Institut d'urbanisme et de géographie alpine

Preamble

The protection of your personal data is a core concern for Université Grenoble Alpes, which is committed to constantly improving its compliance with Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, the General Data Protection Regulation or ‘GDPR’ and Law No. 78-18 of 6 January 1978 relating to data processing, files and freedoms in its consolidated version (hereinafter, the ‘Data Processing and Freedoms Law’).

Consult the cookies policy

The purpose of this personal data protection policy is to inform people whose data is processed by the Université Grenoble Alpes in a concise, transparent, comprehensible and easily accessible manner about the nature of the processing and their rights concerning their data.

Data controllers

The Université Grenoble Alpes, represented by its President as data controller, determines the purposes and means of the processing of personal data carried out within the University.
Address: Université Grenoble Alpes - 621 avenue centrale 38400 Saint-Martin-d'Hères

What data do we process and why?

Université Grenoble Alpes processes your personal data as part of the administrative and educational management of students and applicants.
This processing is compulsory and relates to the public interest mission of higher education and research, compliance with legal obligations or the consent of individuals.

The university also carries out optional processing (such as surveys) as well as processing for statistical and management purposes.

Who processes your data? Who accesses your data?

Depending on the purposes, the following departments are authorised to process your data: (for example) HR Department staff, local HR managers (in components, laboratories, central departments, etc.); staff managers and line managers; staff representative bodies; other departments with functional or operational authorisation.

The Université Grenoble Alpes may transfer your personal data to third parties, in particular to its institutional partners such as the Centre régional des œuvres universitaires (CROUS), the relevant ministries, the DGFIP, the rectorat and other contractual partners or sub-contractors.

How long will your data be kept?

Personal data is kept for as long as is necessary to achieve the purposes for which it was collected and/or for as long as required by law or regulation.
In this respect, the University complies in particular with the provisions of the instruction ‘DAF DPACI/RES/2005/003 of 22 February 2005 on the sorting and conservation of archives received and produced by services and establishments contributing to national education’.

How is your data secured?

The university has defined technical, legal and organisational measures to protect your data appropriately according to its nature and the extent of the processing.

These measures comply with the Université Grenoble Alpes Information System Security Policy (PSSI), which is in line with that of the French government.

Transfers of your personal data outside the European Union

Paragraph below to be personalised (if there is no transfer, also inform them):
In the context of student mobility, your personal data may be transferred outside the European Union. In this case, the university will ensure that the data is processed in compliance with the laws applicable to the protection of personal data, in particular by signing standard contractual clauses and taking additional measures. If these conditions are not met, your consent will be requested.

What are your rights and how can you exercise them?

The university processes your personal data as part of their duties and, in accordance with the RGPD, you have the following rights:

• the right to be informed
• right of access,
• right of rectification.

And, depending on the processing and its legal basis : 

• the right to restrict processing,
• the right to data portability,
• right of objection or deletion if your data is used for other purposes not covered by a legal obligation, or if it is not subject to a legal retention period,
• the right to withdraw your consent,
• and you may define post-mortem directives relating to your data.

You can exercise your rights by contacting the shared Data Protection Officer:
Email address: dpo@grenet.fr
Postal address: Protection des données - DPO - Direction des Systèmes d'information mutualisés, Domaine universitaire, 31, rue des mathématiques 38400 Saint-Martin-d'Hères.

You also have the right to lodge a complaint with the CNIL:
https://www.cnil.fr/fr/plaintes

Changes to the personal data protection policy

This privacy policy is subject to change in line with legislative and regulatory developments.