Protection of personal data and privacy policy

SCHILLER MEDICAL is committed to a policy of respect and protection of privacy, and more particularly the personal data of its Users. SCHILLER MEDICAL pursues a proactive policy to ensure compliance with regulations relating to the protection of personal data (hereinafter the “Regulations”), including in particular the General Regulations on the Protection of Personal Data (hereinafter “GDPR”). ) and the Data Protection Act of 1978 as amended (hereinafter the “Information Technology and Freedoms Act”) as the Regulations evolve. It is important that the relationship of trust between SCHILLER MEDICAL and the Users of its Site is based on strictly necessary, transparent and secure use of private data in the digital world.

This policy specifies the commitments made by SCHILLER MEDICAL and explains how Users can exercise their rights over their personal data.

Regulation

The GDPR, which entered into force in 2018, strengthened the requirements set by the Data Protection and Freedoms Act for transparency of information and expression of consent of the persons concerned, and allowed the latter to benefit from new rights. It adds to existing texts, in particular on Cookies with the ePrivacy Directive of 2002 updated by the European Regulation on the protection of privacy of 2022 known as the “ePrivacy Regulation”.

The rights of individuals can be exercised when data, considered personal, is collected by a data controller.

Personal data is any information relating to an identified or identifiable natural person (in particular by reference to an identifier, location data or several elements specific to their physical, mental, genetic, economic, cultural or social identity).

A data controller is a natural or legal person implementing the processing of personal data (by collection, storage or otherwise) for a specific purpose and who controls the technical and/or human means linked to the implementation of this treatment. Responsibility for processing may also be shared with a third party (a service provider, a social network, etc.).

 

The proportoniality and transparency principle 

In accordance with regulations, SCHILLER MEDICAL collects personal data only when it is strictly necessary and when the User has given his consent. However, some processing operations do not require consent, in particular those based on the need to comply with legal obligations.

For each processing operation, the purposes, the recipients of the data and the conditions for storing personal data are detailed in the information provided under the forms and in article 7 of the General Conditions of Use of the SCHILLER MEDICAL website.

Concerning the particular case of Cookies, Users can go to the dedicated information page, and also express their consent for each purpose of processing by clicking on the “Cookie Management” tab, accessible from the footer of each page of the SCHILLER MEDICAL website.

Security principle, condidentiality and integrity of data

SCHILLER MEDICAL takes every precaution to ensure the security, integrity and confidentiality of Users’ personal data.

In fact, SCHILLER MEDICAL implements data protection reinforced by appropriate technical and organizational measures. These important and necessary measures are taken in order to protect against any illicit or accidental access, use (alteration, destruction, etc.), loss, unauthorized disclosure or modification and against any misappropriation of data.

Respect of purposes

SCHILLER MEDICAL processes Users’ personal data solely for specific, legal and legitimate purposes.

In fact, personal data is processed for the following purposes in particular:

  • Carrying out operations relating to the management of prospects and customers: communicating news and information from SCHILLER MEDICAL, issuing offers tailored to the User’s needs;
  • To compile statistics on the number of visitors to the various Contents of the Site;
  • To improve and, where appropriate, personalize the Site, in particular by providing services and content tailored to the Site’s Users;
  • Storage in a database for internal management purposes;
  • Sharing the User’s reactions on the social networks to which he or she is connected, or sharing Site Content;

Data collected by SCHILLER Medical

Personal data is collected by SCHILLER MEDICAL following a positive, free and informed choice by the User in relation to the purposes pursued by the envisaged processing.

For each purpose, SCHILLER MEDICAL ensures that only strictly necessary data is requested or collected. To this end, forms collecting personal data explicitly state which data must be provided, and which data is optional (generally by means of an asterisk).

The following is a non-exhaustive list of the data that may be collected in relation to the various functions and services offered by SCHILLER MEDICAL:

  • E-mail addresses are regularly collected for the purpose of sending Users newsletters and other communications;
  • Surname, first name are required in order to communicate with the User who has made a request;
  • In some cases, the full postal address may be required to complete this communication;
  • The User’s browsing history on the SCHILLER MEDICAL website and certain declarative data may be collected 
  • The IP address and the anonymous unique identifier are collected for analysis of connection data on our site (overall statistics, browsing patterns, etc.).

Timing of data conservation collected by SCHILLER Medical

Personal data is kept only for as long as is reasonably necessary to provide the service, improve it and satisfy applicable legal requirements or requests from the User. Beyond the periods recommended by the CNIL (French Data Protection Authority) in relation to the processing in question, Users’ personal data is deleted from SCHILLER MEDICAL’s databases.
The retention periods applied by SCHILLER MEDICAL therefore depend entirely on the purpose of the processing in question.

Data recipients, storage and security

Only SCHILLER MEDICAL employees who have a need to know in relation to their function are authorized to access the personal data collected.

Data is stored by SCHILLER MEDICAL or by its subcontractors, depending on the type of processing involved, in compliance with regulations. In the event of subcontracting, the contract between SCHILLER MEDICAL and the subcontractor ensures a high level of confidentiality and data security. This requires the subcontractor to implement, on an ongoing basis, all the technical and organizational measures necessary to process and store personal data securely.

In addition, SCHILLER MEDICAL implements the following security measures:

  • Limiting and controlling the persons who may have access to Users’ personal data by implementing appropriate access control systems (identity and authorization management);
  • Raising awareness of personal data protection and SCHILLER MEDICAL ethics among staff and service providers;
  • Rigorous selection of service providers, with compliance with regulations as an overriding criterion.

Exercising user rights

SCHILLER MEDICAL undertakes to assist the User as best it can in exercising its rights. In fact, SCHILLER MEDICAL guarantees Users whose personal data is collected :

  • A right to information: the User has the right to be informed in a concise, simple, transparent, comprehensible and easily accessible manner of the way in which his/her personal data is processed;
  • A right of access: the User may request communication of his/her personal data being processed by SCHILLER MEDICAL;
  • A right of rectification: the User has the right to obtain the rectification of erroneous personal data or to obtain that incomplete personal data be completed;
  • A right of objection: the User has the right to object to his or her personal data being used for a specific purpose, and also to object to any fully automated decision, including profiling;
  • A right to erasure: In certain cases, the User has the right to obtain the deletion of his/her personal data. However, this right is not absolute and SCHILLER MEDICAL may have legal or legitimate reasons for retaining such data;
  • A right to restrict processing: In certain cases, the User has the right to obtain a temporary freeze on the processing of his/her personal data;
  • A right to transmit instructions concerning the use of data after death: the User has the right to define directives concerning the conservation, deletion and communication of his/her data after death. To this end, the User may choose a person to be responsible for carrying out these instructions. Failing this, it will be the User’s heirs.

The user must address any request to exercise rights by e-mail or post to :

SCHILLER MEDICAL :
Personal data protection
4 rue Pasteur
67160 Wissembourg

The request will be processed within 30 days of receipt of the message.

For further information, the User may at any time consult the CNIL website.

Contact: 

The Data Protection Officer is available to answer any questions not covered on this page. You can contact him through the following adress: dpo@schiller.fr

As part of the continuous improvement of its services, SCHILLER MEDICAL’s digital teams use APIs, notably from Google and YouTube, to program and enrich the content visible on SCHILLER MEDICAL’s website. Please refer to their General Terms of Use: https://policies.google.com/terms?hl=fr  & https://www.youtube.com/static?template=terms&hl=fr&gl=FR