Privacy policy

Introduction 
 

Cerba HealthCare processes your personal data as part of the management of the website, in accordance with the legislation in force.

 

This policy provides you with information about how Cerba HealthCare processes your personal data.

 

This policy, which is accessible on our website, is updated regularly to take account of legislative and regulatory developments and any changes in the processing operations carried out by Cerba HealthCare.

 

This policy was updated on 14/11/2022.

 

What are our commitments?

 

We undertake to comply with the applicable regulations for all processing of personal data that we carry out. We therefore undertake to comply with the following principles:

 

  • We process your personal data lawfully, fairly and transparently.
  • We collect your personal data for specific, explicit and legitimate purposes and do not process it in a way that is incompatible with those purposes.
  • We ensure that personal data is adequate, relevant and limited to what is necessary for the purposes for which it is processed.
  • We make every effort to ensure that personal data is accurate and, where necessary, kept up to date. We take all reasonable steps to ensure that personal data which is inaccurate, having regard to the purposes for which it is processed, is deleted or rectified without delay.
  • We will keep your personal data in a form that allows you to be identified only for as long as is necessary for the purposes for which it is to be processed.
  • We guarantee an appropriate level of security for the personal data we process.
     

These commitments are expressed as follows:

 

  • We respect your privacy.
  • We guarantee that the protection and security of your personal data are at the heart of our concerns.
  • We do not use your personal data for purposes that have not been brought to your attention.
  • We do not consider that your personal data should be stored indefinitely.
  • We do not sell your personal data to third parties.
  • We work with trusted partners who offer sufficient guarantees as to the implementation of technical and organisational measures so that our processing meets the requirements of the regulations in force.
  • We respect your rights as a data subject and as a patient, and make every effort to respond to your requests as soon as they are justified.
     

How do we collect your personal data?
 

We collect your data directly from you via our website.

 

What personal data do we process and for how long?
 

We remind you that personal data is information relating to an identified or identifiable natural person (the "data subject"), such as your first and last name, your postal address or health data.

 

We undertake to process only personal data that is strictly necessary for the purposes for which it is collected and to keep it only for as long as is necessary for those purposes. 

 

The categories of personal data that we process are as follows:

Processing activities

          - Management of the website (management of contacts, connections, account creation)
          - Recruitment management
          - Investor section management (registration, login, email campaigns, contact, event registration)


      Legal basis

          - Legitimate interest
          - Performance of pre-contractual measures
          - Consent, legitimate interest


      Categories of personal data

          - Identification data, connection data and logs, data relating to the management of contacts and account creation
          - Identification data and data relating to the professional situation of the applicant
          - Identification data, connection data and logs, data relating to the management of contacts and account creation

 

          
      Retention period (active basis)

          - 3 years from the last contact, 6 months for connection logs
          - 2 years from the date of application (unless objected to)
          - 3 years from the last contact, 6 months for connection logs

 

Who can access your personal data?

 

Your data will be communicated, where appropriate, only to the following recipients:

 

  • Authorised Cerba HealthCare staff; 
  • Subcontractors and trusted service providers, particularly those responsible for IT.

We make every effort to ensure that the number of such persons remains as limited as possible.

We only provide our trusted service providers with the information they strictly need to provide the service and they may not use your personal data for any other purpose.

We always make our best efforts to ensure that all our trusted service providers with whom we work maintain the security of your data. 

We also ensure that when our relationship with a trusted service provider comes to an end, that service provider deletes your personal data without delay.

We select our trusted service providers with great care, ensuring that they offer sufficient guarantees, particularly in terms of expertise, reliability and resources, to implement the technical and organisational measures needed to meet the requirements of the applicable legislation, particularly in terms of security. In this respect, we ensure that our trusted service providers process personal data only on our documented instructions. We also ensure that their staff have undertaken to respect confidentiality or are subject to an appropriate legal obligation of confidentiality.

"Piano Analytics (AT Internet) cookies are exempt from the need to obtain consent, as indicated in CNIL Ruling No. 2020-091, insofar as they are strictly necessary for the proper operation of the site. You may refuse the processing of your personal browsing data by activating this option. Please note that by clicking on the following button, we will no longer be able to measure and improve our sites in an optimal manner."

 

I object to the processing of my data

 

What are your rights as a data subject?
 

You have the right to access, rectify, delete and port your personal data, as well as the right to limit the processing of this data. 

For more information about your rights, visit cnil.fr. 

You may exercise your rights

 

  • Either by e-mail to the following address: dpo.groupe@cerbahealthcare.com
  • Or by post to the following address: DPO Cerba Healthcare Group - 11-13 Rue René Jacques, 92130 Issy-les-Moulineaux;

 

In the event of a request concerning your medical biology results, you may exercise your rights, either by e-mail or by post, with the Laboratory's "Personal Data Referent", whose contact details can be found here. Please make sure to contact the Laboratory's Personal Data Representative in charge of your file.