Innovative Products

Designed to create Value

 

Policy of personal data protection / 

Politique de protection des données personnelles

 

DIAGDEV , hereinafter “DIAGDEV” may, during its activities, process your personal data, in accordance with applicable legislation.

This policy provides you with information on how your personal data is processed by DIAGDEV.

This policy, accessible in particular on our website, is updated regularly in order to take into account legislative and regulatory developments, and any change in the DIAGDEV organization or in the processing it performs.

This policy is accompanied by a specific information statement for each processing operation carried out on your personal data, which will be made available to you as soon as possible and, in the event that we collect your data directly from you, at the time of this collection.

 

 

I - DIAGDEV Data Controler

 

DIAGDEV when acting as a controller, is responsible for the personal data that you provide to us or that we collect.

In order to protect your privacy and your personal data as effectively as possible, we have appointed a data protection officer. This person, who is the privileged point of contact for the supervisory authority, is responsible for ensuring that we process your data in accordance with applicable law.

You can contact our data protection officer at the following address: dpo@stago.com

 

II – What are our committements ?

 

We are committed to ensuring the highest possible level of protection for the persons whose personal data we process ("data subjects"). The protection of personal data, in particular those of our own employees, those of our suppliers, our customers, our potential customers, and any other third party.

We undertake to comply with the applicable regulations for all the processing of personal data that we carry out. We are therefore committed to respecting the following principles:

 

These commitments are manifested as follows:

 

 

III – Which personal data are we processing ?

 

We remind you that personal data is information relating to an identified or identifiable natural person, such as an email address, your first and last name, your IP address, etc.

We collect your personal data as part of our design, production, sales, servicing  distribution, promotion, clinical studies ... In some cases, we collect your personal data directly from you. In other cases, your personal data is communicated to us by a third party (our customers, our suppliers, etc.).

 

The personal data that we are likely to process are, for example:

Note: directly identifying data related to patients are only known and processed by our processors authorized to process them as part of their own activity (Clinical medical laboratory).

 

IV – For what purposes are your personal data processed?

 

The processing of personal data carried out by DIAGDEV has an explicit, legitimate and determined purpose.

Your personal data may for example be processed for the following purposes:

- If you are a customer or a prospect, we may process your personal data for the following purposes:

- If you submit an application for a position within DIAGDEV, we may process your data in order to manage your application.

- If you are one of our supplier or service provider or distributor, we can finally process your data for the management of our relationship with you.

The purpose of the processing will be communicated to you on a case-by-case basis, for each processing that we carry out on your personal data.

 

V – How do we ensure the lawfulness of our processing operations?

 

We always ensure, when we process your personal data, that the processing is based on a "legal basis".

We always process your personal data on one of the following :

- When you have personally entered into a contract with DIAGDEV, and the performance of this contract requires us to process your personal data, the legal basis for the processing is the performance of the contract. For example, this could be the case if you are a DIAGDEV employee.

- When processing is necessary for the execution of pre-contractual measures taken at your request, our legal basis is based on these pre-contractual measures. For example, this is the case when you submit an application for a position to us, which requires us to review your CV in order to make a decision on your application.

- When the processing is necessary for the purposes of the legitimate interests which we pursue, our legal basis is constituted by these legitimate interests. For example, the processing of your personal data for prospecting purposes as part of the management of the contract of the company for which you work, as part of our clinical studies which are of a public interest nature and are necessary for the development of our medical devices.

- We may also process your personal data by relying on another of the legal bases listed in local and / or European legislation or regulations that are applicable to DIAGDEVas an employer or private company based in the European Union. For example: compliance with a legal obligation to which DIAGDEV is subject, your consent to processing.

 

 

VI – How long do we keep your personal data?

 

Stago will keep your personal data only for the time necessary for the purposes for which they are processed, and in accordance with applicable legislation. Thus, the retention period of your personal data depends on the purpose of the processing to which they are subject, according to the correspondences below:

 

VII – Who can access your personal data?

 

Authorized persons within DIAGDEV and Diagnostica Stago SAS  and, in some cases, processors (our “trusted providers”), may access your personal data. We do our best to ensure that the number of such persons is kept as small as possible and to maintain the confidentiality and security of your personal data.

We only provide our trusted processors with the information they need in order to provide the service and ask them not to use your personal data for other purposes. We always do our best to ensure that all of our trusted processors with whom we work maintain the integrity, availability, confidentiality and security of your data. We also ensure that when our relationship with a trusted processor comes to an end, that processor deletes your personal data without delay.

 

We select our trusted processor with great care, ensuring that they provide sufficient guarantees, particularly in terms of expertise, reliability and resources, to implement the technical and organizational measures to meet the requirements of the applicable legislation, in particular the security of the processing. In this regard, we ensure that our trusted processors process personal data only on our documented instructions. We also ensure that their staff are committed to confidentiality or are subject to an appropriate legal obligation of confidentiality.

 

We may ask our trusted processors to provide a service that requires the processing of your personal data, for example in the following cases:

 

VIII – Where do we store your personal data?

 

Your data is stored in the European Union (EU) and the European Economic Area (EEA) by DIAGDEV and processors.

When transferring data outside of the EU and EEA, we ensure that the data is transferred securely and in accordance with applicable law. When the country where the data is transferred does not have an adequacy decision from the European Commission, we use "appropriate safeguards".

These appropriate safeguards are a way to ensure that the protection of your personal data is ensured even when they leave European territory. These appropriate safeguards may, for example, consist of using standard contractual clauses adopted by the European Commission.

On a case-by-case basis, we will inform you of our intention to transfer personal data to a third country, of the existence or not of an adequate decision of the Commission and, where appropriate, of the reference to the appropriate safeguards and the means of obtaining a copy or the place where they have been made available.

IX – What are your rights as a data subject and how to exercise them?

 Depending on the processing operations to which your data is subject, you may have the following rights:

To exercise these rights, you can contact us at the following address: dpo@stago.com

 

In order for us to process your request satisfactorily, you will need to prove your identity, by whatever means. If in doubt on our part, we may ask you for additional information, including the secure transmission of a copy of an identity document, signed by you.

 

We will do our best to meet your demands satisfactorily. Whatever our response, we will get it to you within one month, but our response time may be extended by an additional two months depending on the complexity and number of requests.

Under no circumstances can the response to the exercise of a legitimate and non-excessive right be charged. However, if the requests are unfounded or repetitive, we may require the payment of reasonable fees which take into account the administrative costs incurred in providing the information, making communications or implementing the measures requested by the data subject.

 

If, for any reason whatsoever, you consider that our response is not satisfactory, we inform you that you can lodge a complaint with the CNIL. https://www.cnil.fr/fr/plaintes/

 

X – What information do we need to provide to you?

 

Whenever DIAGDEV carries out processing operations on your personal data, it brings to your attention:

 

This information will be made available to you as soon as possible and, in the case of direct collection of your data, at the time of collection.

 

XI – How do we take care of the security of your personal data?

 

DIAGDEV attaches great importance to the protection of your personal data and takes all reasonable precautions to this end. We ask our trusted providers who process your data on our behalf to do the same.

 

We are constantly doing our best to protect your personal data. Upon receipt of your data, we apply strict procedures and security measures (technical and organizational) to prevent unauthorized access.

 

This policy was last updated on December 08 2020.

 

 

 

based on Pollen CMS