Privacy and personal data policy

  1. INTRODUCTION

Within the framework of its funding, developing and promoting research of excellence in economics and finance, the Institut Louis Bachelier is required to process personal data, i.e. data that can identify you. For example, data will be collected when you fill in a registration form for a newsletter or when you register for an event we are organising. To ensure the highest level of data protection, we have adopted binding corporate rules for the collection, storage and processing of such data. In any case, your individual rights will always take precedence over our legitimate interest, and we will never use your data for commercial purposes against your wishes. The Institut Louis Bachelier is committed to protecting the privacy of its users in accordance with legal requirements, in particular Law n° 78-17 of 6 January 1978 as amended (known as the “Informatique et Libertés” law) – and any legislation or directive that may supplement or replace it – and European Regulation 2016/679 on the protection of personal data (RGPD).

This Privacy Policy informs you about how we collect and process your personal data. It applies to all users who browse the various websites or use the various services provided by the Institut Louis Bachelier. We invite you to read it carefully.

 

  1. WHO IS THE DATA CONTROLLER?

The legal entity responsible for the data processing referred to in this document is the Institut Louis Bachelier, a non-profit association under the law of 1901, registered with the Paris Trade and Companies Register under no. 508 151 735. Its registered office is at Palais Brongniart, 28 Place de la Bourse 75002 Paris, France, and its legal representative is Mr André Lévy-Lang, President.

IMPORTANT

Throughout this document, all references to the Institut Louis Bachelier concern the Louis Bachelier Network as a whole, comprising the Institut Louis Bachelier and its two research foundations, namely the Risk Foundation and the Europlace Institute of Finance.

The Risk Foundation is a foundation recognised as being in the public interest (FRUP) and registered with the Paris Trade and Companies Register under no. 504 136 920. Its registered office is at Palais Brongniart, 28 Place de la Bourse 75002 Paris, France, and its legal representative is Jean-Michel Beacco, Chairman of the Management Board.

The Europlace Institute of Finance is a foundation recognised as being in the public interest (FRUP), registered with the Paris Trade and Companies Register under no. 484 032 594. Its registered office is at Palais Brongniart, 28 Place de la Bourse, 75002 Paris, France, and its legal representative is Didier Valet, President.

 

  1. WHAT DATA DO WE COLLECT ABOUT YOU AND UNDER WHAT CIRCUMSTANCES DO WE COLLECT IT?

3.1. Data that you send us directly

During our various contacts with you, we may you ask to provide us with information about yourself. This data is collected in particular when you register for a newsletter – for example via a form on our website – a MOOC (online training course) or an event, or when downloading our publications..

The following data is required in particular:

  • Family name, first name, title, age, position, company/institution;
  • E-mail address;
  • Any other information that you wish to share with us.

In the case of an application for recruitment, we may ask you for supporting documents proving that you have the appropriate profile. This data includes: Curriculum Vitae, proof of training and/or qualifications.

3.2. Data that we collect in the context of a professional relationship

During the various contacts that we may have with individuals in a professional context, data may be collected.

The following data in particular:

  • Family name, first name, title;
  • Company, position held;
  • Postal address, e-mail address, telephone number;
  • Any other information that you wish to share with us.

We only use your personal data in those cases provided for by the regulations in force:

  • The execution of a contract we have entered into with you;
  • To comply with a legal obligation;
  • Your consent to the use of your data;

The existence of a legitimate interest in using your data. Legitimate interest is a set of commercial or business reasons that justify the use of your data by the Institut Louis Bachelier.

3.3 Data sent in response to your interests

In analysing the various interactions you may have with the Institut Louis Bachelier, we may make assumptions about content and services likely to respond to your interests.

For example, if  you come to events dealing with “the demographic transition” and you click on the links in our newsletters to articles on this topic, we will send you information that we think is relevant to your expectations and interests.

3.4 Cookie data

Cookies may be used on our websites. Cookies are small files that are stored on the user’s computer or any electronic communication device used when browsing our websites. These files allow the exchange of status information between the website and the user’s browser.

However, we would draw your attention to the fact that if you set your browser to refuse cookies from the Institut Louis Bachelier, certain functions or pages of the website may be difficult to access or maybe even be inaccessible.

We do not collect any data automatically by means other than those presented in this document.

3.5 Use of the data

“Web analytics” data is collected anonymously (by recording anonymous IP addresses) by Google Analytics, and enables us to measure the audience of our websites, consultations and possible errors in order to constantly improve the user experience. This data is used by the Institut Louis Bachelier, which is responsible for processing the data, and will never be transferred to a third party or used for purposes other than those detailed in this document.

Legal basis

Personal data is only collected after the user has given his or her compulsory consent. This consent is validly collected (buttons and check boxes), free, clear and unequivocal.

3.6 Data relating to minors

In principle, our services are intended for adults who are eligible to enter into contractual obligations.

Users who are minors must obtain the consent of their legal guardian(s) prior to the communication of personal data concerning them. As the definition of the age of majority varies from country to country, we ask you to contact the body responsible for these matters in your country.

3.7 Third party data

Before you put us in touch with a third party, you must ensure that the person concerned agrees to their personal data being passed on to us.

3.8 Collection of sensitive data

Apart from exceptional cases, we do not collect any sensitive data about you. Sensitive data includes racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health data and sexual orientation. If such data is in any way communicated to the Institut Louis Bachelier, access to it will be restricted to only those persons who need the information and it will be deleted as quickly as possible.

 

  1. WHAT DO WE USE YOUR DATA FOR?

This section tells you the main purposes for which we use the data mentioned in section 3.

Website, subscriptions and downloads, online registration for courses and events

  • Management of subscriptions to our newsletters and/or email alerts;
  • Management of deliveries for print format subscriptions. For example: Opinions et Débats and Cahiers Louis Bachelier;
  • Management of requests and the smooth running of MOOCs for which you are registered;
  • Managing the smooth running of the user experience on all our websites;
  • Sending information on various events that may be of interest to you;
  • Sending information on Calls for Papers by our foundations
  • Sending information about changes or developments in our services.

Professional contact

  • Connecting and organising meetings with the explicit objective of funding, developing and promoting research of excellence in economics and finance;
  • Management of the relationship with the Institut Louis Bachelier’s ecosystem;
  • Conducting surveys: knowledge of our network, knowledge of the work carried out in the research programmes hosted by the Louis Bachelier Network, discovery of our partners’ topics of interest;
  • In the event that a contractual relationship is established, execution of this contract including invoicing and collection of payment;
  • Management of unpaid invoices and disputes;
  • Management of the exercise of your rights to your personal data, under the conditions set out in Article 8;

Job applicants

  • To measure and evaluate your skills and to ensure that we have all the information we need to process your application during the selection process.

 

  1. HOW LONG DO WE KEEP YOUR DATA?

Your personal data is kept for a period of time in accordance with legal provisions or proportionate to the purposes for which it was recorded. Certain retention periods are in the legitimate interest of the Institut Louis Bachelier as specified in the introduction.

In any case, we regularly review the information we hold. When its retention is no longer justified by legal or commercial requirements or in connection with the management of the relationship with the Institut Louis Bachelier, or if you have exercised your right to modify or delete it, we will delete it securely.

Data categories

Aims

Retention period

Data on a research partner with a non-contractual relationship

All data

Constitution and management of a file of research partners

5 years from the collection of the data or from the most recent contact by the partner

Data relating to a business contact with a contractual relationship

All data

Contract management

For the duration of the contractual relationship and up to 5 years after the end of that relationship

Data relating to a newsletter subscriber

Identification and contact data – Newsletter subscribers

Sending information on research in the Louis Bachelier network and on our publications and events

5 years from unsubscribing  or last contact by the subscriber

Data relating to a participant in one of our training courses (MOOC)

Identification and contact data 
Training management
 5 years from the date of training

Data relating to a participant in an event in which we are partners

Identification and contact data

Organisation of the event

5 years from the event

Data generated by cookies

Data related to your browsing our online services

Attendance measurement

26 months maximum 

Data from third-party services incorporated into the site (YouTube, Google Maps, sharing links, etc.)

Use of third party services (sharing on social networks, viewing videos, viewing maps, etc.)

13 months maximum 

Supposed data

Data relating to your assumed interests

Sending information assumed to be relevant to your interests

Annual update

Application data

All data

Recruitment management

1 year from the date of application

Once the retention period has expired, files containing personal data will be securely deleted or destroyed or anonymised and securely transferred to archives.

 

  1. WHO IS PERMITTED TO HAVE ACCESS TO THE DATA WE COLLECT?

6.1. Access to data within the Louis Bachelier Network

Within the Institut Louis Bachelier, the following personnel may have access to some of your data: administrative, accounting and management control, IT and marketing, communication, development and sales departments.

Access to your data is based on individual and limited access authorisations. Personnel permitted to have access to personal data are required to maintain confidentiality, through a formal and personal confidentiality undertaking.

6.2. Transmission of data

The following are permitted to have access to some of your data

-Subcontractors

Subcontractors provide services on our behalf, in particular:

  • Management and development of the Institut Louis Bachelier’s IT system or tools;
  • Human resources management (salary management, medical check-ups, training);
  • Auditing of accounts;
  • Management of event organisation;

Our subcontractors’ access to your data is based on signed contracts that mention their obligations in terms of data protection and confidentiality.

– Our research partners

These partners help us in our objective to fund, develop and promote research of excellence in economics and finance. They can in particular help us with networking, creating research programmes and organising events.

Please note that if you decide to subscribe to the products or services of our partners and you allow them to access some of your information, in particular by connecting to their websites or applications, their privacy policies and placement of cookies are binding on you.

We obviously have no control over the collection or processing of your data by our partners on their own platform.

– Police, legal and administrative authorities

Access to your data may be given we are legally obliged to do so or in order to guarantee the rights, property and safety of the Institut Louis Bachelier.

Finally, please note that no personal data will be shared by the Institut Louis Bachelier via social networks.

 

  1. HOW IS YOUR DATA PROTECTED? 

The Institut Louis Bachelier takes the security of your data very seriously. Therefore:

  • We never sell personal data to third parties;
  • We anonymise and/or encrypt data to protect it against breaches;
  • We only store data for a period of time as defined in this document.

Your personal data, both physical and digital, is stored within the European Union. However, it is conceivable that the data we collect when you use our platforms or services may be transferred to subcontractors or partners located in countries outside the European Union, some of which may have less stringent data protection legislation than the country where you reside. In the event of such a transfer, we ensure that the processing is carried out in accordance with this confidentiality policy and that it is governed by the European Commission’s standard contractual clauses, thereby ensuring an adequate level of protection for the privacy and fundamental rights of individuals.

The Institut Louis Bachelier undertakes to maintain appropriate organisational, technical and physical controls to protect the personal data entrusted to it. These controls protect personal data from foreseeable threats and hazards, as well as from unauthorised access and use. The following is a non-exhaustive list of the measures used for this purpose:

  • Setting up an information systems security working group in partnership with our IT provider;
  • Raising awareness of confidentiality requirements among our employees who have access to your personal data to your personal data;
  • Ensuring that access to our information systems is secure;
  • Ensuring that physical access to the physical storage locations of personal data is secure;
  • Implementing an Institut Louis Bachelier IT general security policy;
  • Ensuring that the storage, access, sharing and transfer of data is secure;
  • Maintaining a high level of data protection requirements when selecting our subcontractors and partners.

For example, your personal data is stored on encrypted workstations and servers, with named personal access management and periodic review of such access. Our website uses HTTPS (Hyper Text Transfer Protocol Secure), which ensures the identity of our site and maximum security during navigation.

In all cases, the Institut Louis Bachelier endeavours to ensure protection proportionate to the sensitive nature of the data, particularly for personal data, compromise of which could cause substantial damage or inconvenience to the individual.

Please note that you too should take steps to protect yourself, especially on the Internet. Remember to log out of our website and close your browser window when you have finished your work.  This will ensure that no one can access your personal data and correspondence if your computer is used by more than one person.

 

  1. WHAT ARE YOUR RIGHTS?

8.1 Your rights of access to your personal data

You have the right to access your personal data and to request that it be corrected, supplemented or updated. You may also request the deletion of your data or object to the processing of your data, provided that you have a legitimate reason.

You can ask to exercise your right to data portability, i.e. the right to receive the personal data you have provided to us in a structured, commonly used format and the right to transfer this data to another data controller.

Finally, you may issue instructions concerning the retention, deletion and communication of your personal data after your death.

You may exercise your rights by contacting the Institut Louis Bachelier at 28 place de la Bourse 75002 Paris, France  or by email: contact@institutlouisbachelier.org.

In order to respond to your request, we may verify your identity and/or ask you to provide further information. We will endeavour to respond to your request within a reasonable time and, in any event, within the statutory timeframe.

In the event of an unsatisfactory response, you may lodge a complaint with the Commission nationale de l’informatique et des libertés (CNIL) at the following address:

CNIL – 3 place de Fontenoy, TSA 80715 75334 Paris Cedex 07

8.2 E-mail solicitations

You may at any time object to our email solicitations. You receive such emails either because you are a partner and have recently interacted with the Institut Louis Bachelier or because you have filled in a form to subscribe to a newsletter in which your consent is expressly requested.

In any event, you can always opt out of receiving these solicitations by clicking on the unsubscribe link provided in each email or by sending an email to contact@institutlouisbachelier.org

 

  1. HOW THIS PRIVACY POLICY MAY CHANGE

Our Privacy Policy may be amended from time to time to include new or different data privacy practices. In the event of a material change, a notice will be posted online.