Legal notice and privacy policy

Last updated: 2026-05-19. Compliant with GDPR (EU Regulation 2016/679).

1. Publisher

Institut du Numérique Responsable (INR)
Association Loi 1901
Université de La Rochelle, 23 avenue Albert Einstein - BP 33060 - 17031 La Rochelle - France
Phone: +33 5 46 45 83 71
Email: contact@institutnr.org

2. Publication director

Vincent Courboulay, Scientific Director.

3. Data Protection Officer (DPO)

For any question relating to the processing of your personal data or to exercise your rights:
Data Protection Officer
Email: dpo@institutnr.org

4. Hosting

The site is hosted by OVH SAS, 2 rue Kellermann, 59100 Roubaix, France.
RCS Lille Métropole 424 761 419 00045 - SIRET 424 761 419 00045
Phone: 1007
Website: www.ovhcloud.com

5. Site content and liability limitation

Through its website, INR provides users with various information and tools related to sustainable IT. INR accepts no responsibility for any errors or omissions, or for the results that may be obtained from the use of this information or the hyperlinks on its website.

Please report any significant errors or omissions to contact@institutnr.org.

6. Intellectual property

The GR491 content is made available under the Open Licence v2.0 — Etalab. The INR brand, logos and graphic elements remain the property of the Institut du Numérique Responsable.

7. Personal data collected

The GR491 site collects the following data:

Anonymised navigation data via Matomo (self-hosted analytics): pages visited, visit duration, visitor origin. IP addresses are anonymised before storage. No data is transmitted to third parties.
Session data for administrator accounts (login, hashed password). Used solely for authentication.
Technical session cookie (GR491SESSID): limited to the browser session, essential for site operation, exempt from consent.

No personal data is collected from non-authenticated visitors for commercial or advertising purposes.

8. Legal basis and purposes

Legitimate interest (art. 6.1.f GDPR): anonymised audience measurement to improve the service.
Contract performance / consent (art. 6.1.b and 6.1.a): contributor authentication.

9. Retention period

Anonymised Matomo statistics: maximum 13 months.
Session cookie: lifetime of the open browser.
Administrator accounts: duration of the mission, then deletion within 30 days.

10. Cookies and trackers

This site uses only the following cookies:

Technical cookie (GR491SESSID, tarteaucitron): essential, exempt from consent.
Matomo cookie: self-hosted audience measurement, anonymised IP, subject to consent.

You can at any time manage your cookie preferences or withdraw your consent.

Management solution: tarteaucitron.js. Measurement tool: Matomo self-hosted.

11. Your rights

Under the GDPR, you have the following rights regarding your personal data:

Right of access (art. 15 GDPR)
Right to rectification (art. 16)
Right to erasure (art. 17)
Right to restriction of processing (art. 18)
Right to portability (art. 20)
Right to object (art. 21)
Right to withdraw consent at any time

To exercise these rights: dpo@institutnr.org. We will respond within one month.

12. Complaint to a supervisory authority

If you consider, after contacting us, that your rights are not respected, you may file a complaint with your national data protection authority. In France: Commission Nationale de l'Informatique et des Libertés (CNIL) — www.cnil.fr/en/plaintes.

13. Embedded content from other sites

The pages of this site may include embedded content (videos, images, articles, etc.). Embedded content from other sites behaves as if the visitor were on that other site. These websites may collect data about you, use cookies, embed third-party tracking tools and track your interactions if you have a logged-in account on their site.

14. Security

Communications are encrypted via HTTPS (TLS). Passwords are hashed (bcrypt). Sessions use HttpOnly, Secure and SameSite=Lax cookies. A Content Security Policy (CSP) and HSTS, X-Frame-Options and Referrer-Policy headers are in place.