Privacy Policy

1. Collected Data

The LMF registration platform collects the following data:

• Personal Data: Name (first name, last name, display name), professional email, emergency contact, backup email, office number, phone number.
• Professional Data: Status (faculty, administrative or technical staff, doctoral students, interns), role (department head, administrator, etc.), employer or home institution, ORCID ID, HAL ID.
• Research Activity Data: Membership in research groups, participation in joint project teams with Inria, affiliation with the Department of Computer Science (DER Info) at ENS Paris-Saclay.
• Security-Related Data: MAC addresses, SSH keys.
• Profile Picture and Consent: Depending on the user category. (Short-term visitors and interns are not invited to provide a profile picture or associated consent.)

2. Purpose of Data Processing

The collected data is processed for:

• Access to buildings: Issuance of access badges.
• Access to computing resources and mailing lists: User account creation for access to services (email, cloud, GitLab, web, intranet) and subscription to internal mailing lists.
• Administrative management of staff and visitors: Tracking arrivals and departures, maintaining directories and organizational charts, organizing professional elections, internal communication, and monitoring research and teaching activities.

3. Legal Basis for Processing

Data processing is based on:

• The legitimate interest of LMF in ensuring the proper operation of its administrative, scientific, and technical activities.
• The execution of contractual or pre-contractual obligations related to hosting and working with the concerned individuals.
• Legal obligations related to human resources management and security.

4. Data Retention Period

Data is stored on a dedicated virtual machine within a secure cluster, with restricted access to administrators. It is retained for the duration of the user’s affiliation with the laboratory, plus:

• Permanent staff: 5 years.
• Temporary staff, doctoral students: 2 years.
• Visitors and interns: 2 months.

5. Data Sharing

Data is shared only with the administrative managers of partner institutions to which the user is affiliated:

• Administrative manager and LMF administrators: Access to all data.
• Administrative services of supervisory institutions: Restricted access (identity, institutional data, email, and phone).
• Administrative services of the hosting institution: Restricted access (identity, institutional data, email, phone, location).
• Inria AER: For members of joint project teams.
• Administrators of DER Info at ENS Paris-Saclay: For members of the DER Info list.

6. User Rights

In accordance with the GDPR, users have the following rights:

• Right of access, rectification, and deletion of personal data.
• Right to restrict processing, particularly in case of data accuracy disputes.
• Right to data portability: access to a structured and readable copy of data and transfer to another organization if requested.
• Right to object to data processing for legitimate reasons.

Users can access and modify their data via the management interface: https://register.lmf.cnrs.fr. Requests to delete non-mandatory data should be sent to register@lmf.cnrs.fr.

7. Data Security

The following measures are in place to ensure data security:

• Assignment of a unique identifier to each user.
• Implementation of access control profiles and restrictions.
• Logging system for tracking access and modifications.
• Regular backups and data synchronizations.
• Monitoring and limiting network traffic to the strictly necessary.

Data is stored on a dedicated server. A formal IT charter has not been established yet.

8. Contacts

• Legal representative: Patricia Bouyer, Director of LMF: bouyer@lmf.cnrs.fr
• Technical contact: Dietmar Berwanger, Infrastructure Manager: dwb@lmf.cnrs.fr