Privacy Policy- Bariatrix Europe
1) Preamble
Bariatrix Europe places the protection and respect of privacy among its highest priorities. Bariatrix Europe undertakes to comply with all obligations applicable to data protection and the respect of the rights and freedoms of individuals (notably the European General Data Protection Regulation “GDPR”), as well as the opinions and recommendations of the CNIL and the European Data Protection Board.
2) Roles
For a proper understanding of this policy, it is specified that:
The “data controller”: Bariatrix Europe
The “processor”: any natural or legal person who processes personal data on behalf of Bariatrix Europe
The “data subjects”: clients and/or prospects of the services offered by Bariatrix Europe on its own behalf or on behalf of third parties, or employees working for Bariatrix Europe.
The “recipients”: natural or legal persons who receive personal data from Bariatrix Europe.
The recipients of the data may include Bariatrix Europe employees.
3) Purpose
This policy aims to meet the obligation of information and formalize the rights and obligations of Bariatrix Europe towards its clients and prospects regarding the processing of their personal data for all services of the website www.bariatrixeurope.com
4) Scope
This policy applies to all processing of personal data relating to clients and/or prospects carried out from the website www.bariatrixeurope.com
5) Why do we process your data?
Each processing operation is implemented within the framework of this data protection policy and in compliance with the regulations applicable to Bariatrix Europe. No personal data processing of clients and prospects is carried out if it does not comply with the general principles of the GDPR.
The purposes are as follows:
-
Collecting contact details of individuals via a contact form;
-
Communicating information relating to our products and services;
-
Managing the commercial relationship;
-
Carrying out prospecting and business development;
-
Establishing statistics;
-
Managing unsubscribe and opt-out requests.
6) Legal bases for data processing
The legal bases on which personal data processing relies are as follows:
Legitimate interest: processing is necessary for the pursuit of the legitimate interests of the organization processing the data or of a third party, in strict compliance with the rights and interests of the individuals whose data is processed; this applies in particular to commercial prospecting.
Consent: This is linked to prior authorization obtained from individuals for the purpose of conducting studies.
7) Types of data collected
The personal data collected or held are strictly necessary for Bariatrix Europe’s activities.
In this context, Bariatrix Europe may collect the following categories of data:
-
Identification data such as first name(s), last name(s),
-
Contact details such as postal address, email address, and phone number(s).
8) Data collected through cookies and trackers
We use tracking technologies, including cookies, to collect information about your browsing on our site. We invite you to consult the Cookies section for detailed information on the use of cookies and the choices available to you.
The use of cookies for commercial purposes is also defined in the cookie management policy on our website.
9) Data collected through cookies and trackers
Data relating to our clients or prospects is collected either directly from them or via the contact form.
10) Data recipients – authorization & traceability
The data collected by Bariatrix Europe may be shared in whole or in part depending on the purpose.
Internal recipients:
Authorized personnel from the marketing department, commercial department, customer relationship and prospecting departments, administrative departments, logistics and IT departments, as well as their hierarchical managers.
Authorized personnel from departments responsible for internal control procedures.
The recipients of personal data within Bariatrix Europe are bound by a confidentiality obligation.
Bariatrix Europe determines which recipient may access which data according to an authorization policy.
External recipients:
Judicial and/or administrative authorities duly authorized, as well as regulated professions (examples: notaries, lawyers, bailiffs).
All access concerning processing related to personal data of clients and prospects is subject to traceability measures.
Furthermore, personal data may be communicated to any authority legally authorized to access it. In such cases, Bariatrix Europe is not responsible for the conditions under which the personnel of these authorities access and use the data.
11) Data retention period
The data retention period is defined by Bariatrix Europe based on the legal and contractual constraints it faces and, failing that, according to its needs, and in particular the following principles:
Client data:
For the duration of contractual relations plus 3 years for prospecting purposes, without prejudice to retention obligations or legal limitation periods.
Data relating to members and users of the website:
Until the member account is deleted and 1 year after the last activity.
Prospect data: 3 years from collection by Bariatrix Europe or the last contact from the prospect.
After the periods defined, data is either deleted or kept in anonymized form, particularly for statistical purposes. It may be retained in case of pre-litigation or litigation for the entire duration of the dispute, plus legal contestation periods.
12) Storage
Personal data is stored in our databases or in those of our processors.
13) Data security
It is the responsibility of Bariatrix Europe to define and implement the technical, physical, or logical security measures it deems appropriate to combat accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of data. Bariatrix Europe requires the same measures from its business partners and processors.
To this end, Bariatrix Europe takes all necessary precautions considering the nature of the data and the risks presented by processing, particularly through physical protection of premises, authentication procedures with personal and secure access via confidential usernames and passwords, connection logging, encryption of certain data, etc.
14) Transfer outside the European Union
You are informed that your data is not transferred to countries outside the European Union.
15) Commercial communication
If you give your consent during registration, Bariatrix Europe may send you newsletters and other promotional messages by email. These newsletters keep you informed of Bariatrix Europe’s news, products, and services.
16) Rights of individuals
Clients and prospects have the right to request confirmation from Bariatrix Europe as to whether data concerning them is being processed or not. Any person has the right to be informed in an understandable and easily accessible manner about the processing of their data.
In accordance with applicable regulations, you have various rights that you may exercise at any time:
Right of access, right of rectification, right to erasure of your data, and the right to request the portability of data you have provided.
You have the right to object on legitimate grounds to the processing of your data or to request the restriction of such processing.
You also have the right to object at any time and without justification to the processing of your data for direct marketing purposes, as well as to profiling when it is carried out for that same purpose.
You have the right to define guidelines regarding the fate of your personal data after your death.
17) Exercising your rights
The exercise of your rights is carried out exclusively by email at: sales@bariatrix-europe.com or by post at:
Bariatrix Europe – DPO, 250 Rue Claude Chappe, Guilherand-Granges 07500 – FRANCE
As required by law, we must verify the identity of the person asserting their rights; therefore, it is necessary to send us a copy of an identity document or any other element allowing us to verify your identity.
We specify that the exercise of certain rights may, on a case-by-case basis, make it impossible for the data controller to provide the service in cases strictly provided for by applicable regulations.
A response to your request will be provided within one month from the receipt of your complete request. We reserve the right not to follow up on manifestly unfounded or excessive requests.
18) Data breach
In the event of a personal data breach, Bariatrix Europe undertakes to notify the CNIL under the conditions prescribed by the GDPR.
If the breach poses a high risk to clients and prospects and the data was not protected, Bariatrix Europe will:
Notify the affected clients and prospects;
Provide them with the necessary information and recommendations
19) Right to lodge a complaint with the CNIL
Clients and prospects affected by the processing of their personal data are informed of their right to lodge a complaint with the supervisory authority, the CNIL in France, if they believe that the processing of their personal data does not comply with European data protection regulations.
20) Subcontracting
Bariatrix Europe informs its clients and prospects that it may use any subcontractor of its choice for the processing of their personal data.
In such cases, Bariatrix Europe ensures that the subcontractor complies with its obligations under the GDPR.
Bariatrix Europe undertakes to sign a written contract with all its subcontractors and impose on them the same data protection obligations it applies itself. Additionally, Bariatrix Europe reserves the right to audit its subcontractors to ensure compliance with GDPR.
21) Evolution
This policy may be amended or adjusted at any time in case of legal, jurisprudential, CNIL decisions, or practice developments.
Any new version of this policy will be communicated to users of the site by any means defined by Bariatrix Europe, including electronic means.