How is your personal data collected and how do we use it?

Registration forms and newsletter

The data you submit through our forms is emailed to the relevant departments. It is not stored on the website.

Statistics and audience measurement

We use two audience measurement tools:
• A first tool that is directly integrated into our website. The IP addresses of our visitors are anonymized and therefore not collected.
• We also use Matomo, an external web audience analysis platform. Matomo collects information anonymously (i.e. IP addresses are also anonymized) and generates reports on site activity.

Personal data privacy policy

INSA Toulouse primarily uses your personal data to support its training and research activities, as well as for external relations purposes.

“Personal data” refers to any information that can be used to directly or indirectly identify an individual.

French data protection regulations—by virtue of the January 6, 1978 Act on Data Processing, Data Files and Individual Liberties—are grounded on the principle that personal data processing must not infringe on the privacy and liberties of individuals. The GDPR—the General Data Protection Regulation, adopted by the European Parliament on April 27, 2016—was put into effect on May 25, 2018 in all member states of the European Union, updating the applicable legal framework.

The GDPR consolidates the rights of European citizens, providing them with greater control over their personal data and holding data processors accountable. This regulation aims to strike a balance between digital technology development and the safeguarding of privacy and individual liberties.

The main change introduced by the GDPR concerns the transition from a system of prior declaration of data processing to one based on responsibility and transparency.

In addition, new rights were added (e.g. right to restrict processing) to existing ones (rights of information, access to and rectification of personal data, right to object, withdrawal of consent, etc.).
As part of its longstanding concern for the protection of personal data, INSA Toulouse appointed a Data Protection and Civil Liberties Correspondent in April 2009.
To ensure compliance with the GDPR, INSA Toulouse has committed to implementing a policy designed to provide optimal data protection demonstrable through proper documentation.

As a first step, a Data Protection Officer was appointed to the CNIL (Commission Nationale de l’Informatique et des Libertés, the French data protection authority) on May 25, 2018 (designation number DPO-5697). The officer’s main duties include overseeing, informing, advising and cooperating with the CNIL. Serving as the point of contact, the officer can be reached at contact-dpo@insa-toulouse.fr.

Seeking to identify risks and to accurately measure the effects of the GDPR, a second step will entail generating a detailed list of data processing operations, defining for each of them:
• the objectives pursued;
• the categories of personal data being treated, along with the identification of particularly sensitive data;
• the internal and external parties involved;
• the origin of the data and its intended use, including mention of its transfer outside the European Union if applicable;
• how long is the information kept;
• applicable security measures; and
• the relevant legal basis (consent of the individual, legal obligations, contracts, etc.).
In compliance with CNIL recommendations, the implementation process includes the following stages:
• identification and prioritization of actions with regard to obligations and risks, according to a defined roadmap;
• conducting of impact assessment in the case of high-level risks;
• implementation of internal procedures;
• compilation and organization of the relevant documents.
An Expert Group—which will include the DPO—will prepare the roadmap for the implementation of the GDPR at INSA Toulouse, relying on intermediary contacts from the various services and departments. A communication and training scheme will be organized for INSA staff.

INSA Toulouse undertakes to:
• respect the principle of proportionality of the data processing operations in relation to the purposes;
• duly inform you about data processing operations that concern you;
• implement appropriate organizational and technical measures to ensure data availability, confidentiality and security;
• guarantee the exercise of personal rights;
• supervise personal data transfers;
• limit data retention while complying with legal archiving obligations;
• notify both you and the CNIL—depending on the risk—in the event of a data breach;
• contract with subcontractors to ensure that they conform to European regulations.
In accordance with the GDPR, adopted by the European Parliament on April 27, 2016, and the amended January 6, 1978 Act on Data Processing, Data Files and Individual Liberties, you are entitled to the rights of access to and rectification of personal data, right to object, withdrawal of consent, and limitation of data processing. If you would like to exercise any of these rights, please contact the DPO at mail and include a copy of your identity card.