August 2022 | V1.1. (EN)
- Use the Website;
- Create a personal account;
- Access to services of the Website (posting and responding to service offers…), hereinafter referred to as the “Services”;
- Create a professional profile;
- Receive emails and technical notifications;
- Be in contact with JTI’s Administrator (contact form and assistance, request or receive information, management of requests relating to your rights to the protection of personal data…).
Please note that mandatory fields are marked up in the form with an asterisk (*).
Reporters sans Frontières, located at CS 90247, 75083 Paris Cedex 02, France, in its capacity as Controller, is committed to collect and process the User’s personal data in a fair, lawful and transparent framework, complying with the General Data Protection Regulation (EU) dated April 27, 2016 – n°2016/679 (known as “GDPR”) and the French Data Protection Act dated January 6, 1978, amended, n°78-17 (known as “Loi Informatique et Libertés”; website only available in French).
The present Policy describes how we process your personal data. It explains the type of personal data we could request and collect about You, how we use them, with whom we share them, and your rights over your Data.
Definitions provided at GDPR article 4 are applicable to the present Policy. The GDPR specifies that it shall be intended by personal data: “any information relating to an identified or identifiable natural person”.
2. Legal information and contact of the Controller
Reporters sans Frontières is the data Controller of personal data processed under this Policy, it is an association located at CS 90247, 75083 Paris Cedex 02, France.
The Journalism Trust Initiative is an initiative of Reporters Without Borders and is also an international standard (self-regulatory mechanism) promoting trustworthy journalism.
User can contact the Controller by writing:
- By post, to: Reporters sans Frontières, JTI-campus, CS 90247, 75083 Paris Cedex 02, France, or,
- By Email, to: firstname.lastname@example.org
About all the legal information and notices of the Website, please refer to the ‘Legal notices’ page.
3. Legal basis to process the Data
The first legal basis to process the Data is the article 6, § 1, point a) of the GDPR, i.e., the consent of the User, when User is providing personal data or any other consent (cookies).
User is free to withdraw consent at any time.
Or when User agrees to functional cookies (such as Matomo, web analytics service) by removing the check mark (service automatically disabled at first use), User agrees to collection of Data.
The second legal basis to process the data is the article 6, §1, point f) of the GDPR, i.e., the legitimate interests pursued by the Controller, with regard to certain strictly necessary cookies essentials to the technical operation of the Website and to provide the basic features of an online communications service. This process is required to make the Website available.
The third legal basis to process the data is the article 6, §1, point c) of the GDPR, i.e., compliance with legal obligation (such as the article 82 of the French Data Protection Act), with regard for example to certain necessary cookies required to provide a functional Website (consent collection by Usercentrics Consent Management Platform), and logging data (by the website’s programmer and technical administrator, the company Active Value), etc.
4. Personal data collected
Generally, the Website is collecting User identification data, data relating to the management and security of the personal account, data relating to the communication between the User and the Website, also login data, and data collected by cookies.
A. Data provided with consent by User to "jti-campus.org"
Mandatory fields are marked up in the form with an asterisk (*).
In order to be connected to the Website, you must create a personal account by choosing a status (individual journalist or coach or service provider) or, by using the last ‘Media outlet or Legal entity’ tab in case you already have an account on jti:app.
Data requested to create a personal account: Personal data you must fill in to create your private account, through the registration form.
For a ‘Individual journalist account’ we ask User to provide the following elements: title, first name, surname, country of residence, a valid email address (a different email address is required for each created account), and to set up a secure password of 12 characters minimum.
For a ‘Coach account’ we ask User to provide the following elements: title, first name, surname, a valid email address (a different email address is required for each created account), a complete postal address, a phone number, and to set up a secure password of 12 characters minimum.
For a ‘Service provider account’ please note that, at first, You will have to contact us in order to create your Service provider account. Then, we ask User to provide the following elements: name of Service provider, complete postal address, country, phone number, and title, first name, surname, a valid email address as a contact person (a different email address is required for each created account), and to set up a secure password of 12 characters minimum. And the website address of the Service provider, the service language and contact language and a short description about your organisation.
Please note that the email address used to create the personal account will also be used to receive technical notification necessary for the operation of the Website.
Data requested to contact the Help Desk or the Website without a personal account: Personal data needed to fill in the contact form: title, first name, surname, a correct email address, and the message to the Website.
Data requested in case of password forgotten: User has to fill in the email address.
Data possibly sent to the Website in order to use the ‘Marketplace’ Services: Personal data User agrees to share through the Website. For instance, data to create an online professional account, to answer to a professional service offer, or to post a service offer.
Data requested to manage a User rights request (see chapter 10): Necessary personal data requested to answer to a request relative to User’s rights (User must detail the data concerned by the request and attach a copy of a signed and valid ID).
Personal data of third parties: if You need to provide personal data of third parties to the Website or through the Website, You have to be certain of the prior consent of third parties concerned.
B. Logging data of the Website
Usage data (or logging data) and browsing data, such as Internet Protocol address (known as “IP”), connection and usage logs, are automatically collected on the Website when the User accesses the Website.
These data are recorded in order to facilitate User’s actions, to diagnose any problem regarding the server, to alert and protect against computer fraud (spamming, hacking…) and to improve the management of the Website.
The retention of logging data (accessibility, browsing…) is an essential tool for compliance with the principle of security of personal data processing provided for in both GDPR and French Data Protection Act.
These Data are collected for the sole purpose of ensuring the proper functioning and continuous improvement of the Website, the Services and its functionalities.
These data will be retained for a maximum period of 13 months from the moment you provide them, and they are accessible only to our management and IT team.
C. Cookies and other trackers
By visiting the Website, the User is informed that cookies and other trackers will be set on the laptop, the mobile phone or the tablet used for, through a pop-up (provided by Usercentrics GmbH) entitled ‘Privacy settings’.
Cookies or trackers, are text files which are downloaded from a server to the User’s device (laptop, tablet, or mobile phone) and linked to a website. These files are automatically sent back to the browser when User enters a website and saved for the next visit.
Cookie is a sort of a « bookmark » within the Website, with the purpose for instance to collect information relating to your use of the Website and to improve the performance of our Services, to send you services adapted to your digital tool or to target your preferences.
Thereby, cookies are essential to enable you to use the Website, and some others allow optimisation or personalisation of the content you will see online. But cookies cannot identify a User.
Distinctions between different categories of cookies and settings
The Website jti-campus.org sets technical cookies necessary to the browser and the basics functions of the Website (known as “essential cookies”) and requests third parties services, which can also set complementary cookies (known as “functional cookies”).
In the cookies’s pop-up collecting your consent, You can have access and read the details of any cookies in the section ‘services’.
If You are not making a choice, non-essential cookies to access to the Services could not be downloaded in your browser.
The Website uses technical cookies which are necessary for a correct use of the Website and technically essential to your browsing. In particular for access to the personal account (authentication).
They cannot be disabled (except personal settings of your browser, however the quality and functionality of the Website could not be ensured by our care). These cookies are exempt from consent as they are strictly necessary to provide Services expressly requested by the User.
Those tools are provided by:
- Usercentrics Consent Management Platform
All non-essential cookies, without exclusive purpose of allowing or facilitating communication by electronic means or not being strictly necessary to provide an online communication service at an express request of the User, require the prior consent of the User.
The Website uses Matomo software as an analysis tool.
5. Purpose of the processing of personal data
The Purposes of Personal data collection from the User are:
- To create and manage the personal account, to log and to manage forgot password;
- To manage and monitor service offers and corresponding answers;
- To communicate with the User (emails, important notification or technical information, etc.);
- To handle requests regarding User's rights (right of access, correction of or deletion of personal information);
- To develop academic study and statistical analysis.
Logs and cookies enable the Website:
- To improve and facilitate the operation, navigation and Services for all users (such as the management of personal accounts, adapting the presentation of the Website to your digital device, etc.);
- To diagnose, troubleshoot and fix server problems and improve Website management (security of the Website, detection of browsing problems, etc.);
- To resolve any dispute or resolve any problem in connection with the use of the Website.
RSF would remind the User that personal data are not collected without consent and not sold to any third parties.
6. The Retention period of the User’s personal data
The Website and IT service providers agree to retain the User’s personal data, exclusively, as long as necessary to process them, for the aforementioned purposes, within legal limits.
After the term of the retention period, Data are deleted, or anonymized (depending on the service providers).
However, the User will be informed that any retention period may be increased by the duration of legal requirements.
Depending of the type and purpose of personal data, the retention period may not exceed 13 months, except new request or connection from the User who extends this period.
Data from your personal account will be retained by the Website until your deletion request of the account, or at the end of a maximum period of inactivity of 3 years.
The User can disable his personal account at any time. The above account will no longer be accessible nor visible, however the Data will be retained in a dedicated RSF’s backup storage. The User will still have the possibility to reactivate the personal account within a maximum period of 3 years, although this option cannot be guaranteed by the Website, due to technical constraints or legal obligations.
Exceeding a 13 months period, JTI’s Administrator will contact You in order to know if You still agree that RSF retains your data and that your personal account stays deactivated (by providing your written consent). Or, if You want your personal account to be definitely deleted.
Without your answer or your written agreement within the period of 2 months, your personal account will be automatically deleted by the Website.
The User can choose, at any time, to request the deletion of his/her personal account (by written request to RSF). This deletion will lead to the erasure of all the personal data within a maximum of 1 month, and suspend the private access to the Services.
If You wish to permanently delete your personal account and all your personal data, please send a written request to JTI’s Administrator via the helpdesk: www.jti-campus.org/helpdesk
However, RSF may retain certain data a longer period than the retention period mentioned above, for legal obligations. But, the User’s Data will be deactivated and unavailable online.
Regarding Data relating to User's rights requests (right of access to, erasure, etc.) and the copy of the ID document sent to prove the User’s identity, they will be kept for a 12 months period.
7. Recipients of personal data
The Recipients of the personal data are RSF’s team, of which JTI’s team is a part, and especially all those in charge of the Services of the Website (such as journalists, administration department, IT department, financial department…).
As well as all outsourced IT services of the Website (see the next chapter, on ‘Subcontracting’), or cookies service providers (see the chapter 4C about ‘cookies and trackers’).
In addition, to comply with applicable law and regulation, the Data may be used by competent authorities on request, and in particular to public organizations, court officers, ministerial officers, debt-collection organizations, exclusively in order to answer to legal obligations, and look for online infringers.
8. Subcontracting and transfers of personal data
The User’s personal data are for internal use by the Website.
In case of User’s personal data transfer to a third party, regardless of its quality, RSF will ensure beforehand that this third party is required to apply confidentiality conditions ensuring, at least, the same of guarantees than his.
RSF undertakes that any subcontractor provides sufficient and appropriate contractual guarantees in order to respect the User’s rights, and consequently respond to GPDR’s requirements.
RSF also undertakes to comply with the provisions of the GDPR, in particular about data transfers.
Our main IT service providers:
The host of the server (Data storage) of the Website is Digital Ocean. Data stored is hosted in the European Union.
The Website’s developers and technical administrators are Active Value (website only available in German). Data of the site is hosted in the European Union.
In addition, to ensure the protection of personal data, JTI’s Administrator uses the website audience analysis software, Matomo (InnoCraft Company), software whose secured servers are hosted in the European Union.
Personal data transfer in the European Union
Based on all legal requirements, the User’s personal data may be disclosed pursuant to a law, a regulation or in accordance with a decision of a competent regulatory or a judicial authority.
Personal data transfer outside the European Union
Your Data may be transferred from a European Union country to a non-European Union country.
When your Data is transferred outside the European Union, we comply with applicable law and regulation, especially regarding the security and protection of personal data, in order to allow an adequate level protection for your Data:
Either by executing or causing to be executed the Standard Contractual Clauses required by the European commission.
Either by using internal Binding Corporate Rules approved by Competent authorities for data protection.
Either by using all appropriate guarantees referred to in Article 46 of the GDPR.
9. Security of Personal data
RSF implements all technical and organizational measures in order to protect the User’s personal data security and to comply with the framework of personal data processing and personal data privacy.
As such, RSF puts in place appropriate and useful measures on the Website (such as safeguards to log with a personal and secure access through strong password and login, logging data, security service of our offices, etc.), in order to preserve the security of your personal Data, in particular to prevent them from modification, disclosure, damage, loss, destruction, or access by unauthorized third parties.
To protect your personal account, we encourage you to never share your login and password, confidential and secure, to avoid any suspicious and illegal access or use of your personal account.
If You notice any security problem, please notify the Website immediately through the form available on the Website: www.jti-campus.org/helpdesk
10. User’s Rights on his/her personal data
In accordance with applicable laws and regulations relative to Data protection, You hold certain specific rights attached to your personal data.
According to the European regulations in force (GDPR), the User has the following rights:
- Right of access (article 15 of the GDPR). The User has the right to obtain confirmation that personal data is being processed by the Website and the right to request a copy.
- Right of rectification (article 16 of the GDPR). The User has the right to obtain the rectification of inaccurate personal data and also the right to have incomplete personal data completed or updated.
On the Website, in the ‘Account settings’ of your personal account, You already have the possibility to change or update your personal data. If the personal data are not available in the settings tab, please contact us to operate this rectification.
- Right to erasure, (known as “right to be forgotten”). In some specific cases and under conditions provided for in article 17 of the GDPR, the User has the right to obtain the erasure of personal However, this right is not an automatic right and we may retain some of your data for legal or legitimate reasons.
If You exercise your right to erasure personal data from the Website, the personal account concerned will be definitively delete (not simply disable).
- Right to restriction of processing. In some specific cases and under conditions provided for in article 18 of the GDPR, the User has the right to obtain the restriction of the processing of your personal data. However, this is not an absolute right, so if the limitation were implemented, it could lead to the suspension (or even the deletion) of the Services of the Website.
- Right to data portability (article 20 of the GDPR). The User has the right to obtain the portability of personal data which are subject to the automatic processing based on the User’s consent or based on an agreement, in order to provide these data to another controller, if technically possible. However, this right is not automatic.
The User’s request shall mention the contact details of the new controller to whom the Data will be transmitted, if technically possible for us.
- Right to object. In some specific cases and under conditions provided for in article 21 of the GDPR, the User has the right to object to the processing of your personal data. However, this is not an absolute right, so if the User’s request does not concern commercial promotion, we may refuse the request.
The User’s request shall mention the processing concerned by the right to object and the reason why.
For any practical application of these rights, the User can contact directly Reporters sans Frontières:
• By post, to: Reporters sans Frontières, JTI-campus, CS 90247, 75083 Paris Cedex 02, France, or,
• By Email, to: email@example.com
In that situation, the User must detail which Data is concerned by the request and attach a copy of an ID (signed and valid).
In addition, as soon as RSF is aware of the passing of a User, and without specific instructions, we undertake to delete their personal data, except necessary retention due to legal obligation or evidentiary purposes.
If the User, located in the European Union, believes that RSF have not been compliant with Data protection, the User may submit a claim by contacting local Data Protection Agency, you may find the contact details via its website: https://edpb.europa.eu/about-edpb/about-edpb/members_en
For more information, You can contact the French Data Protection authority, the “Commission Nationale de l’Informatique et des Libertés” (known as the “CNIL”) via its website: https://www.cnil.fr/en/home
JTI-CAMPUS.ORG ALL RIGHTS RESERVED
© 2022 REPORTERS SANS FRONTIÈRES (RSF) / REPORTERS WITHOUT BORDERS