Your data

CHIMIREC agrees that the processing of your data complies with the General Regulations on Data Protection (GPDR) and the Data Protection Act.

The purpose of this article is to list all the data that CHIMIREC has to process, whether personal or not.

1- The processed data

The information collected through this site is exclusively for the owner, none of this information will be sold or communicated to a third party.

In accordance with the provisions of the law n ° 78-17 of January 6th, 1978 relative to the computing, the files and the liberties, you have a right of access, rectification, modification and suppression concerning the relative to you.

For this you can contact us either:

COLLECTED DATA

Contact form

  • Purposes of data processing
    • Respond to requests and messages from site visitors
  • Categories of data processed
    • Email addresses
    • Name
  • Categories of people
    • Website visitors
  • Recipients of the data
    • CHIMIREC
  • Data transfers outside the EU
    • No information will be transmitted to a third party outside the European Union
  • Duration of the conversation
    • These data are kept without limit of duration

SERVERS LOGS

The following data is collected for the purpose of ensuring the proper functioning of the website and our mailboxes.

  • web server :
    • date / time of connection
    • address of the requested resource (page / image / ...)
    • IP address
    • software used ("user agent")
    • technical data: protocol, standard, type of request, answer returned, weight of data ...
  • mail server :
    • date / time of connection (sending and receiving)
    • the address (es) mail
    • IP address
    • technical data: protocol, standard, type of request, answer returned, result of anti-spam and anti-viral analyzes, server-to-server connection data ...

COOKIES

  • A session ID cookie: PHPSESSID
    Created by Apache, it temporarily identifies a unique user.
  • A load balancing cookie: SERVERID
    Created by HAProxy, it improves navigation (availability, speed) on the website.
  • Analytics measurement cookies ("analytics"):
    • _pk_ses.xxx
      Created by Piwik (1), it temporarily identifies a single user for the purpose of generating statistics of site visits.
    • _pk_id.xxx
      Created by Piwik (1), it distinguishes new visitors from regular visitors in order to generate statistics of site visits.
  • Persistent cookies customizing the user interface:
    • X_LANG
    • Created by CHIMIREC, it stores the language used by the user.
    • X_LAST_VISIT
    • Created by CHIMIREC, it allows to know the date of the last visit of a user.
  • Cookies tiers :
    • YOUTUBE
      Videos from YouTube can be embedded on some pages of our websites.
      If the user decides to view them, cookies will be placed on his terminal, which we warn him beforehand.
      The number of cookies uploaded by YouTube varies, but almost all of them have a lifespan of one year or more.
    • GOOGLE MAPS
      The dynamic mapping service (usually used on the contact page) is provided by Google Maps.
      If the user decides to view them, cookies will be placed on his terminal, which we warn him beforehand.
      The number of cookies uploaded by Google Maps varies but almost all of them have a lifespan of one year or more.

2 - The security measures of the stored data

Detailing all the security measures is almost impossible but here is a non-exhaustive list of these:

  • Weekly anti-viral analysis of our website
  • Anti-spam and anti-viral analysis of incoming and outgoing mails
  • Strong encryption of the words of our passwords
  • Restricted access rights on files
  • "Lesser privilege" firewall rules
  • HIDS (automatic blocking of attackers / suspicious behavior / after too many authentication failures).
  • Encrypted and remote backups on another server and in another datacenter
  • Watch out for security breaches of our tools and on bulletins issued by CERTFR
  • Watch on the good practices and recommendations of the ANSSI
  • Isolation of websites and tools
  • ...

3 - Data retention period

Data type DUA data type (Administrative useful life)
Contact form These data are kept without limit of duration
SERVEURS LOGS Mandatory legal duration: 13 months
COOKIES
PHPSESSID expires at the end of the session
SERVERID expires at the end of the session
_pk_ses.xxx expires at the end of the session
_pk_id.xxx 13 months
X_LANG 1 year
X_LAST_VISIT 1 year

(1) Piwik is a free and open source software for statistical measures for websites, Piwik is an alternative to Google Analytics.
Piwik / Matomo is configured to anonymize the data it collects.

(2) In computer and telecommunications, a session is a period during which a computer device - here your computer - is in communication with a server - here our server.
Once your connection is interrupted (disconnection of the site, closing of the browser, ...) your session is closed.