Expanscience collects personal data through the website http://www.arthrolink.com and its local or mobile device adaptations.
1. PROCESSING OF PERSONAL DATA
1.1. What personal data do we process and why ?
Below is a list of personal data that we collect from you, the purpose and the legal basis used for that processing.
|Category of persons affected||Type of personal data||Purpose of the processing||Legal basis for processing|
We believe that the risk to the personal data that we are processing on the basis of our legitimate interests is controlled and that, mindful of your well-being and respect of your private life, this risk is neither excessive nor intrusive. We have also put in place measures to protect your rights by applying suitable retention periods and by ensuring appropriate security controls.
If you choose not to provide the personal data requested and necessary, we might not be able to provide the services that you have requested or fulfil the purposes for which we requested the personal data. When the provision of personal data is required, we indicate this on the forms with a red star.
1.2. Who are the recipients of your personal data?
We may be required to share your personal data with various third parties:
- Service providers that support our activity and in particular:
- Providers of hosting and maintenance services;
- Marketing providers and advertising partners;
- Providers that carry out satisfaction surveys and questionnaires.
We have carefully selected these service providers and have taken measures to ensure adequate protection of your personal data. All our service providers are bound by a written contract to process the personal data provided to them solely for the purpose of providing us with a specific service and to maintain appropriate security measures to protect your personal data.
1.3. International transfer of personal data
We do not transfer any of your personal data outside of the European Union.
1.4. How long do we keep your personal data?
We delete the personal data that we collect after a certain duration:
- Personal data on visitors: deleted three years after your last contact with us (for example, a request for documentation or a click on a hyperlink in an email);
Beyond these periods, we may keep your data in databases (without sending marketing email) to meet our tax, accounting and corporate obligations (5 to 10 years maximum).
1.5. Security of your personal data
We have adopted physical, electronic and administrative security measures including the use of extended firewalls and passwords to secure access to personal data. In addition, we restrict access to personal data to employees who have a need to know the information to provide you with the services requested. Any person accessing it is covered by confidentiality obligations and is trained in protecting personal data.
1.6. Your rights
As the data subject, you have different rights. These rights are not absolute and each of these rights is subject to certain conditions in accordance with General Data Protection Regulation No. 2016/679 and the applicable national laws (in France, the French Data Protection Act of 6 January 1978 as amended).
- The right of rectification: You can ask us to take measures to correct your personal data if they are incorrect or incomplete (for example, if we have an incorrect name or address).
- The right to erasure: This right allows you, in simple terms, to request the deletion or suppression of your personal data when, for example, we have no more compelling reason to continue to use or their use is now illegal. It is however not a general right to erasure and there are several exceptions, for example when we must use the information to defend a legal action or to be able to comply with a legal obligation.
- The right to limit processing: You have the right to "block" or to prevent the subsequent use of your personal data when we evaluate a request for rectification or as an alternative to the deletion. When processing is limited, we can still keep your personal data, but we can no longer use them.
- The right to portability of data: You have the right to obtain and reuse certain personal data for your own needs in different companies (who are data controllers for distinct data processing). This only applies to personal data that you have provided to us, that we are processing with your consent and that for the purpose of performance of the contract are processed by automated means. In this case, we will provide you with a copy of your data in a structured, commonly used and machine readable format, or if you request it we will be able to transmit your data directly to other data controllers (when this is technically possible).
- The right to opposition: You have the right to oppose certain types of treatment, for reasons related to your particular situation, at any time, to the extent that this processing takes place for the purposes of legitimate interests pursued by Expanscience. We will be able however to continue to process your personal data if we can demonstrate that the processing is justified by compelling and legitimate grounds that outweigh your interests, your rights and freedoms, or if we need it for the establishment, exercise or defence of legal actions. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for such purposes.
- The right to withdraw your consent: When we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time. However, such a withdrawal does not affect the legality of processing operations that took place before this withdrawal.
2. GENERAL INFORMATION
Before assessing your request, we may ask you for additional information to identify you. If you do not provide the requested information and, therefore, we are not able to identify you, we may refuse to respond to your request.
If you are not satisfied with our response to your claim or if you think that the processing of your personal data does not comply with the data protection laws, you can file a complaint before the competent data protection control authority. The National Commission for Data Processing and Civil Liberties (CNIL) is the data protection authority in France (www.cnil.fr).
© Laboratoires Expanscience – All rights reserved – September 2018.