Política de confidencialidad
ARTICLE 1 : FOREWORD
The GDPR and you…
Personal data protection is one of our major concerns. The privacy policy fits into a legal context marked by the EU General Data Protection Regulation (EU Regulation 2016/679 of 27 April 2016), applicable since 25 May 2018 and the amended French Data Protection Act no. 78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties.
The purpose of this data protection policy is to tell you about:
- The personal data controller
- How your data is collected and processed.
- Your rights regarding the use of your personal data
- The recipients to whom your data is transmitted
- The website’s cookie management policy
This privacy policy supplements the legal notices on the websites.
ARTICLE 2 : GLOSSARY
You’ll understand us… promise!
Personal Data is any information relating to an identified or identifiable person, i.e. enabling the person to be identified directly (e.g., surname and first name) or indirectly (e.g. cookies).
The Processing of personal data is any operation or set of operations (automated or not) which is performed on data or sets of personal data, such as collection, recording, organisation, storage, data transmission, etc.
The Data Controller determines the purposes (objectives of the processing) and the means of processing.
The Data Processor processes personal data on behalf of the data controller and carries out its instructions.
ARTICLE 3 : GENERAL PRINCIPLES
Legal obligations… we’ve got them!
In accordance with the provisions of Article 5 of the General Data Protection Regulation (GDPR), the collection and processing of your personal data shall comply with the following principles:
- Lawfulness, fairness and transparency: the collection and processing of personal data can only be based on a legal basis defined in advance (performance of a contract, legal obligation, consent, legitimate interest, preservation of vital interests)
- Purpose limitation: the collection and processing of personal data is carried out to meet one or more defined objectives
- Data minimisation: only the data strictly necessary for the proper execution of the objectives pursued are collected
- Storage limitation: the data controller is under an obligation to define retention periods for the personal data processed
- Integrity and confidentiality: the data controller undertakes to guarantee the integrity and confidentiality of the data collected.
- Data accuracy: the controller undertakes to take all reasonable steps to keep the data it processes up to date, so as to update inaccurate data and delete obsolete data.
ARTICLE 4 : DATA CONTROLLER AND PROCESSOR
We are responsible for the data entrusted to us!
As data controller, LUMIBIRD MEDICAL undertakes to comply with the obligations resulting from the Regulation and the amended French Data Protection Act, concerning the collection and processing of personal data. In accordance with Article 32 of the GDPR, we implement all technical and organisational measures to ensure your personal data are protected.
As a processor, LUMIBIRD MEDICAL undertakes to process the customer’s personal data only to the extent necessary for the performance of the contract concluded. LUMIBIRD MEDICAL undertakes to follow the customer’s written instructions in accordance with Article 28 of the GDPR.
ARTICLE 5 : PERSONAL DATA COLLECTED AND PROCESSED: WHAT DATA?
What do we know about you?
In accordance with the principle of minimisation, we only collect the data necessary to carry out our missions. Thus, in the context of our activity, LUMIBIRD MEDICAL is likely to collect and process the following information:
- Identity: Surname, first name, gender, photograph, date and place of birth
- Work Life: Qualification, occupation, work e-mail address, business telephone number, CV
- Login data: IP address, logs, connection identifiers, timestamp information etc.
- Internet: Cookies, tracers, navigation data, audience measurement etc.
- Personal life: Address, e-mail, telephone number, country
- Financial information: Bank account details
- Sensitive data: Health data, NIR, medical imaging
In the context of certain tasks such as machine maintenance and clinical studies (non-engine), we act as a subcontractor on behalf of healthcare professionals. In order to carry out these tasks, we are required to have knowledge of sensitive data, vulnerable persons, such as health data (diseases, medical images) and the social security number.
We are aware of the level of sensitivity of this information and are dedicated to ensuring a maximum level of confidentiality, as well as a commitment to meeting our legal and regulatory obligations. All the data collected are therefore strictly necessary to carry out the mission entrusted to us.
ARTICLE 6 : PERSONAL DATA COLLECTED AND PROCESSED: WHY?
We’d like to explain!
In all of these situations, LUMIBIRD MEDICAL acts as a «Data Controller» under the GDPR.
DATA COLLECTED | REASONS FOR COLLECTION | RETENTION PERIOD | LEGAL BASIS |
WEBSITE VISITS | |||
|
We use these data to:
– Send you marketing communications (if you have given your consent) – Contact you when you fill in the contact form – Send you our quotes (if you have requested them) – Carry out audience analysis or statistics (if agreed) |
Consent | Your navigation data on our website is kept for a maximum of 13 months
The data collected through the form is kept for 3 years from the date of collection or last contact from the prospect |
– To provide you with personalised services
– To monitor and improve our website – To secure our website and ensure our and your protection against fraud. |
Legitimate interest |
CUSTOMER RELATIONSHIP MANAGEMENT | |||
|
We use this data to :
– Manage the commercial relationship – Manage your orders – Manage payments, invoicing, etc… – Process and track your order, including delivery – Manage customer complaints – Answer your questions and interact with you in any other way |
Execution of a contract | Conservation for the duration of the commercial relationship and 5 years after the end of the relationship.
Invoices are kept for 10 years. |
RECRUITMENT MANAGEMENT | |||
|
We use this data to :
– Manage online application requests (unsolicited applications) – Build up a CV database (if you give your consent) |
Consent | 2 years after the last contact with the applicant on consent of the applicant |
|
– Receive and record applications sent by e-mail or post
-Manage recruitment procedures in conjunction with line management – Respond to job and internship applicants – Manage disputes |
Legitimate interest | Unsuccessful candidate: 2 years after the last contact with the candidate upon consent of the candidate.
Successful candidate: 5 years from departure |
NEWSLETTER REGISTRATION AND COMMERCIAL COMMUNICATIONS | |||
|
We use this data to :
– Send you marketing communications (if you have requested us to do so) |
Consent | The data is kept as long as the data subject does not unsubscribe (via the unsubscribe link in the newsletters) and 3 years after the end of the contractual relationship. |
– To send you information communications | Legitimate interest | ||
– Maintain a suppression list if you have asked not to be contacted | Legal obligations |
MANAGEMENT OF CLINICAL STUDIES (AS A SPONSOR) | |||
|
Patient data:
We use this data to : – Conduct research in collaboration with academics and companies on technology studies and new product development |
Execution of a contract | Until the end of the research
Up to 15 years after the end of the last patient’s inclusion |
|
– Use anonymised data for scientific presentation purposes | Legitimate interest | N/C |
|
Practitioner and medical team data:
We use this data to: – Manage the process of applying for study authorisation from the authorities – Communicate smoothly with practitioners and the medical team |
Execution of a contract | Until the end of the research
Up to 15 years after the end of the last patient’s inclusion |
TRAINING | |||
|
We use this data to :
– Organise training sessions on the use and maintenance of products |
Execution of a contract | 5 years from the end of the contractual relationship |
MONITORING OF ADVERSE EFFECTS ON PATIENTS | |||
|
We use this data to :
– Manage doctors’ complaints – Manage product returns – Monitor the market – Report incidents to the relevant authorities – Monitor standards |
Legal obligation | Retention in accordance with Deliberation No. 2019-057 of 9 May 2019 adopting a reference framework for the processing of personal data implemented for the purposes of health vigilance management |
DEMONSTRATION/RETURN OF THE MACHINES | |||
|
– Setting up the equipment
– De-installation of equipment – Technical follow-up |
Execution of a contract | Retention for 5 years from the end of the contractual relationship |
– Reporting incidents to the relevant supervisory authorities | Legal obligation | Retention in accordance with Deliberation No. 2019-057 of 9 May 2019 adopting a reference framework for the processing of personal data implemented for the purposes of health vigilance management |
Within the framework of our missions, LUMIBIRD MEDICAL acts as a «subcontractor» on behalf of its clients:
DATA COLLECTED | REASONS FOR COLLECTION | RETENTION PERIOD | LEGAL BASIS |
MAINTENANCE OF EQUIPMENT | |||
|
– Management of customer complaints and after-sales service
– Maintenance of equipment – Preparation of a repair order |
Execution of a contract | Retention for 5 years from the end of the contractual relationship |
– Reporting incidents to the relevant supervisory authorities | Legal obligation | Retention in accordance with Deliberation No. 2019-057 of 9 May 2019 adopting a reference framework for the processing of personal data implemented for the purposes of health vigilance management |
TECHNICAL SUPPORT | |||
|
We use this data to :
– Manage service requests and technical blocking situations – Trace the relationship and exchanges |
Execution of a contract | 5 years from the end of the contractual relationship |
IMPLEMENTATION OF CLINICAL STUDIES (NON STUDY SPONSOR) | |||
|
Patient data:
We use this data to : – Conduct research in collaboration with academics and companies on technology studies and new product development |
Execution of a contract | Until the end of the research
Up to 15 years after the end of the last patient’s inclusion |
|
– Use anonymised data for scientific presentation | Legitimate interest | N/C |
|
Practitioner and medical team data:
We use this data to: – Manage the smooth running of the application for study authorisation with the authorities – Communicate smoothly with the practitioners and the medical team |
Execution of the contract | Until the end of the researchJusqu’à 15 ans après la fin de l’inclusion du dernier patient |
ARTICLE 7 : PERSONAL DATA: WHO HAS ACCESS TO YOUR PERSONAL DATA?
We don’t pass them on to just anyone! LUMIBIRD MEDICAL undertakes to transmit your personal data only to authorised people in-house and to authorised third parties such as the tax, customs or economic authorities, the administration of justice, the police and the gendarmerie or the administration of social action and health authorities. LUMIBIRD MEDICAL may pass on your personal data to subcontractors such as:- SALES FORCE: CRM
- SAGE: ERP
- MAILJET: e-mailing management
- EASYMEDSTAT: clinical study
- FACTORIAL: recruitment
ARTICLE 8: YOUR RIGHTS
You hold all the cards!
8.1 YOUR RIGHTS
In accordance with current regulations, you have the following rights in relation to your personal data:
- RIGHT OF ACCESS: You may, at any time, access the personal data we hold about you.
- RIGHT TO RECTIFICATION: If you notice an error, omission or ambiguity in your personal data, you may make a request to complete, correct or clarify your personal information.
- RIGHT TO OBJECT: At all times, you retain the right to object to the use of your personal data in the course of our company’s activities in relation to the processing of your data.
- RIGHT TO ERASURE: You may also ask us to erase your personal data.
- RIGHT TO PORTABILITY: You have the right to receive your data in a structured, commonly used and machine-readable format. You may also request that we transfer your personal data to another organisation.
- DIGITAL DEATH: You can decide what happens to your personal digital data after your death.
8.2 THE DPO
LUMIBIRD MEDICAL has appointed a Data Protection Officer (DPO). Thus, in order to exercise your rights, you may contact our Data Protection Officer (DPO) at the following address
Name: OPTIMEX DATA
Address: privacy@lumibird.com
Telephone: 09.71.16.15.42
8.3 COMPLAINING TO THE CNIL
You may at any time lodge a complaint with the competent authority i.e. the French Data Protection Agency (CNIL) using the following link: https://www.cnil.fr/fr/plaintes.
ARTICLE 9 : SECURITY MEASURES
You entrust us with your data and we look after it! LUMIBIRD MEDICAL is concerned about the security of personal data which it undertakes to process securely and only for the length of time necessary to achieve the intended purpose. LUMIBIRD MEDICAL has put in place technical and organisational measures to ensure an adequate level of data protection in relation to the nature and purpose of the processing. Thus, in accordance with Article 32 of the RGPD relating to the security of processing, LUMIBIRD MEDICAL has put in place the means to guarantee the confidentiality, integrity, availability and constant resilience of the processing systems and services However, the security obligation remains an obligation of means, i.e. we do everything possible to guarantee the confidentiality and integrity of your personal data. All persons having access to your personal data have been made aware of good data protection practices. They are bound by an obligation of confidentiality and may be subject to disciplinary action in the event of non-compliance with this provision.ARTICLE 10 : DATA TRANSFERS OUTSIDE THE EUROPEAN UNION
A well-organised trip!
In the course of our business and in order to manage your requests, we may transfer data outside the European Union. However, before any transmission of your personal data, we check the rules applicable to data transfers outside the European Union.
Indeed, in the context of sales, information may be communicated to our subsidiaries.
Distribution contracts may also be transmitted to our subsidiary in order to monitor the commercial relationship.
In the context of communication, data may be transmitted to our subsidiaries.
In accordance with the provisions of the RGPD and in order to guarantee the security and confidentiality of data, measures are being put in place, in particular Standard Contractual Clauses.
ARTICLE 11 : COOKIES
You can choose between eating cookies and going on a diet
Some features of this site rely on the use of cookies.
The cookies banner is not displayed on the home page when you are browsing because only cookies necessary for the operation of the site are deposited (however, you can refuse them by ticking the box in the cookie policy).
The audience measurement services are necessary for the operation of the site by allowing its proper administration. However, you have the possibility of objecting to their use.
You can also find our online cookie policy on our website.
ARTICLE 12 : UPDATE OF THE DATA PROTECTION POLICY
You’re on the right track, it’s almost the end of the reading!
This privacy policy may be subject to change.
The last update was made on 14 March 2023 by Optimex Data.