Personal data protection policy

Personal data protection policy

(established on 10.06.2021)

LOXAMED, Société par Actions Simplifiée (SAS), registered in the LORIENT Trade and Companies Register under number 887 672 137, located at 256 rue Nicolas Coatanlem, 56850 CAUDAN, FRANCE (hereinafter referred to as "LOXAMED") processes personal data in the context of its activity. Capitalized terms in this Policy are defined in Article 15 "DEFINITIONS" below.

  • This Privacy Policy (the "Policy") describes how LOXAMED collects, uses and processes your Personal Information, as a Data Controller, in accordance with applicable regulations. The Policy applies in France.
  • The Policy applies to Personal Information that we collect from our customers, suppliers, service providers and subcontractors in the course of performing all types of business contracts. It also applies to the Personal Data of the users of our website www.loxamed.com (and in particular of the persons proceeding to book appointments on the tab "MAKE AN APPOINTMENT"), of the persons who would like to apply for our job offers and of all other persons whom we are legitimately led to contact within the framework of our activities.
  • LOXAMED may modify or update this Policy from time to time as required by our business and to reflect changes in applicable law. We encourage you to read this Policy carefully and to review it regularly for any changes we may make.
  • LOXAMED values your privacy and we are committed to protecting and preserving your rights with respect to the confidentiality of your Personal Information. If you do not agree with certain aspects of the Policy, you have legal rights as set forth in Sections 10, 12 and 13 below.
1. SOURCES OF THE PERSONAL DATA COLLECTED

We collect Personal Information about you from the following sources:

  • Personal Data that you provide to us directly in the context of our commercial relationship, whether it is ongoing or related to prospecting (for example when you contact us by e-mail, by telephone or by any other means, or when you give us your business card, or when you come to our premises);
  • Personal Data from our website when you browse our website or use the features and resources available on or through our website;
  • Personal Data relating to the booking of appointments within the framework of our services (see the tab "MAKE AN APPOINTMENT" on our website);

 

  • Personal Data provided by third parties (for example a rating agency or an information site such as Infogreffe).
    Note to visitors and users of our website: The use of our website and the Personal Information provided by its users are subject to the provisions of the Policy and its terms of use.
2. PURPOSES OF PERSONAL DATA PROCESSING AND LEGAL BASIS
a) Purposes of the processing of personal data

We process your Personal Data for the following purposes:

  • To allow our contacts to request information about LOXAMED and its services*;
  • Prepare and submit commercial offers, participate in calls for tenders or calls for proposals*;
  • To allow the follow-up of the commercial and contractual relationship with our customers (sending of estimates, sending of invoices, execution of orders, assistance and technical follow-up, management of possible litigations, etc.)* ;
  • Suggest to our contacts or prospects to participate in events organized by LOXAMED in the context of trade shows, seminars or professional events*;
  • To make calls for applications or tenders and to allow the follow-up of the commercial and contractual relationship with our suppliers, our service providers and our Subcontractors*;
  • Fulfill our contractual obligations;
  • Conduct customer satisfaction surveys*;
  • Carry out promotional operations for our services with existing clients or prospects*;
  • Conducting quality audits*;
  • Manage unsolicited applications or applications sent in response to job offers* ;*
  • To ensure the physical security of our premises (including the register of visits to the premises and video surveillance recordings) and the electronic security of our systems*;
  • Improve our products and services (identify problems, plan improvements, create new ones)* ;

 

  • For accounting, financial, legal and auditing management* ;
  • Within the framework of legal proceedings (establishment, exercise or defense of a right in court)* ;
  • Organize appointment schedules for RT-PCR tests, antigenic tests, teleconsultations and other appointments on sites equipped by LOXAMED*;
  • To comply with our legal obligations.

 

b) Legal basis

In order to Process your Personal Data in accordance with the purposes set out above, we rely on one or more legal grounds:

 

  • the Processing may be necessary for the performance of the contract you have entered into with us or to take the steps necessary to conclude the contract;
  • Processing may be necessary to comply with a legal obligation;
  • the Processing may be based on your prior consent to the Processing (this legal basis is only used for optional Processing, not for Processing that is necessary or compulsory);
  • we have a legitimate interest in processing Personal Data for the purposes listed in a) followed by an asterisk (*).

 

3. PERSONAL DATA CONCERNED

The Personal Data that we may collect varies according to the purpose of the Processing. The main purpose is to allow the identification of individuals in the context of their business relationship with LOXAMED. In any case, the Personal Data collected will be limited to the data necessary for the purposes set out in Article 2 above.
Note to visitors and users of our website: certain features and functions of our website can only be used if certain Personal Information is provided. The user is free to provide, or not, all or part of the Personal Data requested. However, if the user chooses not to provide all of the Personal Information requested, certain services and/or features of our website may not work or may only work in part.

Customer and Prospective Customer Personal Data:
We collect the following categories of Personal Data about our customers and prospects:

  • personal information (last name, first name(s)) and contact information (postal address, delivery address, secretariat contact information if applicable, telephone number, e-mail address) of the contacts within the client or prospect company;
  • information on quotations and orders (statements of orders and their amount) ;
  • information on the means and methods of payment (date of payment, payment statements, amount paid) ;
  • information about customer needs or constraints, collected through customer satisfaction surveys, which we may then use to ensure that our marketing communications to you are relevant and timely;
  • Additional Personal Data that our customers have chosen to provide to us, insofar as such data is necessary for the purposes set forth in Article 2 above.
    Personal Information about Suppliers, Service Providers and Subcontractors:
    We collect the following categories of Personal Information from our suppliers, service providers and subcontractors:
  • personal information (surname, first name(s)) and contact information (postal address, secretariat contact information if applicable, telephone number, e-mail address) of our contacts within the supplier or service provider company for the purpose of good management of our commercial relations;
  • additional data that our interlocutors within the supplier, service provider or subcontractor have chosen to communicate to us, insofar as these are necessary to achieve the purposes set out in Article 2 above.

 

Personal Information about applicants for our job openings:
We collect the following categories of Personal Data about applicants applying for jobs from LOXAMED:

  • personal information (name, first name(s), photo) ;
  • demographic information (gender, date of birth/age, place of birth, nationality, title);
  • professional information (profession, professional situation, professional address);
  • contact information (mailing address, phone number, e-mail address);
  • elements of professional background, diplomas, motivations.

 

Personal data relating to the users of our site:

See article 14 below "POLICY OF USE OF COOKIES".
Personal Data relating to persons booking an appointment as part of our services (see the "MAKE AN APPOINTMENT" tab on our website):
The personal data that the person registers on our website (in practice on the MOBMINDER system of our subcontractor, the Belgian company CLOUD-TECH SPRL), i.e. his or her: first name, last name, telephone number and e-mail - are collected and processed for the sole purpose of booking his or her appointment slot (day and time); the specific purpose of this system is to help plan appointments, reduce queues and optimize and simplify the work of nurses.
Please note that, depending on the site, online appointment booking may not be available and may be done in other ways, or even without an appointment.

4. RECIPIENTS OF THE PERSONAL DATA COLLECTED

The recipients of Personal Data are: (i) LOXAMED's authorized internal departments and (ii) LOXAMED's authorized suppliers, service providers and subcontractors, in the context of the management of files and the delivery of services.

 

5. PROTECTION OF PERSONAL DATA OF MINORS

LOXAMED does not voluntarily collect or retain Personal Information from children under the age of majority, except as described in the last point of Article 3 above with respect to its reservation service.

 

6. SENSITIVE PERSONAL DATA

 

Please note that your Personal Health Information is not processed or stored by LOXAMED but only by healthcare professionals working in cooperation with LOXAMED, in accordance with the regulations applicable to them.
LOXAMED does not seek to collect or Process Sensitive Personal Data in the normal course of its business. However, this may occur under the following exceptions:

  • compliance with a legal obligation: where Processing is required or permitted by applicable law (for example, to comply with our various reporting obligations);
  • detection and prevention of criminal offences (including fraud prevention) ;
  • consent: where we have, in accordance with applicable law, obtained your prior and express consent to Process your Sensitive Personal Data (this legal basis is only used for optional Processing, not for Processing that is necessary or mandatory).If you provide us with Sensitive Personal Data from third parties, you must specifically tell us so
7. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

We may disclose your Personal Information to the following third parties, each in its own scope and only with respect to the Personal Information it holds:

  • legally authorized judicial or administrative authorities, at their request, or for the purpose of reporting actual or suspected security breaches, in accordance with applicable law;
  • LOXAMED's accountants, auditors, lawyers and other external professional advisors, who are subject to confidentiality obligations;
  • our service providers, suppliers or subcontractors (such as suppliers of modules and equipment, payment services, freight and transportation companies, IT providers, etc.);
  • any potential purchaser, in the event that we sell or transfer all or part of our assets or business (including the event of a reorganization, dissolution or liquidation).
    When one of our Subcontractors is involved in the Processing of your Personal Data (currently the Belgian company CLOUD-TECH SPRL which provides the online reservation system MOBMINDER), it is subject to contractual obligations to: (i) Process Personal Data only in accordance with our prior written instructions, (ii) use measures to protect the confidentiality and security of the Personal Data, as well as (iii) comply with any other additional obligations imposed by the applicable regulations.
    In addition, with respect to Personal Data relating specifically to persons booking an appointment via MOBMINDER - see the "BOOK AN APPOINTMENT" tab on our website - your Personal Data will only be transmitted to the personnel responsible for ensuring the smooth running of the appointment process.
8. LIMITATION AND DURATION OF RETENTION OF PERSONAL DATA

8.1 We take all appropriate steps to ensure that the amount of Personal Data we Process is limited to that which is reasonably necessary for the purposes set out in the Policy.
8.2 We take all appropriate steps to ensure that your Personal Data is retained for no longer than is necessary for the purposes set out in the Policy.
The criteria used to determine the retention periods for Personal Data are as follows:

  • We will retain your Personal Data in a format that allows you to be identified for as long as your Personal Data is necessary to fulfill the lawful purposes, for which we have a legitimate basis, described in Section 2 of the Policy.
  • We will retain your Personal Data for the applicable statute of limitations (i.e., the period of time during which an individual may make a claim against us, or bring a legal action against us, regarding his or her Personal Data or in connection with which his or her Personal Data is relevant).
  • In any event, within five (5) years of the disclosure of the Personal Data concerned, it will be permanently destroyed or made anonymous.

 

8.3 With respect to the Personal Data related to your appointment reservations (tests, teleconsultations or others), these will be destroyed by LOXAMED in the month following the end of the contract for the LOXAMED site concerned (i.e. the one concluded between LOXAMED and its customer who ordered the deployment of the module or the health space concerned). This date will be communicated to you by formulating the request by e-mail at the following address: contact@loxamed.fr.

9. TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION

We do not transfer Personal Data outside the European Union.
Specifically, with respect to Personal Data relating to persons booking an appointment via MOBMINDER, their Personal Data is stored on two OVH sites in France, OVH acting as storage provider for the Belgian company CLOUD-TECH SPRL, our Subcontractor.

10. YOUR RIGHTS REGARDING YOUR PERSONAL DATA

Depending on the type of Processing, within the framework set by the RGPD regulation, you have a number of rights regarding the Processing of your Personal Data, which are set by the regulation and may include, in summary, the following rights:
Right not to provide us with your Personal Data:
Please note, however, that in this situation, we may be unable to provide you with the full range of our products and services - for example, we may be unable to process your orders or book appointments on our website without the necessary information and contact details.
Right to object in the case of processing that is based on the legal grounds of legitimate interest or public interest:
You may at any time object to our Processing of your Personal Data. Your request to object will be handled expeditiously and we will cease the Processing to which you object. Nevertheless, we reserve the right not to cease the Processing in question if:

  • we can demonstrate that we have legitimate and compelling reasons to Process your Personal Data that override your personal interests;
  • we Process your Personal Data for the purpose of establishing, exercising or defending a legal claim.
    Right to withdraw consent:
    If we have obtained your consent to Process your Personal Data for certain Processes other than those for which no consent is required, you may withdraw that consent at any time and we will cease the particular Processing to which you had consented, unless we consider that there is another reason justifying our continued Processing of your Personal Data for that purpose, in which case we will inform you of this.
    Please note that such withdrawal does not affect the lawfulness of any Processing undertaken prior to the date on which we received notification of such withdrawal, nor does it prevent the Processing of your Personal Data based on other available legal grounds.

Right of access:
You have the right to request access to or copies of your Personal Data, together with information about the nature of the Processing and the persons who may have access to such Personal Data.
Where we provide you with access to Personal Data we hold about you, we will not charge you for that access unless your request is manifestly unfounded or abusive. If you request further copies of this information, we may charge you a reasonable administrative fee where permitted by law. Where permitted by law, we may refuse your request. If we do so, we will always give reasons for our refusal.

Right to erasure:
You have the right to request that we erase your Personal Data under certain circumstances.
In principle, the Personal Data in question must meet one of the following criteria:

  • your Personal Data is no longer necessary for the purposes for which it was originally collected and/or processed;
  • you have withdrawn your consent to the Processing of your Personal Data and there is no other valid reason for us to continue Processing it;
  • your Personal Data have, by extraordinary means, been processed unlawfully;
  • in the event that we Process your Personal Data because we believe it is necessary for the purposes of our legitimate interests, if you object and we were unable to demonstrate a compelling legitimate reason for continuing the Processing.
    We would be entitled to refuse to respond to your request for any of the following reasons:
  • exercise the right to freedom of expression and information ;
  • comply with legal obligations;
  • for public health reasons in the public interest;
  • for archival, research or statistical purposes;
  • exercise or defend a legal right.
    When we respond to a valid request for erasure of Personal Data, we will take all appropriate practical steps to delete the Personal Data in question.
    Right to limit Processing:
    You have the right to request that we limit the Processing of your Personal Data in certain circumstances. This means that we may only continue to retain your Personal Data and may only carry out further Processing activities in one of the following circumstances: (i) resolution of one of the circumstances listed below; (ii) your consent; or (iii) further Processing is necessary for the establishment, exercise or defense of legal claims, the protection of the rights of another person, or for important reasons of public interest of the European Union or a Member State.
    The cases in which you are entitled to request that we restrict the Processing of your Personal Data are as follows:
  • when you challenge the accuracy of the Personal Data we Process about you. In this case, we will limit the Processing of your Personal Data to verifying its accuracy;
  • when you object to our Processing of your Personal Data for our legitimate interests. You may request that Personal Data be restricted while we verify our reasons for Processing your Personal Data;
  • when your Personal Data has, extraordinarily, been unlawfully Processed by us, but you simply prefer that we restrict its Processing rather than delete it;

when we no longer need to Process your Personal Data but you request it in order to establish, exercise or defend legal claims.
If we have disclosed your Personal Data to third parties, we will inform them of the limited Processing unless this is impossible or involves disproportionate effort. Of course, we will inform you before we lift any limitation on the Processing of your Personal Data.

Right of rectification:
You also have the right to request that we rectify inaccurate or incomplete Personal Data that we hold about you. If we have disclosed such Personal Data to third parties, we will inform them of the rectification unless this would be impossible or involve disproportionate effort. Where applicable, we will also inform you to which third party or parties we have disclosed inaccurate or incomplete Personal Data. If we believe it is reasonable not to comply with your request, we will provide you with the reasons for this decision.

Right to obtain and portability of Personal Data that we process on the basis of your consent or in the performance of a contract:
If you wish, you have the right to obtain and transfer your Personal Data from one Processor to another. In order for you to do so, we will provide you with your Personal Data in a commonly used, structured, machine-readable format. This right of portability applies to the following Personal Data: (i) Personal Data that we Process automatically (i.e. without human intervention) and (ii) Personal Data that you provide.

Right to complain to a Data Protection Authority:
You also have the right to lodge a complaint with a Data Protection Authority, and in particular with the Data Protection Authority of the EU Member State in which you reside or work or in which the alleged breach occurred. This does not affect your rights under applicable laws and regulations. To exercise one or more of these rights, to ask us a question relating to these rights or any other provision of this Policy, or to ask us about the Processing of your Personal Data, please use the contact information provided in Section 13 of our Policy. Please note that:

  • we may request proof of your identity before granting your requests;
  • where your request requires additional fact-finding or analysis (e.g., to determine the lawfulness of Processing), we will consider your request as promptly and reasonably as possible before making our decision.
    If Individuals believe, after contacting LOXAMED, that their "Informatique et Libertés" rights are not being respected, they may file a complaint in France with the CNIL :
    Commission Nationale de l'Informatique et des Libertés (CNIL)
    3 place de Fontenoy TSA 80715 75334 PARIS CEDEX 07

 

11. SECURITY OF PERSONAL DATA

We undertake to take all necessary measures to protect your Personal Data held by us against misuse, loss, alteration, disclosure, destruction, unauthorized access and any other form of unlawful or unauthorized Processing, in accordance with applicable law. To this end, we have a range of appropriate technical and organizational measures. These may include measures to deal with suspected breaches of Personal Data.
Because the Internet is an open system, the transmission of information over this network is not completely secure. Although we take all reasonable steps to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to us over the Internet; such transmission is at your own risk and you are responsible for ensuring that any Personal Information you send to us is sent securely.
If you suspect any misuse, loss or unauthorized access to your Personal Information, please notify us immediately in the manner set forth in Section 13 below.
Access to Personal Information is limited to LOXAMED's employees, agents, suppliers, contractors and subcontractors who need to know that information in order to perform their duties. All persons having access to your Personal Information are bound by a confidentiality obligation and may be subject to disciplinary action and/or other sanctions if they fail to comply with this obligation.

12. CONFLICT RESOLUTION

Although LOXAMED has taken all appropriate measures to protect your Personal Information, no transmission or storage technology is completely foolproof.
However, LOXAMED is committed to ensuring that your Personal Information is protected. If you have reason to believe that the security of your Personal Information has been compromised or that it has been subject to unlawful use or misuse, you are encouraged to contact LOXAMED at the following address

  • by mail at the following address LOXAMED Legal Department - 256 rue Nicolas Coatanlem - 56850 Caudan (France), or
  • by email at contact@loxamed.fr
    LOXAMED will investigate and attempt to resolve complaints regarding the use and disclosure of your Personal Information in accordance with the principles set forth in the Policy.
    Unauthorized access to or misuse of Personal Information may constitute a violation of applicable law.
13. CONTACT

If you have any questions about the Policy, wish to opt-out of receiving commercial information from LOXAMED, or wish to exercise your rights regarding your Personal Information, you may send an e-mail to the following address: contact@loxamed.fr

14. COOKIE USAGE POLICY

When you visit our website, we may store cookies on your device, or read cookies already on your device, provided that we have always obtained your prior express consent.
Website to which this cookie policy applies
This cookie policy applies to the following website, which is operated and controlled by LOXAMED: https: //www.loxamed.com
What is a cookie?
A "cookie" is a small piece of information that is stored on your computer's hard drive that records your browsing of a website so that the next time you visit that site, it can present you with customized options based on the information stored about your last visit. Cookies can also be used to analyze traffic and for advertising and marketing purposes. Almost all websites use them and they do not harm your system.
There are different types of cookies that can be distinguished according to their origin, function and lifetime. The main characteristics of cookies are as follows:

  • Session cookies: These are cookies that are stored on your computer only during your web session and are deleted automatically when you close your browser - they usually store a session ID so you can visit our websites without having to log in again on each page;
  • Persistent cookies: A persistent cookie is stored as a file on your computer and remains there when you close your browser. The cookie is readable by the website that created it when you visit that site again. We use persistent cookies for Google Analytics and for personalization (see below);
  • Strictly necessary cookies: These cookies are essential to enable you to use our website effectively and therefore cannot be disabled. Without these cookies, the services available to you on our website cannot be provided. These cookies do not collect information about you that can be used for commercial purposes or to remember the pages you have visited on the Internet;
  • Performance cookies: These cookies allow us to monitor and improve the performance of our website. For example, they allow us to count visits, identify traffic sources and see which parts of our site are most visited;
  • Functionality Cookies: These cookies allow our website to remember the choices you make (username, language, country, etc.) and to provide enhanced functionality. For example, we are able to provide you with information or updates related to the services you use. These cookies may also be used to remember changes you make to text size, font, and other elements of web pages that you can personalize. They may also be used to provide services you have requested, such as viewing a video or posting comments on a blog; and
  • Personalization cookies: These cookies allow us to communicate information about solutions that may be of interest to you.

Why do we use cookies?
We use cookies for the following purpose:
To track your use of our website. This allows us to understand how you use our website and to track trends in individuals or larger groups. This allows us to develop and improve our website and services in response to the wishes and needs of our visitors;
How long do the cookies we use last?
The duration of the cookies we use on our website does not exceed twelve (12) months.
Some cookies are placed by third parties who are responsible for them.
How can you control cookies?
Most Internet browsers are programmed to accept cookies automatically. Depending on the type of browser you use, you can set it to (i) receive a warning before cookies are set, allowing you to accept or decline cookies, or (ii) always decline cookies. To learn how to do this, click on the "help" (or equivalent) button on your browser. Disabling cookies may affect your experience on our website.
If you use different devices to access our website, you should ensure that each browser on each device is set to your cookie preferences.

You can find more information at: http: //www.allaboutcookies.org/manage-cookies/. Please note that LOXAMED is not affiliated with or responsible for third party websites.
In addition, you can opt-out of cookies from certain companies by visiting the following sites: http://www.aboutads.info/choices/#completed and http://www.youronlinechoices.com/. Please note that LOXAMED is neither affiliated with nor responsible for third party websites.

15. DEFINITIONS

For the purposes of the Policy and in accordance with the amended Law No. 78-17 of January 6, 1978, relating to data processing, files and freedoms and the RGPD, the following definitions apply:

  • "Data Protection Authority" means an independent public authority, charged by law with overseeing compliance with applicable data protection laws.
  • "Personal Data" means any information relating to an identified or identifiable individual, including by reference to an identifier, such as a name, identification number, location data, online identifier, or one or more specific elements.
  • "Sensitive Personal Data" means Personal Data relating to racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, as well as genetic data, data concerning health or data concerning sexual life or data relating to criminal convictions and offences, or related security measures, as well as any other information that may be considered sensitive by applicable law
  • "Controller" means the entity that decides the purposes and means of Processing Personal Data. In many jurisdictions, the Controller has primary responsibility for compliance with applicable data protection laws.
  • "GDPR" means General Data Protection Regulation (EU) 2016/679.
  • "Subprocessor" means any natural or legal person who processes Personal Data on behalf of the Processor, other than employees of the Processor.
  • "Processing" or "Process" means any operation performed on Personal Data, whether or not by means of automated processes, such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, communication by transmission, dissemination or otherwise making available, alignment or combination, limitation, erasure or destruction.