Privacy Policy and GDPR

Preamble

Please note the present Privacy Policy and GDPR rules are completed and extended by the Web Site Policy and Community Rules.

Who we are

Our website, hereafter refered as the Web Site, address is: https://www.spis.org. The Web Site is hosted by the Artenum SARL companie in delegation of the SPINE comunity. The Web Site content and the SPINE comunity are managed by the SDAB comity.

You means yourself as User, i.e as unregistered reader with an acces to the public parts of the Web Site, and/or as Contributor, i.e. as registered user and/or SPINE member with the possibility access in part or whole to private parts of the Web Site as well and/or contribute to it.

By using the Web Site as simple User and/or Contributor you fully agree with the termes of the present Privacy Policy and GDPR rules and Web Site Policy and Community Rules and respect the European regulation and French law.

What personal data we collect and why we collect it

Comments, contributions, hosted data or source codes, forum posts

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the Web Site can download and extract any location data from images on the Web Site.

Contact forms and user profiles

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and Web Site in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who we share your data with

The collected personal data are available to the Web Site host, as legal entity, and the SDAB members only.

We outline as well that part of the Web Site, including but not limited to the GIT repositories, might be mirrored on others web sites and server.

According to the French law, all collected data, including personal ones, are stored for the legal duration in France and will remain available to the justice and/or the police in case of lawful investigation.

How long we retain your data

If you leave a comment, forum posts, updloaded documents the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Web Site administrators can also see and edit that information.

What rights you have over your data

If you have an account on the Web Site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

The collected personal data are available to the Web Site host, as legal entity, and the SDAB members only.

These data maybe used to organise the community life, including but not limited to mailing to organise meetings and conference or releases announcement, research activities and commercial purpose, resale of personal date excluded. According to the French law, all collected data, including personal ones, are stored for the legal duration in France and will remain available to the justice and/or the police in case of lawful investigation.

Your contact information

For all question and/or request regarding your data, please contact the Data Protection Officer (DPO).

Additional information

How we protect your data

All collected data are stored on a secured server with a controlled access (SSL tunnelling). The access to this server is allowed to our maintenance and technical staff only. Logins, passwords and all personal information (e.g. contact mail, profile data…) are stored through their respective signature only into a secured database (LDAP server).

By default, public information submitted by you on the Web Site, like contributions to the wiki pages, post on the forums, uploaded documents are considered as public information according to the community rules.

If you wish upload and store private data on the Web Site and/or on a dedicated private section, with logging/password controlled access, please submit a demand to the SDAB before hand.

Please notice the all submitted data are industrial and intellectual property rights and potential disclosure requirements. Please see the “Industry regulatory disclosure requirements” section here below and the Community Rules page.

What data breach procedures we have in place

Our servers are monitored on the current state of the art to detect risks of intrusion and the basis of the best effort. Moreover, a mechanism of automatic and regular (daily and weekly) backup has been put in place to ease the recovering of losses data in case of corruption and/or suppression.

However, if you observe infringement of your privacy and/or corruption and/or suspicion of theft of personal data, please contact the DPO officer and/or the Web Site manager.

In case of violation of the French law in the frame of the use of the Web Site, the legal authority will be immediately informed and all relevant documents and proofs of violation will be transferred to the French authorities.

What third parties we receive data from

The Web Site is a community web site where contributions can come from all registered user and/or industrial, scientific, academic and/or individual partners. Moreover, references and links toward other documents, repositories and websites are possible. For this reason, some elements presented as published on the Web Site might be hosted on external websites and/or servers.

We outline as well that part of the Web Site, including but not limited to the GIT repositories, might be mirrored on others web sites and server.

In this case, please refer to the GDPR and/or the Web Site Policy and Community Rules of the respective sites, as well the conditions of acces.

What automated decision making and/or profiling we do with user data

The only automated data processing, decision making and/or profiling are:

The monitoring, the logging of downloads of stored data, including but not limited to the stored software (sources codes and binary releases) and the construction of anonymised statistical data. These data may include geographical information (i.e. country of the user’s Ip address) and status of their reference structure (e.g. academic, commercial…) on the basis of the extension of the Ip addresses;
Control is case of abusive and/or illegal usage of the Web site, like attempts of Denial-Of-Services attacks or abusive upload / download;
The creation/update/suppression of groups of users related to sub-activities, project and/or controlled sub-section of the Web Site.
Visitor comments may be checked through an automated spam detection service.

Industry regulatory disclosure requirements

We strongly outline you, as User, remain fully responsible of the data and information you upload and/or write on the Web Site. This includes, but not limited to, the respect of the Intellectual and Industrial Property Rights (IPR) related to the data and information you upload and/or write and/or publish on the Web Site.

Moreover, you have the full responsibility in case of all industry and/or private and/or legal regulatory disclosure requirements.

We strongly outline that you must imperatively respect the French regulation regarding the document published and/or stored on the Web Site. In case of French law violation, you may subject of pursuits and criminal sentences and whatever your location country.

We remind that some hoted documents and data might b subject to geographical and/or application purposes limitations. Please contact the SDAB and/or the Web Site Manager before access and download.

All document and/or data and/or information published and/or stored on the Web Site in breaches of the law will be immediately removed from the Web Site, the legal authority will be immediately informed and all relevant documents and proofs of violation will be transferred to the French authorities. The Web Site host and/or the Web Site Manager and/or the SDAB member will decline all responsibilities in case of law violation and/or industry regulatory disclosure requirements violation and/or regulatory disclosure requirements violation about personal data.