Privacy Policy

Privacy Policy

 

Foreword

The present document informs and helps you understanding which personal data in the sense of the regulations in force, the company DIXI MEDICAL collects on its website or by remote means, on what occasion, for what purpose, and how these data are processed.

This policy applies to clients and users of offers and services and visitors to the DIXI MEDICAL website.

DIXI MEDICAL uses data following the French Data Protection Act and the European General Data Protection Regulation related to personal data. It includes the collection of consent, the purpose of processing, and the duration to keep the records.

This policy is subject to modification or update at any time by DIXI MEDICAL, notably to comply with any legislative, regulatory, jurisprudential, or technological evolution. The date of the update is indicated in the document. These modifications are binding on the user, who should, therefore, regularly consult this privacy policy to be aware of any possible changes.

1    Definitions

Personal Data or Data: Any information relating to an identified or identifiable natural person (hereinafter referred to as the “Data Subject”) directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more specific elements specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

Data processor: The natural or legal person who determines the purposes and means of data processing.

Subcontractor: The natural or legal person who processes personal data on behalf of the data processor.

Recipient: The natural or legal person who receives communication of personal data, whether or not it is a third party.

Third-party: a natural or legal person, a public authority, a service or a body other than the data subject, the data processor, the subcontractor, and the persons who, under the direct authority of the data processor or the subcontractor, are authorized to process personal data.

Consent: any free, specific, informed and unambiguous expression of will by which the data subject signifies his or her agreement, using a declaration or a clear affirmative act, to personal data relating to him or her being processed.

2    Personal data collected

The data processed, for the purposes mentioned hereafter, are the following: Identification and contact data: surname, first name, telephone number, postal address, e-mail address, company name, curriculum vitae, cookie.

3    On what occasion is personal data collected

Personal data is collected :

  • When requesting a quote on the site or by phone
  • Upon reception of a spontaneous application
  • In the event of complaints or disputes
  • When participating in satisfaction surveys
  • When subscribing to newsletters
  • When connecting to our websites (IP address, cookies)
  • When consulting DIXI MEDICAL social networks.

4 Purpose of Personal Data Processing

The collection of data may have all or part of the following purposes:

  • Contact, appointment making
  • Information request (information, estimate)
  • Newsletter subscription
  • Delivering downloadable content
  • Study and management of a spontaneous application
  • Tracking site navigation preferences
  • To develop DIXI MEDICAL’s commercial opportunities.

Please note that each processing corresponds to one or more precise and determined purposes. In the hypothesis that the same treatment could serve several purposes. Consent will be collected separately for each of them.

5    Recipients of data

The data collected are intended for DIXI MEDICAL’s internal services, within the limits of their attributions, (marketing department, sales department or customer relations, HR department, accounting department, to any auditor within the framework of control procedures (for example, the Statutory Auditor), and its subcontractors.

The data may also be processed by authorized third parties (e.g., chartered accountant). These are situations where partners are involved in the provision of services. Finally, the processed data may also be transmitted to the competent authorities, at their request, in the context of investigative or judicial proceedings, in the context of judicial inquiries and requests for information from the authorities or to comply with other legal obligations.

6    Transfers outside the European Union

The personal data collected may be processed outside the European Union. Transfers outside the European Union may be carried out in particular within the framework of the following activities:

  • Customer relationship activities
  • The exploitation of data for social networks
  • IT services

In these cases, DIXI MEDICAL takes the necessary measures with its subcontractors and partners to guarantee an adequate level of data protection in compliance with the applicable regulations.

If the subcontractors and partners concerned are not members of the Privacy Shield agreement for transfers to the United States of America or are not located in a country with legislation considered to offer adequate protection, they will have previously signed the European Commission’s “standard contractual clauses” or will be subject to binding internal rules approved by the authorities.

7    Duration of data conservation

DIXI MEDICAL stores personal data only for as long as necessary for the purposes for which they are processed in line with the legal provisions in force. This retention period is not the same according to the data in question, the nature and purpose of the collection is likely to make this period vary. Similarly, certain legal obligations impose a specific retention period.

In principle, invoicing or contract data will still be accessible for ten years on any durable medium.

When subscribing to the newsletter or any other form of email managed by DIXI MEDICAL, the email address is kept until the end of the subscription.

At the end of the purpose for which the data were collected or the planned storage periods, data may be anonymized to be kept for exclusively statistical purposes.

8    Your rights

Any natural person whose personal data are processed by DIXI MEDICAL is entitled to the following rights:

Right of access and communication of data :

You have the right to access your personal information. However, due to the obligation of security and confidentiality in the processing of personal data incumbent on us, you are informed that your request will be processed, provided that you provide proof of your identity.

Right of rectification and deletion of data :

Under this right, the law entitles you to request the correction, updating, blocking, or deletion of data concerning you, which may prove to be inaccurate, erroneous, incomplete or obsolete, within the limits of what is permitted by the legislation in force.

Right to limitation of processing :

You may request the limitation of the processing of your personal data.

Disposal of personal data after death:

You can now define general and specific guidance on the treatment of personal data after your death. Where appropriate, the heirs of a deceased person may require that the death of their loved one be taken into consideration and/or that the necessary updates be made.

Right of opposition :

You may object to the processing of your personal data for reasons related to your particular situation. The exercise of this right is also possible in one of the following two conditions:

  • When the use of this right is based on legitimate grounds.
  • When the exercise of this right is intended to prevent the data collected from being used for commercial prospecting purposes, including profiling related to such prospecting.

Right to withdraw your consent :

If you have given your consent to the processing of your personal data, you have the right to withdraw your consent at any time.

Right to data portability :

When this right is applicable, you have the power that the personal data you have provided to DIXI MEDICAL be returned to you or if it is possible to transfer them to a third party.

Right to complain to the control authority :

You have the right to complain with the competent control authority, namely the CNIL (Commission Nationale de l’Informatique et des Libertés) for France.

  • 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07
  • Tél : +33 (0)1 53 73 22 22 / Fax : +33 (0)1 53 73 22 00
  • cnil.fr/fr/plaintes ou www.cnil.fr

9    How to exercise your rights – delay for response

You may exercise your rights by sending a request to the following e-mail address: dpo @ diximedical.com or by post to the head office of DIXI MEDICAL: 2A Route de Pouligney, 25640 MARCHAUX – CHAUDEFONTAINE, FRANCE, specifying the subject of your request and enclosing a signed photocopy of your valid identity document (in the case of a written request).

In the event of a request by e-mail, a copy of your valid identity document must be sent to us by fax (Fax: +33 (0)3 81 88 98 99) or by separate post.

DIXI MEDICAL is entitled, if necessary, to oppose requests that are manifestly abusive (due to their number, repetitive or systematic nature).

DIXI MEDICAL undertakes to respond to your request for access, rectification or opposition or any other additional request for information within a reasonable period, which may not exceed a maximum of 2 months from receipt of your request.

10  Obligations in terms of Security and Confidentiality

DIXI MEDICAL ensures that personal data is treated in complete security and confidentiality, including when certain operations are carried out by subcontractors. To this end, the appropriate technical and organizational measures to prevent the loss, misuse, alteration, and deletion of personal data are put in place. These measures are adapted according to the level of sensitivity of the data processed and the risk presented by the processing or its implementation.

In the application of the provisions of articles 33 and 34 of the GDPR, in the event of a violation of personal data, DIXI MEDICAL undertakes to notify this to the CNIL, the competent control authority in France, as soon as possible and if possible no later than 72 hours after becoming aware of it.

If the violation is likely to generate a high risk for the rights and liberties of a natural person, DIXI MEDICAL will notify the person and/or structure concerned as soon as possible.

 

Updated: 10 June 2021