Privacy Policy

PRIVACY POLICY: EDAP TMS

ARTICLE 1: INTRODUCTION

GDPR and You...

Protecting personal data is one of our primary concerns. The privacy policy is set within a legal framework defined by the European General Data Protection Regulation (EU Regulation 2016/679 of April 27, 2016), applicable since May 25, 2018, and the French Data Protection Act (Law No. 78-17 of January 6, 1978, amended), concerning information technology, files, and freedoms.

Therefore, the purpose of this data protection policy is to present to you:

The data controller for personal data processing.
How your data is collected and processed. Personal data is information that can identify an individual.
Your rights regarding the use of your personal data.
Recipients to whom your data is transmitted.
The website's cookie management policy.

This privacy policy complements the legal notices on the website and the general terms of use at https://www.edap-tms.com/en/terms-of-use/terms-of-use-2.

ARTICLE 2: GLOSSARY

Don't worry, you'll understand us!

Personal Data: Any information related to an identified or identifiable person, which can directly (e.g., name and surname) or indirectly (e.g., cookies) identify them.

Personal Data Processing: Any operation or set of operations (automated or not) applied to personal data, including collection, recording, organization, storage, and transmission.

Data Controller: Determines the purposes (objectives of processing) and means of processing.

Processor: Processes personal data on behalf of the data controller and under their instructions.

ARTICLE 3: GENERAL PRINCIPLES

We have legal obligations!

In accordance with Article 5 of the General Data Protection Regulation (GDPR), the collection and processing of your personal data follow these principles:

Lawfulness, fairness, and transparency: The collection and processing of personal data must be based on a pre-defined legal basis (e.g., contract execution, legal obligation, consent, legitimate interest, vital interests protection).
Purpose limitation: Personal data is collected and processed for one or more specific purposes.
Data minimization: Only data strictly necessary for the intended purposes is collected.
Limited data retention: The data controller must define retention periods for processed personal data.
Data integrity and confidentiality: The data controller ensures the integrity and confidentiality of collected data.

ARTICLE 4: DATA CONTROLLER AND PROCESSOR

We are responsible for entrusted data!

As the data controller, EDAP TMS commits to complying with obligations under the Regulation and the amended Data Protection Act regarding the collection and processing of personal data. Pursuant to Article 32 of the GDPR, we implement all technical and organizational measures to ensure the protection of your personal data.

As a processor, EDAP TMS agrees to process customer's personal data only as necessary for contract execution. EDAP TMS follows the customer's written instructions, as per Article 28 of the GDPR.

ARTICLE 5: PERSONAL DATA COLLECTED AND PROCESSED: WHAT DATA?

What do we know about you?

In accordance with the principle of minimization, we collect only data necessary for our missions. Thus, in the course of our activities, EDAP TMS may collect and process the following information:

what-we-know

In the context of our machine maintenance or demonstration missions, EDAP TMS acts as a processor on behalf of its customers (healthcare professionals). To perform these missions, we may have access to sensitive data about vulnerable individuals, such as health data (diseases), medical imaging, and medical procedures.

Aware of the sensitivity of this information, we are committed to ensuring the highest level of confidentiality and compliance with our legal and regulatory obligations. All collected data is strictly necessary to fulfill the mission entrusted to us.

ARTICLE 6: PERSONAL DATA COLLECTED AND PROCESSED: WHY?

We want to explain!

In all these situations, EDAP TMS acts as the "Data Controller" under the GDPR.

DATA COLLECTED	REASONS FOR COLLECTION	LEGAL BASIS	SHELF LIFE
WEBSITE CONSULTATION
...Identity ...Personal life ...Professional life ...Connection data ...Location ...Internet	We use this data to : - Send you our quotes (if you have asked us to do so) - Contact you when you fill in the contact form - Carry out audience analysis or statistics (if agreed) - Considering your application	Consent	Your browsing data on our website are kept for a maximum of 13 months. The data collected via the form is kept for 3 years from the date of collection or the last contact from the prospect.
	- Offer you personalised services - Monitoring and improving our website - To secure our website and protect us and you against fraud.	Legitimate interest

CUSTOMER RELATIONSHIP MANAGEMENT
...Identity ...Personal life ...Professional life ...Economic information ...Connection data ...Location ...Internet	We use this data to : - Managing the commercial relationship - Tailor the offer to your needs - Managing your orders - Manage payments, invoicing, etc. - Processing and following up your order, including delivery of equipment and accessories - Answer your questions and interact with you in any other way	Performance of a contract	Conservation for the duration of the commercial relationship and 5 years after the end of the relationship. Invoices kept for 10 years.
	- Send you commercial communications (if you have asked us to do so) -- Carry out audience analysis or statistics	Consent
	- Offer you personalised services - Monitoring and improving our website - To secure our website and protect us and you against fraud. - To send you information	Legitimate interest

NEWSLETTER REGISTRATION AND COMMERCIAL COMMUNICATIONS
Identity Personal life Professional life	We use this data to : - To send you commercial communications (if you have asked us to do so) - Carry out audience analysis or statistics (if you have given your consent)	Consent	The data is kept for as long as the person concerned does not unsubscribe (via the unsubscribe link integrated into newsletters).
	- To send you information	Legitimate interest
	- Maintain a suppression list if you have asked not to be contacted	Legal obligations

RECRUITMENT MANAGEMENT

Identity

Personal life

Professional life

Location

Internet

- Receiving your applications online

- Application management

- Interview management

Consent

2 years after the last contact with the candidate, with the candidate's consent

MANAGING REGULATORY OBLIGATIONS

Identity

Personal life

Professional life

Economic information

Sensitive data

- Monitoring the market

- Reporting incidents to the relevant authorities

- Monitor standards

Legal obligation

Retention in accordance with Deliberation No. 2019-057 of 9 May 2019 adopting a reference framework for personal data processing implemented for the purposes of health vigilance management

As part of our maintenance and demonstration work, EDAP TMS acts as a "subcontractor" on behalf of its customers:

DATA COLLECTED	REASONS FOR COLLECTION	LEGAL BASIS	SHELF LIFE
EQUIPMENT MAINTENANCE
Identity Personal life Professional life Connection data Location Sensitive data	- Management of customer complaints and after-sales service - Equipment maintenance - Drawing up a repair order	Performance of the contract	Retained for 5 years from the end of the contractual relationship
	- Reporting incidents to the relevant supervisory authorities	Legal obligations	Retention in accordance with Deliberation No. 2019-057 of 9 May 2019 adopting a reference framework for personal data processing implemented for the purposes of health vigilance management

DEMONSTRATION Device

Identity

Personal life

Professional life

Connection data

Location

Sensitive data

- Training for professionals

- Equipment settings

- Removing hardware

- Technical follow-up

Performance of the contract

Retained for 5 years from the end of the contractual relationship

- Reporting incidents to the relevant supervisory authorities

Legal obligations

Retention in accordance with Deliberation No. 2019-057 of 9 May 2019 adopting a reference framework for personal data processing implemented for the purposes of health vigilance management

ARTICLE 7: PERSONAL DATA: WHO HAS ACCESS TO YOUR PERSONAL DATA?

We don't just hand them out to anyone!

EDAP TMS commits to transmitting your personal data only to authorized personnel within the organization and to authorized third parties such as tax authorities, customs, economic administration, the judiciary, the police, the gendarmerie, social services, and health authorities.

EDAP TMS may also potentially transmit your personal data to processors such as:

OVH: website hosting
XEFI: IT service provider

The use of these service providers is necessary for the proper performance of our services. We commit to verifying and ensuring their compliance with GDPR and the amended Data Protection Act. Except for the recipients mentioned above, EDAP TMS commits not to transmit your personal data to third parties or external organizations without your express consent. EDAP TMS does not and will not engage in any sale, transfer, or communication of your personal data to unauthorized third parties. EDAP TMS does not use automated decisions based on your personal data. No profiling is implemented during processing, and the data we collect will never be used without human intervention.

ARTICLE 8: YOUR RIGHTS

You have all the cards!

8.1 Your Rights

According to current regulations, you have the following rights regarding your personal data:

your-rights-1

Your-tights-2

8.2 Data Protection Officer (DPO)

EDAP TMS has appointed a Data Protection Officer (DPO). To exercise your rights, you can contact our Data Protection Officer (DPO) at the following address:

Name: OPTIMEX DATA

EDAP TMS

Address: 4, rue du Dauphiné,

69120 Vaulx-en-Velin

Email address: dpo@edap-tms.com

Phone number: 09.71.16.15.42

8.3 Complaint to CNIL

You can file a complaint with the competent authority, namely the French Data Protection Authority (CNIL), at any time by following this link: https://www.cnil.fr/fr/plaintes.

ARTICLE 9: SECURITY MEASURES

You entrust us with your data, and we take care of it!

EDAP TMS is concerned about the security of personal data and commits to processing it securely and only for the necessary duration to achieve the intended purpose. EDAP TMS has implemented technical and organizational measures to ensure an adequate level of data protection based on the nature and purpose of processing.

Thus, in accordance with Article 32 of the GDPR regarding security of processing, EDAP TMS has implemented:

Means to guarantee constant confidentiality, integrity, availability, and resilience of processing systems and services.
Means to restore the availability of data and access to it within appropriate timeframes in case of a physical or technical incident.

However, the security obligation remains an obligation of means, meaning we make every effort to guarantee the confidentiality and integrity of your personal data. All individuals with access to your personal data have been sensitized to best practices in data protection. They are bound by a confidentiality obligation and, in case of non-compliance, are subject to disciplinary sanctions.

ARTICLE 10: TRANSFERS OF DATA OUTSIDE THE EUROPEAN UNION

A well-organized journey!

In the course of our activity and for managing your requests, we are not required to directly transfer your data outside of the European Union. However, in case of the transfer of your personal data outside the European Union, we will ensure that these countries guarantee an adequate and appropriate level of data protection. We commit to informing you in advance of the possibility of transferring data outside the European Union and will provide you with the guarantees in place to ensure an adequate and appropriate level of protection.

ARTICLE 11: COOKIES

You have the choice between eating cookies or going on a diet!

As on most websites, our website uses cookies, which can be classified into five categories:

If you want to limit your traces, it is recommended to refuse them by default through the cookie management banner we have set up on our website. You will also find in our cookie policy the procedure to accept, customize, or refuse cookies by expressing your choice using the banner that appears at the top of your screen.

ARTICLE 12: UPDATING THE DATA PROTECTION POLICY

You're on the right track; the end of the reading is near!

This data protection policy may evolve.

The last update was made on 03/12/2021.