Privacy notice Defymed

Privacy Policy

This privacy policy applies to the processing of data related to the use of Defymed website.

Defymed, as Data Controller, undertakes to comply with the EU Regulation No 2016/679 of the 27^th of April 2016 about personal data protection (GDPR) and with the French Data Protection Act (Loi Informatique et Libertés).

Data Protection Policy

Committed to the protection of your privacy, Defymed, as Controller of the personal data, ensure the highest level of protection of your personal data. The purpose of this Privacy Notice is to provide you with complete information about the use made by Defymed of the personal data of the website’s users.

In any circumstances, users are obliged to transmit personal information, however, in case of refusal to fill-in a so-called « mandatory » field, Defymed may not be able to access their requests.

Personal data

Personal data means any information relating to an identified or identifiable natural person (“data subject”), such as an address, a telephone number, an e-mail address, a date of birth, sex, data concerning the health or geographic location.

Data Controller

For the purposes of the European Data Protection Regulation (GDPR), the data controller, i.e. the company which is responsible for your personal data and which controls its processing is: Defymed S.A. 9 rue Albert Calmette 67200 Strasbourg – France

Data Protection Officer

For the purposes of the European Data Protection Regulation, Defymed has appointed a Data Protection Officer (DPO) who can be contacted at rgpd@defymed.com

Data processing

• Identity data including last name and first name.
• Contact details including email address, private or professional mailing address, telephone number and fax number.
• Professional data
• Health professionals including the title, specialty and council number of the order
• Applicants including CV and type of applicant (student).
• Device data including IP address, browser type and version, browser plug-in types and versions, user’s operating system and platform

Purposes and legal basis for processing your personal data

 Data Storage

Personal data are stored in the European Union in Defymed’s databases or files or in those of service providers with whom Defymed has a dedicated contractual relationship.

Recipients

Defymed is the recipient of your Personal Information. These, whether in individual or aggregated form, are by default never transmitted to a third-party unless needed for your request’s management.

Defymed does not proceed to the commercialization of the personal data of the visitors and users of its website.

Data retention

Defymed retains the data for a period of 3 years.

Security of your data

Defymed is particularly committed to the personal data that we collect and use. These operations are carried out in a secure manner. Defymed implements technical, physical and organizational measures necessary to prevent, as far as possible, any alteration, loss or unauthorized access to your personal data.

Rights

As a data subject, you have the possibility to request the exercise of the following rights:

• Right of access: you have the right to obtain confirmation whether or not your personal data is being processed and, where applicable, precise information about the processing of your data. You also have the right to request a copy of the information held about you.
• Right of rectification: you have the right to ask us to rectify, in particular by supplementing or rectifying, all or part of the information held about you.
• Right to erasure (“right to be forgotten”): you have the right to ask us to delete from our systems all information held about you.
• Right to restriction of processing: you can ask us that some of your data is not processed. They are then said to be locked.
• Right to data portability: you can request to retrieve your information in a structured, commonly used and machine-readable format and to transfer it to other data controllers.
• Right to object: you can object to the processing of personal data concerning you.

The exercise of these rights is not absolute; Requests to exercise rights will always be assessed on a case-by-case basis by the DPO of Defymed.

When the processing of your data is based on your consent, you can withdraw your consent at any time, simply and without any justification.

You also have the right to lodge a complaint with the Data Protection Authority of the Member State of the European Union of your habitual residence, your place of work or the place of the alleged infringement if you believe that your personal data is not processed in accordance with the GDPR. You will find the contact details of the various European Data Protection Authorities via the following link: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

You can contact the Defymed Data Protection Officer (DPO) to claim your rights by e-mail (rgpd@defymed.com) or by mail:

Defymed SAS

« A l’attention du délégué à la protection des données (DPO) »

9 rue Albert Calmette 67200 STRASBOURG – FRANCE

Defymed undertakes to respond to your request for information within a reasonable period of time which may not exceed one month from receipt of your request, provided that you bring a legal documentation of identity.

Cookies

Defymed uses cookies on the defymed.com website to improve the interactivity of the website and our services. Defymed uses internal cookies, necessary for the proper functioning of the website and cookies for measuring audience.

Internal cookies allow the website to work optimally. You can oppose and delete them using your browser settings.

Audience measurement cookies allow Defymed to improve the user experience of visitors to defymed.com website. Defymed uses the Google Analytics tool.

Each user has the option to refuse audience measurement cookies by clicking on « set cookies » which is displayed when opening the website.

This privacy notice is effective from 01^st September 2020 onwards.