inHEART is committed to protecting and respecting your privacy. The personal data that we collect are protected and processed with care, in compliance with the legislation in force and in particular with the General Data Protection Regulation (EU) 2016/679 of 27 April 2016, known as the “GDPR“.
This Privacy Policy is directed to individuals outside our organization with whom we interact, including visitors of our website www.inheartmedical.com (hereinafter referred to as the “Website“), our clients, partners or candidates (jointly referred as “you“, or “your”).
We take your privacy very seriously and we ask you to read this Privacy Policy carefully as it contains important information on:
The controller of your data is inHEART, a simplified joint stock company with a share capital of 171,681.50 euros, registered to the Bordeaux Trade and Companies Register under number 830 755 393, whit its registered office located at IHU Liryc – Hôpital Xavier Arnozan, avenue du Haut Lévêque, 33600 Pessac (hereinafter referred to as “inHEART” or “we“, “our“).
We only collect and process personal data for which we have a legal basis. The legal bases include your consent (when you have given your consent for data processing), the contract (where the data processing is necessary for the execution of a contract concluded between inHEART and you), the fulfilment of a legal obligation, and inHEART’s “legitimate interests”.
As a data controller, inHEART collects and processes the following data for the purposes detailed below:
Business development
Surname, first name, name of the company, address, telephone, email, position held within the company
Contract
Legitimate interests (to contact you)
Relationship with our customers, suppliers and partners
Surname, first name, company name, address, telephone, email, position held within the company, data relating to the business relationship, billing data
Contract
Legitimate interests (to contact you)
Website and audience statistics
IP addresses, browser type, language, device information (including application and device identifiers), location and other cookie information. (depending on your consent when applicable)
Legitimate interests (to allow the access to our Website and to carry out audience statistics)
Recruitment
Surname, first name, email, address, telephone number, professional experience and education, interview reports and, in general, all personal data which are part of your application such as your covering letter or any other document to which you give us access in the context of your application
Legitimate interests (to handle the applications we receive and to recruit employees adapted to our needs)
Contact and requests received through the contact form
Last name, first name, email, status, subject and content of your message
Legitimate interests (to be able to answer to your request and contact you)
Your data may be communicated only to the categories of recipients listed below for the purposes set out in this Privacy Policy. These operations are carried out on the basis of appropriate safeguards that comply with the applicable laws and are suitable for ensuring the protection and respect of your rights.
Thus, for the purposes stated above, inHEART may share your personal data with third parties, but only in the following cases:
In any case, inHEART will make its best efforts to ensure the confidentiality and security of the personal data collected when data are transmitted to the aforementioned recipients.
In connection with our activities, we will where necessary and as set out in this Privacy Policy transfer your personal data outside the EEA. We will ensure that any transfer is lawful and that there are appropriate security arrangements. Any contract with a processor outside the EEA will ensure appropriate and suitable safeguards.
The retention periods we apply to your personal data are limited and proportionate to the purposes for which they were collected. We do not keep your personal data for any specific period but will not keep it for longer than is necessary for our purposes. The retention period of your data is determined by various criteria, including:
We organise our data retention policy according to these criteria and are at your disposal to answer any questions you may have.
Your right to information – This Privacy Policy informs you of the identity of the controller of your data, the purposes and legal basis for which your data are processed, the retention period of your data and the recipients or categories of recipients with whom your personal data are shared and your rights. If we decide to process data for purposes other than those indicated, you will be informed of these new purposes.
Your right to access and rectification – You have the right to access to data we collected about you. You can also ask us to correct or complete your personal data if you consider that they are inaccurate, incomplete, ambiguous or out of date.
Your right to erasure – You can request the erasure of your personal data in the cases defined by law.
Your right to restrict processing – You may request the restriction of the processing of your personal data in the cases provided for by law.
Your right to object to processing – You have the right to object to the processing of your data for reasons relating to your particular situation. However, you may not exercise this right where there are legitimate and compelling reasons for the processing of your data under the law or regulations, in particular for the establishment, exercise or defense of legal claims.
Your right to data portability – You have the right to portability of your personal data. You can ask us to transfer your data to another organisation or to communicate them to you.
Your right to withdraw your consent – Where the data processing we carry out is based on your consent, you may withdraw it at any time. We will then stop processing your personal data. Please be informed that the withdrawal of your consent shall not affect the lawfulness of processing based on your consent before its withdrawal.
Your right to determine post-mortem instructions – You have the right to issue instructions regarding the storage, deletion and disclosure of your personal data after your death in accordance with the requirements of the applicable law.
How to exercise your rights – All the rights listed above can be exercised at the following email address dpo@inheartmedical.com. Should you wish to report a complaint, you may contact the CNIL on French territory, or any other privacy authority.
All useful precautions are taken to ensure the security and confidentiality of your personal data, in particular to prevent their loss, alteration, destruction or use by unauthorised third parties. We follow generally accepted standards, including the use of appropriate administrative, physical and technical safeguards to protect the personal data submitted to us and implement adequate technical and operational security measures. These measures take into account the sensitivity of the personal data we collect, process and store and the current state of technology.
We also require our service providers and processors who may have access to personal data to implement appropriate technical and organisational security measures.
In addition, inHEART employees who have access to personal data are subject to confidentiality obligations in this respect.
However, while we make our best efforts to use reasonably acceptable means to protect your personal data, we cannot guarantee the absolute security or confidentiality, but we guarantee to make all reasonable efforts to prevent any misuse or loss.
A cookie is a small file stored on your device when you visit a site. It records information about your device, your browser and, in some cases, your preferences and browsing habits.
We may process your personal data using cookie technology or other tracking devices in accordance with our Cookie Policy.