PRIVACY NOTICE

Privacy Notice

SPINEVISION SAS (“We”, “Us” or “Our”), as Data Controller of your personal data, has committed to comply with the General Data Protection Regulation (“GDPR”) and the French Law No. 78-17 of 6 January 1978 relating to data, files and freedoms, as amended by Law No. 2018-493 of 20 June 2018 on the protection of personal data and all applicable laws and regulations regarding data protection.

Your privacy is particularly important to us. Accordingly, we have developed this Notice to understand how we collect, use, communicate, process and disclose and protect your personal data. The following outlines our privacy notice.

Access to https://spinevision.net/ ‘s website (“the website”) implies the User’s full and unreserved acceptance of this Privacy Notice (hereinafter the “Notice”). The Notice is valid for all pages hosted on the Website. It is not valid for the pages hosted by third parties to which SPINEVISION SAS may refer and whose privacy policies may differ. SPINEVISION SAS cannot therefore be held responsible for any data processed on these websites or by them.

We will process your personal data for the following purposes and period of retention with appropriate legal basis:

Personal data	Purpose	Legal Basis	Period of retention	Comments
Email address	Handle candidates’ applications for a job at SpineVision	Legitimate interest of SpineVision	Maximum 2 years after the last contact with the candidate	Collected if you contact the company via the email address announced in the page “careers”
Email address	Answer to medical professionals interested by our solutions	Legitimate interest of SpineVision	Maximum 2 years after the last contact with the medical professional	Collected if you contact the company via the email address announced in the page “our solutions”
Name, Email, subject, message	Answer to a visitor of the website (patient, health professional,..)	Legitimate interest of SpineVision	Time necessary to meet your request	Collected if you complete the form in the page “contact”

We will protect personal data by reasonable security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification. Your personal data are kept behind secured networks and are only accessible with limited access rights to such systems and are required to keep your personal data confidential.

Your personal data can be shared with SPINEVISION’S SAS employees and processors that may be located outside the European Union (EU) and Economic European Area (EEA) where the data protection may be less constraining. In such cases, the Data Controller will ensure that the recipient country is an adequate country (i.e. that the country in question is recognised by the EU as having an equivalent level of protection). If the country is not an adequate country, the Data Controller will ensure to put in place appropriate safeguards when transferring your personal data. A copy of such safeguards can be provided to you by contacting the Data Protection Officer (DPO) of Data Controller (see contact details below).

According to the GDPR, you have the following rights:

Right of access: you are entitled to ask us to provide you with all the personal data held about you.
Right to rectification: you are entitled to ask us to rectify, in particular by completing or correcting, all or certain personal data held about you.
Right to erasure (“right to forgotten”): you are entitled to ask us to remove all personal data held about you from our systems.
Right to restriction of processing: you can ask us that some of your personal data is not processed. They are then said to be locked.
Right to data portability: you can ask to receive your personal data in a structured, commonly used and machine-readable format and transmit those data to another controller.
Right to object: you may object to the processing of personal data concerning you.

The application of these rights is not absolute. The requests of the exercise of rights will be always subject to a case-by-case analysis by the DPO of the Data Controller.

If you want to have more information regarding the processing of your personal data, would like to exercise your rights and have a copy of the appropriate safeguards, your requests can be sent to the DPO of the Data Controller at spinevision.dpo@mydata-trust.info

You also have the right to lodge a complaint with the Data Protection Authority in the EU Member State where you reside or work, or in the EU Member State where the alleged violation took place. You will find the contact details of the different Data Protection Authorities at the following link:

https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
pps_cookie_1356	30 days	This cookie is set by the location popup. The cookie is used to store the user location for website appearance.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 Years	The cookie is set by Google Analytics to record the statistics for the cookies.
_gat_gtag_UA_102316086_1	1 Day	The cookie is set by Google Analytics to record the statistics for the cookies.
_gid	1 Day	The cookie is set by Google Analytics to record the statistics for the cookies.