.cnil.fr/en/rights-to-control-your-personal-data To exercise your various defined rights, you will need to prove your identity, and optionally in the case of a request for access rights :

  • Indicate the reasons for which you wish to exercise them ;
  • Precisely define the scope of the data for which you wish to obtain a copy ;
  • Specify the format of the data you wish to receive in return. In certain cases involving the return of your data, an additional request for proof of your identity may be required. Partial opposition (or simple unsubscribe request) is a right that you can exercise at any time during the mailings, through a link present in each email you receive from us, it is unnecessary to contact the DPO for this.

Procedures for contacting the Foundation’s DPO

You can exercise your various rights by contacting the Data Protection Officer of the Foundation preferably by email at: hellomaia@maiabaudelaire.org or by mail : Fondation Maïa Baudelaire 22 Avenue Deschanel 75007 Paris.

You also have the right to directly contact the Commission if you believe your rights have been violated, or if our company does not comply with its data protection commitments.

9. Applicable law and language

This Privacy Policy is governed by French law. It is written in French. In the event that it is translated into one or more languages, only the French text shall be deemed authoritative in case of dispute. The nullity of a clause does not entail the nullity of the Privacy Policy. The temporary or permanent non-application of one or more clauses herein shall not be deemed a waiver of the others.

10. Update of the present policy

(What happens if this policy changes) The Foundation reserves the right to modify this Data Protection Policy at any time, for example to take into account new data collected, changes to our processing or our purposes, but also to maintain our compliance, particularly in the event of changes to certain legislative and regulatory provisions, or with respect to the Data Protection Act and the GDPR. We encourage you to regularly review this document to stay informed of any potential changes. However, in the event of a substantial change to our data privacy policy, you will be notified by email or upon logging into the site.