In accordance with the provisions of the GDPR and law no. 78-17 of 6 January 1978 relating to data processing, files and freedoms, modified and applicable on 1 June 2019, CIDELEC collects and uses personal data.
This data is linked to the commercial activity it undertakes to present its products, services and training. CIDELEC designs and manufactures polygraphy and polysomnography devices for the diagnosis of sleep problems based on the tracheal sound sensor (PneaVoX).
CIDELEC collects, directly under its company name or its brand – “CIDELEC” – the personal data of Internet users, its direct customers, candidates, service providers or business partners within the scope of visits or requests for information on its website www.cidelec.net and the response to its requests and its sales.
CIDELEC notifies you below of its policy for the protection of personal data collected after visiting the website www.cidelec.net.
Any other information relating to personal data collected other than via its website is subject to a specific data protection policy and then communicated to the individual.
The controller is the company CIDELEC, represented by Mr. Cédric FREYCENON, CEO. The complete contact details of CIDELEC are under our “legal notice” tab.
Article 1 – Purposes of the processingt :
a. Legitimate interest and pre-contractual and contractual performance
In accordance with article 5 of the law of 6 January 1978 as amended, the CIDELEC company collects only personal information relating to the user and only for its legitimate interest and the contractual or pre-contractual undertaking of its services :
1. Information request
When you submit a request for information regarding our products to us through the forms in the “contact” tabs of the Website, your personal data is requested from you in order to allow us to contact you to respond to your request. If, subsequently, you accept a sales proposal from us, this data is used as part of the management of the business relationship and the associated services (Customer follow-up, after-sales service, satisfaction questionnaire).
In the case of a request for information, for the fulfilment of the requested operation, the purposes are as follows :
– sending information or providing commercial services that you have requested (Quote request, request for information regarding CIDELEC products)
– tracking and delivery of your orders ;
– preparing and sending invoices ;
– After-Sales Service for our products and services ;
In the case of a request for information, for our legitimate interest, the purposes are as follows :
– sending commercial communications relating to our products and services ;
– evaluation of your satisfaction and to improve our services.
2. Submission of an application
When you send your application to CIDELEC, we collect your personal data sent via the email address of our Human Resources department, as well as any other attachments. This data is used by CIDELEC for the sole purpose of considering your application. In the event that we select it, we will keep your Personal Data to create your employee file and will then communicate to you our Data Protection Policy concerning the personal data of our employees. If your application is not successful, your Personal Data will be deleted at the end of the storage period mentioned in Article 3 of this document.
In the case of an application, in order to fulfil our service, the purposes are as follows :
– consideration of your application by the “Human Resources” department and CIDELEC Management.
3. Visit to the website
As part of its commercial activities, the company CIDELEC presents and markets its products and services via its network and via its website. To this end, in accordance with article 5 of the law of 6 January 1978 as amended, it collects only personal information relating to the user and only for the legitimate interest it has :
– to ensure the security of its website and in particular to prevent and identify any attempt at malicious intrusion ;
– to ensure the proper functioning of the website ;
– to collect for statistical purposes, studies and marketing analyses carried out by it, to improve its website with regard to its presentation or its visitor rates ;
– to allow the updating of its prospective customer files by the organisation in charge of managing the list of parties who have communicated their opposition to cold calling;
– to manage requests for rights of access, rectification, opposition, right to portability and other rights of the person with regard to their data, listed in article 5 of this document.
The www.cidelec.net website uses various plug-ins to ensure security and proper functioning.
Some of these security and operational plug-ins collect personal data which is transferred to companies in the EU zone or to countries outside the EU zone but whose level of data protection has been deemed adequate by the European Commission (see article 4 of this document).
Article 2 – Data collected and processed :
For security: Strictly necessary data is collected when browsing the website http://www.cidelec.net:
– the URL of the links through which the user accessed the website,
– the user’s access provider,
– the user’s Internet Protocol (IP) address.
To create a “contact” form: when a person fills in the data to contact us, the following personal data is collected :
– first name,
– personal email address,
– company or employer,
– full business address,
– phone number,
– fax number,
– health professional status,
CIDELEC also collects and stores the subject and content of the message which do not constitute personal data a priori but which may contain it.
Article 3 – Storage of data
The data is only stored for the time necessary for the purposes for which it was collected and is in any case destroyed when these terminate.
a. Information request
Following a request for commercial information :
– Data collected from customers will be kept for 3 years after the last commercial transaction.
– Data relating to a prospective customer will be kept for a period of 3 years from the last contact with this prospective customer.
b. Submission of an application
Upon receipt by CIDELEC of an unsolicited application or one in response to a job offer, the personal data collected is kept only for as long as the “Human Resources” departments and the CIDELEC Management can consider it. Once the position is filled, the candidates’ personal data is archived. It is kept for one year in order to meet our quality requirements before being deleted.
c. Exercising your rights
In the event whereby rights of access, rectification and other rights mentioned in article 5 of this document are exercised, data relating to identity documents may be kept for the legal period of one year (minor offence in article 9 of the code of criminal procedure), in the event of opposition, this data may be retained for the legal limitations period of a criminal procedure (6 years, statute of limitations of the action in article 8 of the aforementioned code).
Our security plug-in retains personal data for a maximum of 6 months.
Article 4 – Data recipients
CIDELEC is the sole recipient of this data.
Within the limits of their respective powers, the following may have access to personal data :
– CIDELEC authorised personnel: the marketing department, the sales department, the departments responsible for handling customer relations and prospective customers, the administrative departments (human resources and management), the logistics and IT departments as well as the trainees subject to a confidentiality clause and their line managers;
– CIDELEC authorised personnel: control management departments (departments responsible for internal control procedures) ;
b. Other recipients: CIDELEC’s usual and preferred service providers
The following may be recipients of the data :
– CIDELEC’s usual and authorised service providers for the management and maintenance of the website and its security: in particular our usual webmaster, the company ATMOSPHERE COMMUNICATION, Péniche Atmosphere, Quai des Carmes, 49100 ANGERS, France, as well as our accounting firms and auditors within the scope of our legal obligations ;
– Partners, external companies or subsidiaries of the same group of companies under the conditions provided for by the GDPR and the standards published by the CNIL;
– Legal organisations, assistants and ministerial officers, within the scope of their debt collection work;
– The organisation in charge of managing the list of people who have communicated their opposition to cold calling ;
– The authorised personnel of CIDELEC’s subcontractors when the contract signed between the subcontractors and the controller mentions the obligations incumbent on the subcontractors in terms of protection of the security and confidentiality of data (article 112 of the law of 6 January 1978 as amended) and specifies in particular the security objectives to be achieved.
Our internal software is published by the company SYLOB whose head office is located at 7 rue Marcel DASSAULT in CAMBON D’ALBI (81990). SYLOB may in some cases process certain personal data subject to separate processing by CIDELEC.
SYLOB has entered into a data subcontracting contract with the company SYLOB MAROC whose head office is c/o Eurodéfi – Abdelaziz ARJI 77 Boulevard Al Quods Sidi Maarouf in CASABLANCA, MOROCCO. This subcontracting contract uses the standard contractual clauses adopted by the European Commission in its decision C(2010)593 and meeting the conditions of article 26, paragraph 2 of directive 95/46/EC for the transfer of data of a personal nature to processors established in non-EU countries which do not ensure an adequate level of data protection.
The personal data of our customers affected by the processing carried out by our subcontractor is as follows :
– Phone number,
– Bank details
c. Third party recipients
For the purposes of website security, this data may be transferred to the service providers of the firm involved in the provision of security services within the framework of the aforementioned purposes.
For the proper functioning of the aforementioned website, we use a security plug-in whose operation requires the collection and processing of data (IP address, internet service provider, URL previously consulted) on our website for the sole purpose of ensuring its security.
This SECUPRESS® security plug-in is operated by WP MEDIA, a French company whose head office is 47 rue Duquesne in LYON (69006), FRANCE.
It is used on WORDPRESS® our content management software.
Our WORDPRESS® content management software is published by an American company AUTOMATTIC INC. based in SAN FRANCISCO and registered on the Privacy Shield list available at this address : https://www.privacyshield.gov/list
The www.cidelec.net website uses several security and operating plug-ins :
– SECUPRESS published by SAS WP MEDIA,
– WORDPRESS published by AUTOMATTIC INC.,
– Google Analytics published by GOOGLE INC.,
– YouTube published by GOOGLE INC.,
– Recaptcha published by GOOGLE INC.,
The personal data collected by some of these plug-ins is transferred in particular to Google. GOOGLE INC. is on the Privacy Shield list, which can be consulted at this address: https://www.privacyshield.gov/list
We would ask you to read the privacy policies of their publishers by clicking on the links inserted in our cookie customisation window accessible from the information banner that appears during your first visit to the website www.cidelec.net.
Apart from the cases referred to above, no personal information of the user of the aforementioned website is processed, exchanged, transferred, assigned or sold to third parties outside our legal, administrative, accounting and tax obligations.
Article 5 – Rights of the person with regard to their data
As a user of the website or as a depositary of personal data via the contact form, you have the following rights and as defined by the regulations in forcer :
– Access and query rights,
– Right to modify and rectify data concerning you,
– Right of opposition for a particular situation and right of opposition to your data being used for sales prospecting purposes and for this purpose we remind you that you can make an objection to this prospecting at any time at our address: email@example.com
– Right to the erasure and right to the restriction of your data,
– Right to the portability of your data,
– Right to withdraw your consent to the collection and processing of your data, if consent has been requested,
– Right to define the directives relating to what happens to your personal data after your death.
Article 6 – Requests and complaints
Any natural person whose data has been collected may make their request in writing, signed, accompanied by a copy of the front and back of an identity document with the signature of the holder of the document, specifying the address to which the response must be sent.
This request must mention the right you are invoking and, where applicable, the supporting documents for your request if it is specially regulated. This should be sent to the following address : firstname.lastname@example.org or by post to the following address:
20 rue des Métiers
49130 SAINTE GEMMES SUR LOIRE
If we have not replied to you within one month (with a possible extension of 2 months in the event of complexity), you can file a complaint with a supervisory authority: the CNIL for France :
Commission Nationale de l’Informatique et des Libertés (CNIL)
3 Place de Fontenoy
75334 PARIS CEDEX 07
Telephone : 01 53 73 22 22
Article 7 – Data security and privacy
CIDELEC strives to put in place all useful precautions to preserve confidentiality and ensure a level of security appropriate to the nature of the personal data collected and processed and to prevent it from being distorted, damaged, destroyed or enabling unauthorised third parties to have access to it.
All digital data is stored by our service provider, ADISTA, on servers located in France.
All digital data is saved on external servers (Cloud) by the ADISTA Company, whose head office is located at 9 rue Blaise Pascal, Site technologique Saint Jacques 1, à MAXEVILLE (54320), France.
The ADISTA Company hosts CIDELEC’s personal and non-personal digital data but it does not have access to the details of the data.
Our Data Centre ensures high security of its infrastructures and meets the ISO-27001 certification as well as H.D.S. [Health Data Host] accreditation.
Our digital files are protected by the following measures :
– Data partitioning,
– Communication encryption,
– Data access control,
– Data backup locally and in French Data Centres (ADISTA),
– Protection against malware.
Paper files are also kept in such a way as to ensure a reasonable level of confidentiality and non-disclosure.
Article 8 – Data breach
CIDELEC ensures the implementation of adequate technical and organisational measures for the security and confidentiality of data by itself and by its subcontractors in order to avoid any data breach.
CIDELEC undertakes to comply with its legal obligations to notify the supervisory authority (CNIL) and to communicate to the person concerned in the event of a data breach in the cases and under the conditions provided for in Articles 33 and 34 of the GDPR and 58 of the amended law of 6 January 1978, which came into force on 1 June 2019.
Article 9 – Changes to our data policy
CIDELEC may modify this Policy at any time. You can consult our Policy in force at any time on our website under the dedicated tab.
To find out more about the management of cookies, please read our Cookie management charter (cliquez ici).
Policy published by CIDELEC on 02/01/2023