The General Data Protection Regulation (GDPR) came into force on 25 May 2018. Mathdoc’s website must therefore comply with Directive 2016/679 of the European Parliament. Mathdoc implements processes and measures to ensure optimal data protection and minimise data collection.
Owner and controller
Mathdoc – Support and Research Unit 5638
Centre National de la Recherche Scientifique / Université Grenoble Alpes
Domaine Universitaire de Saint-Martin d’Hères
150, rue de la Chimie
38058 Grenoble Cedex 9
Data and processing
« Personal data refers to any information relating to a natural person who is identified or who may be directly or indirectly identified by reference to an identification number or to one or more factors specific to the natural person. All the means of identification available to the data controller or any other person must be considered in order to determine whether a person is identifiable ».
Personal data processing
« Data processing » means any operation or set of operations performed on personal data, regardless of the process used (collection, recording, organisation, preservation, adaptation, alteration, retrieval, consultation, use, communication by transmission, dissemination or otherwise making it available or through reconciliation).
Source: Article 2 of Law No. 78-17 of 6 January 1978 on data processing, files and liberties.
Why process personal data ?
The Mathdoc website is required to disseminate personal information about Mathdoc teams and employees (Mathdoc staff, members of its Scientific Council, etc.): first and last name, affiliation, email address. The information collected is entered voluntarily by users when they perform an action (login, browsing the website, downloading, etc.).
Logs are also collected and saved to analyse server behaviour and possible malfunctions. The following data are recorded in the logs: IP address, date, request made (in the form of URL), browser type and status of the response.
Types of processing
The types of processing carried out are data collection, recording, storage and destruction. Mathdoc stores the IP address to manage website operations and security with event logging. This obligation to retain traffic data is imposed by the French law of 2001 on everyday security, the anti-terrorism law of 2006, and law no. 2009-1311 on the criminal protection of literary and artistic property on the internet, known as “HADOPI 2”.
Mathdoc does not trade user data. Mathdoc’s IT department processes this data. They may also be transferred to third parties if required by law. Mathdoc also implements a variety of security measures to preserve the integrity of users’ personal information. The computers and servers used to store personally identifiable information are kept in a secure environment.
Logs are kept for 12 months:
- 3 months as recent archives
- 9 months as intermediate archives
Users may exercise their rights pertaining to their personal data processed by Mathdoc and make the following requests:
- Change or deletion of their login data
- Change or deletion of their personal data published on the Mathdoc website