- Healthcare Professionals
- About us
- Sophysa Worldwide
Article 1. Introduction
At SOPHYSA, we pay the best attention and the utmost care to your privacy and to your personal data in accordance to the current law and regulations.
This policy covers the processing required in order to:
Article 1.2. Identification of the controller
In this policy, « SOPHYSA », « we », « our » and « « ours » refers to
SOPHYSA SA is a limited company, with a registered capital of €500,000, registered with the RCS (Trade and Companies Register) of Evry, under the number B 306 979 584, established 5 Rue Guy Moquet, 91400 Orsay, France.
For all is processing activities, SOPHYSA is the entity which determines the means and purposes and therefore acts as data controller within the meaning of the regulations applicable to personal data and in particular the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter “GDPR”).
You can find all the information about SOPHYSA in our legal notice.
Article 2. Definitions
o Any information which allows to identify a person directly or indirectly
Name, Identification number, Location data and An online identifier
One or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
o Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means
Collection, Recording, Organization, Structuring, Storage, Adaptation or Alteration, Retrieval, Consultation, Use, Disclosure by transmission, dissemination or otherwise making available, Alignment or combination, Restriction and Erasure or destruction
o The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
o A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
o The person responsible for ensuring compliance with the rules on personal data
o A breach of security resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure of personal data transmitted, stored or otherwise processed, or unauthorized access to such data
Article 3. Generalities applicable to all processing activities implemented by SOPHYSA
SOPHYSA ensures for each treatment the respect of the fundamental principles of data protection. This article informs you about the generalities applicable to all the processing activities covered by this policy. The following article details, for each activity, the specific conditions and procedures for implementing the treatment.
Article 3.1. Data minimization
Each form on the website limits the collection of personal data to what is strictly necessary and indicates the purpose (s) of the collection of such data and the recipient (s) of the data.
The data required to manage your request are marked with an asterisk on each form. If you do not fill in these mandatory fields, SOPHYSA will not be able to answer your requests and / or provide you with the requested services. Other information is optional and allows us to better manage your request and improve our communications and services to you.
Article 3.2. Sharing data with third parties and transferring your data outside the European Union
We never share your personal data with other companies for business purposes with the potential exception of the SOPHYSA distributor in your country.
Each section devoted to a processing activity details the internal recipients intended to access and process the data concerned. The data may possibly be transmitted to technical service providers chosen for their expertise and reliability who act on our behalf and according to our instructions (IT subcontractor, host of our servers, etc.).
We authorize these service providers to use your personal data only to the extent necessary to provide services on our behalf or to comply with legal requirements and we strive to ensure that your personal data is protected at all times. .
SOPHYSA may also be required to provide your data to third parties where such communication is required by law, a regulatory provision or a court order, or if such communication is necessary to protect and defend our rights.
All these third parties may come from countries within or outside the European Union (“EU”), including countries that do not offer the same level of data protection as your country of residence. In such a case and to the extent required by applicable law, we will ensure:
Article 3.3. Data security
SOPHYSA is committed to protecting your personal data against loss, destruction, alteration, access or unauthorized disclosure. To this end, SOPHYSA implements appropriate technical and organizational measures, in view of the nature of the data and the risks that their treatment entails, to preserve the security and confidentiality of your personal data and, in particular, to prevent them from being deformed, damaged, or to prevent unauthorized third parties from having access to it.
Such measures may include, but are not limited to, limited access to data by authorized staff because of their duties, contractual safeguards when using an external service provider, privacy impact assessment, regular reviews of our practices and policies about privacy and / or physical and / or logical security measures (secure access, authentication process, backup copies, antivirus software, firewalls, etc.). ).
Article 3.4. Data about underage people
The services of SOPHYSA are not intended for underage people. Also, we do not collect or knowingly process personal data relating to underage people. In the event that we are aware of the collection of personal data of underage people without the prior authorization of the holder of parental responsibility, we will take appropriate measures to remove personal data from our servers and / or those of our service providers.
Article 4. Data processing controlled by SOPHYSA
Article 4.1. Processing activities performed for the management of the website, the extranet and the requests sent from the online forms
Article 4.1.1. Context of collect
When browsing www.sophysa.com, you may need to make a contact request via the “Contact Us” or “Contact” form.
Article 4.1.2. Data processed
As part of these activities, SOPHYSA processes and stores the following personal data about you to respond to your contact request:
o Your identity
o Your contact details
o If applicable, the content of the message,
The basis of the processing activity is the need for processing for the fulfillment of a legal or regulatory obligation, in this case the obligation to respond to the requests made by the data subjects mentioned by the GDPR in Article 12, 2.
Article 4.1.3. Lawful basis and period of storage
The basis of the processing activity is your consent that you express by accepting and submitting the contact request.
This data is processed by the service concerned by your request the necessary time to answer you.
Depending on your request and the content of our exchanges, the data thus collected may be used for other purposes. These processing activities are then subject to the terms and conditions attached thereto.
We also indicate that we make anonymous statistics on the www.sophysa.com website, which do not allow us to identify you.
Article 4.2. Processing activities performed in order to manage prospects, customers, suppliers, and partners
Article 4.2.1. Context of collect
SOPHYSA may also process personal data concerning you when:
Article 4.2.2. Data processed
In this context, SOPHYSA will collect information relating to:
o Last name
o First name
o Email address professional
o Business telephone
o All the information contained in the exchanges (nature of the request, etc.)
o First name
Article 4.2.3. Data recipients
These data are intended, as necessary, for the employees in charge of the follow-up of the commercial relationship and / or the partnership, the accounting / invoicing and the collaborators of the services implied by the request / the contract.
Article 4.2.4. Lawful basis and period of storage
They are collected and preserved:
o The time required to study and track the application + one (1) year after the application is closed (or the last contact if necessary)
o The duration of the contractual relationship
o For five (5) years following the termination of the contractual relationship.
Article 4.3. Processing activities performed for recruitment purposes
Article 4.3.1. Context of collect
SOPHYSA may process personal data about you when you submit an unsolicited application or apply for an advertisement posted by SOPHYSA (via the “Careers” section of the SOPHYSA website or a linking platform such as Indeed).
Article 4.3.2. Data processed
In this context, personal data about you are collected:
The collected data are the following:
o Level of study
o Languages spoken
o Salary expectations
o Personal address
o Family situation
If you provide us with contact information for a reference, it is your responsibility to ensure that it is informed and has agreed to it.
Article 4.3.3. Lawful basis and period of storage
These data are collected and stored only as part of the management of your application, based on the legitimate interest of SOPHYSA and / or your consent and are not used for any other purpose, including commercial.
They are kept:
o The data relating to an employee are kept for the time of his presence within SOPHYSA and after his departure for the applicable legal retention period.
o Six (6) months, unless opposed by you.
Your personal data will in any case be destroyed on request from you (see the section on the contact details of the DPO), within a maximum of 1 month from your request.
Article 4.3.4. Data recipients
These data are processed by SOPHYSA recruiting employees only and, incidentally, for technical and logistical reasons, to SOPHYSA’s subcontractors.
Article 5. Exercise of your rights and contact details of our Data Protection Officer
Article 5.1. Your rights
SOPHYSA informs you that you have the following rights under the European Data Protection Regulation and the Data Protection Act of 1978:
Article 5.2. Where to address your requests
To exercise these rights, please contact SOPHYSA:
All requests must be accompanied by a signed identity document.
Article 5.3. Data processing performed for answering your request
Article 5.3.1. Context of collect
When you exercise your rights, our Data Protection Officer processes your personal data for the purpose of managing your request.
Article 5.3.2. Data processed
The Data processed are:
Article 5.3.3. Lawful basis and period of storage
These data are processed for the fulfillment of a legal or regulatory obligation, in this case the obligation to respond to the requests made by the data subjects mentioned by the GDPR in Article 12, 2.
These data are kept for a period of three (3) years, with the exception of a copy of your identity document, which is kept for one (1) year.
Article 5.4. Where to complain
SOPHYSA also informs you that you can file a complaint before the National Commission on IT and Liberties:
Article 6. Data breach notification
In the event that your personal data are accessed, lost or stolen by an unauthorized third party, SOPHYSA will take commercially reasonable measures to notify you to the extent required by law, and will provide you with personal data that have been consulted / disclosed, using the contact information you have provided to us, or by any other reasonable means.
Article 7. Links to third party sites
SOPHYSA’s website may contain links to social media platforms managed on third-party servers, by people or organizations over which the company has no control.
As such, SOPHYSA can in no way be held responsible for the way your data will be stored or used on the servers of third parties. We advise you to read the applicable policy regarding the protection of personal data of each third party website that you access via our website to assess how your personal data will be used.
Article 8. Change to this policy