Personal data and Protection policy
The CFAO Group is concerned about the protection of the privacy and data of its employees and its contacts (commercial partners, customers, users of its sites and internet platforms, contacts established within the framework of professional meetings, partnerships, services, applications, etc. .). Thus, CFAO ensures that it adopts and respects a data processing policy that complies with current regulations.
CFAO is a subsidiary of the Toyota Tsusho Corporation (TTC) group. As such, and in accordance with its Code of Conduct and Ethics (accessible via the following link: http://www.cfaogroup.com/fr/ethique-et-conformite), CFAO complies with the European General Protection Regulation of Personal Data n°2016/679 of April 27, 2016 (known as “GDPR / GDPR”), the amended “Informatique et Libertés” law, as well as all local regulations, outside the European Economic Area, which may be found at apply as appropriate.
The purpose of this Personal Data Protection Policy (the “Policy”) is to inform you in a clear, simple and complete manner on the way in which CFAO, in its capacity as data controller and/or subcontractor, of a on the other hand, collects and uses personal data concerning you and (“personal data”) and on the other hand, provides you with the useful and necessary means to control this use and exercise your rights relating thereto.
Scope :
This Policy applies to all processing activities implemented by CFAO and its subsidiaries (hereinafter “CFAO”), with regard to persons with whom it maintains relationships within the framework of its activities. Are therefore targeted :
- Group employees
- Business partners
- Prospects
- The shareholders and directors of the Group
- And more generally any person linked to one of the CFAO subsidiaries
This Policy may be modified by CFAO over time, in particular to adapt it to developments or changes in applicable law or CFAO's internal practices.
Summary :
1. On what occasions and for what purposes are your personal data collected ?
2. What data is collected ?
3. On what basis is your data collected ?
4. How does CFAO collect your data ?
5. Who are the recipients of your personal data ?
6. Can your Personal Data be transferred outside the EU ?
7. How is the security of your personal data preserved ?
8. How long is your personal data kept ?
9. What are your rights over your personal data and how to exercise them ?
Version dated 05/19/2021
-------------------------------------------------------------------------------------------------------------------
1. On what occasions and for what purposes are your personal data collected ?
→ CFAO your personal data for explicit and legitimate purposes.
You are a customer, supplier, business partner, your personal data may be used :
- to carry out operations related to our activities; distribute products on the market / provide services and carry out all associated activities; respond to your requests; keep a record of our interactions and conversations, such as when you contact us for information or assistance.
- provide access to our online services, platforms and applications; manage your customer accounts online.
- develop and improve our products and services; identify trends and develop new products and services ; Carry out satisfaction surveys, analyzes and statistics in order to improve our products and services as well as knowledge of our customers and prospects; track and respond to security issues; determine the effectiveness of our promotional campaigns.
- report, where applicable, the information brought to our attention regarding pharmacovigilance and/or materiovigilance.
- comply with applicable legal and regulatory obligations; ensure safety; manage crises; carry out prevention operations and investigations; carry out administrative formalities, registrations, declarations or audits.
- to make payments that we may have to issue in specific situations; verify your financial information; facilitate future payments.
- make donations and carry out sponsorship operations.
- respond to requests from administrative or judicial authorities in accordance with applicable law.
- protect our rights and interests; protect the health, safety and security of personnel of CFAO Group entities and their premises; carry out internal audits; manage our property; implement systems and tools to control our activities; maintain the security of our services and operations; protect us against possible fraudulent actions.
You are free to provide or not all or part of your personal data. However, a refusal decision could have the consequence of limiting your access to certain services or products offered by CFAO, or other functionality offered by its websites and mobile applications.
2. What data is collected ?
→ CFAO only collects personal data strictly necessary for the aforementioned purposes.
CFAO considers the principles of data minimization. Consequently, information that is relevant, adequate, and limited to what is necessary for the purposes for which it is processed is collected.
We may collect various categories of personal data about you, including :
- Your identification data and general information (for example, name, first name, gender, email address and/or postal address, landline and/or mobile telephone number) and as well as any data strictly necessary for the management of the staff.
- Data relating to your profession (for example, functions and title of your position, name of the company, as well as for health professionals, copy and year of obtaining the pharmacist diploma).
- Your payment information (e.g., amounts paid, credit card and bank account information, VAT number and other tax identification number).
- Your electronic identification data required for the provision of products or services to our company (e.g. login, right of access, passwords, badge number, IP address, online identifiers/cookies, log files, date and time of access and connection, recording of images or sounds such as badge photos, video surveillance or sound recordings);
- And information relating to promotional, scientific, and medical activities/interactions you have with us, including possible future interactions.
If you intend to provide us with personal data which relates to other individuals (for example, your colleagues), you must provide the individuals concerned directly, or through their employer, with a copy of this information notice on the protection of personal data.
3. On what basis is your data collected ?
→ CFAO processes your personal data in cases permitted by regulations
Your personal data is processed by CFAO in the cases permitted by applicable regulations, and in particular under the following conditions :
- when you have given free, specific, informed and unequivocal consent regarding the processing of your personal data (e.g.: registration on an online sales site, subscription to a newsletter, etc.)
- when this is necessary for the execution of a contract or pre-contractual measures taken at your request (e.g., application, provision of services, etc.) ;
- for compliance with CFAO's legal or regulatory obligations (e.g.: fight against fraud) ;
- when CFAO's legitimate interests may be such as to justify the processing (e.g.: IT security measures).
Specific information and/or a consent collection form, in accordance with applicable law, are provided as appropriate. These “Information Notices” and/or consent collection form describe how your Personal Data will be used as part of the processing in question.
It is specified here that for minors under 18 years of age, this consent must be given or authorized by the holder of parental authority.
4. How does CFAO collect your data ?
→ CFAO collects data from reliable sources, including :
- Data that you communicate to us through different media, during registration, or use of an application, through surveys and any other direct or indirect interaction with CFAO. This may, for example, be data that you provide to us when you send us an online application or a request for information, etc.
- Data that we collect automatically, for example, when we monitor your interactions with our websites, platforms, applications and services, in particular by means of cookies.
- Data that we collect in compliance with applicable law from public sources, including data published by you on different media.
- Data we obtain lawfully from authorized third parties, for example when we need to confirm your contact details or financial information, or when we verify the licensure of medical professionals.
5.Who are the recipients of your personal data ?
→ CFAO will share your personal data exclusively with authorized parties
Your personal data being confidential, only people duly authorized by CFAO can access your personal data, without prejudice to their possible transmission to the bodies responsible for a control or inspection mission in accordance with the applicable regulations.
All persons with access to your personal data are bound by an obligation of confidentiality.
These people include :
- authorized personnel within the CFAO Group and its affiliates ;
- our partners and our service providers may also be required to process personal data strictly necessary for the performance of the services that we carry out for them or that we entrust to them (mission, electronic and postal distribution, logistics, supply of IT equipment and services, customer service, messaging system, audit etc.).
- any administrative or judicial authority, when required under applicable law, including under provisions of foreign law.
CFAO may be required to transmit your Personal Data to other third parties, in which case you will be duly informed under the terms of the applicable Information Notices.
In all cases, CFAO ensures that these third parties :
- undertake to respect the applicable data protection legislation and the principles of this Policy ;
- undertake to process Personal Data exclusively for the purposes described in this Policy; and
- undertake to implement appropriate technical and organizational security measures to protect the integrity and confidentiality of your Personal Data.
6. Can your Personal Data be transferred outside the European Union (EU) ?
→ CFAO ensures that transfers of your Personal Data outside the EU are regulated.
CFAO is a multinational organization with subsidiaries, partners and subcontractors located in many countries around the world. For this reason, CFAO may transfer your Personal Data (including by providing access to it, by allowing it to be viewed, or by storing it) to other jurisdictions, including outside the European Economic Area.
Appropriate guarantees for international data transfers: in the event that CFAO must transfer Personal Data outside the EU. it ensures that adequate guarantees are implemented (such as in particular the Standard Contractual Clauses of the European Commission applicable where applicable).
7. How is the security of your personal data preserved ?
→ CFAO implements security measures to protect your Personal Data
CFAO takes care to protect and secure your personal data in order to ensure their confidentiality and prevent them from being distorted, damaged, destroyed or disclosed to unauthorized third parties.
CFAO implements technical and organizational measures to ensure that personal data is stored securely for the period necessary to fulfill the purposes pursued in accordance with applicable law.
These measures take into account the state of the art, the costs of implementation, the nature, scope, context and purposes of data processing, as well as the risk and danger for the rights and freedoms of individuals. concerned.
For example, we store your Personal Data on servers that have various types of technical and physical access controls installed, which may include, for example, data encryption mechanisms. We may also aggregate, pseudonymize, or anonymize your Personal Data to ensure that no information allowing you to be identified is communicated to unauthorized third parties.
In the event of a security breach :
Although CFAO takes reasonable measures to protect your personal data, no transmission or storage technology is completely infallible.
In accordance with applicable European regulations, in the event of a proven breach of Personal Data likely to create a high risk for the rights and freedoms of the persons concerned, CFAO undertakes to communicate this violation to the competent supervisory authority and, when this is required by said regulations, to the persons concerned (individually or generally depending on the case).
It is also your responsibility to exercise caution to prevent any unauthorized access to your personal data and your terminals (computer, smartphone, tablet, etc.).
In addition, the Company's websites may provide links to third party websites that may be of interest to you. CFAO has no control over the content of these third-party sites or over the practices of these third parties with regard to the protection of the personal data that they may collect. Consequently, CFAO declines all responsibility regarding the processing by these third parties of your Personal Data, not subject to this Policy. It is your responsibility to find out about the personal data protection policies of these third parties.
8. How long is your personal data kept ?
→ CFAO will not keep your Personal Data for longer than necessary
CFAO keeps your personal data for the time necessary to achieve the purposes pursued, subject to legal archiving possibilities, obligations to retain certain data, and/or anonymization.
By way of derogation, CFAO may be required to retain your Personal Data for a longer period, in accordance with what is authorized or prescribed by applicable law, or to the extent that this is necessary for the protection of its rights and interests.
9. What are your rights over your personal data and how to exercise them ?
→ CFAO will ensure that you can exercise your rights relating to your Personal Data
9.1. Your rights
Subject to the limits provided for by the regulations in force, you have the following rights with regard to your personal data:
- Right to information on the processing of your personal data
CFAO strives to offer you concise, transparent, understandable and easily accessible information in clear and simple terms, on the conditions of the processing of your personal data.
- Right of access, rectification and erasure (or “right to be forgotten”) of your personal data
The right of access allows you to obtain confirmation from CFAO whether or not your personal data is being processed, and the conditions of this processing, as well as to receive an electronic copy (for any additional copy, CFAO is entitled to require the possible payment of reasonable fees based on the administrative costs incurred).
You also have the right to obtain from CFAO, as soon as possible, the rectification of your personal data.
Finally, subject to the exceptions provided for by applicable law (e.g.: retention necessary to comply with a legal obligation), you have the right to ask CFAO to erase, as soon as possible, your Personal Data, when one of the following reasons applies :
- Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed ;
- You wish to withdraw your consent on which the processing of your personal data was based and there is no other basis justifying this processing; You consider and can establish that your personal data has been the subject of unlawful processing ;
- Your personal data must be erased under a legal obligation.
- Right to limit the processing of your personal data
If you contest the accuracy of the data used by CFAO or object to your data being processed, the law authorizes CFAO to verify or examine your request for a certain period of time. During this period, you have the option of asking CFAO to freeze the use of your data. Concretely, CFAO will no longer have to use the data but will have to keep it.
Conversely, you can directly request the limitation of certain data in the event that CFAO wishes to delete it itself. This will allow you to keep the data, for example, in order to exercise a right.
- Right to portability of personal data
When the processing is based on your consent or a contract, this right to portability allows you to receive the personal data that you have provided to CFAO in a structured, commonly used format, and to transmit this personal data to another data controller. without CFAO getting in the way.
When technically possible, you can request that these personal data be directly transmitted to another data controller by CFAO.
- Right to withdraw consent to the processing of personal data
When CFAO processes your personal data on the basis of your consent, this may be withdrawn at any time using the means made available to you for this purpose (procedure indicated in point 9.2 of this Policy). On the other hand, and in accordance with applicable law, the withdrawal of your consent only applies for the future and cannot therefore call into question the lawfulness of the processing carried out before this withdrawal.
9.2. How to exercise your rights
For any questions relating to this Policy and/or to exercise your rights as described above, you can contact CFAO or the subsidiary concerned, electronically or by post, by sending an email accompanied by a copy of any identity document and specifying the right(s) you wish to exercise at the address of the CFAO subsidiary concerned :
Or
by post, by sending a letter accompanied by a copy of any identity document and specifying the right/s that you wish to exercise to the address of the head office of the CFAO Group subsidiary concerned, at attention of the Legal Department - Management of Personal Data.
CFAO undertakes to respond to you as soon as possible, and in any event, within one month of receipt of your request. If necessary, this period may be extended by two months. In this case, you will be informed of this extension and the reasons for the postponement.
If your request is submitted in electronic form, information will also be provided to you electronically where possible, unless you specifically request otherwise.
This Policy is subject to French law. In the event of a dispute and in the event that an amicable agreement cannot be reached, the competent courts will be those within the jurisdiction of the Paris Court of Appeal, notwithstanding multiple defendants or warranty claims.