Skip to main content
Home

Privacy Policy






Immerscio Platform’s Privacy Policy


Last update : January, 2023

Download PDF


Introduction


The BIOTECH EDUCATION DIGITAL PLATFORM is particularly concerned about the privacy and personal data of its visitors, clients and users of its proposed training courses.

SAS PLATEFORME DIGITALE D'ÉDUCATION BIOTECH, a simplified joint stock company under French law, registered in the Créteil Trade and Companies Register under the number 893 358 341 whose head office is located at 46 avenue de la Grande Armée, Paris 17ième, France, is the controller of your personal data.

SAS PLATEFORME DIGITALE D’ÉDUCATION BIOTECH uses the following web hosts:

  • For the (public website): hosted by SAS HOPSCOTCH whose head office is located at 23 rue Notre Dame des Victoires, 75002 PARIS;
  • For the (Immerscio learner website): hosted by the company IBM France whose head office is located at 5 Avenue du Général de Gaulle, 92160 ANTONY;
  • For the (client and administrator website): hosted by the company Microsoft whose head office is located at 37 Quai du Président Roosevelt 92130 ISSY- LES-MOULINEAUX.

We wish to establish a relationship of trust by processing your data in a lawful, fair and transparent manner. SAS PLATEFORME DIGITALE D’ÉDUCATION BIOTECH therefore complies with the data protection framework implemented by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, “GDPR”) as well as Law No. 78-17 of January 6, 1978 relating to data processing, files and freedoms known as the “Data Protection Law.”



1. Definitions

The BIOTECH DIGITAL EDUCATION PLATFORM (“Platform”) broadly refers to the websites belonging to SAS PLATEFORME DIGITALE D’ÉDUCATION BIOTECH.

The Campus (“Campus”) refers to the personnel managing the Platform websites.

The purpose of this Privacy Policy (“Policy”) is to describe the standards put in place by our Platform to comply with the regulations in force on data protection.

In accordance with Article 4(1) of the GDPR, we consider the following definitions:

  • Personal data (“Personal Data”) is defined as any information relating to an identified or identifiable natural person;
  • Processing (“Processing”) refers to “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”


2. Categories and purposes of collected data


We collect data about you when you interact and access our services. Required fields are marked with an asterisk* because they must be filled in, otherwise you will not be able to access the requested service.

The various categories of data collected will depend on your interactions with our Platform as well as the features you use. Your Personal Data will not, under any circumstances, be processed for purposes other than those mentioned below. In accordance with Article 15 1. (a) and (b) of the GDPR, the different categories of Personal Data collected via our Platform, depending on your category of use, are:

  • When you are a simple visitor to the learner website (Immerscio) or to the Client/Client administrator website

During a simple visit, no Personal Data is expressly requested.

Only Personal Data related to access* to the website (IP address, date and time of visit, quantity of data transferred and access provider) will be collected by tracers. The access data, which is strictly necessary, will be used for the sole purpose of ensuring the proper operation of the websites and improving the performance of our content.

For more information, please refer to Section 7 Cookies.

When you visit our public website Immerscio.eu, please refer to the Privacy Policy of our service provider HOPSCOTCH to find out which cookies are used.

  • When you create an account on the client and Client Administrator website and or Immerscio.eu

When you use our Platform by creating an account and accessing the training courses, the different categories of data collected are:

For the client account (company or school):

  • Identification data (client account name*, client account contact email*) to identify and authenticate the client to Campus services;
  • Authentication data (Username* and password*) to access the client account;
  • Contact information (client address* and billing address*) to bill the client for services;
  • Order information to confirm the order and invoice the client ;
  • Company information (company name*, registration number (“Siret”)*) to directly identify the client to Campus services.

This data can be collected directly from the client (when registering) or indirectly by the Campus (when validating the new client account).

For the Client Administrator account (HR or training manager):

  • The identification data (title, surname*, first name*) for the creation of the MSD account on the client portal and the identification of the Client Administrator who initiates a registration or an order ;
  • Authentication data (Username* and account password*) to access the Administrator account;
  • The contact details (email* and telephone number of the Client Administrator) for creating the MSD account and contacting the Client Administrator.

This data is collected when the Administrator creates his/her Client Administrator account.

For the learner's account:

  • Identification data (title, surname*, first name*) to create the training agreement, the training certificate, certificate of successful completion and the personalized profile;
  • Authentication data (Username* and account password*) to access the learner account;
  • Contact information (email*, telephone) for creating an AD account and accessing the LMS;
  • Learner category (student or employee) for legal reasons and legitimate interests;
  • Learner skill levels and scores (beginner, intermediate, advanced, progress and percentages completed, scores and dates of access and completion) for issuing attestations or certifications.

This data is collected when the Client Administrator enrolls a learner or when the learner accesses their learner account.

  • Learner skills prior to enrollment (skill level in key areas) to determine the learner’s skill level in their profile and to tailor the training accordingly;
  • Learner's skills during the training (skill level areas for a given course theme or for a given occupation) so that the learner can follow his or her skill level and its progress;
  • Learner training test results (test results for each module and course as well as the rate of progress of the assigned courses) to ensure proper monitoring of the training and to certify or not the learner’s success.

This data is collected when the learner completes the training course.

  • When you interact with our services through the contact form, sending an email, or course evaluation, your surname, first name, email address and additional information you provide may be collected in order to respond to your expectations and our requests.

SAS PLATEFORME DIGITALE D’ÉDUCATION BIOTECH does not collect any sensitive data as outlined in Recital 51 of the GDPR and limits its collection of Personal Data to the strict minimum in an effort to minimize data.

We do not target the collection of Personal Data from minors (under 18 years old) and the features of our Platform are strictly reserved to adults having received prior authorization, through registration by an Administrator account. If you are a minor, please do not use our Platform, and, if applicable, do not communicate any Personal Data through it.

Collected Personal Data is strictly reserved for the use of the data controller (SAS PLATEFORME DIGITALE D’ÉDUCATION BIOTECH and its service providers to access the services offered by our Platform.



3. Legal basis for Processing Personal Data


The lawfulness of Processing Personal Data is based on the legal grounds of Article 6 of the GDPR.

First, the Processing of compulsory Personal Data* is necessary for contractual performance, to meet our commitments to create a client/Administrator accounts client/learner accounts, to make training courses available, to access the websites, to invoice and to grant certifications and attestations following the completion of our training courses.

Further, it is based on the legal obligation, to which we are bound, to issue certifications and attestations based on your results in the modules and training courses.

It is also based on the legitimate interest we have in depositing cookies on your computers when you access our websites reserved for the client/Administrator client and learner accounts.

Finally, it is based on your consent to the collection of non-mandatory Personal Data (not marked with an asterix*). Your consent is obtained when you accept this Policy, as well as when you create your account, by performing a clear positive act by filling in your Personal Data in the fields reserved for this purpose. You can withdraw your consent at any time by following the instructions in Section 9 Contacting Us. Any withdrawal of consent to the Processing of Personal Data governed by this legal basis will result in the termination of the Processing and the associated services, as well as the deletion of the data concerned.



4. Retention of Personal data


We keep your Personal Data in a form that allows your identification for no longer than is necessary to achieve the desired purpose, in accordance with Article 5 e) of the GDPR. Thus, the Personal Data related to the client/administrator client/learner account will be kept up to 3 years (or 36 months) after the last connection to the account before being anonymized.

We are committed to anonymizing and securing all Personal Data retained for statistical purposes, limiting further Processing to what is strictly necessary.

With the exception of the Personal Data contained in the certificate of successful completion, which will be kept for archival purposes, for a period of time consistent with legal obligations. The subsequent conservation of your data is lawful when it is based on one of the following grounds: your consent to a subsequent use, the exercise of a right to freedom of expression and information, the respect of a legal obligation, the execution of a mission of public interest or falling under the exercise of public authority, for reasons of public health interest, for archival purposes, for scientific/historical research, as well as the establishment, exercise or defense of legal rights.

Technical cookies will be deleted at the end of your browsing (session) or at the latest ninety (90) days after your visit. For more details, please see Section 7 Cookies.



5. Sharing and transfer of collected Personal Data


In order to provide you with quality services, we work together with various companies, engaged as service providers, thus acting as processors, within the meaning of Article 4 (8) of the GDPR.

Currently, we do not carry out any Processing of Personal Data involving a transfer outside the European Union (EU). All of our subcontractors thus host Personal Data held within the EU.

In the event that we need to transfer Personal Data outside the EU, we will implement one of the following safeguards: either Standard Contractual Clauses (SCC) or Binding Corporate Rules (BCR); or a code of conduct or certification, if the transfer does not fall under one of the derogations in Article 49 of the GDPR.

Your Personal Data is processed, shared and stored with our processors who act on our behalf and for our account:

  • Microsoft (MSD Sales) for all data related to the client account, with respect to order management and payment;
  • Microsoft (MS Active Directory) and IBM (LMS) for the Client Administrator’s identification and contact data, in relation to order management and payment;
  • Domoscio for learner skills before and during the training, with regard to training management;
  • IBM (LMS) or ATOS (Dream Cask) for test results and progress rates according to the test modalities (3D/VR) with regard to training management;
  • BearingPoint for access to the Platform websites, regarding management and monitoring of the technical aspects of our Platform.

The results of the learner’s progress will be communicated to the Client Administrator for the proper monitoring of the learner’s progress and the prevention of dropouts.

The Platform may be required to disclose your Personal Data to comply with applicable laws or a request from the courts (legal obligations), to enforce the GTCU of services, to respond to claims of infringement of third-party rights, to protect the rights or interests of our Platform.



6. Security


Our Platform undertakes to implement all technical and organizational measures to ensure the security (availability, non-repudiation, integrity and authenticity) of your Personal Data during their Processing. Among other things, we have put in place measures for the traceability of your data, software protection measures, data backup, data encryption, and access control of personnel to data.

With regard to our partners, we only deal with subcontractors providing sufficient guarantees as to the implementation of appropriate technical and organizational measures to guarantee the security of your Personal Data. Our relations are strictly governed by a legal act, in accordance with article 28 of the GDPR.



7. Cookies


During your visit our Platform uses tracers similar to small text files directly recorded on the browser of your terminal called “cookies.”

We only use so-called “strictly necessary” cookies whose sole purpose is to enable electronic communication and access to and improvement of our services. For example, the cookies used concern geolocation and terminal identification, tracers intended for authentication with a service, tracers for personalizing the user interface and tracers for audience measurement. The audience measurement cookies allow us to respond in particular to the detection of navigation problems, optimization of technical performance or ergonomics or to analyze the use of the service with the legal basis of our legitimate interest.

Here is the list of cookies we use:

Plateform Cookie Name Description Necessary Cookie Length
Site Apprenant Comprehend (IBM) MoodleSession You must enable this cookie in your browser to ensure continuity and maintain your connection from one page to another. Used by the anti-forgery system. check Session
Site Client/ AdminClient
(Microsoft Dynamics) 		__RequestVerificationToken Utilisé par le système antiforgery. check Session
.AspNet.ApplicationCookie Used to identify user sessions. A user session starts when a user visits the portal for the first time and ends when the session is closed. Authentication Website Settings can be used to change the session expiration time. check Session
adxPreviewUnpublishedEntities Stores the preview mode ON/OFF used in the classic CMS system for portal administrators. check Session
adx-notification Used in basic form actions to store the alert message to be displayed on redirection. check Session
ARRAffinity Added automatically by Azure websites and ensures that the load of requests is balanced across websites. Does not store any user information. check Session
ASP.NET_SessionId Used to keep a user logged in to avoid repeated login. check Session
ContextLanguageCode Stores the default language of the user accessing the portal in a session and on web pages. check Session
Dynamics365PortalAnalytics Essential service cookie to analyze the use of the service in an anonymous and aggregated way for statistical purposes. check Plus de 90 jours
isDSTObserved Stores a value to indicate if the current time is in daylight saving time. check Session
isDSTSupport Indicates whether a specified date and time are within the daylight- saving time range. check Session
timeZoneCode Stores the timezonecode field value from the CRM Time Zone Definition table for the current time zone. check Session
timezoneoffset Stores the time zone difference between UTC and local browser time. check Session
Domoscio (self- assessment and anchoring platform for the learner, integrated with Comprehend) _LMAR2_session User session management check Session


8. Data subject’s rights


In accordance with Articles 15 to 22 of the GDPR, you have a permanent right of access, rectification and erasure, objection, portability and a right to restrict the Processing of Personal Data concerning you. You also have a right to refuse to be subject to automated decision-making, including profiling when based exclusively on automated decision-making. The exercise of these rights may be limited by legitimate and/or compelling reasons, as well as by legal provisions.

9. Contacting us


To exercise these rights or for any request concerning the Processing of your Personal Data carried out by SAS PLATEFORME DIGITALE D’ÉDUCATION BIOTECH, you can write to: DPO@immerscio.com. After verification of your identity, a response to your request will be sent to you within one (1) month, which may be extended up to three (3) months depending on the complexity of your request.

In case of an unsatisfactory response, you have the right to file a complaint with the French Commission Nationale de l’Informatique et des Libertés (CNIL) - 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07 - Telephone: +33 (0)1 53 73 22 22.



10. Modification of this Policy


We may change this Policy from time to time due to changes in applicable law or in an effort to improve our operations and offerings. We encourage you to check this page regularly for any updates.