Privacy policy

ARTICLE 1 : FOREWORD

The GDPR and you…

Personal data protection is one of our major concerns. The privacy policy fits into a legal context marked by the EU General Data Protection Regulation (EU Regulation 2016/679 of 27 April 2016), applicable since 25 May 2018 and the amended French Data Protection Act no. 78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties. 

The purpose of this data protection policy is to tell you about:

  • The personal data controller
  • How your data is collected and processed. 
  • Your rights regarding the use of your personal data
  • The recipients to whom your data is transmitted
  • The website's cookie management policy

This privacy policy supplements the legal notices on the websites.

ARTICLE 2 : GLOSSARY

You’ll understand us... promise!

Personal Data is any information relating to an identified or identifiable person, i.e. enabling the person to be identified directly (e.g., surname and first name) or indirectly (e.g. cookies).

The Processing of personal data is any operation or set of operations (automated or not) which is performed on data or sets of personal data, such as collection, recording, organisation, storage, data transmission, etc.

The Data Controller determines the purposes (objectives of the processing) and the means of processing.

The Data Processor processes personal data on behalf of the data controller and carries out its instructions.

ARTICLE 3 : GENERAL PRINCIPLES

Legal obligations... we’ve got them!

In accordance with the provisions of Article 5 of the General Data Protection Regulation (GDPR), the collection and processing of your personal data shall comply with the following principles:

  • Lawfulness, fairness and transparency: the collection and processing of personal data can only be based on a legal basis defined in advance (performance of a contract, legal obligation, consent, legitimate interest, preservation of vital interests)
  • Purpose limitation: the collection and processing of personal data is carried out to meet one or more defined objectives
  • Data minimisation: only the data strictly necessary for the proper execution of the objectives pursued are collected
  • Storage limitation: the data controller is under an obligation to define retention periods for the personal data processed
  • Integrity and confidentiality: the data controller undertakes to guarantee the integrity and confidentiality of the data collected.
  • Data accuracy: the controller undertakes to take all reasonable steps to keep the data it processes up to date, so as to update inaccurate data and delete obsolete data.

ARTICLE 4 : DATA CONTROLLER AND PROCESSOR

We are responsible for the data entrusted to us!

As data controller, LUMIBIRD MEDICAL undertakes to comply with the obligations resulting from the Regulation and the amended French Data Protection Act, concerning the collection and processing of personal data. In accordance with Article 32 of the GDPR, we implement all technical and organisational measures to ensure your personal data are protected.

As a processor, LUMIBIRD MEDICAL undertakes to process the customer's personal data only to the extent necessary for the performance of the contract concluded. LUMIBIRD MEDICAL undertakes to follow the customer's written instructions in accordance with Article 28 of the GDPR.

ARTICLE 5 : PERSONAL DATA COLLECTED AND PROCESSED: WHAT DATA?

What do we know about you?

In accordance with the principle of minimisation, we only collect the data necessary to carry out our missions. Thus, in the context of our activity, LUMIBIRD MEDICAL is likely to collect and process the following information: 

  • Identity: Surname, first name, gender, photograph, date and place of birth
  • Work Life: Qualification, occupation, work e-mail address, business telephone number, CV
  • Login data: IP address, logs, connection identifiers, timestamp information etc.
  • Internet: Cookies, tracers, navigation data, audience measurement etc.
  • Personal life: Address, e-mail, telephone number, country
  • Financial information: Bank account details
  • Sensitive data: Health data, NIR, medical imaging                                                                 

In the context of certain tasks such as machine maintenance and clinical studies (non-engine), we act as a subcontractor on behalf of healthcare professionals. In order to carry out these tasks, we are required to have knowledge of sensitive data, vulnerable persons, such as health data (diseases, medical images) and the social security number.

We are aware of the level of sensitivity of this information and are dedicated to ensuring a maximum level of confidentiality, as well as a commitment to meeting our legal and regulatory obligations. All the data collected are therefore strictly necessary to carry out the mission entrusted to us.

ARTICLE 6 : PERSONAL DATA COLLECTED AND PROCESSED: WHY?


We’d like to explain!

In all of these situations, LUMIBIRD MEDICAL acts as a "Data Controller" under the GDPR.

DATA COLLECTED

REASONS FOR COLLECTION

RETENTION PERIOD

LEGAL BASIS

WEBSITE VISITS

  • Identity;
  • Personal life
  • Work life
  • Login data
  • Internet
  • Location 

We use these data to:

- Send you marketing communications (if you have given your consent)

- Contact you when you fill in the contact form

- Send you our quotes (if you have requested them)

- Carry out audience analysis or statistics (if agreed)

Consent

Your navigation data on our website is kept for a maximum of 13 months  

 

The data collected through the form is kept for 3 years from the date of collection or last contact from the prospect

- To provide you with personalised services

- To monitor and improve our website

- To secure our website and ensure our and your protection against fraud.

Legitimate interest

 

CUSTOMER RELATIONSHIP MANAGEMENT

  • Identity
  • Personal life
  • Professional life
  • Economic information

We use this data to :

- Manage the commercial relationship

- Manage your orders

- Manage payments, invoicing, etc...

- Process and track your order, including delivery

- Manage customer complaints

- Answer your questions and interact with you in any other way

Execution of a contract

Conservation for the duration of the commercial relationship and 5 years after the end of the relationship.

 

Invoices are kept for 10 years.

 

RECRUITMENT MANAGEMENT

  • Identity
  • Personal life
  • Professional life
  • Location
  • Internet

We use this data to :

- Manage online application requests (unsolicited applications)

- Build up a CV database (if you give your consent)

Consent2 years after the last contact with the applicant on consent of the applicant
  • Identity
  • Personal life
  • Professional life

- Receive and record applications sent by e-mail or post

-Manage recruitment procedures in conjunction with line management

- Respond to job and internship applicants

- Manage disputes

Legitimate interest

Unsuccessful candidate: 2 years after the last contact with the candidate upon consent of the candidate.

Successful candidate: 5 years from departure

 

NEWSLETTER REGISTRATION AND COMMERCIAL COMMUNICATIONS

  • Identity
  • Personal life
  • Professional life
  • Login data

We use this data to :

- Send you marketing communications (if you have requested us to do so)

ConsentThe data is kept as long as the data subject does not unsubscribe (via the unsubscribe link in the newsletters) and 3 years after the end of the contractual relationship.
- To send you information communicationsLegitimate interest
- Maintain a suppression list if you have asked not to be contactedLegal obligations

 

 

MANAGEMENT OF CLINICAL STUDIES (AS A SPONSOR)

  • Personal life
  • Sensitive data

Patient data: 

We use this data to : 

- Conduct research in collaboration with academics and companies on technology studies and new product development

Execution of a contract

Until the end of the research

Up to 15 years after the end of the last patient's inclusion

  • Anonymised data (processing not covered by the GDPR)
- Use anonymised data for scientific presentation purposesLegitimate interestN/C
  • Identity
  • Personal life
  • Professional life

Practitioner and medical team data:

We use this data to: 

- Manage the process of applying for study authorisation from the authorities

- Communicate smoothly with practitioners and the medical team

Execution of a contract

Until the end of the research

Up to 15 years after the end of the last patient's inclusion

 

TRAINING 

  • Identity
  • Professional life
  • Sensitive data 

We use this data to : 

- Organise training sessions on the use and maintenance of products 

Execution of a contract5 years from the end of the contractual relationship

 

MONITORING OF ADVERSE EFFECTS ON PATIENTS

  • Identity 
  • Personal life
  • Professional life
  • Sensitive data

We use this data to : 

- Manage doctors' complaints

- Manage product returns

- Monitor the market

- Report incidents to the relevant authorities

- Monitor standards

Legal obligationRetention in accordance with Deliberation No. 2019-057 of 9 May 2019 adopting a reference framework for the processing of personal data implemented for the purposes of health vigilance management

 

DEMONSTRATION/RETURN OF THE MACHINES

 

  • Identity 
  • Personal life
  • Professional life
  • Sensitive data

- Setting up the equipment

- De-installation of equipment

- Technical follow-up

Execution of a contractRetention for 5 years from the end of the contractual relationship
- Reporting incidents to the relevant supervisory authoritiesLegal obligationRetention in accordance with Deliberation No. 2019-057 of 9 May 2019 adopting a reference framework for the processing of personal data implemented for the purposes of health vigilance management

 

Within the framework of our missions, LUMIBIRD MEDICAL acts as a "subcontractor" on behalf of its clients:

DATA COLLECTED

REASONS FOR COLLECTION

RETENTION PERIOD

LEGAL BASIS

MAINTENANCE OF EQUIPMENT

 

  • Identity 
  • Personal life
  • Professional life
  • Sensitive data

- Management of customer complaints and after-sales service

- Maintenance of equipment

- Preparation of a repair order

Execution of a contractRetention for 5 years from the end of the contractual relationship
- Reporting incidents to the relevant supervisory authoritiesLegal obligationRetention in accordance with Deliberation No. 2019-057 of 9 May 2019 adopting a reference framework for the processing of personal data implemented for the purposes of health vigilance management

 

TECHNICAL SUPPORT

  • Identity 
  • Personal life
  • Professional life
  • Sensitive data 

We use this data to : 

- Manage service requests and technical blocking situations

- Trace the relationship and exchanges

Execution of a contract5 years from the end of the contractual relationship

 

IMPLEMENTATION OF CLINICAL STUDIES (NON STUDY SPONSOR)

  • Personal life
    Sensitive data 

Patient data: 

We use this data to : 

- Conduct research in collaboration with academics and companies on technology studies and new product development

Execution of a contract

Until the end of the research

Up to 15 years after the end of the last patient's inclusion

  • Anonymised data (processing not covered by the GDPR)
- Use anonymised data for scientific presentationLegitimate interestN/C
  • Identity 
  • Personal life
  • Professional life

Practitioner and medical team data:

We use this data to: 

- Manage the smooth running of the application for study authorisation with the authorities

- Communicate smoothly with the practitioners and the medical team

Execution of the contractUntil the end of the researchJusqu’à 15 ans après la fin de l’inclusion du dernier patient

 

ARTICLE 7 : PERSONAL DATA: WHO HAS ACCESS TO YOUR PERSONAL DATA?

We don't pass them on to just anyone!

LUMIBIRD MEDICAL undertakes to transmit your personal data only to authorised people in-house and to authorised third parties such as the tax, customs or economic authorities, the administration of justice, the police and the gendarmerie or the administration of social action and health authorities.

LUMIBIRD MEDICAL may pass on your personal data to subcontractors such as:

  • SALES FORCE: CRM 
  • SAGE: ERP
  • MAILJET: e-mailing management
  • EASYMEDSTAT: clinical study
  • FACTORIAL: recruitment

The use of these service providers is necessary for the proper performance of our services. We undertake to check and guarantee that they comply with the RGPD and the amended Data Protection Act. 

Apart from the recipients mentioned above, LUMIBIRD MEDICAL undertakes not to transmit your personal data to third parties or external organisations without your express agreement.

LUMIBIRD MEDICAL does not and will not sell, transfer or communicate your personal data to unauthorised third parties. 

LUMIBIRD MEDICAL does not make any automated decisions on the basis of your personal data. No profiling is carried out during processing, and the data we collect will never be used without human intervention.

ARTICLE 8: YOUR RIGHTS

You hold all the cards!

8.1 YOUR RIGHTS

In accordance with current regulations, you have the following rights in relation to your personal data:

  • RIGHT OF ACCESS: You may, at any time, access the personal data we hold about you.
  • RIGHT TO RECTIFICATION: If you notice an error, omission or ambiguity in your personal data, you may make a request to complete, correct or clarify your personal information.
  • RIGHT TO OBJECT: At all times, you retain the right to object to the use of your personal data in the course of our company's activities in relation to the processing of your data.
  • RIGHT TO ERASURE: You may also ask us to erase your personal data.
  • RIGHT TO PORTABILITY: You have the right to receive your data in a structured, commonly used and machine-readable format. You may also request that we transfer your personal data to another organisation.
  • DIGITAL DEATH: You can decide what happens to your personal digital data after your death.

 

8.2 THE DPO

LUMIBIRD MEDICAL has appointed a Data Protection Officer (DPO). Thus, in order to exercise your rights, you may contact our Data Protection Officer (DPO) at the following address 

Name: OPTIMEX DATA

Address: privacy@lumibird.com

Telephone: 09.71.16.15.42

 

8.3 COMPLAINING TO THE CNIL

You may at any time lodge a complaint with the competent authority i.e. the French Data Protection Agency (CNIL) using the following link: https://www.cnil.fr/fr/plaintes.

ARTICLE 9 : SECURITY MEASURES

You entrust us with your data and we look after it!

LUMIBIRD MEDICAL is concerned about the security of personal data which it undertakes to process securely and only for the length of time necessary to achieve the intended purpose.

LUMIBIRD MEDICAL has put in place technical and organisational measures to ensure an adequate level of data protection in relation to the nature and purpose of the processing.

Thus, in accordance with Article 32 of the RGPD relating to the security of processing, LUMIBIRD  MEDICAL has put in place the means to guarantee the confidentiality, integrity, availability and constant resilience of the processing systems and services

However, the security obligation remains an obligation of means, i.e. we do everything possible to guarantee the confidentiality and integrity of your personal data.

All persons having access to your personal data have been made aware of good data protection practices. They are bound by an obligation of confidentiality and may be subject to disciplinary action in the event of non-compliance with this provision.

 

ARTICLE 10 : DATA TRANSFERS OUTSIDE THE EUROPEAN UNION

A well-organised trip!

In the course of our business and in order to manage your requests, we may transfer data outside the European Union. However, before any transmission of your personal data, we check the rules applicable to data transfers outside the European Union.

Indeed, in the context of sales, information may be communicated to our subsidiaries. 

Distribution contracts may also be transmitted to our subsidiary in order to monitor the commercial relationship.

In the context of communication, data may be transmitted to our subsidiaries. 

In accordance with the provisions of the RGPD and in order to guarantee the security and confidentiality of data, measures are being put in place, in particular Standard Contractual Clauses.

ARTICLE 11 : COOKIES

You can choose between eating cookies and going on a diet

Some features of this site rely on the use of cookies.
The cookies banner is not displayed on the home page when you are browsing because only cookies necessary for the operation of the site are deposited (however, you can refuse them by ticking the box in the cookie policy).

The audience measurement services are necessary for the operation of the site by allowing its proper administration. However, you have the possibility of objecting to their use.

You can also find our online cookie policy on our website.

ARTICLE 12 : UPDATE OF THE DATA PROTECTION POLICY

You're on the right track, it's almost the end of the reading! 

This privacy policy may be subject to change. 

The last update was made on 26 october 2023.