PRIVACY POLICY AND DATA PROTECTION
We attach great importance to the protection of your personal data and do everything possible to protect it. You will find below our commitment to the protection of personal data as well as our data protection policy.
OUR COMMITMENT TO PERSONAL DATA PROTECTION
The user is informed that in accordance with French regulations, his personal data including his health data are hosted by a host in Europe certified HDS (Host of Health Data). Your data is used only for explicit, legitimate and determined purposes in connection with our various offers and the services you have selected.bYour personal health data is confidential. They are intended only for you and your healthcare professional depending on the offer selected. Only data necessary for the performance of our services is collected. We respect your rights as users and customers, which is why we do everything we can to ensure that you can exercise them. We respect your privacy and your choices, which is why communications you receive from us may be terminated at any time.
SUMMARY
1. IDENTITY OF THE DATA CONTROLLER
2. YOUR RIGHTS
2.1 How to exercise your rights
3. THE PURPOSES OF COLLECTING YOUR PERSONAL DATA AND THE LEGAL BASES ON WHICH WE RELY
3.1 Purpose of collecting your data?
3.2 The legal bases which allow us to collect your data
4. TO WHOM IS YOUR DATA TRANSMITTED?
5. SUBCONTRACTORS
6. TRANSFER OUTSIDE THE EU.
7. DURATION OF RETENTION OF YOUR DATA
8. RULES APPLICABLE TO BANK CARD PAYMENTS AND BANK DATA PROTECTION
8.1 How are bank details recorded?
9. THE SECURITY MEASURES WE PUT IN PLACE TO PROTECT YOUR DATA
10. THIRD PARTY WEBSITES AND SOCIAL NETWORKS
11. COOKIES & OTHER TRACERS POLICY
11.1 What is a cookie?
11.2 What type of cookies do we use and for what purpose?
11.3 Setting and blocking cookies via our cookie manager
11.4 Setting and blocking cookies via your navigation settings
11.5 Configuring the operating system of your smartphone
12. MODIFICATION OF THIS DATA PROTECTION POLICY
1. IDENTITY OF THE DATA CONTROLLER
Personal data is collected by Bluetens France Société par Action Simplifiée with a capital of 4000 € registered in the Paris Trade and Companies Register under number 804 310 795 and whose registered office is based at: 5 passage Saint Bernard 75011 Paris, France .
We provide our customers and users with a website accessible from https://www.bluetens.com/ as well as a downloadable mobile application compatible for smartphones and tablets on IOS and Android. To deliver our services, we collect personal data on individuals and companies, including health data.
In the data collection forms on the site and the application, users are informed whether or not data collection is mandatory. If a mandatory data field is not provided, unfortunately we will not be able to perform our services and meet our commitments.
We are concerned about the protection of personal data entrusted to us. We are committed to ensuring the best level of protection of your personal data in accordance with the GDPR 'General Data Protection Regulation' Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 and the Data Protection Act and Liberties law n ° 2018-493 of June 20, 2018, promulgated on June 21, 2018 which amended the Data Protection Act of January 6, 1978. For any information on the protection of personal data, you can also consult the website of the National Commission of Computing and Freedoms www.cnil.fr.
2. YOUR RIGHTS
Pursuant to the Data Protection Act Law 78-17 of 6 January 1978 as amended and the General Data Protection Regulation ‘RGPD’, any natural person using the service has the right to exercise the following rights:
A right of access: As a data subject, you can inform yourself about the nature of the personal data stored or processed concerning you. Access to your personal data will be provided to you on request.
A right of rectification: If personal information is inaccurate or incomplete, you can request that it be modified.
A right of opposition: You have the right to yourself object at any time to the processing of your personal data when Bluetens processes your data for reasons which are of their legitimate interest or for reasons of direct marketing.
A right to be forgotten: The User can obtain from the Company, under certain conditions, the erasure as soon as possible of certain personal data concerning him. This right to be forgotten may not be obtained in certain cases, in particular for reasons of public interest, for archival purposes or to comply with legal obligations governing the processing of personal data by the company.
A right to limit the processing of your data: The User can obtain from the Company that it limits the processing of his personal data and this in particular when the User opposes this processing, disputes the accuracy of the data or when he believes that the use is unlawful.
A right to the portability of your personal data: Under certain conditions, the User may request to receive all of his personal data so that he can transfer them to another data controller without the Company being able to s 'oppose it.
Fate of your data upon your death: The Company will respect the directives given by any user relating to the storage, erasure and communication of their personal data after their death. In the absence of such directives, the Company will grant the requests of the heirs as exhaustively set out by the applicable provisions of the Data Protection Act.
2.1 How to exercise your rights
To exercise your rights, please send your mail to Bluetens France 5 passage Saint Bernard 75011 Paris, France indicating your name, first name, email address and if possible your order number, either by email: cs@bluetens.fr.
Your requests must be accompanied by a copy proving your identity. We have 30 working days from receipt of your request to respond to you. Some binding requests may take longer, in which case the deadline will be extended and you will be notified.
If you feel that your rights have not been respected, you can also file a complaint with the Commission Nationale de l'Informatique et Libertés (CNIL) 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07 or via the website: www .cnil.fr.
3. THE PURPOSES OF COLLECTING YOUR PERSONAL DATA AND THE LEGAL BASES ON WHICH WE RELY
Under the General Data Protection Regulations and the Data Protection Act, Bluetens France is only authorized to use the personal data of its users and customers if it has a valid legal basis.
The communication of your personal data is in most cases deliberate. When your information is essential for us to process your requests, we notify you with a (*).
3.1 Purpose of collecting your data?
In order to respond to your requests and needs, we collect your personal data at different stages of the purchase, the subscription to an option, the request for information
3.2 The legal bases which allow us to collect your data are as follows:
The execution of a contract between Bluetens its users and its customers
The fulfillment of a legal obligation
When it is in the legitimate interest of Bluetens
When the user has given his consent.
Purpose Legal basis
Management of customer account and orders. Execution of the contract between Bluetens and the customer. Management of delivery operations; Execution of the contract between Bluetens and the customer. Management of payment and credit transactions. Execution of the contract between Bluetens and the customer. Management of customer relations, order tracking, after-sales service, product returns and refunds; Execution of the contract between Bluetens and the customer Collection of customer opinions on products. Bluetens' legitimate interest in improving products and service Management of options subscribed by users (eg: generic treatment option and premium function). User consent Fight against fraud during payment of the order and management of unpaid bills. Bluetens legitimate interest. Execution of the contract between Bluetens and the customer. Sending targeted commercial offers electronically and via mobile notifications. Customer Consent. Analysis and statistical operations to improve customer knowledge. Bluetens’s legitimate interest. Personalization of sites and applications.Customer consent. Legitimate interest of Bluetens. Measurement of traffic to sites and mobile applications.Customer consent. Provision of sharing tools on social networks to the Legitimate interest of Bluetens. Customer Consent. Establishment of contests on various social networks (Facebook, Instagram…). Bluetens legitimate interest
4. TO WHOM IS YOUR DATA TRANSMITTED?
Users' personal data are collected and processed by:
The services: commercial, administrative, marketing, communication and Human Resources of Bluetens. / Financing and credit institutions / Customs services in the event of delivery abroad / Police authorities in the context of judicial requisitions concerning the fight against fraud
5. SUBCONTRACTORS
In the context of certain services described below, we use subcontractors:
Secure payment on sites and mobile applications
Shipping your orders
Sending postal letters
Personalization of the content of mobile sites and applications
Carrying out technical maintenance and development operations for the website, internal applications and the information system.
Collecting customer reviews
Business partners and in particular Physiotherapists within the framework of “premium and generic” treatment options.
6. TRANSFER OUTSIDE THE EU
We do not transfer your data outside the European Union. In the event of a change in policy, this section will be subject to modification.
7. DURATION OF RETENTION OF YOUR DATA
Depending on the situation, Bluetens has defined distinct retention periods. We make sure that the retention periods are relevant and respect the legal deadlines.
To establish the retention period for personal data, the Company applies the following criteria:
Prospect data: data is kept for 3 years. The starting point for the retention period is the last interaction we had or the last interactivity you had with one of our programs.
Customer data: data is kept for the duration of the contractual relationship and for a period of three years after the last contact with the customer.
User data: data is retained throughout the existence of the account on the application. Once the account is deleted by the user, this fund is informed that their data will be anonymized and reused.
Users of Bluetens applications and programs are informed that in the event of a request for the permanent deletion of their account, their data will be anonymized and will be used by Bluetens for subsequent operations.
The Company may retain certain data in order to fulfill its legal or regulatory obligations and to enable it to exercise its rights. As such, the company keeps the invoices related to the services for ten years.
8. RULES APPLICABLE TO BANK CARD PAYMENTS AND BANK DATA PROTECTION
In order to ensure the security of your payments, we use the services of external providers. They guarantee secure processing of all sensitive data such as banking data and user identities, in accordance with directives and standards: DSP2, RGPD and PCI-DSS.
When payment for your order is made by credit card, our order taking system connects in real time with the system of our service providers who collect your data and carry out various checks to prevent abuse and fraud. The data is stored on the servers of our service providers and is not transmitted to our servers at any time. Our service providers apply for authorization from the bank and only send us the transaction number.
In order to be able to debit the account during invoicing or to credit it, our service providers keep the banking data associated with the authorization number, the time necessary to complete the transaction and to process any complaints.
8.1 How are bank details recorded?
To allow payment in installments, the third-party payment provider may store the Customer's bank details so as not to have to indicate them at each new payment due date.
Bank data (card number, expiration date, name of the holder) are only stored if the User has given his prior consent by checking, when registering his protest request, the box provided for this purpose. when registering.
9. THE SECURITY MEASURES WE PUT IN PLACE TO PROTECT YOUR DATA
As Data Controller, Bluetens takes all necessary precautions to preserve the security and confidentiality of your data. This includes the physical security of the buildings housing our systems and the security of the IT system to prevent external access to your data. Access to your data is limited to only people who need to be aware of it.
10. THIRD PARTY WEBSITES AND SOCIAL NETWORKS
The Site may contain hypertext links giving access to other websites published and managed by third parties and not by the Publisher. The Publisher cannot be held responsible directly or indirectly in the event that said third-party sites do not comply with legal provisions.
The creation of hypertext links to the Site can only be done with the prior written authorization of the Publisher.
We draw your attention to the social networks we use and with which you may interact to support us and / or share one of our publications. During your interaction, Bluentens cannot be held responsible in the event of a problem. Please be aware that when you use these links, information about you may be collected or shared. We encourage you to consult the privacy policies and settings of the social networks with which you interact, in order to know the information likely to be collected, used or shared by these sites.
11. COOKIES & OTHER TRACERS POLICY
11.1 What is a cookie?
Cookies are small data files placed on your computer or mobile device by your browser when you visit a website. Usually a cookie contains the name of the website that uses it and a text string or "unique identifier" that allows websites to recognize that cookie on each subsequent visit throughout its lifetime.
Cookies can collect and store a wide range of information, such as the type of browser or operating system used, the language or other browser settings, or your interactions with the website. Usually, cookies are not used to collect data that identifies an individual. However, information collected with cookies may be associated with a natural person, if combined with personally identifiable data such as a person's email address.
When you log in, cookies are notified to you by a banner at the bottom of our site. Your consent for the deposit of certain cookies is essential. You can accept or refuse the deposit of cookies on your computer or your mobile device.
If you choose not to use cookies, you may be deprived of certain features on the site.
In general, we use two different types of cookies on this site:
Session cookies are used to store information about your activities on this site for the duration of your visit. They are deleted when you close your browser.
Persistent cookies are stored in one of the subfolders of your browser for one or more sessions. They expire after a certain period (defined in the file) or can be deleted manually.
Web beacons, embedded scripts and other similar technologies:
We and our third party partners may also use similar technologies on this site, such as web beacons (also known as Pixel-Tags or GIFs) or scripts.
Web beacons are small graphic images that can be embedded into websites or HTML emails that are generally not visible to the user. They make it possible to follow the user's interaction with the site or our newsletters. For example, they help us understand if you have read our newsletter or if you have clicked on the links in it, so that we can provide you with offers tailored to your interests.
An embedded script or pixel is code designed to collect information about your interactions with this site, such as the links you click. The code is temporarily downloaded to your device from our web server or that of a third-party service provider. It is active only when you are logged in to the website, and is deactivated or deleted afterwards. Although you will not be able to reject or disable these technologies specifically, they work in conjunction with certain cookies. Therefore, disabling cookies will prevent the aforementioned technologies from functioning.
In accordance with Directive 2002/58 / EC of July 12, 2002, we collect your prior consent to the deposit of advertising cookies, audience measurement and sharing to social networks.
11.2 What type of cookies do we use and for what purpose?
Strictly necessary cookies
These cookies are necessary for operations specific to the services provided on our websites. They are used to provide basic functionality of our websites, such as remember the information that has been inserted in a form. If you prevent the installation of these cookies, you will no longer be able to use these features and the website may not function effectively.
Performance cookies
These cookies are used to collect anonymous data for statistical purposes. They allow us to measure the website audience and analyze the way in which visitors surf the website (number of visitors to the website, number of visits per page, time spent on each page, location of clicks, advertising effectiveness measures, etc.). They are also used to detect navigation problems and any other difficulty. These cookies help us to improve our website and your navigation.
Personalization or functionality cookies
These cookies are used to remember your choices, your settings and your content preferences on the website (such as your language, your personalization choices, etc.) and thus offer you a personalized browsing experience by adapting the content of the site internet for you. If you refuse these cookies we will no longer be able to offer you certain features and certain pages of the website may not function correctly.
Specificity of sharing cookies
These cookies are specifically linked to the use of the share buttons on a page of the site on social networks (Facebook, Twitter, LinkedIn, etc.). The sharing buttons allow you to directly share a page of the site on the relevant social network. By clicking on the share button on the social network concerned, one or more cookies are then placed on your terminal (computer, smartphone, tablet) by the social network. We have no access or control over these third party cookies, which may be analytical, performance or targeting cookies.
We suggest that you consult the websites of these third parties for more information about their cookies and how to manage them:
• Facebook: https://fr-fr.facebook.com/policies/cookies/
• Twitter: https://help.twitter.com/fr/rules-and-policies/twitter-cookies
• LinkedIn: https://www.linkedin.com/legal/cookie-policy?_l=fr_FR
11.3 Setting and blocking cookies via our cookie manager
The list of cookies that we use can be viewed via the management tool that we have set up. You have the option to deactivate them at any time. However, we draw your attention to the fact that some cookies are essential for the proper functioning of our site and that it is therefore not recommended to deactivate them.
11.4 Setting and blocking cookies via your navigation settings
You can also control cookies through your browser settings. If most browsers are configured by default and accept the installation of cookies, you have the option, if you wish, to choose to accept all cookies, or to reject them systematically or to choose those that you accept according to the transmitter. You can also configure your browser to accept or refuse cookies, on a case-by-case basis, prior to their installation. You can also regularly delete cookies from your terminal via your browser.
The use of cookies or similar technologies by any third party website, advertising content provider is subject to their own cookie privacy policy.
The CNIL (Commission Nationale Informatique et Liberté) offers a free download of cookie management software on its website: go to the address https://www.cnil.fr/vos-droits/vos-traces/ cookies / for more information.
For the management of cookies and your choices, the configuration of each browser is different. It is described in the help menu of your browser, which will allow you to know how to modify your preferences in terms of cookies.
For exemple :
• For Internet Explorer ™: https://windows.microsoft.com/fr-FR/windows-vista/Block-or-allow-cookies
• For Safari ™: https://support.apple.com/fr-fr/guide/safari/sfri11471/mac
• For Chrome ™: https://support.google.com/chrome/bin/answer.py?hl=fr&hlrm=en&answer=95647
• For Firefox ™: https://support.mozilla.org/fr/kb/Activer%20et%20d%C3%A9sactiver%20les%20cookies
11.5 Configuring the operating system of your smartphone
You have the possibility to control the deposit of cookies on your smartphone in the rules of the operating system.
On iOS: https://support.apple.com/fr-fr/HT201265
On Android: https://support.google.com/chrome/topic/3434352
You also have the possibility to oppose the deposit of cookies by accessing the website: https://www.youronlinechoices.com/
12.MODIFICATION OF THIS DATA PROTECTION POLICY
The Company may modify this Data Protection Policy at any time. The Company will inform Users by any means of changes made to this policy.
Date of publication of this policy: March 1, 2021