PRIVACY POLICY

1. Introduction

inHEART is committed to protecting and respecting your privacy. The personal data that we collect are protected and processed with care, in compliance with the legislation in force and in particular with the General Data Protection Regulation (EU) 2016/679 of 27 April 2016, known as the “GDPR“.

This Privacy Policy is directed to individuals outside our organization with whom we interact, including visitors of our website www.inheartmedical.com (hereinafter referred to as the “Website“), our clients, partners or candidates (jointly referred as “you“, or “your”).

We take your privacy very seriously and we ask you to read this Privacy Policy carefully as it contains important information on:

  • The categories of personal data collected and processed by inHEART;
  • How and for what purposes inHEART collects and processes your personal data;
  • The legal basis on which your personal data are processed;
  • The categories of recipients of your personal data;
  • Your rights and our obligations with respect to such data processing.

2. Who is responsible for processing your data?

The controller of your data is inHEART, a simplified joint stock company with a share capital of 171,681.50 euros, registered to the Bordeaux Trade and Companies Register under number 830 755 393, whit its registered office located at IHU Liryc – Hôpital Xavier Arnozan, avenue du Haut Lévêque, 33600 Pessac (hereinafter referred to as “inHEART” or “we“, “our“).

3. What personal data do we process and for which purposes?

We only collect and process personal data for which we have a legal basis. The legal bases include your consent (when you have given your consent for data processing), the contract (where the data processing is necessary for the execution of a contract concluded between inHEART and you), the fulfilment of a legal obligation, and inHEART’s “legitimate interests”.

As a data controller, inHEART collects and processes the following data for the purposes detailed below:

Purpose of processing

Categories of personal data

Legal basis

Business development

Surname, first name, name of the company, address, telephone, email, position held within the company

Contract

Legitimate interests (to contact you)

Relationship with our customers, suppliers and partners

Surname, first name, company name, address, telephone, email, position held within the company, data relating to the business relationship, billing data

Contract

Legitimate interests (to contact you)

Website and audience statistics

IP addresses, browser type, language, device information (including application and device identifiers), location and other cookie information. (depending on your consent when applicable)

Legitimate interests (to allow the access to our Website and to carry out audience statistics)

Recruitment

Surname, first name, email, address, telephone number, professional experience and education, interview reports and, in general, all personal data which are part of your application such as your covering letter or any other document to which you give us access in the context of your application

Legitimate interests (to handle the applications we receive and to recruit employees adapted to our needs)

Contact and requests received through the contact form

Last name, first name, email, status, subject and content of your message

Legitimate interests (to be able to answer to your request and contact you)

4. To which categories of recipients are your data transmitted?

Your data may be communicated only to the categories of recipients listed below for the purposes set out in this Privacy Policy. These operations are carried out on the basis of appropriate safeguards that comply with the applicable laws and are suitable for ensuring the protection and respect of your rights.

Thus, for the purposes stated above, inHEART may share your personal data with third parties, but only in the following cases:

  • inHEART may use service providers, agents or suppliers to provide technical services. These third parties must at all times guarantee high levels of security with regard to personal data and are bound, where applicable, by a legal agreement according to which they are committed to maintain the confidentiality and security of personal data and to process it only in accordance with inHEART’s guidelines;
  • inHEART may disclose your personal data to some of its employees, who are also subject to an obligation of confidentiality, for the strict and sole purposes mentioned above;
  • In the event of a merger or acquisition of inHEART, in whole or in part, by another company or transfer all or part of inHEART’s activities, the company would have access to the information collected by inHEART, and in particular to personal data, subject to the privacy regulation. Similarly, personal data may be transferred in the context of a corporate restructuring or any other similar event, if permitted and in accordance with applicable law;
  • inHEART may also disclose your personal data where required by law to fulfil its legal, regulatory or contractual obligations.

In any case, inHEART will make its best efforts to ensure the confidentiality and security of the personal data collected when data are transmitted to the aforementioned recipients.

5. Transfers of personal data outside the EEA

In connection with our activities, we will where necessary and as set out in this Privacy Policy transfer your personal data outside the EEA. We will ensure that any transfer is lawful and that there are appropriate security arrangements. Any contract with a processor outside the EEA will ensure appropriate and suitable safeguards.

6. For how long do we keep your data?

The retention periods we apply to your personal data are limited and proportionate to the purposes for which they were collected. We do not keep your personal data for any specific period but will not keep it for longer than is necessary for our purposes. The retention period of your data is determined by various criteria, including:

  • the purpose for which we process the data: inHEART must keep the data for the period necessary to fulfil the purpose of the processing; and
  • legal obligations: legislation or regulations may set a minimum period of time for which we must retain personal data.

We organise our data retention policy according to these criteria and are at your disposal to answer any questions you may have.

7. Your rights

Your right to information – This Privacy Policy informs you of the identity of the controller of your data, the purposes and legal basis for which your data are processed, the retention period of your data and the recipients or categories of recipients with whom your personal data are shared and your rights. If we decide to process data for purposes other than those indicated, you will be informed of these new purposes.

Your right to access and rectification – You have the right to access to data we collected about you. You can also ask us to correct or complete your personal data if you consider that they are inaccurate, incomplete, ambiguous or out of date.

Your right to erasure – You can request the erasure of your personal data in the cases defined by law.

Your right to restrict processing – You may request the restriction of the processing of your personal data in the cases provided for by law.

Your right to object to processing – You have the right to object to the processing of your data for reasons relating to your particular situation. However, you may not exercise this right where there are legitimate and compelling reasons for the processing of your data under the law or regulations, in particular for the establishment, exercise or defense of legal claims.

Your right to data portability – You have the right to portability of your personal data. You can ask us to transfer your data to another organisation or to communicate them to you.

Your right to withdraw your consent – Where the data processing we carry out is based on your consent, you may withdraw it at any time. We will then stop processing your personal data. Please be informed that the withdrawal of your consent shall not affect the lawfulness of processing based on your consent before its withdrawal.

Your right to determine post-mortem instructions – You have the right to issue instructions regarding the storage, deletion and disclosure of your personal data after your death in accordance with the requirements of the applicable law.

How to exercise your rights – All the rights listed above can be exercised at the following email address dpo@inheartmedical.com. Should you wish to report a complaint, you may contact the CNIL on French territory, or any other privacy authority.

8. How do we protect your personal data?

All useful precautions are taken to ensure the security and confidentiality of your personal data, in particular to prevent their loss, alteration, destruction or use by unauthorised third parties. We follow generally accepted standards, including the use of appropriate administrative, physical and technical safeguards to protect the personal data submitted to us and implement adequate technical and operational security measures. These measures take into account the sensitivity of the personal data we collect, process and store and the current state of technology.

We also require our service providers and processors who may have access to personal data to implement appropriate technical and organisational security measures.

In addition, inHEART employees who have access to personal data are subject to confidentiality obligations in this respect.

However, while we make our best efforts to use reasonably acceptable means to protect your personal data, we cannot guarantee the absolute security or confidentiality, but we guarantee to make all reasonable efforts to prevent any misuse or loss.

9. Cookies

A cookie is a small file stored on your device when you visit a site. It records information about your device, your browser and, in some cases, your preferences and browsing habits.

We may process your personal data using cookie technology or other tracking devices in accordance with our Cookie Policy.

1.     Introduction

inHEART is committed to protecting and respecting your privacy. The personal data that we collect are protected and processed with care, in compliance with the legislation in force and in particular with the General Data Protection Regulation (EU) 2016/679 of 27 April 2016, known as the “GDPR“.

This Privacy Policy is directed to individuals outside our organization with whom we interact, including visitors of our website www.inheart.fr (hereinafter referred to as the “Website“), our clients, partners or candidates (jointly referred as “you“, or “your”).

We take your privacy very seriously and we ask you to read this Privacy Policy carefully as it contains important information on:

  • The categories of personal data collected and processed by inHEART;
  • How and for what purposes inHEART collects and processes your personal data;
  • The legal basis on which your personal data are processed;
  • The categories of recipients of your personal data;
  • Your rights and our obligations with respect to such data processing.
2.     Who is responsible for processing your data?

The controller of your data is inHEART, a simplified joint stock company with a share capital of 171,681.50 euros, registered to the Bordeaux Trade and Companies Register under number 830 755 393, whit its registered office located at IHU Liryc – Hôpital Xavier Arnozan, avenue du Haut Lévêque, 33600 Pessac (hereinafter referred to as “inHEART” or “we“, “our“).

3.     What personal data do we process and for which purposes?

We only collect and process personal data for which we have a legal basis. The legal bases include your consent (when you have given your consent for data processing), the contract (where the data processing is necessary for the execution of a contract concluded between inHEART and you), the fulfilment of a legal obligation, and inHEART’s “legitimate interests”.

As a data controller, inHEART collects and processes the following data for the purposes detailed below:

Purpose of processingCategories of personal dataLegal basisBusiness development

Surname, first name, name of the company, address, telephone, email, position held within the company

Contract

Legitimate interests (to contact you)

Relationship with our customers, suppliers and partners

Surname, first name, company name, address, telephone, email, position held within the company, data relating to the business relationship, billing data

Contract

Legitimate interests (to contact you)

Website and audience statisticsIP addresses, browser type, language, device information (including application and device identifiers), location and other cookie information. (depending on your consent when applicable)Legitimate interests (to allow the access to our Website and to carry out audience statistics)RecruitmentSurname, first name, email, address, telephone number, professional experience and education, interview reports and, in general, all personal data which are part of your application such as your covering letter or any other document to which you give us access in the context of your applicationLegitimate interests (to handle the applications we receive and to recruit employees adapted to our needs)Contact and requests received through the contact formLast name, first name, email, status, subject and content of your messageLegitimate interests (to be able to answer to your request and contact you)

4.     To which categories of recipients are your data transmitted?

Your data may be communicated only to the categories of recipients listed below for the purposes set out in this Privacy Policy. These operations are carried out on the basis of appropriate safeguards that comply with the applicable laws and are suitable for ensuring the protection and respect of your rights.

Thus, for the purposes stated above, inHEART may share your personal data with third parties, but only in the following cases:

  • inHEART may use service providers, agents or suppliers to provide technical services. These third parties must at all times guarantee high levels of security with regard to personal data and are bound, where applicable, by a legal agreement according to which they are committed to maintain the confidentiality and security of personal data and to process it only in accordance with inHEART’s guidelines;
  • inHEART may disclose your personal data to some of its employees, who are also subject to an obligation of confidentiality, for the strict and sole purposes mentioned above;
  • In the event of a merger or acquisition of inHEART, in whole or in part, by another company or transfer all or part of inHEART’s activities, the company would have access to the information collected by inHEART, and in particular to personal data, subject to the privacy regulation. Similarly, personal data may be transferred in the context of a corporate restructuring or any other similar event, if permitted and in accordance with applicable law;
  • inHEART may also disclose your personal data where required by law to fulfil its legal, regulatory or contractual obligations.

In any case, inHEART will make its best efforts to ensure the confidentiality and security of the personal data collected when data are transmitted to the aforementioned recipients.

5.     Transfers of personal data outside the EEA

In connection with our activities, we will where necessary and as set out in this Privacy Policy transfer your personal data outside the EEA. We will ensure that any transfer is lawful and that there are appropriate security arrangements. Any contract with a processor outside the EEA will ensure appropriate and suitable safeguards.

6.     For how long do we keep your data?

The retention periods we apply to your personal data are limited and proportionate to the purposes for which they were collected. We do not keep your personal data for any specific period but will not keep it for longer than is necessary for our purposes. The retention period of your data is determined by various criteria, including:

  • the purpose for which we process the data: inHEART must keep the data for the period necessary to fulfil the purpose of the processing; and
  • legal obligations: legislation or regulations may set a minimum period of time for which we must retain personal data.

We organise our data retention policy according to these criteria and are at your disposal to answer any questions you may have.

7.     Your rights

Your right to information – This Privacy Policy informs you of the identity of the controller of your data, the purposes and legal basis for which your data are processed, the retention period of your data and the recipients or categories of recipients with whom your personal data are shared and your rights. If we decide to process data for purposes other than those indicated, you will be informed of these new purposes.

Your right to access and rectification – You have the right to access to data we collected about you. You can also ask us to correct or complete your personal data if you consider that they are inaccurate, incomplete, ambiguous or out of date.

Your right to erasure – You can request the erasure of your personal data in the cases defined by law.

Your right to restrict processing – You may request the restriction of the processing of your personal data in the cases provided for by law.

Your right to object to processing – You have the right to object to the processing of your data for reasons relating to your particular situation. However, you may not exercise this right where there are legitimate and compelling reasons for the processing of your data under the law or regulations, in particular for the establishment, exercise or defense of legal claims.

Your right to data portability – You have the right to portability of your personal data. You can ask us to transfer your data to another organisation or to communicate them to you.

Your right to withdraw your consent – Where the data processing we carry out is based on your consent, you may withdraw it at any time. We will then stop processing your personal data. Please be informed that the withdrawal of your consent shall not affect the lawfulness of processing based on your consent before its withdrawal.

Your right to determine post-mortem instructions – You have the right to issue instructions regarding the storage, deletion and disclosure of your personal data after your death in accordance with the requirements of the applicable law.

How to exercise your rights – All the rights listed above can be exercised at the following email address dpo@inheart.fr. Should you wish to report a complaint, you may contact the CNIL on French territory, or any other privacy authority.

8.     How do we protect your personal data?

All useful precautions are taken to ensure the security and confidentiality of your personal data, in particular to prevent their loss, alteration, destruction or use by unauthorised third parties. We follow generally accepted standards, including the use of appropriate administrative, physical and technical safeguards to protect the personal data submitted to us and implement adequate technical and operational security measures. These measures take into account the sensitivity of the personal data we collect, process and store and the current state of technology.

We also require our service providers and processors who may have access to personal data to implement appropriate technical and organisational security measures.

In addition, inHEART employees who have access to personal data are subject to confidentiality obligations in this respect.

However, while we make our best efforts to use reasonably acceptable means to protect your personal data, we cannot guarantee the absolute security or confidentiality, but we guarantee to make all reasonable efforts to prevent any misuse or loss.

9.     Cookies

A cookie is a small file stored on your device when you visit a site. It records information about your device, your browser and, in some cases, your preferences and browsing habits.

We may process your personal data using cookie technology or other tracking devices in accordance with our Cookie Policy.

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.