Protection of personal data
(established on 10.06.2021)
LOXAMED, Société par Actions Simplifiée (SAS), registered in the LORIENT Trade and Companies Register under number 887 672 137, located at 256 rue Nicolas Coatanlem, 56850 CAUDAN, FRANCE (hereinafter referred to as « LOXAMED ») processes personal data in the context of its activity. Terms beginning with a capital letter in this Policy are defined in Article 15 « DEFINITIONS » below.
- This policy (the « Policy ») describes how LOXAMED collects, uses and processes your Personal Data, as a Data Controller, in accordance with applicable regulations. The Policy applies in France.
- The Policy applies to Personal Data that we collect from our customers, suppliers, service providers and subcontractors in the course of performing all types of commercial contracts. It also applies to the Personal Data of the users of our website www.loxamed.com (and in particular of the persons proceeding to book an appointment on the tab « MAKE AN APPOINTMENT »), of the persons who would like to apply for our job offers and of all other persons whom we are legitimately led to contact within the framework of our activities
- LOXAMED may modify or update this Policy from time to time as a result of our business activities and to reflect changes in applicable laws. We encourage you to read this Policy carefully and to review it regularly for any changes we may make.
- LOXAMED values your privacy and we are committed to protecting and preserving your rights regarding the confidentiality of your Personal Information. If you do not agree with certain aspects of the Policy, you have legal rights as set forth in Sections 10, 12 and 13 below.
1. SOURCES OF THE PERSONAL DATA COLLECTED
We collect Personal Data about you from the following sources:
- Personal Data that you provide to us directly in the context of our business relationship, whether ongoing or in the context of prospecting (for example, when you contact us by e-mail, telephone or any other means, or when you give us your business card, or when you come to our premises);
- Personal Data from our website when you browse our website or when you use the features and resources available on or accessible through our website;
- Personal Data relating to the booking of appointments within the framework of our services (see the « MAKE AN APPOINTMENT » tab on our website);
- Personal Data provided by third parties (e.g. a rating agency or an information site such as Infogreffe).
2. PURPOSES OF PERSONAL DATA PROCESSING AND LEGAL BASIS
a) Purposes of the processing of personal data
We process your Personal Data for the following purposes:
- To enable our contacts to request information about LOXAMED and its services*;
- Prepare and submit commercial offers, participate in calls for tenders or bids*;
- To allow the follow-up of the commercial and contractual relationship with our customers (sending quotations, sending invoices, execution of orders, assistance and technical follow-up, management of possible disputes, etc.)* ;
- Suggest to our contacts or prospects to participate in events organized by LOXAMED in the context of trade shows, seminars or professional events*;
- To make calls for applications or tenders and to enable the follow-up of the commercial and contractual relationship with our suppliers, service providers and subcontractors*;
- Fulfill our contractual obligations ;
- Carry out customer satisfaction surveys*;
- Carry out promotional operations for our services with existing clients or prospects*;
- Carry out quality audits*;
- Manage unsolicited applications or applications in response to job offers* ;*
- Ensuring the physical security of our premises (including records of visits to the premises and CCTV recordings) and the electronic security of our systems*;
- Improve our products and services (identify problems, plan improvements, create new ones)* ;
- For accounting, financial, legal and audit management* ;
- In the context of legal proceedings (establishment, exercise or defence of a right in court)* ;
- Organize appointment schedules for RT-PCR tests, antigenic tests, teleconsultations and other appointments on sites equipped by LOXAMED*;
- To comply with our legal obligations.
b) Legal basis
In order to Process your Personal Data in accordance with the purposes set out above, we rely on one or more legal grounds:
- the Processing may be necessary for the performance of the contract you have entered into with us or to take steps necessary to conclude the contract;
- Processing may be necessary to comply with a legal obligation;
- the Processing may be based on your prior consent to the Processing (this legal basis is only used for optional Processing, not for Processing that is necessary or compulsory);
- we have a legitimate interest in processing Personal Data for the purposes listed in a) followed by an asterisk (*).
3. PERSONAL DATA CONCERNED
The Personal Data that we may collect varies according to the purpose of the Processing. The main purpose is to allow the identification of individuals in the context of their business relationship with LOXAMED. In any case, the Personal Data collected will be limited to the data necessary for the purposes set out in Article 2 above.
Note to visitors and users of our website: certain features and functions of our website can only be used if certain Personal Data are provided. The user is free to provide, or not, all or part of the Personal Data requested. However, if the user decides not to provide all of the Personal Data, some services and/or features of our website may not work or may only work in part.
Personal Data relating to customers and prospects:
We collect the following categories of Personal Data about our customers and prospects:
- personal information (surname, first name(s)) and contact details (postal address, delivery address, secretariat contact details if applicable, telephone number, e-mail address) of the contacts within the client or prospect company;
- information on quotations and orders (records of orders and their amounts) ;
- information on the means and methods of payment (date of payment, payment records, amount paid) ;
- information about customer needs or constraints, collected through customer satisfaction surveys, which we may then use to ensure that our marketing communications to you are relevant and timely;
- Additional Personal Data that our customers have chosen to provide to us, insofar as this is necessary for the purposes set out in Article 2 above.
Personal Data relating to suppliers, service providers and subcontractors:
We collect the following categories of Personal Data from our suppliers, service providers and subcontractors:
- personal information (surname, first name(s)) and contact details (postal address, secretariat details if applicable, telephone number, e-mail address) of our contacts within the supplier or service provider company for the purpose of managing our commercial relations;
- additional data that our contacts within the supplier, service provider or subcontractor company have chosen to communicate to us, insofar as these are necessary for the purposes set out in Article 2 above.
Personal Information about candidates applying for our jobs:
We collect the following categories of Personal Data from candidates applying for jobs with LOXAMED:
- personal information (name, first name(s), photo) ;
- demographic information (gender, date of birth/age, place of birth, nationality, title) ;
- professional information (profession, professional situation, professional address) ;
- contact details (postal address, telephone number, e-mail address);
- elements of professional background, diplomas, motivations.
Personal data relating to the users of our site:
Personal Data relating to persons booking an appointment as part of our services (see the « MAKE AN APPOINTMENT » tab on our website):
The personal data that the person registers on our website (in practice on the MOBMINDER system of our subcontractor, the Belgian company CLOUD-TECH SPRL), i.e. his/her: first name, surname, telephone and e-mail – are collected and processed for the sole purpose of booking his/her appointment slot (day and time); this device is specifically intended to help plan appointments, reduce queues and optimise and simplify the work of nurses.
It should be noted that, depending on the site concerned, online appointment booking may not be available and may be done in other ways or even without an appointment.
4. RECIPIENTS OF THE PERSONAL DATA COLLECTED
The recipients of the Personal Data are: (i) LOXAMED’s authorized internal departments and (ii) LOXAMED’s authorized suppliers, service providers and Subcontractors, in the context of the management of files and the delivery of services.
5. PROTECTION OF PERSONAL DATA OF MINORS
LOXAMED does not voluntarily collect or retain Personal Data of minors, except in the context of the last point of article 3 above regarding its reservation service.
6. SENSITIVE PERSONAL DATA
Please note that your Personal Health Information is not processed or stored by LOXAMED but only by healthcare professionals working in cooperation with LOXAMED, in accordance with the regulations applicable to them.
LOXAMED does not seek to collect or Process Sensitive Personal Data in the normal course of its business. Nevertheless, this may occur in the following exceptions:
- compliance with a legal obligation: where Processing is required or permitted by applicable law (e.g. to comply with our various reporting obligations);
- detection and prevention of criminal offences (including fraud prevention) ;
- consent: where we have, in accordance with applicable law, obtained your prior and express consent to Process your Sensitive Personal Data (this legal basis is only used for optional Processing, not for Processing that is necessary or obligatory). If you provide us with Sensitive Personal Data from third parties, you must specifically tell us so
7. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
We may disclose your Personal Information to the third parties listed below, each in its own scope and only with respect to the Personal Information that concerns it:
- legally authorized judicial or administrative authorities, at their request, or for the purpose of reporting actual or suspected security breaches, in accordance with applicable law ;
- LOXAMED’s accountants, auditors, lawyers and other external professional advisors, who are subject to confidentiality obligations;
- our service providers, suppliers or subcontractors (such as suppliers of modules and equipment, payment services, freight and transport companies, IT providers, etc.);
- any potential purchaser, in the event that we sell or transfer all or part of our assets or business (including in the event of a reorganisation, dissolution or liquidation).
Where one of our Subcontractors is involved in the Processing of your Personal Data (currently the Belgian company CLOUD-TECH SPRL which provides the MOBMINDER online booking system), it is subject to contractual obligations to: (i) to Process Personal Data only in accordance with our prior written instructions, (ii) to use measures to protect the confidentiality and security of Personal Data, as well as (iii) to comply with any other additional obligations imposed by applicable regulations.
Furthermore, with respect to Personal Data relating specifically to persons booking an appointment via MOBMINDER – see the « BOOK AN APPOINTMENT » tab on our website – your Personal Data will only be passed on to the staff responsible for ensuring the smooth running of the appointment process.
8. LIMITATION AND DURATION OF RETENTION OF PERSONAL DATA
8.1 We take all appropriate steps to ensure that the amount of Personal Data we Process is limited to that which is reasonably necessary for the purposes set out in the Policy.
8.2 We take all appropriate steps to ensure that your Personal Data is retained for no longer than is necessary for the purposes set out in the Policy.
The criteria used to determine the retention periods for Personal Data are as follows:
- We will keep your Personal Data in a format that allows you to be identified for as long as your Personal Data is necessary to fulfil the lawful purposes, for which we have a legitimate basis, described in section 2 of the Policy.
- We will retain your Personal Data for the applicable statute of limitations (i.e., the period of time during which an individual may make a claim against us, or bring a legal action against us, regarding his or her Personal Data or in connection with which his or her Personal Data is relevant).
- In any case, within five (5) years of the communication of the Personal Data concerned, the latter will be permanently destroyed or we will make them anonymous.
8.3 Specifically, with regard to Personal Data relating to your appointment bookings (tests, teleconsultations or others), these will be destroyed by LOXAMED within one month following the end of the contract for the LOXAMED site concerned (i.e. the contract concluded between LOXAMED and its client who ordered the deployment of the module or the health space concerned). This date will be communicated to you by sending a request by e-mail to the following address: firstname.lastname@example.org.
9. TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION
We do not transfer Personal Data outside the European Union.
Specifically, with respect to Personal Data relating to persons booking an appointment via MOBMINDER, their Personal Data is stored on two OVH sites in France, OVH acting as storage provider for the Belgian company CLOUD-TECH SPRL, our Subcontractor.
10. YOUR RIGHTS REGARDING YOUR PERSONAL DATA
Depending on the type of Processing, within the framework set by the RGPD regulation, you have a number of rights regarding the Processing of your Personal Data, which are set out in the regulation and may include, in summary, the following rights:
Right not to provide us with your Personal Data:
Please note, however, that in this situation we may not be able to provide you with our full range of products and services – for example, we may not be able to process your orders or book appointments on our website without the necessary information and contact details.
Right to object in the case of processing that is based on the legal grounds of legitimate interest or public interest:
You may at any time object to our processing of your Personal Data. Your request to object will be dealt with expeditiously and we will cease the Processing to which you object. Nevertheless, we reserve the right not to cease the Processing in question if:
- we can demonstrate that we have compelling legitimate grounds for processing your Personal Data that override your personal interests;
- we Process your Personal Data for the purpose of establishing, exercising or defending a legal claim.
Right to withdraw consent:
If we have obtained your consent to Process your Personal Data for certain Processes other than those for which no consent is required, you may withdraw that consent at any time and we will cease the particular Processing to which you had consented, unless we consider that there is another reason justifying our continued Processing of your Personal Data for that purpose, in which case we will inform you of this.
Please note that such withdrawal does not affect the lawfulness of any Processing undertaken prior to the date on which we received notification of such withdrawal, nor does it prevent the Processing of your Personal Data on any other available legal basis.
Right of access:
You have the right to request access to or copies of your Personal Data, together with information about the nature of the Processing and the persons who may have access to that Personal Data.
Where we provide you with access to the Personal Data we hold about you, we will not charge you for that access unless your request is manifestly unfounded or improper. If you request further copies of this information, we may charge you a reasonable administration fee where permitted by law. Where permitted by law, we may refuse your request. If we do so, we will always give reasons for our refusal.
Right to erasure:
You have the right to request that we delete your Personal Data in certain circumstances.
In principle, the Personal Data in question must meet one of the following criteria:
- your Personal Data is no longer necessary for the purposes for which it was originally collected and/or processed;
- you have withdrawn your consent to the Processing of your Personal Data and there is no other valid reason for us to continue Processing it;
- your Personal Data has been processed in an unlawful manner;
- where we Process your Personal Data because we consider it necessary for the purposes of our legitimate interests, if you object and we were unable to demonstrate a compelling legitimate reason for continuing the Processing.
We would be entitled to refuse to comply with your request for any of the following reasons:
- exercise the right to freedom of expression and information ;
- comply with legal obligations ;
- for public health reasons in the public interest ;
- for archival, research or statistical purposes;
- exercise or defend a legal right.
Where we respond to a valid request for erasure of Personal Data, we will take all appropriate practical steps to delete the Personal Data in question.
Right to limit Processing:
You have the right to request that we limit the Processing of your Personal Data in certain circumstances. This means that we may only continue to retain your Personal Data and may only carry out further Processing activities in one of the following circumstances: (i) resolution of one of the circumstances listed below; (ii) your consent; or (iii) further Processing is necessary for the establishment, exercise or defence of legal claims, the protection of the rights of another person, or for important reasons of public interest of the European Union or a Member State.
The cases in which you are entitled to request that we restrict the Processing of your Personal Data are as follows
- where you dispute the accuracy of the Personal Data we Process about you. In this case, we will limit the Processing of your Personal Data to verifying its accuracy;
- where you object to our Processing of your Personal Data for our legitimate interests. You may request that Personal Data be restricted while we verify our reasons for Processing your Personal Data;
- where your Personal Data has, extraordinarily, been unlawfully Processed by us, but you simply prefer that we restrict its Processing rather than delete it;
when we no longer need to Process your Personal Data but you request it in order to establish, exercise or defend legal claims.
If we have disclosed your Personal Data to third parties, we will inform them of the limited Processing unless this is impossible or involves disproportionate effort. We will, of course, inform you before we lift any restrictions on the Processing of your Personal Data.
Right of rectification:
You also have the right to request that we rectify inaccurate or incomplete Personal Data that we hold about you. If we have disclosed such Personal Data to third parties, we will inform them of the rectification unless this would be impossible or involve disproportionate effort. Where appropriate, we will also inform you to which third party or parties we have disclosed inaccurate or incomplete Personal Data. If we believe that it is reasonable not to comply with your request, we will give you the reasons for this decision.
Right to obtain and portability of Personal Data that we process on the basis of your consent or in the performance of a contract:
If you wish, you have the right to obtain and transfer your Personal Data from one Processor to another. In order for you to do so, we will provide you with your Personal Data in a commonly used, structured and machine-readable format. This right of portability applies to the following Personal Data: (i) Personal Data that we Process automatically (i.e. without human intervention) and (ii) Personal Data that you provide.
Right to complain to a Data Protection Authority:
You also have the right to lodge a complaint with a Data Protection Authority, and in particular the Data Protection Authority of the EU Member State in which you reside or work or where the alleged breach occurred. This does not affect your rights under applicable laws and regulations. To exercise any of these rights, to ask us a question relating to these rights or any other provision of this Policy, or to ask us about the Processing of your Personal Data, please use the contact details provided in section 13 of our Policy. Please note that :
- we may ask for proof of your identity before granting your requests;
- where your request requires additional fact-finding or analysis (for example, to determine the lawfulness of Processing), we will consider your request as promptly and reasonably as possible, before making our decision.
If Individuals believe, after contacting LOXAMED, that their « Informatique et Libertés » rights are not being respected, they may file a complaint in France with the CNIL :
Commission nationale de l’informatique et des libertés (CNIL)
3 place de Fontenoy TSA 80715 75334 PARIS CEDEX 07
11. SECURITY OF PERSONAL DATA
We undertake to take all necessary measures to protect your Personal Data held by us from misuse, loss, alteration, disclosure, destruction, unauthorised access and any other form of unlawful or unauthorised Processing, in accordance with applicable law. To this end, we have a range of appropriate technical and organisational measures. These may include measures to deal with suspected breaches of Personal Data.
Because the Internet is an open system, the transmission of information over it is not completely secure. Although we take all reasonable steps to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to us over the Internet; such transmission is at your own risk and you are responsible for ensuring that any Personal Information you send to us is sent securely.
If you suspect any misuse, loss or unauthorised access to your Personal Information, please notify us immediately in the manner set out in Section 13 below.
Access to Personal Information is limited to LOXAMED’s employees, agents, suppliers, contractors and subcontractors who need to know it in order to perform their duties. All persons having access to your Personal Information are bound by an obligation of confidentiality and may be subject to disciplinary action and/or other sanctions if they fail to comply with this obligation.
12. CONFLICT RESOLUTION
Although LOXAMED has taken all appropriate measures to protect your Personal Information, no transmission or storage technology is completely foolproof.
However, LOXAMED is committed to ensuring the protection of your Personal Information. If you have reason to believe that the security of your Personal Information has been compromised or that it has been subject to unlawful use or misuse, you are invited to contact LOXAMED at the following address
- by mail to the following address LOXAMED Legal Department – 256 rue Nicolas Coatanlem – 56850 Caudan (France), or
- by email to the following address: email@example.com
LOXAMED will investigate and attempt to resolve complaints regarding the use and disclosure of your Personal Information in accordance with the principles set forth in the Policy.
Unauthorized access to or misuse of Personal Information may constitute a violation of applicable law.
If you have any questions about the Policy, if you wish to stop receiving commercial information from LOXAMED or if you wish to exercise your rights regarding your Personal Data, you can send an e-mail to the following address: firstname.lastname@example.org
When you visit our website, we may store cookies on your device, or read cookies already on your device, provided that we have always obtained your express prior consent.
What is a cookie?
A « cookie » is a small piece of information that is stored on your computer’s hard drive and records your browsing on a website so that the next time you visit that site, it can present you with personalised options based on the information stored about your last visit. Cookies can also be used for traffic analysis and for advertising and marketing purposes. Almost all websites use them and they do not harm your system.
There are different types of cookies which can be distinguished according to their origin, function and lifetime. The main characteristics of cookies are as follows:
- Session cookies: these are cookies that are stored on your computer only during your web session and are deleted automatically when you close your browser – they usually store a session ID so that you can visit our websites without having to log in again on each page;
- Persistent cookies: A persistent cookie is stored as a file on your computer and remains there when you close your browser. The cookie is readable by the website that created it when you visit that site again. We use persistent cookies for Google Analytics and for personalisation (see below);
- Strictly necessary cookies: These cookies are essential to enable you to use our website effectively and therefore cannot be disabled. Without these cookies, the services available to you on our website cannot be provided. These cookies do not collect information about you that can be used for commercial purposes or to remember the pages you have visited on the Internet;
- Performance cookies: These cookies allow us to monitor and improve the performance of our website. For example, they allow us to count visits, identify traffic sources and see which parts of our site are most visited;
- Functionality cookies: These cookies allow our website to remember the choices you make (username, language, country, etc.) and to provide enhanced functionality. For example, we are able to provide you with information or updates relating to the services you use. These cookies may also be used to remember changes you make to text size, font and other elements of web pages that you can personalise. They may also be used to provide services you have requested such as viewing a video or posting comments on a blog; and
- Personalization cookies: These cookies allow us to communicate information about solutions that may be of interest to you.
To track your use of our website. This allows us to understand how you use our website and to track trends in individuals or larger groups. This allows us to develop and improve our website and services in response to the wishes and needs of our visitors;
How long do the cookies we use last?
The duration of the cookies we use on our website does not exceed twelve (12) months.
Some cookies are placed by third parties who are responsible for them.
How can you control cookies?
Most web browsers are programmed to accept cookies automatically. Depending on the type of browser you use, you can set it to either (i) receive a warning before cookies are set, allowing you to accept or decline cookies, or (ii) always decline cookies. To find out how to do this, click on the « help » (or equivalent) button on your browser. Disabling cookies may affect your experience on our website.
If you use different devices to access our website, you should ensure that each browser on each device is set to your cookie preferences.
You can find more information at: http: //www.allaboutcookies.org/manage-cookies/. Please note that LOXAMED is neither affiliated with nor responsible for third party websites.
In addition, you can opt out of cookies from certain companies by visiting the following sites: http://www.aboutads.info/choices/#completed and http://www.youronlinechoices.com/. Please note that LOXAMED is neither affiliated with nor responsible for third party websites.
For the purposes of the Policy and in accordance with Law No. 78-17 of January 6, 1978, as amended, relating to data processing, files and freedoms and the RGPD, the following definitions apply:
- « Data Protection Authority » means an independent public authority, charged by law with overseeing compliance with applicable data protection laws.
- « Personal Data » means any information relating to an identified or identifiable individual, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or one or more specific elements.
- « Sensitive Personal Data » means Personal Data relating to racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, as well as genetic data, data concerning health or data concerning sexual life or data relating to criminal convictions and offences, or related security measures, as well as any other information that may be considered sensitive by applicable law
- « Controller » means the entity that decides on the purposes and means of Processing Personal Data. In many jurisdictions, the Controller has primary responsibility for compliance with applicable data protection laws.
- « RGPD » means General Data Protection Regulation (EU) 2016/679.
- « Sub-processor » means any natural or legal person who processes Personal Data on behalf of the Controller, other than employees of the Controller.
- « Processing » or « Process » means any operation carried out on Personal Data, whether or not by means of automated processes, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.