MA: means Marketing Authorisation.
Application: means the Vivacy Security® application enabling Healthcare Professionals to verify the authenticity of Products.
Intermediate Archiving: refers to isolation by a logical separation (management of access rights and limited access to a specific service) and/or physical separation of Personal Data that Vivacy still has an administrative interest in.
Direct Customer: means a natural person who has subscribed to a Product or the Application directly from Vivacy.
Indirect Customer: means a natural person who has subscribed to a Product or the Application via a Distributor.
CNIL: means the Commission Nationale de l’Informatique et des Libertés.
Personal Data: refers to any information that directly or indirectly relates to a natural person.
Sensitive Data: means any Personal Data that discloses either the racial or ethnic origin of the natural person, their political opinions, religious or philosophical beliefs, trade union membership, state of health, sexual orientation, or things about their sex life.
Distributor: means the stakeholder promoting the Product and the Application to the Indirect Customer.
DPO: data protection officer.
Data Importer: means the stakeholder established in a country outside the European Union that receives from Vivacy Personal Data that is to be processed after it is transferred.
Notifier: refers to the patient, the member of an approved association of patients, the Health Professional or the member of a health authority who has reported adverse effects that may be attributed to a Product.
Data Subject: means the natural person whose Personal Data is processed.
Product: any medical device or cosmetic product developed by Vivacy.
Healthcare Professional: means any doctor, nurse, manager of a medical establishment (medical office, clinic, …) or any other profession belonging to the fourth part of the French Public Health Code who has ordered a product directly from Vivacy on their patient’s behalf.
Social Media: refers to Vivacy’s social networking pages.
Regulations: refers to Law no. 78-17 of January 6, 1978 as amended relating to Information Technology, Files and Civil Liberties, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data by the individual Member States, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”) and any applicable Personal Data protection regulations.
Device: refers to the hardware (computer, tablet, smartphone, phone, etc.) that you use to visit or view the Site.
Processing: means collecting, saving, organising, structuring, storing, adapting, modifying, extracting, viewing, using or any other form of making available, reconciling or interconnecting, limiting, deleting, and destroying.
User: refers to the person browsing the Site and/or the Social Media pages.
These definitions are capitalised and shall apply to both the singular and plural forms.
Healthcare Professionals who order the Products or use the Application published by Vivacy
3- Data Protection Contacts at Vivacy
The Personal Data controller is:
- For the Personal Data of Direct Customers, Patients and Distributors: Laboratoires Vivacy, a société par actions simplifié under French law, whose registered office is located at 44 rue Paul Valéry, 75116 Paris, registered at the Paris Trade and Companies Registry under number 498 485 275.
Vivacy’s DPO, which guarantees the Regulations are complied with, is your preferred contact person for any and all questions concerning the protection of your Personal Data.
You can contact him by sending an email to the following address: email@example.com or by mail at the following address: A l’attention du DPO, 252, Rue Douglas Engelbart – 74160 Archamps – France.
4- Nature of the Personal Data processed by Vivacy
Vivacy takes into account the principles of data minimisation, data protection from the design stage, and data protection by default. As a result, relevant Personal Data is collected which is adequate and limited to what is necessary for the purposes for which it is processed.
This Personal Data is collected in particular when you order a Product, when you create or modify your customer account, when you download or use the Application, when you browse one of the Sites, when you contact Vivacy, when you participate in an event, or when filling out forms.
When you fill out the fields on a form, the mandatory nature of a response is indicated by the use of an asterisk(*) at the end of the question. If you do not answer a question marked with an asterisk, your request cannot be processed.
When you choose to spontaneously send your Personal Data to Vivacy without the latter having asked you, you agree to assume full responsibility for the Personal Data transmitted. Vivacy recommends that you do not send or disclose any Sensitive Data to the Sites or through them.
You are hereby informed that the “Bloctel” list to oppose telephone solicitation exists and you can register here: https://conso.bloctel.fr/.
4.1 – Direct Customer
Vivacy may collect and process a Direct Customer’s first and last name, title, delivery address, telephone number, email, date of birth, customer account passwords created by the Direct Customer, information concerning their order or possible complaints as well as information concerning the payment of invoices.
4.2 – Indirect Customer
Vivacy may be required to process an Indirect Customer’s Personal Data, especially when they file a complaint or request additional information.
When transferring Personal Data from the Indirect Customer to Vivacy, the Distributor agrees to ensure that the transfer of this Personal Data is appropriate and complies with the Regulations and agrees to provide the Indirect Customer with the necessary information beforehand in accordance with the Regulations. Vivacy declines all liability in this regard.
4.3 – Patient
Vivacy may be required to process a patient’s Personal Data, especially medical data and data relating to their ethnic origin to enable Vivacy to know the patient’s general health, meet its pharmacovigilance obligations, use the before and after photos of patients who have consented to these images being disseminated, or to know the Personal Data collected by physicians in charge of a clinical study.
When transferring the patient’s Personal Data to Vivacy, the Healthcare Professional agrees to ensure that the transfer of this Personal Data is appropriate and complies with the Regulations and agrees to provide the patient with the necessary information beforehand in accordance with the Regulations. Vivacy declines all liability in this regard.
4.4 – Healthcare Professional
Vivacy may be required to process a Healthcare Professional’s Personal Data, particularly their first and last name, specialisation, RPPS (Collective Database of Healthcare Professionals) number and physician number, email, and phone number.
4.5 – Distributor
Vivacy collects and processes the Distributor’s first and last name, position within the organisation, business phone, and business email.
4.6 – User
Cookies (“Cookies“) are small computer files stored on the hard drive of your Device that record certain information in order to make your browsing experience easier. They are placed on your Device when you browse the Site.
Depending on your Device’s settings, Vivacy uses the following cookies:
- Browsing Cookies: These are Cookies that are necessary for browsing the Site. These Cookies enable Vivacy to ensure the Site works properly.
- Feature Cookies: These are Cookies that store your chosen preferences and settings in order to ensure a smooth user experience. For example, they allow you to directly access your personal areas on the Site without having to enter your connection settings several times or allow you to store purchases in your shopping basket.
Subject to your agreement, Vivacy may place the following Cookies:
- Audience Measurement Cookies: These are Cookies used to track your browsing to get statistics of views and monitor the performance of the Sites and each of their pages. These Cookies enable Vivacy to improve its services so as to provide a better user experience.
- Targeting/Advertising Cookies: These are Cookies for offering content and advertising tailored to your needs, taking into account your preferences and your latest purchases.
Vivacy collects and processes the content created by the User on Social Media: photos, texts, videos, symbols, hashtags.
5- Purposes and Legal Basis of Processing
5.1 – Purposes of Processing:
Vivacy always processes your Personal Data for specific purposes and only Processes it to achieve these purposes. In particular, Vivacy processes your Personal Data for the following purposes:
- Responding to your requests for information, questions, comments, fulfilling your requests, and providing you with effective help.
- Managing your customer account.
- Establishing, maintaining, and managing the customer relationship and ensuring follow-up.
- Processing and delivering your orders.
- Doing the accounting.
- Managing billing and payments.
- Managing payment incidents or non-payments and debt collection.
- Registration, evaluation, reporting and treatment of adverse events and claims relating to the Products.
- Contact management with the Notifier to obtain additional information on the adverse effect.
- Giving you access to Vivacy’s training modules.
- Managing your requests to access, rectify, limit processing, erase, object to the processing of your personal data or its portability.
- Providing you with adequate, up-to-date information on Vivacy’s Products and Application.
- Improving the quality of interactions and the quality of Vivacy’s Products and Application.
- Sending you satisfaction surveys or conducting internal analyses.
- Inviting you to events.
- Managing subscriptions to Vivacy’s newsletters and webinars.
- Training Vivacy’s personnel.
- Conducting analytical studies and commercial statistics.
- Establishing, exercising, or defending a right in court, whether in a legal, administrative, or extrajudicial proceeding of any kind.
- Managing the archives.
- Sending commercial or promotional offers for Products or Application similar to those provided. You may object to your Personal Data being used for commercial marketing purposes at any time, free of charge, without having to give a reason for this request by sending an email to Vivacy at the following address: firstname.lastname@example.org. Vivacy would like to draw your attention to the fact that exercising your right to object does not prevent Vivacy from continuing to contact you for other purposes, especially due to a legal obligation or for performance of the contract.
- Improving the relevance of the information sent.
- Managing merger and acquisition transactions involving Vivacy.
- Ensuring ensuring that Vivacy complies with its activities.
- Exchanging your Personal Data with the Distributors so that they offer you Vivacy’s Products and Application.
- Exchanging your Personal Data with the companies belonging to the group Vivacy is a member of in order to provide you with relevant, personalised advertising for goods and services that are likely to interest you (by mail, phone and email).
- And all other purposes required by law and the authorities.
5.2 – Legal Basis:
Vivacy collects and processes Personal Data only if:
- It has obtained your consent beforehand.
- Processing is necessary for the performance of a contract.
- Processing is necessary to comply with Vivacy’s legal or regulatory obligations.
- Processing is necessary for Vivacy’s legitimate interests and does not unduly affect your interests or fundamental rights and freedoms.
6- How long Personal Data is kept
Vivacy keeps your Personal Data for the time that is necessary to fulfill the purposes to be achieved, subject to the legal archiving options, obligations to keep certain Personal Data and/or anonymisation obligations.
The Personal Data of Direct Customers, Indirect Customers, patients, and Healthcare Professionals that are not related to a specific contract are kept for a period of three (3) years from your last interaction with Vivacy, except for the personal pharmacovigilance data kept by Vivacy for the duration of the MA and ten (10) years after this authorization ceases to exist.
The Personal Data of Distributors, Direct Customers, Indirect Customers, and Healthcare Professionals relating to a specific contract are kept for the duration of the contract.
At the end of the aforementioned periods, the Personal Data are subject to an Intermediate Archiving for the legal or regulatory statute of limitations.
At the end of the legal or regulatory statute, Vivacy agrees to erase the Personal Data from its databases or to anonymise it.
7- Recipients of your Personal Data
Vivacy never transmits your Personal Data to third parties who may use it for their own purposes, especially for commercial purposes and/or direct advertising.
Vivacy may share your Personal Data, only to the extent necessary, with:
- Its employees authorised to process your Personal Data who are all bound by a confidentiality obligation.
- The companies from the group Vivacy belongs to.
- Distributors selling Vivacy’s Products and Application.
- Its suppliers, service providers and subcontractors for performing the tasks related to the purposes described above.
- The responsible pharmacist or his representative and the authorized persons placed under his responsibility.
- Organisations responsible for conducting polls or surveys.
- Other partner pharmaceutical companies involved in using or selling the Product.
- National and European public authorities: Vivacy may have to communicate your Personal Data in response to a specific request made by a competent administrative or judicial authority, as well as more generally in all situations where the law, regulations, or an administrative or judicial decision so requires.
- Other third parties: subject to your express consent, Vivacy gives your Personal Data to carefully selected third parties, including partners for marketing services that may be of interest to you, or to third parties you have subscribed to or accepted a service from Vivacy.
In addition, in the event of a reorganisation, merger, sale, joint venture or other transfer or assignment of all or part of our business, Vivacy may communicate or transfer your Personal Data to the purchaser.
8- Personal Data Security
In the course of its activities and in accordance with the Regulations, Vivacy agrees to ensure the protection, confidentiality, and security of Personal Data.
Vivacy takes the necessary precautions in light of the state of knowledge, the costs of implementation and the nature, scope, context and purposes of the Processing and the likelihood of each risk in order to maintain the security and confidentiality of the Personal Data that you communicate to it and in particular to prevent them from being distorted, damaged or communicated to third parties (unless you have consented).
Vivacy therefore implements all technical, logical, physical and organisational measures to ensure a level of security that is in line with the risk and to prevent any loss, alteration, disclosure of Personal Data or access by unauthorised third parties.
However, given the intrinsic characteristics of the Internet, no transmission of information over the Internet is completely secure. The Personal Data transmitted to Vivacy is subject to measures that cannot protect against all risks of hijacking and/or hacking. The transmission of your Personal Data is therefore at your own risk.
In case of violation of Personal Data and in accordance with the Regulations, Vivacy agrees to notify the CNIL.
You may at any time express and modify your choices regarding Cookies by the means described below.
You can configure your Device’s browser so that Cookies are saved on your Device or rejected, either automatically or depending on the issuer. In each Device, you can also configure your browser to ask you if you’d like to accept or reject Cookies before they are placed on your Device.
9.2.1 Accepting Cookies
You do not expose yourself to any risk by accepting the use of this system. Cookies do not damage your computer.
You can express and modify your choices in your Device’s browser at any time, free of charge.
If in your browser you have agreed for Cookies to be placed on your Device, the Cookies embedded in the content and pages that you have viewed may be temporarily stored in a dedicated area on your Device for no more than thirteen (13) months. They will only be readable by their issuer.
9.2.2 Rejecting Cookies
If you reject Cookies being placed on your Device or if you delete them from it, you will not be able to benefit from a certain number of features which are nevertheless necessary to be able to browse certain areas of our Site. (if you try to access Vivacy content or services that require you to log in)
Where applicable, Vivacy accepts no liability for the consequences of our services functioning poorly due to the fact that it is impossible for us to place Cookies on your Device or consult them when they are necessary for those services to operate and you have rejected or deleted them.
For Mozilla Firefox:
- Click on the Tools menu then select Internet Options.
- Click on the Privacy icon.
- Click on the Show Cookies menu and select the desired options.
For Microsoft Internet Explorer:
- Click on the Tools menu then select Internet Options.
- Click on the Privacy tab.
- Select the desired options using the cursor.
10- Social Media
Vivacy is present on Social Media including Facebook, YouTube, Instagram and LinkedIn.
Depending on the Social Media used, you will be able to access many features such as signing up for Vivacy events, following Vivacy news, commenting or sharing Vivacy content on your personal page within the Social Media, etc.
For these purposes, Vivacy will process some of your Personal Data, including your first name, last name, and any information made public on your personal page.
11- Transfers of Personal Data to a country outside the European Union
To date, Vivacy only transfers outside the European Union Personal Data from Data Subjects located outside the European Union pursuant to the terms and conditions set out in the Regulations.
In the event that Vivacy has to transfer Personal Data concerning Data Subjects located within the European Union, Vivacy agrees, from this day forward, to make sure that appropriate guarantees in line with the Regulations will be put in place by the Data Importer and that you have enforceable rights and effective remedies in order to ensure that your Personal Data has an adequate level of protection.
Personal Data may be transferred for the aforementioned purposes to a country within the European Union, to a country outside the European Union that has been subject to a European Commission adequacy decision, as well as to countries outside the European Union that have not been subject to a European Commission adequacy decision, provided that there are appropriate GDPR safeguards.
12- Protecting Children’s Confidentiality
Vivacy’s Products and Application are not intended for children and do not target children under fifteen (15) years of age. If you are under fifteen (15), you are prohibited from ordering Products, using the Application, and sending Vivacy information about yourself.
13- Your Rights
Pursuant to the terms and conditions provided for in the Regulations, Vivacy hereby informs you that you have:
- A right of access: a right to question Vivacy to find out if it has your Personal Data and ask to know what data it is.
- A right to rectification: a right to ask Vivacy to rectify information about you in case of errors or inaccuracies.
- A right to object: when Processing is based on Vivacy’s legitimate interests, you have a right to object to Personal Data Processing for legitimate reasons, except for commercial marketing where no reason is required.
- A right to restriction of processing: a right to ask Vivacy not to keep some of your Personal Data during future processing when:
– You dispute the accuracy of your Personal Data.
– You consider and can prove that the Processing of Personal Data is unlawful and you oppose the erasure of the Personal Data and request the restriction of their Processing instead.
– Vivacy does not need your Personal Data any more, but it is still necessary for you to establish, exercise, or defend your legal claims.
– You object to the Processing that is based on Vivacy’s legitimate interest pending the verification whether Vivacy’ legitimate grounds override those of the data subject.
- A right to erasure: subject to the exceptions provided for by the Regulations, the right to obtain from Vivacy the erasure of your Personal Data when one of the following grounds applies:
– Your Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
– You wish to withdraw your consent on which the Processing of your Personal Data was based and there is no other legal ground for this processing.
– You object to the Processing and there are no overriding legitimate grounds for the Processing or you object to commercial offers being sent to you.
– You consider and can prove that your Personal Data has been subject to unlawful Processing.
– Your Personal Data has to be erased for compliance with a legal obligation.
- A right to data portability: when the Processing is based on your consent or a contract, the right to receive your Personal Data from Vivacy in a structured, commonly used format, and to transmit this Personal Data to another data controller without hindrance from Vivacy.
You may request that this Personal Data be directly transmitted by Vivacy to another data controller, where technically feasible.
- A right to withdraw consent: When the Processing is based on your consent, you have the right to withdraw your consent at any time, without this withdrawal affecting the lawfulness of Vivacy’s Processing prior to it.
- A right to decide the fate of your Personal Data upon your death: Finally, you have the right to organise the fate of your Personal Data after your death by adopting general or specific instructions. Vivacy is committed to following these instructions. If there are no instructions, Vivacy grants the heirs the possibility of exercising certain rights, particularly the right to access, if it is necessary for settling the estate of the deceased; and the right to object to close the deceased’s user accounts and oppose to the processing of their data.
You can exercise your rights by sending an email to Vivacy at the following address: email@example.com, along with a copy of your ID.
If, despite Vivacy’s efforts to preserve the confidentiality of your Personal Data, you consider your Personal Data has been breached under the Regulations, you may file a complaint with the CNIL.
Copyright© Laboratoires VIVACY 2018
Date updated: 07/27/2018