Privacy policy / Personal Data

Privacy Policy – Personal Data


In the context of its activities as a school, editor and research organisation and its related commercial activities, the IRIS association is required to process information about you. For example, by filling in a form to follow the news of the Defense and Climate Observatory or by browsing our websites, you are transmitting information to us, some of which is likely to identify you (“personal data”).

This Privacy Policy informs you of the way in which we collect and process your personal data. Please read it carefully.

In accordance with the legislation on the protection of personal data, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and Law 78-17 of 6 January 1978 as amended, IRIS is committed to protecting all personal information collected and used in its processing.

This data protection policy applies to all users who are not IRIS or who do not belong to IRIS, as soon as there is :

  • Use of any of the IRIS online services:
    • either on one of the websites or via a form (,, or digital working environment (Zoom);
    • via social networks;
    • any type of exchange (email, sms, paper or electronic form, …);
  • Participation in a training course or event;
  • Response to a request from IRIS as an alumnus, speaker, partner or supplier.

IRIS websites contain links that may redirect to third party pages that have their own privacy and cookie policies. The policy of these third parties should be consulted and IRIS is not responsible for the privacy practices of these third parties.


We only use your personal data in the cases provided for by the regulations in force, i.e. for the site your consent to the use of your data to receive publications (written, video and audio) from the Defense and Climate Observatory.

For any questions relating to this document, you can contact the IRIS GDPR point of contact:


The entity responsible for the processing operations mentioned in this document is the Institut de relations internationales et stratégiques (IRIS), a non-profit organisation recognised as being of public utility under the French law of, whose registered office is located at 2 bis rue Mercœur in Paris 75011, registered in the Paris Trade and Companies Register under no. 382 778 009, and of which Mr Alain Richard, Chairman of the Board of Directors, is the legal representative.

The IRIS GDPR point of contact is Mr. Richard McNaughton, who can be reached at or by mail at 2 bis rue Mercœur, Paris 75011.



3.1. Data that you send us directly

During the various contacts we have with you, you may be asked to provide us with information about yourself. This data is collected when the user of the site gives his or her consent to receive publications and information relating to the Defence and Climate Observatory. This information is provided solely by the user of the site.

Data provided by the user:

  • First name, Last name, Organisation, Position, Email address;

Technical data that we collect automatically:

During each of your visits to our sites, we collect information relating to your connection and your navigation. Different technologies may be used to collect this data. We refer to them generically as “cookies”.

The type of electronic data concerned is as follows:

  • Browsing data (pages visited, duration, etc.)
  • Browser-related data (cookies, type of browser, browsing medium, etc.)

3.2 Origin of the data

Users are likely to provide this data at various times during their online browsing or during physical events. This includes:

  • Data entered through the forms or questionnaires collected on the website;
  • nformation provided in the context of events organised by IRIS;
  • The use of third party services made available at events (Zoom);

3.4 Mandatory data

Mandatory data are marked with an asterisk in the online and paper forms. This data is necessary for the proper performance of the service offered.

Failure to fill in optional fields may affect the ability of IRIS to provide a satisfactory service or may exclude the user from certain activities or offers that IRIS provides.


This article tells you the main purposes for which we use the data mentioned in Article 3. These purposes must comply with the legal bases described in Article 6 of the GDPR which are, in the context of the Defense and Climate Observatory, the following:

  • The legal obligations that IRIS must respect;
  • The consent of a User for certain purposes, this consent can be challenged at any time by the person concerned by unsubscribing or by reporting to the IRIS GDPR point of contact;

The IRIS institute keeps an up-to-date register of all data processing, categories of data subjects, purposes and legal bases, data recipients, retention periods and security measures in place. This document can be consulted at any time by contacting IRIS at or by visiting our offices at 2 bis, rue Mercœur Paris 75011.

4.1. Purpose of the Observatory’s processing

All of the actions presented below constitute the purposes of processing that justify the use of the personal data of users of the website:

  • Management of the Observatory’s communications :
    • Receiving and recording of user data;
    • Sending communications regarding the Observatory’s publications;
    • Sending communications concerning the organisation of events by the Observatory;
    • Administration of the website;
    • Preparation and publication of content;
    • Management of website security (equipment and security logs);
    • Management of internal and external events;
    • Management of events organised by IRIS for users;
    • Management of invitations, registrations and logistic organisation of events;
    • Communication around events organised by IRIS;
    • Establishment and analysis of satisfaction surveys and statistics related to events;
  • Management of requests relating to the rights of data subjects under the GDPR and the Data Protection Act;
    • Management of requests relating to the rights of individuals concerning their personal data in accordance with Articles 15 to 22 of the GDPR (General Data Protection Regulation) and the articles relating to the rights of individuals in Law No. 78-17 of 6 January 1978 relating to information technology, files and freedoms in its amended version, in particular regarding GDPR regulations.

4.4. Purposes associated with the deposit of cookies on your browser

– Operation and optimisation of navigation on our sites and applications;

– Measuring traffic and audience.



Your personal data recorded in the form on the website is kept for a period of five years. This period is in accordance with the legal provisions and is proportionate to the purposes for which it was recorded.

The data related to your navigation on our online services collected by the cookies you have authorised has a specific retention period.



The data collected is intended to be processed by authorised external and internal recipients, namely :

  • The communication and CRM department;
  • The research department in charge of the Defence and Climate Observatory;
  • The IT and IS security department;
  • The IRIS events department.

Access to your data is based on individual and limited access authorisations. The personnel who can access personal data are subject to an obligation of confidentiality.

6.2. Transmission of data

The following may have access to some of your data :

IRIS partners

IRIS, as a subcontractor of the Directorate General of International Relations and Strategy (DGRIS) of the Ministry of the Armed Forces, is likely to share, within the limits of their respective attributions, user data such as the country or the organisation. This sharing is done exclusively within the framework of events organised for the Defence and Climate Observatory. The nature of the information shared must not allow users to be identified by the DGRIS.


They provide services on our behalf, in particular :

  • Computer tool for storing user data: Eudonet
  • Digital platform made available for events (Zoom)
  • Carrying out maintenance operations and technical developments (OVH, service provider)
  • Provision of analytical solutions or audience measurement statistics (Google Analytics).

Our subcontractors’ access to your data is based on signed contracts that mention their obligations in terms of data security and confidentiality protection.

Social networking platforms

The use of social networks to interact with our sites (in particular the “share” buttons on Facebook, LinkedIn, YouTube and Twitter) is likely to result in data exchanges between IRIS and these social networks. For example, if you are connected to the Facebook social network and you visit a page on the website, Facebook may collect this information. Similarly, if you view an article on and click on the “tweet” button, Twitter will collect this information. We therefore invite you to consult the personal data management policies of the various social networks to find out what information they collect and process.

For more details on the cookie policy, please refer to our Cookie Policy.

Facebook :

Twitter :

LinkedIn :

YouTube :

Police, judicial or administrative authorities

Where we are legally obliged to do so or in order to safeguard the rights, property and safety of IRIS.



We store your personal data within the European Union. However, it is marginally possible that the data we collect when you use our platforms or services may be transferred to subcontractors or partners located in other countries, some of which may have less protective data protection legislation than the country where you reside.

In the event of such a transfer, we will ensure that the processing is carried out in accordance with this privacy policy and is subject to the European Commission’s standard contractual clauses which ensure an adequate level of protection for the privacy and fundamental rights of individuals.


As a data controller, we implement appropriate technical and organisational measures in accordance with the applicable legal provisions, to protect your personal data against alteration, accidental or unlawful loss, use, disclosure or unauthorised access, including:

  • The appointment of an internal GDPR point of contact;
  • A GDPR charter;
  • An IT manager dedicated to the security of information systems;
  • Awareness of the confidentiality requirements of our employees who have access to your personal data;
  • Securing access to our premises and IT platforms;
  • Implementing a general IT security policy for the company;
  • Securing access, sharing and transfer of data;
  • High level of data protection requirements when selecting our subcontractors and partners.

Among others, IRIS implements the following security measures:

  • Antivirus on all workstations
  • Antivirus on all servers
  • Restricted access to remote working tools such as Teams and Zoom for authorised employees
  • Specific security and data protection clause for all service providers and software suppliers
  • Access control by means of an individual code
  • Independent employee network protected by password
  • Access to Wi-Fi networks secured by a WPA2-PSK protocol
  • Removal of obsolete access and formatting of old workstations
  • No saving of personal data on IRIS employees’ workstations
  • Access to premises protected by lock and access code
  • Secure website using HTTPS protocol
  • Data hosted by Nfrance and OVH
  • Regular data backups

9.1. Your rights to access your personal data

You have the right to access your personal data and to request that it be corrected, completed or updated. You may also request the deletion of your data or object to its processing, provided you can demonstrate a legitimate reason.

You can ask to exercise your right to data portability, i.e. the right to receive the personal data you have provided us with in a structured, commonly used format and the right to transmit this data to another controller.

Finally, you can specify directives concerning the conservation, deletion and communication of your personal data after your death.

You can exercise your rights with the IRIS GDPR point of contact at the following address IRIS – Service GDPR – 2 bis rue Mercœur – Paris 75011 or by email

Before responding to your request, we are obliged to verify your identity and/or ask you to provide us with more information to respond to your request. We will endeavour to respond to your request within a reasonable time and, in any event, within the time limits set by law.

In the event of an unsatisfactory response, you may lodge a complaint with the French jurisdiction in charge of enforcing GDPR regulations, the Commission Nationale de l’Informatique et des Libertés (CNIL):

9.2. Your rights to oppose commercial solicitations

The data collected on behalf of the Defense and Climate Observatory is not used for commercial purposes under any circumstances.

9.3. Your rights regarding the acceptance and management of cookies

The registration of a cookie on your navigation terminal is subject to your wishes. You may at any time modify your choices regarding the acceptance or refusal of cookies placed on your terminal, either on your browser or online with various operators.

In order to manage cookies in accordance with your wishes, we invite you to configure your browser taking into account the purpose of the cookies.

To find out how to exercise your rights with regard to cookie management, please refer to our dedicated page: see section below.


Cookie use policy

Cookies and other tracers or similar technologies are deposited, subject to your specific consents, on your computer, smartphone or tablet (“device”) when you visit the following sites (“IRIS sites”):



Our cookie policy aims to inform you about the origin and uses of cookies when you connect to these sites. You have the right to object, at any time, to the deposit of cookies (with the exception of operating cookies).

IRIS pays particular attention to respecting your privacy and does not carry out any specific and nominative analysis of your browsing behaviour or commercial analysis on the basis of your cookies with the aim of carrying out remarketing type campaigns.

However, like any website, IRIS is required to use certain cookies to ensure the proper technical functioning of the site or to use certain cookies that enable the use of third-party platform features (e.g. “Share” button for social networks).

This document describes the nature of the cookies used on our various sites.

  1. What is a cookie?

Cookies are small text files deposited on your device, the details and purposes of which are presented below. Cookies are managed by your web browser, and only the sender of a cookie can read or modify the information contained in it.

  1. What types of cookies are placed and for what purposes?

a. Technical or operating cookies

These are cookies placed exclusively by the site editor or by the external service provider who ensures the technical operation of IRIS sites. These cookies guarantee the functioning and optimisation of the IRIS sites. They allow you to use the main features of the IRIS sites and to secure your connection. As these cookies are essential to navigation on the IRIS sites, they cannot be refused. They allow us, for example, to :

  • to implement security measures, for example when you are asked to connect again to a content or service after a certain time;
  • to access reserved and personal areas of IRIS sites, such as the members’ area on the site, the client area of the site or;
  • to memorise information relating to forms you have filled in on the IRIS sites (for example, subscribing to a newsletter, creating an account or registering for an event) or to products, services or information you have chosen on the IRIS sites;
  • to adapt the presentation of the IRIS sites to the display preferences of your device (adapt the screen resolution, recognise the browser or operating system used, viewing software, hardware etc.) when you visit the IRIS sites;
  • to establish anonymous statistics and volumes of traffic and use of the various elements making up the IRIS sites (sections and content visited, routes taken), enabling us to improve the interest and ergonomics of our services.

b. Social networks and marketing

These cookies allow you to share content from IRIS sites and interact with social networks or to view content via third party tools (e.g. YouTube). IRIS does not use these cookies to identify a user and does not use these cookies for its own commercial activities. You can inform yourself at any time and set your cookies to accept or reject them by going to your browser settings. For more information, please refer to the end of this document.

We may include on the IRIS sites, computer applications from third parties, which allow you to share content from the IRIS sites with other people or to let these other people know your consultation or your opinion concerning a content of the IRIS sites. This is notably the case of the “Share” and “Like” buttons from the social networks “Facebook”, “Twitter”, “LinkedIn”, “Messenger”, etc. The social network providing such an application button is likely to identify you thanks to this button, even if you did not use this button when consulting the IRIS sites. Indeed, this type of application button may allow the social network concerned to track your browsing on our IRIS sites simply because your account with the social network concerned was activated on your device (logged in) while you were browsing on the IRIS sites.

In the case of YouTube, the provider uses some of its cookies to perform behavioural analysis, to analyse the consumption of advertising content embedded in its videos or to adapt the format of the videos to the user’s device. Here again, users can block their cookies by using the functions of their browser (details at the end of the document).

As a reminder, we have no control over the process used by social networks to collect information about your browsing habits, and associated personal data they hold. We invite you to consult the privacy protection policies of these social networks in order to learn about the purposes of use, particularly advertising, of the browsing information that they may collect through these application buttons. These protection policies must allow you to exercise your choices with these social networks, in particular by configuring your user accounts for each of these networks.

The personal data and cookie policies of our social network partners allowing you to set your cookies are:

Facebook :

Twitter :

LinkedIn :

YouTube :

Here is a list of some of the cookies used on IRIS websites:

Cookies Supplier Type Duration
rc::a Google Nécessaire Persistent
rc::c Google Nécessaire Session
IDE (YouTube) Marketing 1 year
Text_cookie (YouTube) Marketing 1 day
VISITOR_INFO_LIVE YouTube Marketing 179 days
YSC YouTube Marketing Session
yt.innertube::nextId YouTube Marketing Persistent
yt.innertube::requests YouTube Marketing Persistent
yt-remote-cast-installed YouTube Marketing Session
yt-remote-connected-devices YouTube Marketing Persistent
yt-remote-device-id YouTube Marketing Persistent
yt-remote-fast-check-period YouTube Marketing Session
yt-remote-session-app YouTube Marketing Session
yt-remote-session-name YouTube Marketing Session


  1. What is the basis for collecting cookies ?

The storage of a cookie in a device is essentially subject to the will of the user of the device, which the user can express and modify at any time and free of charge through the choices offered to him by his browser software. For more information on these browser features, please refer to the end of this document.

The refusal or acceptance of cookies is subject to your consent, with the exception of technical cookies. If you have accepted in your browser software the storage of cookies in your device, the cookies integrated in the pages and contents that you have consulted may be stored temporarily in a dedicated space on your device. They will only be readable by the sender.

If you refuse to accept cookies on your device, or if you delete the cookies stored on your device, you may no longer be able to use the features associated with social networks. This would also be the case if we – or our service providers – were unable to recognise the type of browser used by your device or the display settings for technical compatibility purposes. In this case, we decline all responsibility for the consequences linked to the degraded functioning of our services resulting from the impossibility for us to record or consult the cookies necessary for their functioning and which you would have refused or deleted.

  1. Manage your cookies by configuring your browser

You can configure your browser software so that cookies are stored in your device or, on the contrary, that they are rejected, either systematically or according to their sender. You can also configure your browser software so that you are offered the option of accepting or rejecting cookies from time to time, before a cookie is likely to be stored in your device. For the management of cookies and your choices, the configuration of each browser is different. It is described in your browser’s help menu, which will tell you how to change your cookie wishes.

For Internet Explorer™ :

For Safari™ :

For Chrome™ :

For Firefox™ :

For Opera™ :


Follow the Observatory news

    By clicking on the "Register" button, you agree that IRIS may store your data for the purpose of sending you communications related to the Defence and Climate Observatory. This data will be kept for a period of 5 years and is intended for authorised IRIS personnel. You may exercise your right to access, rectify, delete and object to the data by contacting