Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regards to processing of personal data and on the free movement of such data, otherwise known as General Data Protection Regulation (hereafter GDPR) lays down the legal framework applying to personal data processing.
The GDPR strengthens the rights and obligations of data controllers, subcontractors, data subjects and recipients of data.
In the context of our business activities, we need to process personal data.
To facilitate the understand of this policy, please be advised that:
According to Article 12 of the GDPR, data subjects must be informed of their rights in a concise, transparent, readily intelligible and easily accessible form.
The purpose of this policy is to comply with the obligation to provide information of Cardiovascular Solutions for Life e.V in application of the GDPR (Article 12) and to formalize Cardiovascular Solutions for Life e.V’s clients and prospects’ rights and obligations with regards to the processing of their personal data.
This policy is intended to apply in the context of the implementation of the processing of clients and/or prospects’ personal data.
Cardiovascular Solutions for Life e.V makes every effort to process data within the framework of a structured internal governance. Having made this clear, this policy relates only to the processing for which Cardiovascular Solutions for Life e.V is accountable and therefore does not relate to the processing not created or exploited outside of governance rules established by Cardiovascular Solutions for Life e.V (so-called “shadow IT”).
Personal data processing may be managed directly by Cardiovascular Solutions for Life e.V or through a subcontractor specifically designed by Cardiovascular Solutions for Life e.V.
This policy exists independently from any other document that may apply as part of the contractual relationship between Cardiovascular Solutions for Life e.V and its clients and prospects.
No processing is undertaken by Cardiovascular Solutions for Life e.V with regards to clients and prospects’ data if it does not pertain to personal data collected by or for our services or processed in relation to our services and if it does not meet RGDP general principles.
Use cases of Cardiovascular Solutions for Life e.V are as follows:
Games & Contests | Any playful undertaking with or without the purpose of making Cardiovascular Solutions for Life e.V’s clients or prospects win a gain or a prize. They can take place online or offline. Directly by Cardiovascular Solutions for Life e.V or its partners. Generally, collected data is necessary to identify participants and to attribute prizes. |
Push Media | Any commercial action, commercial follow-up.
Prospection, usually via email, text messages, phone, etc. Data is collected in an opt-in or opt-out manner depending on the instance of use. |
Events | Physical meetings organized by Cardiovascular Solutions for Life e.V or to which Cardiovascular Solutions for Life e.V takes part or sponsors.
Data is usually collected during event registration (directly or through a partner) or during the course of the event itself (form, questionnaire, business card, dedicated mobile applications, etc.). |
Social Media | All social selling operations. They notably include data collection related to registration, posts, likes, replies and forwards, comments, reviews, etc. |
Communities | Any community administered by Cardiovascular Solutions for Life e.V or on its behalf and dedicated to it (For ex: Beer time, fan voice, etc.).
These data are necessary to maintain the community. |
Cookies | Please refer to our Cookies policy. |
This list is intended to be as exhaustive as possible, any new instances of use and any modification or deletion of an existing data handling process will be brought to the attention of clients and prospects through a change in this policy.
Non-Technical data
(according to instance of use) |
Identification (Last name, First name, Moniker/handle, etc.)
Photo in case you grant us such rights Personal/professional life details if required Banking details if required (in case of online transaction) |
Technical data
(according to instance of use) |
Identification data (IP)
Connection data (especially logs) Acceptance data (click) Location data |
Our clients or prospects’ data are generally collected directly from them (direct collection).
Collection can also take place indirectly:
Depending on the situation, Cardiovascular Solutions for Life e.V processes your data for the following purposes:
These purposes are based on the legitimate interest of Cardiovascular Solutions for Life e.V to have data available about its clients and its prospects.
When required, Cardiovascular Solutions for Life e.V obtains consent from the individuals.
Cardiovascular Solutions for Life e.V ensures that the data is accessible only to authorized internal or external recipients.
Internal recipients | External recipients | |
– Authorized personnel from the marketing department, sales department, customer relationship and prospection department, administrative services, logistical and IT services and their supervisors;
– Authorized personnel from the controlling department (auditors, internal controlling process departments, etc.); – Authorized subcontracting personnel. |
– Partners, external businesses or subsidiaries from the same group;
– Justice agencies, court officers and public officers, as part of their debt collection efforts; – The organization in charge of managing the telephone solicitation opt-out registry; – Authorized subcontracting personnel. |
Recipients from clients and prospects’ personal data at Cardiovascular Solutions for Life e.V are bound by a duty of confidentiality.
Cardiovascular Solutions for Life e.V authorizes recipients to access specific data based on an authorization policy.
Cardiovascular Solutions for Life e.V cannot assume any liability for any damage resulting from unlawful access to personal data.
Any access related to clients and prospects’ personal data processing can be traced.
Furthermore, personal data may be shared with any lawfully entitled authority. In such a case, Cardiovascular Solutions for Life e.V cannot be held responsible for the conditions under which the personnel of such authorities accesses and processes these data.
The data retention period is set by Cardiovascular Solutions for Life e.V with regards to legal and contractual restrictions by which it is bound, and by default according to its needs and notably according to the following principles:
Processing | Retention period |
Client data | For the duration of contractual relations with Cardiovascular Solutions for Life e.V, increased by 3 years for management and prospection purposes, without prejudice to retention obligations or the limitation period |
Member and user data | For the duration required to complete provision of the services by Cardiovascular Solutions for Life e.V and 1 year after the last service
Cookies: 13 months |
Prospect data | 3 years from collection by Cardiovascular Solutions for Life e.V or from the last contact initiated by the prospect |
Technical data | 1 year |
Banking data | Deleted as soon as the transaction is successfully completed, unless client gives explicit consent
In case of transaction dispute, retention for 13 months as archive according to debit card |
Anti-money laundering | 5 years |
Past the set time limits, data are either deleted or retained after being made anonymous, notably for statistical use. They can be kept in case of pre-litigation and litigation.
Clients and prospects are reminded that data deletion and anonymization are irreversible and that Cardiovascular Solutions for Life e.V will be unable to recover them thereafter.
Clients and prospects have the right to request confirmation from Cardiovascular Solutions for Life e.V whether data pertaining to them are being processed.
Clients and prospects also have the right to access their data. This right is conditional on compliance with the following rules:
Clients and prospects have the right to request a copy of their personal data being processed by Cardiovascular Solutions for Life e.V. However, in case an additional copy is being requested, Cardiovascular Solutions for Life e.V may charge the cost of producing these copies to the clients and prospects who request them.
If clients and prospects request their copy of their data electronically, the requested information will be provided electronically in a commonly used form, unless otherwise requested.
Clients and prospects are hereby informed that this access right cannot apply to confidential information or data, or those which cannot be disclosed by law.
The access right must not be exercised in an abusive way, meaning in a regular manner with the express purpose of disrupting the applicable department.
Cardiovascular Solutions for Life e.V complies with updating requests:
Clients and prospects’ right to erasure will not apply in case data is processed to comply with a legal obligation.
Outside of this situation, clients and prospects have the right to request the erasure of their data in the following limiting situations:
In accordance with personal data protection legislation, clients and prospects are hereby informed that this individual right can be exercised exclusively by the person concerned with respect to their own information: for security reasons, the applicable department will therefore verify your identity to avoid communicating any of your confidential information to someone other than you.
Clients and prospects are hereby informed that this right is not intended to apply to the extent that Cardiovascular Solutions for Life e.V is processing data in a lawful manner and that all personal data collected are required to carry out the commercial contract.
Cardiovascular Solutions for Life e.V gives the right to data portability in the specific case where data shared by clients or prospects themselves, on online services offered by Cardiovascular Solutions for Life e.V itself and based on the individual’s express consent. In that case the data will be shared in a commonly used, machine-readable structured format.
Cardiovascular Solutions for Life e.V does not make automated individual decisions.
Clients and prospects are hereby informed that they have the right to give guidelines regarding the post-mortem storage, erasure and sharing of their data. Sharing specific guidelines post-mortem and exercising their rights is to be done by e-mail at the following email address: contact(at)stentsavealife.com or by postal mail at the following address:
c/o Contilia GmbH
z.Hd. PD Dr. Christoph K. Naber
Huttropstr. 58
45138 Essen
Germany.
The request shall be accompanied by a copy of a signed proof of identity.
Clients and prospects are informed on each personal data collection form of the voluntary or compulsory nature of their answers by an asterisk.
If answers are compulsory, Cardiovascular Solutions for Life e.V explains to clients and prospects the consequences of a lack of answer.
Clients and prospects grant Cardiovascular Solutions for Life e.V a right to use and process their personal data for the above-outlined purposes.
However, all enhanced data resulting from processing and analysis from Cardiovascular Solutions for Life e.V, otherwise named enhanced data remain the exclusive property of Cardiovascular Solutions for Life e.V (usage analyses, statistics, etc.).
Cardiovascular Solutions for Life e.V hereby informs its clients and prospects that it may mandate any subcontractor of its choice in the context of processing their personal data.
In such a case, Cardiovascular Solutions for Life e.V will ensure that the subcontractor fulfills their obligations with respect to the GDPR.
Cardiovascular Solutions for Life e.V commits to signing a written contract with all of its subcontractors and imposes the same personal data protection obligations to its subcontractors than it imposes on itself. Furthermore, Cardiovascular Solutions for Life e.V reserves the right to carry out an audit of its subcontractors to ensure their full compliance with GDPR provisions.
It is up to Cardiovascular Solutions for Life e.V to define and implement technical security measures, physical or logical, that it deems appropriate to prevent data destruction, loss, alteration or unauthorized disclosure of data in an accidental or unlawful manner.
These measures mainly include:
In case of personal data breach, Cardiovascular Solutions for Life e.V undertakes to notify the CNIL under the conditions outlined by the GDPR.
If said breach exposes clients and prospects to serious risk and that data was not protected, Cardiovascular Solutions for Life e.V:
Cardiovascular Solutions for Life e.V has designed a data protection delegate.
The delegate’s contact details are as follows:
In case of new personal data processing, Cardiovascular Solutions for Life e.V will inform the personal data delegate ahead of time.
If clients and prospects wish to obtain a specific piece of information or to ask a specific question, they may contact the data protection delegate who will answer within a reasonable timeframe with regards to the question asked or to the information required.
In case of issue with personal data processing, clients and prospects will be able to notify the designated personal data protection delegate.
Cardiovascular Solutions for Life e.V, as data controller, commits to maintaining an up-to- date register of all data processing activities.
This register is a document or application enabling the identification of the overall processing undertaken by Cardiovascular Solutions for Life e.V, as processing controller.
Cardiovascular Solutions for Life e.V commits to providing the supervisory authority on first request the information permitting that authority to ensure compliance with the current existing data protection law (“Réglementation informatique et libertés”).
Clients and prospects concerned by personal data processing are hereby informed of their right to file a claim with a supervisory authority, namely the CNIL in France, if they believe that personal data processing pertaining to them does not comply with the GDPR, at the following address:
CNIL – Service des plaintes
3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07
Phone: 01 53 73 22 22
This policy may be modified or adjusted at any time in case of changes in legislation, case law, in decisions or recommendations from the CNIL, or changes in custom.
Employees will be informed of any new revision to this policy through any means Cardiovascular Solutions for Life e.V deems appropriate, including electronically (for instance through e-mailing or online).
For any additional information, you may contact the following department: contact(at)stentsavealife.com
For any general information on personal data protection, you may visit the CNIL website: www.cnil.fr.