Controller
The Company referred to in the legal notice is the controller and responsible for your personal data (collectively referred to as “CHD”, “we”, “us” or “our” in this privacy notice).
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.
Contact details
Our full details are:
Email address: dpo@cegedimrx.co.uk
Postal address: Building 2 Buckshaw Station Approach, Buckshaw Village, Chorley, PR7 7NR
Native GDPR Compliance
The Website is managed in compliance with Regulation (EU) No. 2016/679 on the protection of personal data (hereinafter "GDPR") and the provisions of the French Data Protection Act of January 6, 1978, as amended, in force.
Do you wish to know how your personal data is processed through our Website?
This Personal Data Protection Policy (hereinafter referred to as the "Policy") aims to provide details on the purposes/reasons for which we collect your data and how we use it, as well as the rights you have.
This Policy is an integral part of the Website's General Terms of Use. Use of the Website implies your acceptance of the General Terms of Use and this Policy.
This Policy may be amended, supplemented, or updated, particularly to comply with any legal, regulatory, judicial, or technical developments. We invite you to regularly consult this Policy to stay informed of the current version.
Who is the data controller?
NB: The data controller, as defined by the GDPR, is the person, public authority, company, or body that determines the purposes and means of processing the data and decides to create the file.
We are the data controller in the context of your navigation on the Website.
The security of your data is a priority
Whether acting as a data controller or a processor, we take appropriate measures to ensure the protection and confidentiality of the personal data it holds or processes, in compliance with applicable legal and regulatory provisions (Data Protection Act and GDPR).
What personal data is collected ? Why is this data collected? How long is your personal data retained?
The personal data that may be collected by us, as the data controller, includes the following:
What personal data and/or cookie is collected?
|
What is the legal basis for processing?
|
Why these data are collected?
|
How long is your personal data retained?
|
First name and last name
|
Legitim interest
User’s consent
|
For processing contact requests by e-mail or telephone.
Legal obligation
|
the time strictly necessary to process your request
|
Email address
|
Legitim interest
User’s consent
|
For processing contact requests by e-mail or telephone
Legal obligation
|
the time strictly necessary to process your request
|
- Role / Function
- Position (Globally, regionally, locally)
- Country
|
Legitim interest
User’s consent
|
For processing contact requests by e-mail or telephone
Legal obligation
|
the time strictly necessary to process your request
|
Landline/Mobile phone number
|
Legitim interest
User’s consent
|
For processing contact requests by e-mail or telephone
|
the time strictly necessary to process your request
|
Connection and usage data of the website
|
User’s consent
|
To produce statistics, particularly on activities carried out on the site, with a view to improving services.
For marketing surveys, training courses, seminars and/or sponsorship operations.
|
1 year from the date of contact or until the user objects
|
IP address, hardware used, logs
|
Legitim interest
|
To prevent and combat computer fraud
|
For:
- IP Address: 1 year
- Logs : 6 months
|
The name of your company, if any
|
Legitim interest
|
For marketing surveys, training courses, seminars and/or sponsorship operations.
|
1 year from the date of contact or until the user objects
|
Cookies and other trackers
|
User’s consent
|
To produce statistics, particularly on activities carried out on the website, with a view to improving services.
|
6 months
|
Why is this data collected?
Your Personal Data may be collected and processed by us as stated above, such as for the following purposes:
- To process your request when you contact us via our contact form;
- As part of managing our cookies;
- To improve navigation on the Website and the quality of services offered;
- To manage requests related to your rights;
- To perform statistics, particularly on activities conducted on the Website;
- To prevent and combat cyber fraud.
This data is retained in accordance with applicable law and is intended primarily for our departments (sales, marketing, compliance, etc.). The data processed may be transmitted to our affiliated companies and, where applicable, internationally, in compliance with data protection regulations.
Who are the recipients of the collected personal data?
The recipients of certain Personal Data include:
- The company referred to in the legal notice
- If applicable, the affiliated companies of the Cegedim group[LE1]
Where applicable, authorized persons within our subcontractors or partners, under conditions of strict confidentiality, and exclusively to achieve the processing purposes set out in this Policy.
How long is your personal data retained?
When our contact form is used, the Personal Data collected is retained for the duration stated above.
Beyond these periods, we will delete or archive this Personal Data in accordance with applicable legal or regulatory provisions.
Opting out
In accordance with applicable regulations, you have the right to access your Personal Data, to rectify and erase it, as well as the right to limit processing, the right to data portability, and the right to object to processing, request access, request restriction of processing, request the transfer, withdraw consent at any time. You also have the right to define instructions regarding the retention, deletion, and communication of your Personal Data in the event of death.
In summary, under data protection laws, you have the following rights (unless a valid exemption applies):
- Right of Access – the right to receive a copy of your personal data.
- Right to Rectification – the right to rectify inaccurate personal information and complete information that’s considered incomplete.
- Right to Erasure – the right to have personal information erased in certain circumstances.
- Right to Restriction of Processing – the right to restrict the processing of personal information in certain circumstances.
- Right to Object to Processing – the right to object to the processing of personal information in certain circumstances.
- Right to Data Portability - the right to ask that the personal information provided is transferred to another organisation, or to you, in certain circumstances
To exercise these rights, you may contact us by email or postal mail at the addresses provided in header of this document.
You must specify the Personal Data you wish to correct, rectify, or erase and identify yourself precisely with a copy of your identification. We will take the necessary steps to respond satisfactorily to your requests and in accordance with applicable laws and regulations. Additionally, you may file a complaint with relevant Data Protection Authority as specified hereinafter.
How to Complain
If you have any concerns about our use of your personal information, you can make a complaint to us via the DPO, as detailed in in header of this document.
You can also complain to the Information Commissioners Office (ICO) if you are unhappy with any aspect of this notice or data processing activities. However, we would welcome the opportunity to discuss your concerns with you first, so we may investigate and deal with your complaint in an efficient and transparent manner.
You can contact the ICO either in writing at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Or call them via their helpline number: 0303 123 1113
Further contact details and more information can be sourced from their website: https://www.ico.org.uk
What is our cookie policy?
When you visit our Website, cookies may be placed and stored on your device (computer, tablet, smartphone, etc.). This Cookie Policy aims to specify the different types of cookies and similar technologies that may be used on our Website. A cookie is a small text file that a website may place on your device's hard drive. It records information related to your device's navigation on the site (such as the pages visited, the date and time of the visit, etc.) and is installed on the browser.
Why do we use cookies?
Cookies enable us to improve navigation on the website, optimize and personalize our services on the website, and measure audiences to provide you with a website that meets your expectations and preferences. The cookies we use on our website are either issued by us or by third-party companies on our behalf. Cookies necessary for the provision of services and the improvement of the Website's performance do not require your prior consent. Specifically, these cookies allow the user to access their account or any other reserved space via their identifiers, store information related, for example, to a form you filled out or a service, implement security measures, remember your browser display preferences, and adjust the Website's presentation. Our Website may contain audience measurement cookies issued by third parties, enabling us to compile statistics on traffic and use of various elements of the site to improve the interest and ergonomics of the Services offered.
If you do not wish to receive cookies from our website, you can express your preferences through the Website's cookie management panel.
The retention period for each cookie is specified in this document and, where applicable, after the user’s consent is given. You can manage and modify the use of cookies at any time through your browser. Please note that disabling internal or third-party cookies that are strictly necessary for the provision of the service may slow down and/or disrupt access to and use of the site.
International Transfers
Your personal data is only processed by companies within the Cegedim group, in compliance with applicable regulations. All transferred data is afforded the same level of protection as it is in the UK by ensuring that the receiving country, i.e. France, has been deemed to provide an adequate level of protection (known as the EU GDPR adequacy decision – see here for further information: https://ico.org.uk/for-organisations/data-protection-and-the-eu/data-protection-and-the-eu-in-detail/the-uk-gdpr/international-data-transfers/). Please contact us if you want further information on the specific mechanism used by us when transferring personal data out of the UK.