Privacy

Thank you for visiting MedinCell’s website or interacting with us via e-mail. At MedinCell, we understand that protecting the privacy of visitors to our website is very important.

This website is designed to comply with the following national and international legislation with regards to data protection and user privacy:

• FR Data Protection Act 1978 (Information Technology, Data Files and Civil Liberties)
• EU Data Protection Directive 1995 (DPD)
• EU General Data Protection Regulation 2018 (GDPR)

Processing controller
MedinCell, as processing controller, commits to meet European data privacy requirements regarding the collect, storage, process, access and transfer of personal data.
We only collect personally identifiable information about you if you choose to give it to us. We do not share any of your personally identifiable information with third parties for their own marketing use unless you explicitly give us permission to do so.

For each form or service collecting personal information, we inform you on:

• the collect and process purposes,
• whether the data is optional or mandatory to ensure that your request is processed,
• Third Parties that may be required to access the personal data for purposes strictly necessary for the performance of their duties (Third Parties are required to comply with the terms of our privacy policies.).
• your rights and how to exercise them.

Please review the following Privacy Statement to learn more about how we collect, use, share and protect information online.
For all information or exercise of your rights regarding personal data that is processed under the responsibility of Medincell, you can contact Medincell’s Data Protection Officer:

MedinCell – Data Protection Officer
3 rue des Frères Lumière
34380 JACOU
France

Or by email: dataprivacy@medincell.com
Or by using the contact form available on the website.

Data Privacy Statement
Data collected and processing purposes

You can visit our website without providing any personal information. Note, however, that some portions of our website may not work properly if you refuse cookies.

There are two general ways that MedinCell uses to collect information from you online:

Information we get through your submission

MedinCell may collect your personally identifiable information (such as name, address, telephone number, e-mail address or other identifying information) only when you choose to submit it to us via our contact form, newsletter, job application, or report download.

Automatically Collected Information

MedinCell, and some Third Party providers we work with, automatically receive certain types of information whenever you interact with us on our site. In addition to your IP address, personal data that you necessarily supply, our site may use technologies to collect certain technical information related to users, such as their device operating system, language, type of browser used, how data circulates, etc.

Those data are intended for the services and personnel of MedinCell responsible for administration of the present site.
Automatic technologies and services we use include:

OVH Web Server Logs/IP Addresses

An IP address is a number assigned to your computer whenever you access the Internet. All computer identification on the Internet is conducted with IP addresses, which allow computers and servers to recognize and communicate with each other. MedinCell through OVH and Urchin statistical tool collects IP addresses to conduct system administration and report aggregate information to conduct site analysis and Web site performance review.

Data type Purpose Retention time
IP address – Use for communication establishment – 24 months
Country and regional area – Use for language setting, statistics – 24 months
Operating system – Use for system compatibility – 24 months
Session time and duration – Use for statistics – 24 months
Previous page – Use for statistics – 24 months

Cookies

A cookie is a piece of information that is placed automatically on your computer’s hard drive when you access certain website. The cookie uniquely identifies your browser to the server. Cookies allow us to store information on the server to help make the Web experience better for you and to conduct site analysis and website performance review. Most Web browsers are set up to accept cookies, although you can reset your browser to refuse all cookies or to indicate when a cookie is being sent. Note, however, that some portions of our sites may not work properly if you refuse cookies.

Cookies may on occasion be used to record information related to the user navigation on our website (pages read, date and time of connection, preferred content, etc.). Users are expressly asked to accept the use of cookies at the first connection on our site. The consent expressed by a user is deemed valid for a period up to 13 months.

Essential technical cookies

Required for your website to work, for example allowing a visitor to remain logged into their account. You cannot disable e cookies.

Cookie name – Purpose – Retention time
300gpD – Set by OVH for load balancing purposes. – 2 days
300gpBAK – Set by OVH for load balancing purposes. – 2 days
pll_language – The pll _language cookie is used by Polylang to remember the language selected by the user when returning to the website, and also to get the language information when not available in another way. – 1 year

Performance cookies and third-party cookies used to enhance user experience
These cookies indirectly help improving this website by tracking your use. This set of cookies collects information and reports website usage statistics.

Through Cookies uses, our website collects technical information related to users, those data will be retained for a duration not exceeding 24 months. The collected personal data are intended for the services and personnel of Medincell responsible for administration of the present website.

Links to Other Sites
Our web site contains links to a number of websites that may offer useful information to our visitors. This Privacy Statement does not apply to those sites, and we recommend communicating to them directly for information on their privacy policies.

Data transfers and storage
How we store your personal information

About this website’s server

This website is hosted by OVH within an European data center located in France. All traffic (transferal of files) between this website and your browser is encrypted and delivered over HTTPS.

Data recipient

The companies OVH Web Server and Clément Martinez, in charge of hosting and producing our website, respectively, may be required to access the personal data of our users for purposes strictly necessary for the performance of their duties.

Our third-party data processors

We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen.

• OVH Web Server, European based

Newsletter Subscription “Corporate news”
Should you choose to subscribe to our newsletter, your email address will solely be used to send you our newsletter and other information related to Medincell activities. At any moment you can unsubscribe by using the “Change your profile” link in your welcome email, or by following the “Cancel your subscription” button below.
For more information visit the data privacy policy segment.

Cancel your subscription

Contact Form
Should you choose to contact us using the contact form, your contact information (names, email address, phone number) will solely be used to proceed with your enquiry and respond to your message. The collected data will be stored on our servers and solely intended to be shared, depending the nature of your enquiry, with the most appropriate contact within Medincell’s authorized personnel and its technical service providers. Those data will be retained for a duration not exceeding 24 months after our last contact.

Job Application Form

Should you choose to submit a job application, the data collected through the present form (video resume and contact details) are indispensable to MedinCell in order to proceed with your application submission and the recruitment process.
Answers to the questions unmarked with an asterisk are facultative and with no consequence on your request examination.
The personal data collected are solely intended to MedinCell’s authorized personnel (HR Department, recruiting department Managers) and its technical service providers and will be treated confidentially for recruitment purposes only.
Their treatment has been declared to the CNIL, the French Commission for Data Protection & Civil Liberties.
You can access the collected data relating to your person and correct them directly on the application portal/site.
Your data will be stored 24 months after the last contact from your part and except objection from your part. You can request to access, correct, restrict and delete your personal data by contacting MedinCell at the following addresses: Email : people@medincell.eu

Data Access
In compliance with French Data Protection act (Loi Informatique et Libertés du 6 janvier, 1978) and European General Data Protection Regulation (2106/679 of the European Parliament and of the Council of 27 April 2016, GDPR) regarding the collection and processing of personal data, our website users have the right to access, restrict, rectify and delete his or her personal data that is processed under the responsibility of MedinCell. Each of these rights may be exercised by writing to the following address:

MedinCell – Data Protection Officer
3 rue des Frères Lumière
34380 JACOU
France
Or by email: dataprivacy@medincell.com

INFORMATION NOTICE

relating to the processing of personal data of data subjects as part of the management of the system for collecting and processing professional alerts

Date of last update: November 2, 2023

Introduction

MedinCell is highly committed to respecting the privacy of individuals and protecting the personal data it processes in the course of its business. As such, MedinCell ensures that it acts in accordance with all current legislation applicable to the protection of personal data and in particular with Regulation (EU) 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and Law No. 78-17 of January 6, 1978 relating to information technology, files and freedoms (French Data Protection Act).

The purpose of this notice is to inform you, in a clear, concise and understandable manner, of the conditions of implementation of the processing of personal data carried out by MedinCell, acting in its capacity as data controller, as part of the management of the system for collecting and processing professional alerts within the framework of the Sapin 2 Law, and to inform all persons concerned of their rights and how to exercise them.

If you have any questions about this notice, please contact us at: dataprivacy@medincell.com

Definitions

GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and any subsequent texts under French law including its implementing texts;

LIL: French Data Protection Act of January 6, 1978, as amended;

Sapin 2 Act: law no. 2016-1691 of December 9, 2016, on transparency, the fight against corruption and the modernization of economic life;

Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Controller: the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;

Processor: means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller;

Data subjects: individuals whose personal data is processed;

DPO: the Data Protection Officer, is the person in charge of ensuring the protection of personal data within the organization that has appointed him/her, and monitoring compliance with current legislation applicable to the protection of personal data.

Who is responsible for processing your personal data?

The controller of the personal data processing operations covered by this notice is:

MedinCell SA

3 rue des Frères Lumière

34830 Jacou

France

What categories of personal data do we collect and process?

MedinCell ensures the strictest protection of the personal data collected and undertakes to respect, in all cases, the principles of data protection, including, but not limited to, the principle of data minimization.

Upon receipt of an alert, MedinCell may collect certain personal data from the whistleblower, such as name and/or e-mail address if the whistleblower chooses to voluntarily disclose this information.

Legislation permitting, the whistleblower may choose to remain anonymous (whatever the channel used to report the whistleblowing), although this is not encouraged as it makes it difficult to conduct a thorough investigation and protect the whistleblower from any form of reprisal.

If legislation requires the identity of the whistleblower to be disclosed and if the whistleblower chooses to remain anonymous, his or her alert will not be processed by MedinCell under a legal obligation to which MedinCell is bound but under MedinCell’s legitimate interests with regard to the processing of other alerts (having a channel for alerts and responding to all alerts submitted).

For the analysis and management of the alert, the following personal data may be processed:

Identity, position and contact details of the author of the alert (unless he/she wishes to remain anonymous, provided this is authorized by current legislation);
Identity, functions and contact details of persons involved in the alert;
Identity, functions and contact details of persons involved in receiving or handling the alert;
Reported facts and any documents or data voluntarily provided by the whistleblower;
Information obtained in the course of the investigation;
The report/summary of the investigation process;
Measures taken following the investigation.

Depending on the nature of the alert, the whistleblower may also provide personal data that could be considered sensitive personal data, such as data revealing or concerning health status, ethnic origin, religion, sexual orientation, political opinions and/or trade union membership. If the whistleblower provides such sensitive personal data, MedinCell will process it to the extent that it is necessary for the performance of its legal obligations or necessary for the establishment, exercise, or defense of legal claims.

Finally, data relating to offences, convictions and security measures may also be disclosed by the whistleblower. Such data will be processed by MedinCell only if permitted or required by applicable law.

In all cases, whistleblowers must ensure that all the information they provide is factual and directly related to the subject of their alert.

What are the different personal data processing activities that MedinCell may carry out in the context of managing the system for collecting and processing professional alerts? (Objectives pursued? Legal justifications?)

As part of the management of the system for collecting and processing professional alerts, you will find below a table containing all the personal data processed by MedinCell, with the various purposes for which they are processed and the legal basis for their implementation.

Processing activities	Purposes of processing	Sub-purposes	Legal basis
Management of the system for collecting and processing professional alerts	Make available a system for collecting and processing professional alerts in application of the Sapin 2 Act, aimed at revealing a breach of a specific rule or any other international commitment signed and ratified by France.	1. Collecting alerts; 2. Examination of alert admissibility; 3. Analysis, verification, processing, and closure of alerts; 4. Communication with whistleblowers.	MedinCell’s legal obligation under Articles 8 and 17 of the Sapin 2 Act
	Providing a system for collecting and processing “ethical alerts” not required by law		MedinCell’s legitimate interests in handling other alerts (having an alert channel and responding to all alerts submitted)
Management of litigation procedures related to an alert	Establishing, exercising, or defending legal rights.		MedinCell’s legitimate interests, i.e., fighting against illegal acts, defending itself and asserting its rights
Protection of whistleblowers, facilitators, and persons in contact with whistleblowers	Ensure and verify the effectiveness of whistleblower protection.		MedinCell’s legal obligation under articles 8 and 17 of the Sapin 2 Act MedinCell’s legitimate interests, i.e., fighting against illegal acts, defending itself and asserting its rights
Control of the alert collection and processing system	Monitor the existence and effectiveness of the system, compliance with the whistle-blowing procedure and protection of personal data.		MedinCell’s legal obligation under articles 8 and 17 of the Sapin 2 Act MedinCell’s legitimate interests with regard to the processing of other alerts (ensuring that the system is effective and compliant with current regulations)

How long is your data stored?

Your personal data will be kept only for as long as is strictly necessary for the purposes described above, and in accordance with MedinCell’s legal obligations.

MedinCell applies the following retention periods:

Purpose	Active base (Database containing data required for the company’s day-to-day operations)	Retention periods for intermediate storage (Database containing data required to meet a legal obligation, or which may constitute evidence in a legal dispute)
Management of the alert collection and processing system	Data relating to an alert is kept in the active database until a final decision is taken on the action to be taken. This decision is made within 3 months.	Once the final decision on the action to be taken has been taken, the data is kept in an intermediate archive for the time strictly proportionate to its processing and the protection of its authors, the persons it concerns and the third parties it mentions, considering the time required for any further investigations. Data can be stored for longer periods: – if MedinCell has a legal obligation to do so; – for evidentiary purposes in the event of an audit or litigation; – for quality audits of alert handling processes.
Management of litigation procedures related to an alert	When disciplinary or litigation proceedings are initiated against a person implicated or the author of an abusive alert, the data relating to the alert is kept by MedinCell until the end of the proceedings or the limitation period for appeals against the decision.	/
Protection of whistleblowers, facilitators, and persons in contact with whistleblowers	When disciplinary or litigation proceedings are initiated against a person implicated or the author of an abusive alert, the data relating to the alert is kept by MedinCell until the end of the proceedings or the limitation period for appeals against the decision.	In the absence of disciplinary or litigation proceedings, the data is kept in the form of intermediate archives, for the time strictly proportionate to its processing and the protection of its authors, the persons it concerns and the third parties it mentions, taking into account the time required for any further investigations. Data can be stored for longer periods: – if MedinCell has a legal obligation to do so; – for evidentiary purposes in the event of an audit or litigation; – for quality audits of alert handling processes.

Who has access to your personal data?

In order to be able to manage the professional alert system and within the strict framework of each purpose, the following categories of recipient may receive personal data:

MedinCell internal staff specifically responsible for the management of professional alerts within MedinCell;
Lawyers and/or external counsel responsible for assisting MedinCell in handling professional alerts;
State or judicial authorities legally empowered within the framework of their missions or the exercise of a right of communication.

How do we secure your personal data?

MedinCell implements all necessary technical and organizational measures to ensure the security and confidentiality of the personal data of the persons concerned in the event of an alert.

Is your personal data transferred to a country outside the European Union?

As a matter of principle, MedinCell takes care to minimize situations in which personal data may be transferred to a country outside the European Union. Nevertheless, it may happen that the use of services provided by a third-party service provider or application may involve, in the sense of the applicable legislation, a transfer of data to a country outside the European Union. In such cases, MedinCell will ensure that processing involving the transfer of data outside the European Union may only take place on condition that a sufficient and appropriate level of protection for your personal data is guaranteed. To this end, MedinCell, with the support of its Data Protection Officer, will use one of the mechanisms provided by the applicable legislation to control such transfers, unless it may be possible to benefit from a derogation in particular situations and under specific conditions.

What rights do you have over your personal data?

As a data subject, you have a number of rights concerning the processing of your personal data.

In the event of a request relating to the exercise of your rights, MedinCell undertakes to comply with it as soon as possible and, in any event, within one (1) month of receipt of your request by the persons handling the alerts or by the DPO.

The following is a summary of your rights in relation to your Personal Data. Please note that your rights may in some cases be limited or restricted depending on the situation and the applicable regulations:

The right to be informed

The purpose of this notice is to inform data subjects about how their personal data is processed in the event of an alert.

Specific information for the person concerned by the alert

MedinCell must inform the person concerned by an alert (for example, as a witness, victim, or alleged perpetrator) within a reasonable period of time, which may not exceed one (1) month, following the issue of an alert. This information may be deferred if it is likely to “seriously compromise the achievement of the objectives of the said processing”. This could be the case, for example, where disclosure of the information to the person concerned would seriously compromise the needs of the investigation, for example where there is a risk of destroying evidence. In such cases, the information must be provided as soon as the risk has been averted.

Right of access

The data subject has the right to obtain confirmation as to whether or not his or her personal data is being processed, and if it is, he or she has the right to obtain a copy of the data.

Any person whose personal data is or has been processed as part of a whistleblowing procedure (whistleblower, presumed victims of the facts, persons targeted by the whistleblowing procedure, witnesses and persons heard during the investigation, etc.), has the right to access it.

Exercising this right must not enable the person exercising it to access personal data relating to other individuals.

This limitation is specific to the rules governing the protection of personal data and does not preclude the application, where applicable, of the rules of procedural law, fundamental freedoms (and in particular the adversarial principle), etc.

Right to rectify inaccurate and/or incomplete personal data

The data subject has the right to ask MedinCell at any time to rectify and/or complete his/her personal data.

However, in the case of alerts, this right cannot be used to retroactively modify elements contained in the alert or collected during its investigation. When this right is exercised, it must not make it impossible to reconstruct the chronology of any changes made to important elements of the investigation.

This right may therefore only be exercised to rectify factual data, the material accuracy of which can be verified by MedinCell on the basis of conclusive evidence, without deleting or replacing the data, even if erroneous, originally collected.

Right to erase your personal data

Except in specific cases where the law provides otherwise, the data subject has the right to obtain from MedinCell the erasure, as soon as possible, of personal data concerning him or her.

Right to limit the processing of your personal data

The data subject has the right to obtain from MedinCell the restriction of the processing of his/her personal data and thus to request MedinCell to temporarily freeze the use of some of his/her personal data.

Right to object to the processing of your personal data

The data subject has the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data whose legal basis is the legitimate interest pursued by MedinCell.

The right to object may not be exercised in respect of processing necessary to comply with a legal obligation to which MedinCell is subject, in its capacity as data controller.

If you exercise the right to object, we will no longer process the data subject’s personal data in connection with the processing operation unless we can demonstrate compelling legitimate grounds for doing so. These grounds must outweigh the interests of the data subject and the data subject’s rights and freedoms, or the processing must be justified by the establishment, exercise, or defense of legal claims.

How can you exercise your rights with MedinCell?

In view of the sensitive nature of the personal data processed in the context of an alert, the person concerned may exercise his or her rights by contacting the people handling alerts directly at compliance@medincell.com.

If you are not satisfied or your request has not been answered, you can exercise your rights by contacting MedinCell’s Data Protection Officer:

By post: MedinCell – DPO – MedinCell SA, 3 rue des Frères Lumière, 34830 Jacou – France
Electronically: dataprivacy@medincell.com

If, despite MedinCell’s response to your request, you are still not satisfied, you may lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL) or the competent European authority to which you belong.

Revision and updating of this information notice

The content of this notice may be updated from time to time.

MedinCell may therefore amend this noticed in order to:

modify the list of processings and their conditions of implementation.
Incorporate changes in regulations and case law.