PRIVACY POLICY

ARTICLE 1: FOREWORD

The GDPR and you…

Personal data protection is one of our major concerns. The privacy policy fits into a legal context marked by the EU General Data Protection Regulation (EU Regulation 2016/679 of 27 April 2016), applicable since 25 May 2018 and the amended French Data Protection Act no. 78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties. The purpose of this data protection policy is to tell you about:

  • The personal data controller
  • How your data is collected and processed. Personal data is any information which enables a natural person to be identified.
  • Your rights regarding the use of your personal data
  • The recipients to whom your data is transmitted
  • The website's cookie management policy

This privacy policy supplements the legal notices on the websites.


ARTICLE 2: GLOSSARY

You’ll understand us... promise!

Personal Data is any information relating to an identified or identifiable person, i.e. enabling the person to be identified directly (e.g., surname and first name) or indirectly (e.g. cookies).

The Processing of personal data is any operation or set of operations (automated or not) which is performed on data or sets of personal data, such as collection, recording, organization, storage, data transmission, etc.

The Data Controller determines the purposes (objectives of the processing) and the means of processing.

The Data Processor processes personal data on behalf of the data controller and carries out its instructions.


ARTICLE 3: GENERAL PRINCIPLES 

Legal obligations... we’ve got them!

In accordance with the provisions of Article 5 of the General Data Protection Regulation (GDPR), the collection and processing of your personal data shall comply with the following principles:

  • Legality, loyalty and transparency: the collection and processing of personal data can only be based on a legal basis defined in advance (performance of a contract, legal obligation, consent, legitimate interest, preservation of vital interests)
  • Limited purposes: the collection and processing of personal data is carried out to meet one or more defined objectives
  • Minimization of data collection and processing: only the data strictly necessary for the proper execution of the objectives pursued are collected
  • Time-limited data retention: the data controller is under an obligation to define retention periods for the personal data processed
  • Integrity and confidentiality of the data collected and processed: the data controller undertakes to guarantee the integrity and confidentiality of the data collected.

ARTICLE 4: DATA CONTROLLER

We are responsible for the data entrusted to us! 
As data controller, Microoled undertakes to comply with the obligations resulting from the Regulation and the amended French Data Protection Act, concerning the collection and processing of personal data. In accordance with Article 32 of the GDPR, we implement all technical and organizational measures to ensure your personal data are protected.

ARTICLE 5: PERSONAL DATA COLLECTED AND PROCESSED: WHAT DATA?

What do we know about you?
In accordance with the principle of minimization, we only collect the data necessary to carry out our missions. Therefore, as part of our activity in the manufacture of ophthalmic lasers and ultrasound scanners, and the organization of training courses for our customers, distributors and healthcare professionals, as well as our research, studies and development of new products, Microoled may collect and process the following information:

  • Identity: Surname, first name
  • Login data : Usernames and passwords for access to distributor space
  • Internet: IP address, login history
  • Personal life : Address, e-mail, telephone number
  • Work Life : Qualification, occupation, work e-mail address
  • Financial information : Bank account details, banking and payment data

ARTICLE 6: PERSONAL DATA COLLECTED AND PROCESSED: WHY?

We’d like to explain!
In all of these situations, Microoled acts as a "Data Controller" under the GDPR.

6.1 General Data

Data collected :
WEBSITE VISITS (Identity : Personal life, Work life, Login data, Internet)
Reasons for collection : We use these data to:

  • Send you marketing communications (if you have given your consent)
  • Contact you when you fill in the contact form
  • Identify you on the website specialist area when you register
  • Offer you tailored services
  • Monitor and improve our websites and applications
  • Conduct audience analyses or create statistics
  • Secure our websites/applications and protect both you and ourselves against fraud.

The data collected through the form are kept for 3 years from collection or the last contact from the prospect The registration data to our various communication channels (Newsletter, …) and partner area are kept as long as you do not unsubscribe. Your browsing data on our website are kept for a maximum of 6 months.

RECRUITMENT MANAGEMENT : Identity, Personal life, Work life
We use these data for: - Application management, - Interview management

6.2 Location Data

In addition, when using our Services, we may also collect and use exact information regarding your location, such as GPS, accelerometer, your running route (including precise location data that shows your geographical position). We will only use location data you voluntarily provide us and such only with your prior consent or under your direction to do so
and only for the purposes set out in this Privacy Policy.  Also, the Services use your mobile device’s background location to provide the Services, including storing your position to build a location tracking history during your activities . If you have background location turned on, the ActiveLook app will, from time to time, track your device location even if you are not directly interacting with the application. You can change your mind and turn off background activity tracking at any time in your device settings or in-app settings.

ARTICLE 7: PERSONAL DATA: WHO HAS ACCESS TO YOUR PERSONAL DATA?

We don't pass them on to just anyone!

Microoled undertakes to transmit your personal data only to authorized people in-house and to authorized third parties such as the tax, customs or economic authorities, the administration of justice, the police and the gendarmerie, for example. Microoled may, perhaps, transmit your personal data to data processors for hosting and managing its database in France, hosting its websites or carrying out accounting and employment missions (e.g. accounting firms, recruitment agencies or law firms). The use of these service providers is necessary for the proper performance of our services. We undertake to verify and ensure their compliance with the GDPR and the amended French Data Protection Act.
Microoled does not and shall not sell, transfer or communicate your personal data to unauthorised third parties. Microoled does not make any automated decisions based on your personal data. No profiling is implemented during processing, and the data we collect will never be used without human intervention.

ARTICLE 8: YOUR RIGHTS

You hold all the cards!

8.1 Your rights

In accordance with current regulations, you have the following rights in relation to your personal data:
RIGHT OF ACCESS: You may, at any time, access the personal data we hold about you.
RIGHT TO RECTIFICATION: If you notice an error, omission or ambiguity in your personal data, you may make a request to complete, correct or clarify your personal information.
RIGHT TO OBJECT : At all times, you retain the right to object to the use of your personal data in the course of our company's activities in relation to the processing of your data.
RIGHT TO RESTRICT PROCESSING: You may demand that the future processing of your personal data be restricted under certain conditions
RIGHT TO ERASURE: You may also ask us to erase your personal data.

8.2 The DPO 
Microoled has appointed a Data Protection Officer (DPO). In order to exercise your rights, you can contact our Data Protection Officer (DPO) at the following address:
Microoled
7 PRV Louis Neel
38000 Grenoble - France
or send an e-mail to:  rgpd@microoled.net


8.3 Complaining to the CNIL
You may at any time lodge a complaint with the competent authority i.e. the French Data Protection Agency (CNIL) using the following link:  https://www.cnil.fr/fr/plaintes .

ARTICLE 9: SECURITY MEASURES


You entrust us with your data and we look after it!

Microoled is concerned about the security of personal data which it undertakes to process securely and only for the length of time necessary to achieve the intended purpose.
Microoled has put in place technical and organisational measures to ensure an adequate level of data protection in relation to the nature and purpose of the processing.
Therefore, in accordance with Article 32 of the GDPR on the security of processing, Microoled has implemented:

  • The pseudonymisation of personal data
  • Ways of guaranteeing the constant confidentiality, integrity, availability and resilience of processing systems and services
  • Ways of restoring data availability and access within an appropriate timescale in the event of a physical or technical incident
  • A procedure to regularly test, analyze and evaluate the effectiveness of the technical and organisational measures to ensure the processing is secure.

However, the security obligation remains an obligation of means, i.e. we do everything possible to ensure the confidentiality and integrity of your personal data. Everyone who has access to your personal data has been made aware of best data protection practices. They are bound by a confidentiality obligation, and are liable to disciplinary action in the event of non-compliance with this provision.

ARTICLE 10: DATA TRANSFERS OUTSIDE THE EUROPEAN UNION

A well-organised trip!
As part of our business and for the management of your requests, we may transfer data to our subsidiaries and distributors, located outside the European Union. However, prior to any
transmission of your personal data, we check the applicable rules on data transfers outside the European Union and ensure that they provide sufficient and adequate data protection
safeguards.

ARTICLE 11: COOKIES


You can choose between eating cookies and going on a diet CAs with most websites, our website uses cookies that can be classified into four categories:

  • STRICTLY NECESSARY: These cookies are essential to allow you to browse our websites and use their features.
  • PERFORMANCE/ANALYTICAL: These cookies collect anonymous information about your use of our website. The information collected by these cookies is used only to improve your browsing experience on our website and never for identifying you. Sometimes these cookies are placed by third-party providers of web traffic analysis services, such as Google Analytics.
  • FUNCTIONALITIES: These cookies remember the choices you make to improve your experience on our website and make your visit more personal and friendly. The information that these cookies collect can be anonymised and cannot be used to track your browsing activities on other websites.
  • SOCIAL NETWORKS: These cookies allow you to share your activity on our website with social networking companies. Please refer to the privacy policies of these companies to find out how their cookies work.

If you wish to limit your tracking, it is recommended that you reject them by default via the cookie management banner we have set up on our website. In our cookie policy you will
also find the procedure for accepting, customising or refusing cookies by expressing your choice using the banner that appears at the bottom of your screen.

ARTICLE 12: DATA PROTECTION POLICY UPDATES

Hang in there, you’ve almost finished! 
This personal data protection policy may evolve. The last update was made on march 2022.