Privacy policy

Privacy policy

(established on 10.06.2021)

LOXAMED, Société par Actions Simplifiée (SAS), registered in the LORIENT Trade and Companies Register under number 887 672 137, located at 256 rue Nicolas Coatanlem, 56850 CAUDAN, FRANCE (hereinafter "LOXAMED") processes personal data as part of its business. Capitalized terms in this Policy are defined in article 15 "DEFINITIONS" below.

  • This privacy policy (the "Policy") describes how LOXAMED collects, uses and Processes your Personal Data, in its capacity as Data Controller, in compliance with applicable regulations. The Policy applies in France.
  • The Policy applies to the Personal Data that we may collect from our customers, suppliers, service providers and subcontractors in the performance of all types of commercial contracts. It also applies to the Personal Data of users of our www.loxamed.com website (and in particular of persons booking appointments on the "BOOK AN APPOINTMENT" tab), of persons wishing to apply for our job vacancies and of all other persons whom we may legitimately contact in the course of our activities.
  • LOXAMED may modify or update this Policy from time to time, depending on its activities and to take into account changes in applicable laws. We encourage you to read this Policy carefully and to check it regularly for any changes we may make.
  • Your privacy is important to LOXAMED and we are committed to protecting and preserving your rights with respect to the confidentiality of your Personal Data. If you do not agree with certain aspects of the Policy, you have the legal rights set out in articles 10, 12 and 13 below.
1. SOURCES OF PERSONAL DATA COLLECTED

We collect Personal Data about you from the following sources:

  • Personal Data that you provide directly to us in the context of our business relationship, whether ongoing or in the context of prospecting (for example, when you contact us by e-mail, by telephone or by any other means, or when you give us your business card, or when you visit our premises);
  • Personal Data from our website when you browse our website or when you use the features and resources available on or accessible through our website;
  • Personal Data relating to appointment bookings as part of our services (see the "MAKE AN APPOINTMENT" tab on our website);

 

  • Personal Data provided by third parties (e.g. a rating agency or an Infogreffe-type information site).
    Note to visitors and users of our website: The use of our website and the Personal Data communicated by its users are subject to the provisions of the Policy and its terms of use.
2. PURPOSES OF PERSONAL DATA PROCESSING AND LEGAL BASIS
a) Purpose of personal data processing

We process your Personal Data for the following purposes:

  • Enable our contacts to request information about LOXAMED and its services*;
  • Prepare and submit commercial offers, participate in invitations to tender* ;
  • Follow up commercial and contractual relations with our customers (sending quotations, invoices, fulfilling orders, technical assistance and follow-up, managing any disputes, etc.)* ;
  • Suggest to our contacts or prospects that they take part in events organized by LOXAMED at trade fairs, seminars or professional events* ;
  • Issue invitations to tender and monitor commercial and contractual relations with our suppliers, service providers and subcontractors* ;
  • Fulfill our contractual obligations;
  • Conduct customer satisfaction surveys* ;
  • Promote our services to existing and prospective customers* ;
  • Carry out quality audits* ;
  • Manage unsolicited applications or applications in response to job offers* ;*
  • Ensure the physical security of our premises (including the register of visits to the premises and video surveillance recordings) and the electronic security of our systems* ;
  • Improve our products and services (identify problems, plan improvements, create new ones)* ;

 

  • For accounting, financial management, legal affairs and auditing* ;
  • As part of legal proceedings (establishing, exercising or defending a legal right)* ;
  • Organize appointment schedules for RT-PCR tests, antigen tests, teleconsultations and other appointments at sites equipped by LOXAMED* ;
  • Comply with our legal obligations.

 

b) Legal basis

In order to Process your Personal Data in accordance with the purposes set out above, we rely on one or more legal grounds:

 

  • Processing may be necessary for the performance of the contract you have entered into with us or to take the steps necessary to conclude the contract;
  • Processing may be necessary to comply with a legal obligation;
  • the Processing may be based on your prior consent to the Processing (this legal basis is only used for optional Processing, and not for Processing that is necessary or compulsory);
  • we have a legitimate interest in Processing Personal Data for the purposes listed in a) followed by an asterisk (*).

 

3. PERSONAL DATA CONCERNED

The Personal Data we may collect varies according to the purpose of the Processing. The main purpose is to identify individuals in the context of their business relationship with LOXAMED. In any event, the Personal Data collected will be limited to that which is necessary for the purposes set out in article 2 above.
Note to visitors and users of our website: certain functions and features of our website can only be used if certain Personal Data is provided. The user is free to choose whether or not to provide all or part of the Personal Data requested. However, should the user decide not to provide all of the Personal Data requested, certain services and/or features of our website may not function, or may function only in part.

Personal Data relating to customers and prospects:
We collect the following categories of Personal Data relating to our customers and prospects:

  • personal information (surname, first name(s)) and contact details (postal address, delivery address, secretarial contact details if applicable, telephone number, e-mail address) of contacts within the customer or prospect company;
  • information on quotations and orders (statements of orders and amounts) ;
  • information on means and methods of payment (date of payment, payment statements, amount paid) ;
  • information relating to customer needs or constraints, collected as part of customer satisfaction surveys, which we may then use to ensure that our marketing communications to you are relevant and timely;
  • Additional Personal Data that our customers have chosen to communicate to us, insofar as this is necessary to achieve the purposes set out in article 2 above.
    Personal Data relating to suppliers, service providers and subcontractors:
    We collect the following categories of Personal Data relating to our suppliers, service providers and subcontractors:
  • personal information (surname, first name(s)) and contact details (postal address, secretarial contact details if applicable, telephone number, e-mail address) of our contacts within the supplier or service provider company for the purpose of managing our commercial relations;
  • additional data that our contacts within the supplier, service provider or subcontractor company have chosen to communicate to us, insofar as this is necessary to achieve the purposes set out in article 2 above.

 

Personal Data relating to candidates applying for our job offers:
We collect the following categories of Personal Data relating to candidates applying for job offers with LOXAMED:

  • personal information (last name, first name(s), photo) ;
  • demographic information (gender, date of birth/age, place of birth, nationality, title) ;
  • professional information (profession, employment status, business address) ;
  • contact details (postal address, telephone number, e-mail address) ;
  • details of career path, qualifications, motivations.

 

Personal data relating to users of our site :

See article 14 below "POLICY ON THE USE OF COOKIES".
Personal data relating to persons booking an appointment as part of our services (see the "MAKE AN APPOINTMENT" tab on our website):
The personal data that the person registers on our website (in practice on the MOBMINDER system of our subcontractor the Belgian company CLOUD-TECH SPRL), namely his/her: first name, last name, telephone and e-mail - are collected and processed for the sole purpose of booking his/her appointment slot (day and time); this system is specifically intended to help plan appointments, reduce queues and optimize and simplify the work of nurses.
Please note that, depending on the site concerned, online appointments may not be available and may be booked by other means, or even without an appointment.

4. RECIPIENTS OF PERSONAL DATA COLLECTED

The recipients of Personal Data are: (i) LOXAMED's authorized internal departments and (ii) LOXAMED's authorized suppliers, service providers and subcontractors, for the purposes of managing files and providing services.

 

5. PROTECTION OF PERSONAL DATA OF MINORS

LOXAMED does not voluntarily collect or retain the Personal Data of minors, except in the context of the last point of article 3 above concerning its reservation service.

 

6. SENSITIVE PERSONAL DATA

 

Please note that your Personal Health Information is neither Processed nor stored by LOXAMED, but only by healthcare professionals working in cooperation with LOXAMED, within the framework of the regulations applicable to them.
LOXAMED does not seek to collect or Process Sensitive Personal Data in the normal course of its business. However, it may do so under the following exceptions:

  • compliance with a legal obligation: where Processing is required or permitted by applicable law (e.g. to comply with our various reporting obligations);
  • detection and prevention of criminal offences (including fraud prevention) ;
  • consent: when we have, in accordance with applicable law, obtained your prior and express consent to Process your Sensitive Personal Data (this legal basis is only used for optional Processing, and not for Processing that is necessary or compulsory). If you provide us with Sensitive Personal Data from third parties, you must specify this specifically.
7. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

We may communicate your Personal Data to the third parties listed below, each within its own scope and only with regard to the Personal Data concerning it:

  • legally authorized judicial or administrative authorities, at their request, or for the purpose of reporting actual or suspected security breaches, in accordance with applicable law;
  • LOXAMED's accountants, auditors, lawyers and other external professional advisors, who are subject to confidentiality obligations;
  • our service providers, suppliers or subcontractors (such as suppliers of modules and equipment, payment services, freight and transport companies, IT service providers, etc.);
  • any potential purchaser, in the event that we sell or transfer all or part of our assets or activities (including the event of reorganization, dissolution or liquidation).
    Where one of our Subcontractors is involved in the Processing of your Personal Data (to date this is the case with the Belgian company CLOUD-TECH SPRL which provides the MOBMINDER online reservation system), it is subject to contractual obligations to: (i) Process Personal Data only in accordance with our prior written instructions, (ii) use measures to protect the confidentiality and security of Personal Data, and (iii) comply with any other additional obligations imposed by applicable regulations.
    It should also be noted, with specific regard to Personal Data relating to people booking an appointment via MOBMINDER - see the "BOOK AN APPOINTMENT" tab on our website - that your Personal Data is only passed on to staff responsible for ensuring the smooth running of the appointment sequence.
8. LIMITATION AND RETENTION PERIOD OF PERSONAL DATA

8.1 We take all appropriate steps to ensure that the amount of Personal Data we Process is limited to that which is reasonably necessary for the purposes set out in the Policy.
8.2 We take all appropriate measures to ensure that your Personal Data is kept for no longer than is necessary for the purposes set out in the Policy.
The criteria used to determine the retention periods for Personal Data are as follows:

  • We will keep your Personal Data in a format that allows you to be identified for as long as your Personal Data is necessary to meet the lawful purposes, for which we have a legitimate basis, described in Article 2 of the Policy.
  • We will retain your Personal Data for the applicable statute of limitations (i.e., the period of time during which a person may make a claim against us, or take legal action against us, regarding his or her Personal Data or in connection with which his or her Personal Data is relevant).
  • In any event, no later than five (5) years following the communication of the Personal Data concerned, the latter will be permanently destroyed or rendered anonymous.

 

8.3 Personal Data relating specifically to your appointment bookings (tests, teleconsultations or other) will be destroyed by LOXAMED in the month following the end of the contract relating to the LOXAMED site concerned (i.e. the contract concluded between LOXAMED and its customer having ordered the deployment of the module or health space concerned). This date will be communicated to you upon request by e-mail to the following address: contact@loxamed.fr.

9. TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION

We do not transfer Personal Data outside the European Union.
Specifically, with regard to Personal Data relating to persons booking an appointment via MOBMINDER, their Personal Data is stored on two OVH sites in France, with OVH acting as storage service provider for the Belgian company CLOUD-TECH SPRL, our Subcontractor.

10. YOUR RIGHTS REGARDING YOUR PERSONAL DATA

Depending on the type of Processing, within the framework set by the RGPD regulations, you have a number of rights concerning the Processing of your Personal Data, these being set by the regulations and may include, in summary, the following rights:
Right not to communicate your Personal Data to us:
Please note, however, that in this situation, we may be unable to provide you with our full range of products and services - for example, we may be unable to process your orders or book appointments on our website without the necessary information and contact details.
Right to object in the case of processing based on the legal grounds of legitimate interest or public interest:
You may object at any time to our processing of your Personal Data. Your request to object will be dealt with promptly and we will cease the Processing to which you object. Nevertheless, we reserve the right not to cease the Processing in question if:

  • we can demonstrate that we have compelling legitimate grounds for Processing your Personal Data which override your personal interests;
  • we Process your Personal Data for the purposes of establishing, exercising or defending a legal claim.
    Right to withdraw consent:
    If we have obtained your consent to Process your Personal Data for certain Processings other than those for which no consent is required, you may withdraw that consent at any time and we will cease the particular Processing to which you had consented, unless we consider that there is another reason justifying our continued Processing of your Personal Data for that purpose, in which case we will inform you of that situation.
    Please note that such withdrawal does not affect the lawfulness of any Processing undertaken prior to the date on which we received notification of such withdrawal, nor does it prevent the Processing of your Personal Data based on other available legal grounds.

Right of access:
You have the right to request access to or copies of your Personal Data, together with information about the nature of the Processing and the persons who may have access to such Personal Data.
Where we provide you with access to the Personal Data we hold about you, we will not charge you for that access unless your request is manifestly unfounded or abusive. If you request further copies of such information, we may charge you a reasonable administrative fee where permitted by law. Where permitted by law, we may refuse your request. If we do so, we will always justify our refusal.

Right to erasure:
You have the right to request that we delete your Personal Data in certain circumstances.
In principle, the Personal Data in question must meet one of the following criteria:

  • your Personal Data is no longer necessary for the purposes for which it was originally collected and/or processed;
  • you have withdrawn your consent to the Processing of your Personal Data and there is no other valid reason for us to continue Processing it;
  • your Personal Data has been processed in an unlawful manner;
  • in the event that we Process your Personal Data because we consider it necessary for the purposes of our legitimate interests, if you object and we were unable to demonstrate that there was a compelling legitimate reason to continue the Processing.
    We would be entitled to refuse to respond to your request for any of the following reasons:
  • exercise the right to freedom of expression and information ;
  • comply with legal obligations ;
  • for public health reasons in the public interest;
  • for archival, research or statistical purposes;
  • exercise or defend a legal right.
    When we respond to a valid request for erasure of Personal Data, we will take all appropriate practical steps to delete the Personal Data in question.
    Right to limit Processing:
    You have the right to request that we limit the Processing of your Personal Data in certain circumstances. This means that we may only continue to retain your Personal Data and that we may only carry out further Processing activities in one of the following cases: (i) resolution of one of the circumstances listed below; (ii) your consent; or (iii) further Processing is necessary for the establishment, exercise or defense of legal claims, for the protection of the rights of another person, or for important reasons of public interest of the European Union or a Member State.
    The cases in which you are entitled to request that we restrict the Processing of your Personal Data are as follows:
  • when you dispute the accuracy of the Personal Data we Process about you. In this case, we will limit the Processing of your Personal Data to verifying its accuracy;
  • when you object to our Processing of your Personal Data for the purposes of our legitimate interests. You may request that Personal Data be restricted while we verify our reasons for Processing your Personal Data;
  • when your Personal Data has, extraordinarily, been the subject of unlawful Processing by us, but you simply prefer that we restrict its Processing rather than delete it;

when we no longer need to Process your Personal Data but you request it in order to establish, exercise or defend legal claims.
If we have communicated your Personal Data to third parties, we will inform them of the limited Processing unless this proves impossible or involves disproportionate effort. We will, of course, inform you before lifting any restrictions on the Processing of your Personal Data.

Right of rectification:
You also have the right to request that we rectify inaccurate or incomplete Personal Data that we hold about you. If we have communicated this Personal Data to third parties, we will inform them of the rectification unless this proves impossible or involves disproportionate effort. Where applicable, we will also inform you to which third party(ies) we have disclosed the inaccurate or incomplete Personal Data. If we believe it is reasonable not to comply with your request, we will give you the reasons for this decision.

Right to obtain and port Personal Data that we process on the basis of your consent or in the performance of a contract:
If you wish, you have the right to obtain and transfer your Personal Data from one Data Controller to another. To enable you to do so, we will provide you with your Personal Data in a commonly used, structured and machine-readable format. This right of portability applies to the following Personal Data: (i) Personal Data that we Process automatically (i.e. without human intervention) and (ii) Personal Data that you provide.

Right to lodge a complaint with a Data Protection Authority:
You also have the right to lodge a complaint with a Data Protection Authority, and in particular with the Data Protection Authority of the member state of the European Union in which you reside or work or in which the alleged violation occurred. This does not affect your rights under applicable laws and regulations. To exercise one or more of these rights, to ask us a question relating to these rights or to any other clause of this Policy, or to question us about the Processing of your Personal Data, please use the contact details provided in article 13 of our Policy. Please note that :

  • we may ask for proof of your identity before granting your request;
  • when your request requires the establishment of facts or the performance of additional analyses (for example to determine the lawfulness of Processing), we will examine your request as promptly and reasonably as possible, before making our decision.
    If, after having contacted LOXAMED, Individuals consider that their "Informatique et Libertés" rights have not been respected, they may lodge a complaint with the CNIL in France:
    Commission Nationale de l'Informatique et des Libertés (CNIL)
    3 place de Fontenoy TSA 80715 75334 PARIS CEDEX 07 France

 

11. SECURITY OF PERSONAL DATA

We undertake to take all necessary measures to protect your Personal Data held by us from misuse, loss, alteration, disclosure, destruction, unauthorized access and any other form of unlawful or unauthorized Processing, in accordance with applicable law. To this end, we have at our disposal a range of appropriate technical and organizational measures. These may include measures to deal with suspected Personal Data breaches.
Because the Internet is an open system, the transmission of information over this network is not totally secure. Although we take all reasonable steps to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to us over the Internet; such transmission is at your own risk and you are responsible for ensuring that any Personal Data you send to us is sent securely.
If you suspect any misuse, loss or unauthorized access to your Personal Data, please notify us immediately in the manner set out in article 13 below.
Access to Personal Data is restricted to LOXAMED's employees, corporate officers, suppliers, service providers and subcontractors who need to know it in order to perform their duties. All persons having access to your Personal Data are bound by an obligation of confidentiality and may be subject to disciplinary measures and/or other sanctions if they fail to comply with this obligation.

12. CONFLICT RESOLUTION

Although LOXAMED has taken all appropriate measures to protect your Personal Data, no transmission or storage technology is totally infallible.
However, LOXAMED is committed to ensuring the protection of your Personal Information. If you have reason to believe that the security of your Personal Data has been compromised or that it has been unlawfully used or misused, you are invited to contact LOXAMED at the following address:

  • by post to the following address LOXAMED Legal Department - 256 rue Nicolas Coatanlem - 56850 Caudan (France), or
  • by e-mail to the following address: contact@loxamed.fr
    LOXAMED will investigate and attempt to resolve complaints regarding the use and disclosure of your Personal Data in accordance with the principles set forth in the Policy.
    Unauthorized access to or misuse of Personal Data may constitute a violation of applicable law.
13. CONTACT

If you have any questions about the Policy, if you wish to stop receiving commercial information from LOXAMED or if you wish to exercise your rights concerning your Personal Data, you can send an e-mail to the following address: contact@loxamed.fr

14. COOKIE POLICY

When you visit our website, we may store cookies on your device, or read cookies already present on your device, provided that we have always obtained your prior express consent.
Website to which this cookie policy applies
This cookie policy applies to the following website, which is operated and controlled by LOXAMED: https: //www.loxamed.com
What is a cookie?
A "cookie" is a small data file that is stored on your computer's hard drive and records your browsing on a website so that the next time you visit the site, it can present you with personalized options based on the information stored about your last visit. Cookies can also be used to analyze traffic and for advertising and marketing purposes. Almost all websites use cookies, and they do not damage your system.
There are different types of cookie, distinguished by their origin, function and lifetime. The main characteristics of cookies are as follows:

  • Session cookies: these are cookies that are stored on your computer only during your web session and are deleted automatically when you close your browser - they generally store a session identifier allowing you to visit our websites without having to log in again for each page;
  • Persistent cookies: a persistent cookie is stored as a file on your computer and remains there when you close your browser. The cookie is readable by the website that created it when you visit that site again. We use persistent cookies for Google Analytics and for personalization (see below);
  • Strictly necessary cookies: These cookies are essential to enable you to use our website effectively and cannot therefore be deactivated. Without these cookies, the services available to you on our website cannot be provided. These cookies do not collect any information about you that could be used for commercial purposes or to remember the pages you have visited on the Internet;
  • Performance cookies: These cookies enable us to monitor and improve the performance of our website. For example, they enable us to count visits, identify traffic sources and see which parts of our site are the most visited;
  • Functionality cookies: These cookies enable our website to remember the choices you make (username, language, country, etc.) and to provide enhanced functionality. For example, we are able to send you information or updates relating to the services you use. These cookies may also be used to remember changes you make to text size, font and other elements of web pages that you can personalize. They may also be used to provide services you have requested, such as viewing a video or posting comments on a blog; and
  • Personalization cookies: These cookies enable us to communicate information about solutions that may be of interest to you.

Why do we use cookies?
We use cookies for the following purposes:
To track your use of our website. This enables us to understand how you use our website and to track trends observed among individuals or larger groups. This enables us to develop and improve our website and services in response to the wishes and needs of our visitors;
How long do the cookies we use last?
The duration of the cookies we use on our website does not exceed twelve (12) months.
Some cookies are placed by third parties who are responsible for them.
How can you control cookies?
Most Internet browsers are programmed to accept cookies automatically. Depending on the type of browser you use, you can set it either (i) to receive a warning before cookies are set, allowing you to accept or reject them, or (ii) to always reject cookies. To find out how to do this, click on the "help" button (or equivalent) on your browser. Disabling cookies may affect your browsing experience on our website.
If you use different devices to access our website, you must ensure that each browser on each device is programmed according to your cookie preferences.

For more information, visit http://www.allaboutcookies.org/manage-cookies/. Please note that LOXAMED is neither affiliated with nor responsible for third-party websites.
In addition, you can unsubscribe from cookies from certain companies by visiting the following sites: http://www.aboutads.info/choices/#completed and http://www.youronlinechoices.com/. Please note that LOXAMED is neither affiliated with nor responsible for third-party websites.

15. DEFINITIONS

For the purposes of the Policy and in accordance with Act no. 78-17 of January 6, 1978, as amended, relating to data processing, files and freedoms and the RGPD, the following definitions apply:

  • "Data Protection Authority" means an independent public authority, charged by law with overseeing compliance with applicable data protection laws.
  • "Personal Data" means any information relating to an identified or identifiable person, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or one or more specific elements.
  • "Sensitive Personal Data" means Personal Data relating to racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, as well as genetic data, data concerning health or data concerning sexual life or data relating to criminal convictions and offences, or related security measures, as well as any other information that may be considered sensitive by applicable law.
  • "Data Controller" means the entity that decides on the purposes and means of Processing Personal Data. In many jurisdictions, the Data Controller is primarily responsible for complying with applicable data protection laws.
  • "GDPR" stands for General Data Protection Regulation (EU) 2016/679.
  • "Sub-Contractor" means any natural or legal person who processes Personal Data on behalf of the Data Controller, other than employees of the Data Controller.
  • "Processing" or "Process" means any operation performed on Personal Data, whether or not using automated processes, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, reconciliation or interconnection, limitation, erasure or destruction.