inHEART is committed to protecting and respecting your privacy. The personal data that we collect are protected and processed with care, in compliance with the legislation in force and in particular with the General Data Protection Regulation (EU) 2016/679 of 27 April 2016, known as the “GDPR“.
- The categories of personal data collected and processed by inHEART;
- How and for what purposes inHEART collects and processes your personal data;
- The legal basis on which your personal data are processed;
- The categories of recipients of your personal data;
- Your rights and our obligations with respect to such data processing.
The controller of your data is inHEART, a simplified joint stock company with a share capital of 171,681.50 euros, registered to the Bordeaux Trade and Companies Register under number 830 755 393, whit its registered office located at IHU Liryc – Hôpital Xavier Arnozan, avenue du Haut Lévêque, 33600 Pessac (hereinafter referred to as “inHEART” or “we“, “our“).
We only collect and process personal data for which we have a legal basis. The legal bases include your consent (when you have given your consent for data processing), the contract (where the data processing is necessary for the execution of a contract concluded between inHEART and you), the fulfilment of a legal obligation, and inHEART’s “legitimate interests”.
As a data controller, inHEART collects and processes the following data for the purposes detailed below:
4. To which categories of recipients are your data transmitted?
Thus, for the purposes stated above, inHEART may share your personal data with third parties, but only in the following cases:
- inHEART may use service providers, agents or suppliers to provide technical services. These third parties must at all times guarantee high levels of security with regard to personal data and are bound, where applicable, by a legal agreement according to which they are committed to maintain the confidentiality and security of personal data and to process it only in accordance with inHEART’s guidelines;
- inHEART may disclose your personal data to some of its employees, who are also subject to an obligation of confidentiality, for the strict and sole purposes mentioned above;
- In the event of a merger or acquisition of inHEART, in whole or in part, by another company or transfer all or part of inHEART’s activities, the company would have access to the information collected by inHEART, and in particular to personal data, subject to the privacy regulation. Similarly, personal data may be transferred in the context of a corporate restructuring or any other similar event, if permitted and in accordance with applicable law;
- inHEART may also disclose your personal data where required by law to fulfil its legal, regulatory or contractual obligations.
In any case, inHEART will make its best efforts to ensure the confidentiality and security of the personal data collected when data are transmitted to the aforementioned recipients.
5. Transfers of personal data outside the EEA
6. For how long do we keep your data?
The retention periods we apply to your personal data are limited and proportionate to the purposes for which they were collected. We do not keep your personal data for any specific period but will not keep it for longer than is necessary for our purposes. The retention period of your data is determined by various criteria, including:
- the purpose for which we process the data: inHEART must keep the data for the period necessary to fulfil the purpose of the processing; and
- legal obligations: legislation or regulations may set a minimum period of time for which we must retain personal data.
We organise our data retention policy according to these criteria and are at your disposal to answer any questions you may have.
Your right to access and rectification – You have the right to access to data we collected about you. You can also ask us to correct or complete your personal data if you consider that they are inaccurate, incomplete, ambiguous or out of date.
Your right to object to processing – You have the right to object to the processing of your data for reasons relating to your particular situation. However, you may not exercise this right where there are legitimate and compelling reasons for the processing of your data under the law or regulations, in particular for the establishment, exercise or defense of legal claims.
Your right to withdraw your consent – Where the data processing we carry out is based on your consent, you may withdraw it at any time. We will then stop processing your personal data. Please be informed that the withdrawal of your consent shall not affect the lawfulness of processing based on your consent before its withdrawal.
Your right to determine post-mortem instructions – You have the right to issue instructions regarding the storage, deletion and disclosure of your personal data after your death in accordance with the requirements of the applicable law.
How to exercise your rights – All the rights listed above can be exercised at the following email address firstname.lastname@example.org. Should you wish to report a complaint, you may contact the CNIL on French territory, or any other privacy authority.
All useful precautions are taken to ensure the security and confidentiality of your personal data, in particular to prevent their loss, alteration, destruction or use by unauthorised third parties. We follow generally accepted standards, including the use of appropriate administrative, physical and technical safeguards to protect the personal data submitted to us and implement adequate technical and operational security measures. These measures take into account the sensitivity of the personal data we collect, process and store and the current state of technology.
We also require our service providers and processors who may have access to personal data to implement appropriate technical and organisational security measures.
In addition, inHEART employees who have access to personal data are subject to confidentiality obligations in this respect.
However, while we make our best efforts to use reasonably acceptable means to protect your personal data, we cannot guarantee the absolute security or confidentiality, but we guarantee to make all reasonable efforts to prevent any misuse or loss.
A cookie is a small file stored on your device when you visit a site. It records information about your device, your browser and, in some cases, your preferences and browsing habits.