Learn with FONDATION MERIEUX

Data controller and web hosting

Data Controller

The personal data is collected by the Mérieux Foundation, a foundation recognized as providing a public service under the French decree of December 7, 1976, having its principal office at 17 rue Bourgelat, 69002 Lyon, France.

The Data Controller responsible for personal data is Jean-Pierre Bosser.

The Data Controller may be contacted as follows:

• By post: 17 rue Bourgelat, 69002 Lyon, France
• By email: dataprivacy@fondation-merieux.org

Web hosting

The moodle.fondation-merieux.org platform is hosted by: EOLAS

Principles relating to the collection and processing of personal data

As the Data Controller, the Mérieux Foundation undertakes to collect, manage, protect, and store your data in compliance with national requirements and the requirements of EU Regulation 2016/679 known as the General Data Protection Regulation (GDPR).

In accordance with Article 5 of European Regulation 2016/679, personal data is:

• Processed lawfully, fairly, and in a transparent manner in relation to the data subject.
• Collected for specified, explicit, and legitimate purposes (see Article 3.1 of this document), and not further processed in a manner that is incompatible with such purposes.
• Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
• Accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
• Kept in a form that permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
• Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

Processing is lawful only if and to the extent that at least one of the following applies:

• The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
• Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Processing is necessary for compliance with a legal obligation to which the Data Controller is subject.
• Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.
• Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require protection of personal data, in particular where the data subject is a child.

Personal data collected and processed when browsing the website

When you use our website, the following data is automatically collected with your consent:

• IP address
• Logs (deleted daily)

Other personal data may be collected for the following purposes:

• Sending newsletters: identification data (email address)
• Operating a contact form: identification data (title, last name, first name, email address)
• Operating a grant application form: identification data (title, last name, first name, contact details, email address, CV)

These details are kept by the Data Controller under reasonable security conditions for a period of three years.

The Data Controller may retain certain personal data beyond this limit in order to meet its legal or regulatory obligations.

In the context of the processing of your data detailed above, you may receive communications from the Mérieux Foundation, from which you may unsubscribe by following the link at the bottom of the email or by sending an email to dataprivacy@fondation-merieux.org.

If you have any other questions not related to the processing of your personal data, please send an email to contact@fondation-merieux.org.

Security of personal data

The Mérieux Foundation takes the necessary precautions (including administrative, technical, and organizational measures) to protect your Personal Data against loss, theft, and fraudulent use, as well as against any unauthorized access, disclosure, alteration, or destruction of Personal Data.

Although security measures are applied to the Personal Data we collect, we must draw your attention to the fact that the transmission of data over the Internet (including by email) is never completely secure.

Rights of natural persons

Any user whose personal data is processed may exercise the following rights in application of European Regulation 2016/679 and French Data Protection Act (Law 78-17 of January 6, 1978):

• Right of access, rectification, and erasure of data (set out respectively in Articles 15, 16, and 17 of the GDPR).
• Right to data portability (Article 20 of the GDPR).
• Right to restriction of processing (Article 18 of the GDPR) and right to object to processing (Article 21 of the GDPR).
• Right not to be subject to a decision based solely on automated processing.
• Right to determine what happens to their data after their death.
• Right to lodge a complaint with a supervisory authority (Article 77 of the GDPR).

To exercise these rights, please write to:

Fondation Mérieux

For the attention of the Legal Department:
17 rue Bourgelat, 69002 Lyon, France

Or send an email to: dataprivacy@fondation-merieux.org

In order for the Data Controller to comply with the user's request, the user may be required to provide certain information, such as their first and last names, email address, and account, personal space, or subscriber number.

Terms and conditions of changes to the Privacy Policy

The website's publisher (www.fondation-merieux.org) reserves the right to modify this policy at any time in order to ensure that users of the website comply with the legislation in force.

Any changes will not affect purchases previously made on the website, which will remain subject to the policy in force at the time of purchase as accepted by the user when confirming the purchase.

Users are invited to familiarize themselves with this policy each time they use our services, without having to be formally notified.

This policy, published on June 8, 2017, was updated on April 28, 2025.

Cookies

What is a cookie?

A cookie is a small text file that is placed on your device (such as your computer) by a website.

Why does the Mérieux Foundation use cookies?

The Mérieux Foundation uses cookies for statistical purposes and to offer video content.

What types of cookies does the Mérieux Foundation use?

The Mérieux Foundation uses third parties to analyze the use of the website.

An overview with more information about the analytical cookies placed in the browser, as well as the mandatory cookies, is provided below:

Cookie name	Time to expiry	Description	Supplier
_ga	2 years	Used to distinguish between users	Google
__utma	2 years after installation or update	Used to distinguish between users and sessions. The cookie is created when the Javascript libraries are executed if the __utma cookie does not exist yet. The cookie is updated each time data is sent to Google Analytics.	Google
__utmb	30 min. after installation or update	Used to identify new visits. The cookie is created when the Javascript libraries are executed if the __utmb cookie does not exist yet. The cookie is updated each time data is sent to Google Analytics.	Google
__utmc	End of browser session	Not used in ga.js. Historically, this cookie was used in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.	Google
__utmz	6 months after installation or update	Records the source of traffic or of a campaign to find out how the user arrived on the website. The cookie is created when the Javascript libraries are executed and updated each time data is sent to Google Analytics.	Google
__utmv	2 years after installation or update	Used to store custom variable data about a visitor. This cookie is created when a developer uses the _setCustomVar method with a variable customized at visitor level. This cookie was also used for the _setVar method, which is now obsolete. The cookie is updated each time data is sent to Google Analytics.	Google

How to block and/or delete cookies

If you do not want the website to place cookies on your computer, you can block and/or delete cookies using your browser settings. Instructions on how to block and/or delete cookies for the most commonly used browsers can be found below:

• Internet Explorer
• Chrome
• Firefox
• Safari

If you have blocked all or certain cookies, the website may no longer function properly or you may not be able to access certain parts of the website.

Hyperlinks

The Mérieux Foundation website may contain links to other websites, which are mostly official websites. These web pages are not part of the Mérieux Foundation web portals and the Mérieux Foundation is not responsible for their content.

We recommend that you consult the personal data protection policies of these websites, as their terms and conditions may be different from those of the Mérieux Foundation. The Mérieux Foundation may never be held liable for any processing of your personal data by these other websites.

Contact

If you require any information about the Mérieux Foundation's personal data protection policy, please send a request by email to the following address: dataprivacy@fondation-merieux.org.

Changes

This privacy policy may be updated or changed, particularly to reflect changes in legislation and/or regulations. We therefore invite you to visit this page regularly to stay informed of how we protect your personal data.