Personal data protection policy (website)
Preamble
This privacy policy is intended to inform Internet users of how Abys® Medical respects and applies the national and European data protection framework. It covers data supplied by the Internet Users. You are informed:
- on how personal data of website users are collected. Personal data is any information that can identify a user;
- on the rights that data subjects have with respect to their data;
- on the persons responsible for processing the personal data collected and processed;
- on the recipients of those personal data;
- on hosting of personal data.
This policy complements the legal notice of the website to which it is attached.
Abys® Medical has appointed a Data Protection Officer (“DPO”) who is your point of contact for any questions or requests in connection with the processing of your data. You will find the contact details of the DPO below in article 3.3 “Data Protection Officer”.
Article 1: principles relating to the collection and processing of personal data
In accordance with Article 5 of the European Regulation no 2016/679 (hereinafter “GDPR”), the personal data collected by Abys® Medical are:
- processed in a lawful, fair and transparent manner with regard to the data subject;
- collected for specified, explicit and legitimate purposes (see Article 2.1 hereof) and not further processed in a way incompatible with those purposes;
- adequate, relevant and limited to what is necessary for the purposes for which they are processed;
- accurate and, if necessary, kept up to date. Abys® Medical and the User undertake to take all reasonable steps to ensure that personal data which are inaccurate, having regard to the purposes for which they are processed, are deleted or rectified without delay;
- kept in a form that permits identification of the data subjects for no longer than is necessary for the purposes for which they are processed;
- processed to ensure appropriate security of the data collected, including protection against unauthorized or unlawful processing, against misuse and against accidental loss, destruction or damage, using appropriate human, technical or organizational measures.
These common principles and rules are fully applicable to data collected by Abys® Medical’s website. Abys® Medical undertakes to respect them.
Article 2: Personal data collected and processed in the context of the use of the website
Article 2.1: Data collected during the use of the website
The personal data collected in the context of the use of the website services are the following:
- the IP address allowing to identify the User;
The collection and processing of those data serves the following purposes:
- to provide information contained in the pages of the website;
- to provide and improve services;
- develop new services;
- provide personalised content;
- evaluate performances
Article 2.2: Data Collection Method
When using our services, data is directly collected when the User browses the site.
They are kept by the data controller under security conditions that comply with the rules of the art, for the period specified by the latter in the light of its legal and regulatory obligations.
Abys® Medical may retain certain personal data beyond the time limits set out above to meet its legal or regulatory obligations.
Article 2.3: Legal Basis
For the purpose of the proper implementation of Article 1 of this Data Protection Policy, the legal basis for the collection, processing, storage and destruction of identifying data are:
- the consent of the Internet user;
- the necessity imposed on the data controller for compliance with its legal and regulatory obligations;
- Abys® Medical’s legitimate interest to identify and authenticate Users, to provide them with appropriate services, to improve its knowledge of Users.
Article 2.4: Data hosting
The data collected by Abys® Medical during its website browsing are hosted by:
OVH
2 rue Kellermann – 59100 Roubaix – France
contact@ovh.com
Article 2.5: Transfer of data outside the European Economic Area
Due to the international nature of our medical services and missions, Abys® Medical may transfer your personal data to our counterparts located in the European Economic Area (EEA) and outside the EEA.
In performing the services it offers, Abys® Medical warrants that it:
- will only transfer adequate and relevant personal data to the extent necessary for the purposes for which they are transmitted and further processed;
- will have appropriate technical and organizational measures in place to protect personal data transmitted to it against unauthorized or unlawful processing and against destruction, loss, modification or unauthorized disclosure;
- will keep personal data for no longer than is relevant and necessary for the purposes for which they are processed;
- will not make any decision, including profiling, about an individual solely on the basis of automated processing of personal data, without human intervention;
- will not disclose your personal data for any other purpose, including commercial or marketing purposes.
Article 3: Data controller and data protection officer
Article 3.1: The data controller
Acting as a personal data processor, Abys® Medical can be contacted as follows:
- By postal mail to the address: Abys Medical, 40 rue de Chef de Baie, 17000 La Rochelle – France
- By e-mail: contact@abys-medical.com
Article 3.2: Subcontracting
When acting as a personal data processor, as defined in Article 4 of the General Data Protection Regulation, Abys® Medical undertakes to observe and, where appropriate, comply with any documented guidelines and instructions that the controller may issue to it in the context of the contractual relationship between them, on the strict condition that such instructions comply with the laws and regulations applicable to Abys® Medical.
The User is hereby informed and agrees, without any possible reservation, to enter contractual clauses that comply with, or at least are compatible with, those contained in Annex 1 of the European Commission’s Implementing Decision (EU) No. 2021/914 of June 4, 2021, on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council.
As a subcontractor, Abys® Medical has the following general obligations:
- declare to the User the processing of personal data that it carries out, provide all useful and necessary information to demonstrate its compliance with the relevant legislation, and keep its data processing register up to date;
- adopt appropriate technical and organizational measures to ensure the full effectiveness of the right to protection of personal data;
- follow the data processing implementation guidelines provided by the User, as well as the documented instructions, unless Abys® Medical believes that either of them violates European or national data protection law, in which case it will inform the User in writing;
It also observes the following specific obligations to the best of its ability:
- not to hire any further subcontractors for the data, without obtaining the prior written consent of the prior Data Controller;
- ensure the integrity, confidentiality and security of the data and its processing;
- assist the Data Controller’s DPO or Compliant officer, upon request, in responding to any request made by an individual, in accordance with his or her rights, to preserve the security of the data;
- destroy the data or return them to the Data Controller at the end of the use of the service, unless otherwise provided by law;
- to collaborate to the possible requests for information that the Data Controller would address relating to the treatments of personal data concerning him or her;
- in the event of a breach of confidentiality, integrity or security of the data, and in particular in the event of unauthorized access by third parties, to immediately inform the Data Controller, as well as the competent authorities, by means of relevant documentation.
Article 3.3: Data Protection Officer (DPO)
Abys® Medical’s Data Protection Officer is:
Mr. Nicolas Desrumaux (Digital Medical Hub)
46 rue de Villiers, 92300 Levallois-Perret – France
dpo@dmh-aphp.fr
See Article 4 of these terms and conditions and the www.cnil.fr website for more information on your rights. To exercise these rights or for any questions about the processing of your data in this system, you can contact our data protection officer.
If you believe, after having contacted us, that your Privacy Rights are not respected, you can address a complaint to the French Regulation Authority (Commission Nationale Informatique et Libertés, www.cnil.fr).
Article 4: User’s rights regarding data collection and processing
Any user concerned by the processing of their personal data may avail themselves of the following rights, pursuant to the European Regulation 2016/679 and the Data Protection Act (Law 78-17 of 6 January 1978):
- right of access, rectification and right to erasure of data (guaranteed by Articles 15, 16 and 17 of the GDPR respectively);
- right to data portability (Article 20 of the GDPR);
- right to limit (Article 18 of the GDPR) and object to data processing (Article 21 of the GDPR);
- right not to be subjected to a decision based exclusively on an automated process;
- right to determine the fate of data after death;
- right to refer to the competent supervisory authority (Article 77 of the GDPR).
To exercise your rights, please send your demand to our headquarters or to our DPO, whose contact details are set out in Articles 3.1 and 3.3 of this Data Protection Policy.
For the data controller to process the user’s request, the user may be required to provide certain information such as: first and last names, e-mail address, and account, personal space, or subscriber number.
Article 5: Conditions for changing the privacy policy
Abys® Medical reserves the right to modify this Policy at any time to ensure that Final Users, or users of the website, comply with the applicable national and European data protection framework.
Any changes will not affect the services previously provided by the site or by Surgiverse®, which remain subject to the Policy in effect at the time of their provision and as accepted by the user of the site when using the service.
Users are invited to take note of this Policy each time they use our services, without the need to formally notify them. Abys® Medical will make its best efforts to provide adequate and relevant information on any updates to the site.