Privacy Protection Policy

1. Who are we?


Welcome to our MODILAC website.
This section allows you to find out more about the origin and use of the navigation information processed when you consult our site and about your rights.
This Policy is therefore important for you, who wish to have a positive and confident experience of our services, and for us, who wish to provide you with accurate and complete answers to your questions about your consultation of our site and to take your wishes into account.
Depending on the services to which you subscribe, you may be asked to provide personal data, some of which are mandatory and some of which are optional. Each of the forms on this Site specifies whether the data is compulsory or optional. The information collected is subject to computer processing for the needs and purposes indicated in the forms.
The information collected is intended for use by Sodilac, the Group to which it belongs and its partners.


1.1 Person responsible for processing


The following information is provided so that you may be aware of the commitments regarding the protection of personal data at www.modilac.com, published by the company SODILAC SAS, whose registered office is located at 68 rue de Villiers in Levallois-Perret 92300, which acts as data controller for the processing of personal data mentioned in this document, hereinafter referred to as "the Data Controller" or "we".


1.2 Our data processing and freedom policy manager


The Data Controller has appointed a person responsible for IT policy and freedom, whom you can contact at the following address
by email at donneespersonnelles@modilac.com,
or
by post to the following address Sodilac, 68 rue de Villiers 92300 Levallois-Perret. My personal data.
The data protection officer can be contacted at the following address: dpo@savencia.com.


 
2. The personal data we process


In the context of the processing of personal data, the Data Controller collects and processes the following data:
- title, surname, first name, telephone, e-mail, address, postcode, city, country, expected date of birth or date of birth of the child.


 
3. The purposes and legal basis of our data processing


3.1 The purposes of our treatments
The treatments we carry out are carried out for the following purposes:
- to establish statistics and volumes of frequentation and use of the various elements making up our site (sections and content visited, browsing), enabling us to improve the interest and ergonomics of our services;
- to adapt the presentation of our site to the display preferences of your terminal (language used, display resolution, operating system used, etc.) during your visits to our site, depending on the hardware and the viewing or reading software that your terminal contains;
- memorise information relating to a form that you have filled in on our site;
- implement security measures;
The advertising spaces on our site are likely to be used by a third party (e.g. external advertising agencies) and, where appropriate, may contain cookies issued by one of them. If necessary, the cookies issued by these third parties allow them, during the period of validity of these cookies :
- to count the total number of advertisements displayed by them on our advertising spaces, to identify these advertisements, their respective number of displays, the number of users having clicked on each advertisement and, where applicable, the subsequent actions carried out by these users on the pages to which these advertisements lead, in order to calculate the sums owed to the players in the advertising distribution chain (advertiser, communication agency, advertising network, site/distribution medium) and to draw up statistics;
- to adapt the advertising spaces they operate to the display preferences of your terminal (language used, display resolution, operating system used, etc.), depending on the hardware and the viewing or reading software that your terminal contains;
- to adapt the advertising content displayed on your device via our advertising spaces according to your device's navigation on our site;
- to adapt the advertising content displayed on your device via our advertising spaces according to the previous or subsequent browsing of your device on third party sites on which the advertising network concerned also issues Cookies, provided that these Cookies have been recorded in your device in accordance with the choices you have made with regard to this network;
- to adapt the advertising content displayed on your terminal via our advertising spaces according to the location data (longitude and latitude) transmitted by your terminal with your prior agreement;
- to adapt the advertising content displayed on your device in our advertising spaces according to the personal data that you may have provided to this advertising network.
 
3.2 The legal basis of our processing operations
We only carry out data processing if at least one of the following conditions is met:
- your consent to the processing operations has been obtained;
- the existence of our legitimate interest, or that of a third party, justifies that we carry out the processing of the personal data concerned;
- the performance of a contract between us and you requires us to process the personal data concerned;
- we are bound by legal and regulatory obligations that require us to process the personal data concerned.
 
3.3. Legitimate interests pursued
Legitimate interests pursued by the Data Controller may include allowing the continuity of its activity, improving the consumer experience, building consumer loyalty, understanding consumer expectations.
 


4. Recipients of your data


The personal data that we collect, as well as those that are collected subsequently, are intended for us in our capacity as Data Controller.
We ensure that only authorised persons have access to these data. Our subcontractors/service providers may receive this data in order to carry out the services we entrust to them.
Your personal data may be reconciled, pooled or shared between all the parent, sister and subsidiary entities of the Data Controller.
They may be communicated to these entities for the purposes set out in this information notice. These operations are carried out on the basis of instruments that comply with the applicable regulations and that are capable of ensuring the protection and respect of your rights.


 
5. The transfer of your data


As part of the services we offer, we transfer your personal data to recipients in the following countries:
- France: Service Consommateur SODILAC;
- United States: Mailchimp.
Each of these transfers is governed by legal instruments that comply with the applicable legal framework. 

Transfers to other countries are subject to appropriate safeguards such as the signing of standard contractual clauses proposed by the European Commission.


5.1 Mailchimp
When you subscribe to the Laboratoire Modilac newsletter, your data is transferred to our service provider Mailchimp. Mailchimp's servers and offices are located in the United States, so your information may be transferred, stored or processed in the United States. Mailchimp takes numerous measures to protect your privacy, including offering a data processing agreement to all.
DATA TRANSFERS FROM THE EUROPEAN UNION TO THE UNITED STATES
Mailchimp participates in and has certified its compliance with the EU-US privacy framework and the Swiss-US privacy framework. Mailchimp undertakes to subject all personal information received from European Union (EU) member countries and Switzerland, respectively, according to each privacy protection framework, to the applicable principles of each framework. To learn more about the privacy frameworks and to view the certification, visit the U.S. Department of Commerce's privacy website here.
A list of Privacy Screen participants is maintained by the Department of Commerce and is available here.
Mailchimp is responsible for the processing of the personal information they receive under each privacy framework and the subsequent transfer to a third party acting on their behalf as their agent. 
With respect to personal information received or transferred in accordance with the privacy protection frameworks, Mailchimp is subject to the enforcement powers of the US Federal Trade Commission. In certain situations, Mailchimp may be required to disclose personal information in response to legitimate requests from public authorities, including for national security or law enforcement purposes.


5.2 Customer Satisfaction
With the aim of always better meeting the expectations of our healthcare professional customers, Sodilac plans to send satisfaction questionnaires or information via the Mailshimp platform. The healthcare professional will always have the possibility to unsubscribe via a link that he can find in the emailing.


 
6. The lengths of time for which we keep your data


The retention periods we apply to your personal data are proportionate to the purposes for which they were collected. Accordingly, we organise our data retention policy as follows:
 
PURPOSE OF THE PROCESSINGSTATEMENT Retention period 3 years from the last contact from you or, if applicable, from the end of the business relationship plus the duration of the legal requirements. Customer In the context of concluded contracts, the data is stored for the duration of the business relationship plus the duration of the legal requirements. Cookies 13 months from the time they are installed on your device. Contracts with a value of more than €120 for accounting purposes. 10 years from the conclusion of the contract. In the event of exercising the rights of access, rectification, deletion, limitation, the data relating to identity documents and the information enabling these rights to be taken into account. 1 year from receipt of the request. In the event of exercise of the right of opposition, data relating to identity documents and information enabling the right of opposition to be taken into account. 6 years from receipt of the application. 

 
 
7. The rights you are entitled to


7.1 How to exercise your rights
You can exercise your rights by email at the following address: donneespersonnelles@modilac.com. 
or
by post to the following address For the attention of the DPO, Sodilac, 68 rue de Villiers 92300 Levallois-Perret.
To do so, you must clearly indicate your surname(s) and first name(s), the address to which you would like the reply to be sent and attach proof of your identity.
As a matter of principle, you may exercise all your rights free of charge. However, with regard to the right of access, you may be asked to pay a reasonable fee based on administrative costs for any copy of the data you request.
As regards the right to information, the Data Controller will not be obliged to act upon it if you already have the information you are requesting.
The Data Controller will inform you if he cannot comply with your requests.
These rights are not absolute and are subject to different conditions under :
- French law on the protection of personal data or privacy applicable;
- the laws and regulations applicable to you.

The Data Controller wishes to inform you that failure to provide information or modification of your data may have consequences in the processing of certain requests in the context of the execution of contractual relations and that your request for the exercise of your rights will be kept for follow-up purposes for 6 years concerning the exercise of the right of opposition and 1 year concerning the exercise of other rights.
All the rights you enjoy are detailed below.


7.2 Your right to information
You acknowledge that this information notice informs you of the purposes, legal framework, interests, recipients or categories of recipients with whom your personal data is shared, and the possibility of a data transfer to a third country or to an international organisation.
In addition to this information and with the aim of ensuring fair and transparent processing of your data, you declare that you have received further information concerning :
- how long your personal data will be kept;
- the existence of the rights that are recognised for your benefit and how you can exercise them.
If we decide to process data for purposes other than those indicated, you will be informed of the new purposes.


7.3 Your right to access and rectify your data
You have the right to access and rectify your personal data, which you may exercise:
by email to the following address:
donneespersonnelles@modilac.com
or 
by post to the following address For the attention of the DPO, Sodilac, 68 rue de Villiers 92300 Levallois-Perret. 
By exercising this right, you have confirmation that your personal data is or is not processed and when it is processed, you have access to your data and to information concerning :
- the purposes of the processing ;
- the categories of personal data concerned;
- the recipients or categories of recipients, as well as the international organisations to which the personal data have been or will be communicated, in particular recipients who are established in third countries;
- where possible, the intended period of retention of the personal data or, where this is not possible, the criteria used to determine this period;
- the existence of the right to ask the Data Controller for the correction or deletion of your personal data, the right to ask for a limitation of the processing of your personal data, the right to object to such processing ;
- the right to lodge a complaint with a supervisory authority;
- information on the source of the data when they are not collected directly from the data subjects;
- the existence of automated decision making, including profiling, and in the latter case, useful information concerning the underlying logic, as well as the importance and the expected consequences of this processing for the data subjects.
You may ask us to correct or complete your personal data if they are inaccurate, incomplete, equivocal or out of date, as the case may be.


7.4 Your right to have your data deleted
You may request us to delete your personal data if one of the following reasons apply:
- the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
- you withdraw the consent previously given;
- you object to the processing of your personal data where there is no legal ground for such processing;
- the processing of personal data does not comply with the provisions of the applicable laws and regulations;
- your personal data has been collected in the context of providing Information Society services to children under the age of 16.
Nevertheless, the exercise of this right will not be possible when the retention of your personal data is necessary under the terms of legislation or regulations and in particular for example for the establishment, exercise or defence of legal rights.


7.5 Your right to limit data processing
You may request the limitation of the processing of your personal data in the cases provided for by laws and regulations.


7.6 Your right to object to the processing of data
You have the right to object to the processing of personal data concerning you when the processing is based on the legitimate interest of the Data Controller.
In the case of direct communication, this right may be exercised by any means, in particular by clicking on the unsubscribe links at the bottom of the communications sent. 


7.7 Your right to the portability of your data
Since 25 May 2018, you have the right to the portability of your personal data.
The data on which this right can be exercised are :
- only your personal data, which excludes anonymised personal data or data that does not concern you ;
- the personal data of a declarative nature as well as the personal operating data mentioned above;
- personal data that does not infringe the rights and freedoms of third parties such as those protected by business secrecy.
This right is limited to processing based on consent or a contract as well as to personal data that you have personally generated.
This right does not include derived or inferred data, which are personal data created by the Data Controller.


7.8 Your right to withdraw your consent
Where the data processing we carry out is based on your consent, you may withdraw it at any time. We will then stop processing your personal data without jeopardizing the previous operations for which you consented.


7.9 Your right of recourse
You have the right to lodge a complaint with the CNIL on French territory, without prejudice to any other administrative or jurisdictional recourse.


7.10 Your right to define post-mortem guidelines 
In accordance with article 63 of the Law n° 2016-1321 of 7 October 2016 for a Digital Republic, you have the possibility to define guidelines for the storage, deletion and communication of your personal data after your death with a trusted third party, certified and responsible for enforcing the wishes of the deceased, in accordance with the requirements of the applicable legal framework".