Interventional Imaging / Privacy Policy
The GDPR and you…
Personal data protection is one of our major concerns. The privacy policy fits into a legal context marked by the EU General Data Protection Regulation (EU Regulation 2016/679 of 27 April 2016), applicable since 25 May 2018 and the amended French Data Protection Act no. 78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties.
The purpose of this data protection policy is to tell you about:
This privacy policy supplements the legal notices on the websites.
You’ll understand us… promise!
Personal Data is any information relating to an identified or identifiable person, i.e. enabling the person to be identified directly (e.g., surname and first name) or indirectly (e.g. cookies).
The Processing of personal data is any operation or set of operations (automated or not) which is performed on data or sets of personal data, such as collection, recording, organisation, storage, data transmission, etc.
The Data Controller determines the purposes (objectives of the processing) and the means of processing.
The Data Processor processes personal data on behalf of the data controller and carries out its instructions.
Legal obligations… we’ve got them!
In accordance with the provisions of Article 5 of the General Data Protection Regulation (GDPR), the collection and processing of your personal data shall comply with the following principles:
Data accuracy: the controller undertakes to take all reasonable steps to keep the data it processes up to date, so as to update inaccurate data and delete obsolete data.
We are responsible for the data entrusted to us!
As data controller, LUMIBIRD MEDICAL undertakes to comply with the obligations resulting from the Regulation and the amended French Data Protection Act, concerning the collection and processing of personal data. In accordance with Article 32 of the GDPR, we implement all technical and organisational measures to ensure your personal data are protected.
As a processor, LUMIBIRD MEDICAL undertakes to process the customer’s personal data only to the extent necessary for the performance of the contract concluded. LUMIBIRD MEDICAL undertakes to follow the customer’s written instructions in accordance with Article 28 of the GDPR.
What do we know about you?
In accordance with the principle of minimisation, we only collect the data necessary to carry out our missions. Thus, in the context of our activity, LUMIBIRD MEDICAL is likely to collect and process the following information:
In the context of certain tasks such as machine maintenance and clinical studies (non-engine), we act as a subcontractor on behalf of healthcare professionals. In order to carry out these tasks, we are required to have knowledge of sensitive data, vulnerable persons, such as health data (diseases, medical images) and the social security number.
We are aware of the level of sensitivity of this information and are dedicated to ensuring a maximum level of confidentiality, as well as a commitment to meeting our legal and regulatory obligations. All the data collected are therefore strictly necessary to carry out the mission entrusted to us.
We’d like to explain!
In all of these situations, LUMIBIRD MEDICAL acts as a “Data Controller” under the GDPR.
DATA COLLECTED |
REASONS FOR COLLECTION |
RETENTION PERIOD |
LEGAL BASIS |
WEBSITE VISITS |
|||
|
We use these data to: – Send you marketing communications (if you have given your consent) – Contact you when you fill in the contact form – Send you our quotes (if you have requested them) – Carry out audience analysis or statistics (if agreed) |
Consent |
Your navigation data on our website is kept for a maximum of 13 months The data collected through the form is kept for 3 years from the date of collection or last contact from the prospect |
– To provide you with personalised services – To monitor and improve our website – To secure our website and ensure our and your protection against fraud. |
Legitimate interest |
CUSTOMER RELATIONSHIP MANAGEMENT |
|||
|
We use this data to : – Manage the commercial relationship – Manage your orders – Manage payments, invoicing, etc… – Process and track your order, including delivery – Manage customer complaints – Answer your questions and interact with you in any other way |
Execution of a contract |
Conservation for the duration of the commercial relationship and 5 years after the end of the relationship. Invoices are kept for 10 years. |
RECRUITMENT MANAGEMENT |
|||
|
We use this data to : – Manage online application requests (unsolicited applications) – Build up a CV database (if you give your consent) |
Consent | 2 years after the last contact with the applicant on consent of the applicant |
|
– Receive and record applications sent by e-mail or post -Manage recruitment procedures in conjunction with line management – Respond to job and internship applicants – Manage disputes |
Legitimate interest |
Unsuccessful candidate: 2 years after the last contact with the candidate upon consent of the candidate. Successful candidate: 5 years from departure |
NEWSLETTER REGISTRATION AND COMMERCIAL COMMUNICATIONS |
|||
|
We use this data to : – Send you marketing communications (if you have requested us to do so) |
Consent | The data is kept as long as the data subject does not unsubscribe (via the unsubscribe link in the newsletters) and 3 years after the end of the contractual relationship. |
– To send you information communications | Legitimate interest | ||
– Maintain a suppression list if you have asked not to be contacted | Legal obligations |
MANAGEMENT OF CLINICAL STUDIES (AS A SPONSOR) |
|||
|
Patient data: We use this data to : – Conduct research in collaboration with academics and companies on technology studies and new product development |
Execution of a contract |
Until the end of the research Up to 15 years after the end of the last patient’s inclusion |
|
– Use anonymised data for scientific presentation purposes | Legitimate interest | N/C |
|
Practitioner and medical team data: We use this data to: – Manage the process of applying for study authorisation from the authorities – Communicate smoothly with practitioners and the medical team |
Execution of a contract |
Until the end of the research Up to 15 years after the end of the last patient’s inclusion |
TRAINING |
|||
|
We use this data to : – Organise training sessions on the use and maintenance of products |
Execution of a contract | 5 years from the end of the contractual relationship |
MONITORING OF ADVERSE EFFECTS ON PATIENTS |
|||
|
We use this data to : – Manage doctors’ complaints – Manage product returns – Monitor the market – Report incidents to the relevant authorities – Monitor standards |
Legal obligation | Retention in accordance with Deliberation No. 2019-057 of 9 May 2019 adopting a reference framework for the processing of personal data implemented for the purposes of health vigilance management |
DEMONSTRATION/RETURN OF THE MACHINES |
|||
|
– Setting up the equipment – De-installation of equipment – Technical follow-up |
Execution of a contract | Retention for 5 years from the end of the contractual relationship |
– Reporting incidents to the relevant supervisory authorities | Legal obligation | Retention in accordance with Deliberation No. 2019-057 of 9 May 2019 adopting a reference framework for the processing of personal data implemented for the purposes of health vigilance management |
Within the framework of our missions, LUMIBIRD MEDICAL acts as a “subcontractor” on behalf of its clients:
DATA COLLECTED |
REASONS FOR COLLECTION |
RETENTION PERIOD |
LEGAL BASIS |
MAINTENANCE OF EQUIPMENT |
|||
|
– Management of customer complaints and after-sales service – Maintenance of equipment – Preparation of a repair order |
Execution of a contract | Retention for 5 years from the end of the contractual relationship |
– Reporting incidents to the relevant supervisory authorities | Legal obligation | Retention in accordance with Deliberation No. 2019-057 of 9 May 2019 adopting a reference framework for the processing of personal data implemented for the purposes of health vigilance management |
TECHNICAL SUPPORT |
|||
|
We use this data to : – Manage service requests and technical blocking situations – Trace the relationship and exchanges |
Execution of a contract | 5 years from the end of the contractual relationship |
IMPLEMENTATION OF CLINICAL STUDIES (NON STUDY SPONSOR) |
|||
Sensitive data |
Patient data: We use this data to : – Conduct research in collaboration with academics and companies on technology studies and new product development |
Execution of a contract |
Until the end of the research Up to 15 years after the end of the last patient’s inclusion |
|
– Use anonymised data for scientific presentation | Legitimate interest | N/C |
|
Practitioner and medical team data: We use this data to: – Manage the smooth running of the application for study authorisation with the authorities – Communicate smoothly with the practitioners and the medical team |
Execution of the contract | Until the end of the researchJusqu’à 15 ans après la fin de l’inclusion du dernier patient |
We don’t pass them on to just anyone!
LUMIBIRD MEDICAL undertakes to transmit your personal data only to authorised people in-house and to authorised third parties such as the tax, customs or economic authorities, the administration of justice, the police and the gendarmerie or the administration of social action and health authorities.
LUMIBIRD MEDICAL may pass on your personal data to subcontractors such as:
The use of these service providers is necessary for the proper performance of our services. We undertake to check and guarantee that they comply with the RGPD and the amended Data Protection Act.
Apart from the recipients mentioned above, LUMIBIRD MEDICAL undertakes not to transmit your personal data to third parties or external organisations without your express agreement.
LUMIBIRD MEDICAL does not and will not sell, transfer or communicate your personal data to unauthorised third parties.
LUMIBIRD MEDICAL does not make any automated decisions on the basis of your personal data. No profiling is carried out during processing, and the data we collect will never be used without human intervention.
You hold all the cards!
8.1 YOUR RIGHTS
In accordance with current regulations, you have the following rights in relation to your personal data:
8.2 THE DPO
LUMIBIRD MEDICAL has appointed a Data Protection Officer (DPO). Thus, in order to exercise your rights, you may contact our Data Protection Officer (DPO) at the following address
Name: OPTIMEX DATA
Address: privacy@lumibird.com
Telephone: 09.71.16.15.42
8.3 COMPLAINING TO THE CNIL
You may at any time lodge a complaint with the competent authority i.e. the French Data Protection Agency (CNIL) using the following link: https://www.cnil.fr/fr/plaintes.
You entrust us with your data and we look after it!
LUMIBIRD MEDICAL is concerned about the security of personal data which it undertakes to process securely and only for the length of time necessary to achieve the intended purpose.
LUMIBIRD MEDICAL has put in place technical and organisational measures to ensure an adequate level of data protection in relation to the nature and purpose of the processing.
Thus, in accordance with Article 32 of the RGPD relating to the security of processing, LUMIBIRD MEDICAL has put in place the means to guarantee the confidentiality, integrity, availability and constant resilience of the processing systems and services
However, the security obligation remains an obligation of means, i.e. we do everything possible to guarantee the confidentiality and integrity of your personal data.
All persons having access to your personal data have been made aware of good data protection practices. They are bound by an obligation of confidentiality and may be subject to disciplinary action in the event of non-compliance with this provision.
A well-organised trip!
In the course of our business and in order to manage your requests, we may transfer data outside the European Union. However, before any transmission of your personal data, we check the rules applicable to data transfers outside the European Union.
Indeed, in the context of sales, information may be communicated to our subsidiaries.
Distribution contracts may also be transmitted to our subsidiary in order to monitor the commercial relationship.
In the context of communication, data may be transmitted to our subsidiaries.
In accordance with the provisions of the RGPD and in order to guarantee the security and confidentiality of data, measures are being put in place, in particular Standard Contractual Clauses.
You can choose between eating cookies and going on a diet
Some features of this site rely on the use of cookies.
The cookies banner is not displayed on the home page when you are browsing because only cookies necessary for the operation of the site are deposited (however, you can refuse them by ticking the box in the cookie policy).
The audience measurement services are necessary for the operation of the site by allowing its proper administration. However, you have the possibility of objecting to their use.
You can also find our online cookie policy on our website.
You’re on the right track, it’s almost the end of the reading!
This privacy policy may be subject to change.
The last update was made on 14 March 2023 by Optimex Data.