PRIVACY AND COOKIES POLICY
Last update date: 04/01/2023
WWW.SURGIRIS.COM is a site belonging to SURGIRIS SAS, registered under the SIRET number 43776081200044 with the RCS of LILLE METROPOLE and domiciled at 80, rue de la Gare – 59170 CROIX, France (hereinafter referred to as the “Data Controller”)
WWW.SURGIRIS.COM is very concerned about the confidentiality of your personal data as Users who visit and browse our Site. This is why we, the WWW.SURGIRIS.COM Site, strive to respect your rights as set out in the General Data Protection Regulation 2017/679 (GDPR) and the ePrivacy Directives of the European Parliament and the Council, as well as Law n°78-17 of 6 January 1978, known as the Data Protection Act, as amended by Law n°2018-493 of 20 June 2018 relating to personal data protection.
- Article 1 – Definitions
§Personal data” or “personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an “identifiable natural person” is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity
§2 “processing” means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
§(3) “controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing; where the purposes and means of such processing are determined by Union law or the law of a Member State, the controller may be designated or the specific criteria for such designation may be laid down by Union law or the law of a Member State
§4. ‘processor’ means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
§5. ‘recipient’ means the natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether a third party or not. However, public authorities 4.5.2016 L 119/33 Official Journal of the European Union EN which may receive personal data in the context of a particular enquiry in accordance with Union law or the law of a Member State shall not be regarded as recipients; the processing of such data by the public authorities in question shall comply with the applicable data protection rules in relation to the purposes of the processing;
§6 “consent” of the data subject means any freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject signifies his or her agreement, by a declaration or by a clear positive act, to personal data relating to him or her being processed
§7 “personal data breach” means a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed
§8 “cookie”, a cookie is a text file that is automatically stored in the browser of any User when visiting a website. This text file may contain personal data and/or information relating to the User’s navigation.
- Article 2 – Purpose
The purpose of this Privacy and Cookie Policy (hereinafter the “Policy”) is to define the terms and conditions for the collection, storage, processing and deletion of personal data (hereinafter “personal data”) of any individual (hereinafter the “User”) who uses or simply browses the Site.
The Data Controller assures the User that it implements all the necessary means to ensure compliance with the provisions of the General Data Protection Regulation 2017/679 of the European Parliament and of the Council dated 14 April 2016 by ensuring compliance with the retention periods, the need to collect the aforementioned personal data, and the confidentiality of the personal data collected (hereinafter the “Regulation” or the “GDPR”).
- Article 3 – User consent
This Policy must be read and accepted by any User visiting the Site. By clicking on the box mentioning “read and accepted” referring to this Policy at the time of arrival on the Site, the User acknowledges that he/she has read it and gives his/her free, informed and unambiguous consent to the processing of his/her personal data.
The User may, at any time and without justification or prejudice, withdraw his/her consent to this Privacy and Cookie Policy. The User may exercise his/her right to withdraw consent to this Policy by notifying the Data Controller at the following e-mail address: info@surgiris.com.
This withdrawal of consent will take effect at the time when the Data Controller receives notification of the User’s withdrawal of consent.
- Article 4 – Data collected
In the context of visiting and using the Site, certain personal data of Users may be collected by the Data Controller, in its capacity as Data Controller, or by one or more subcontractors acting in the name and on behalf of the Data Controller.
§1 – Means of collection
The User’s personal data is collected by the following means:
- When the User communicates them
Either by (1) filling in the contact form; or (2) by filling in the registration form for a user account. - By automated collection
During the User’s navigation on the Site, the Data Controller automatically records certain information relating to the preferences and use made of the Site by the User. Cookies are used during the User’s navigation on the Site to collect this information automatically.
§2 – Type of data collected
The personal data that may be collected are :
- User’s e-mail address
- Name and first name of the User
- The User’s telephone number
- User’s country of location
- Any information that the User communicates via the contact forms or contact details of the Data Controller available on the Site
- The User’s browsing preferences on the Site
§3 – Recipients of the data
The recipients of the personal data are
- the Data Controller
- the internal employees of the Data Controller acting on its behalf
- the data controller’s subcontractor in charge of hosting the Site’s domain
- any legally or administratively authorised person (e.g. judicial authorities)
- Article 5 – Data processing
§1 – Legal basis for processing
The processing of Users’ personal data via the Site must necessarily be justified by one of the conditions set out in Article 6 §1 of the Regulation. In accordance with the Regulation, Users’ personal data will only be processed if one of the following conditions is met:
- The User has given his consent: the User concerned has consented to the processing of his personal data for one or more specific purposes;
- The performance of the contract requires it: the processing is necessary for the performance of a contract to which the User concerned is a party or for the performance of pre-contractual measures taken at the User’s request;
- Compliance with the law requires it: processing is necessary to comply with a legal obligation to which the data controller is subject;
- A legitimate interest justifies it: the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the User concerned which require the protection of personal data prevail, in particular where the User concerned is a minor.
§2 – Purposes of processing and data retention period
In accordance with Article 13 of the Regulation, the reason for and duration of the storage and processing of personal data must be justified by a valid purpose, in addition to one of the legal bases listed above.
1. Concerning data collected for the purpose of commercial prospecting by the Data Controller and for responding to contact/quotation requests
- Retention period: 3 years
- Archiving: N/A
- Legal basis: Legitimate interest of the Data Controller
2. Concerning data collected for the purpose of managing and paying for orders, access to dematerialised content relating to orders and invoicing
- Retention period: 3 years
- Archiving: 5 years
- Legal basis: Performance of the contract by the Data Controller
3. Concerning data collected for fraud prevention purposes
- Retention period: 3 years
- Archiving: 5 years
- Legal basis: Legitimate interest of the Data Controller
4. Concerning data collected for the purposes of compliance by the Data Controller with its accounting and tax obligations
- Retention period: 3 years
- Archiving: 7 years
- Legal basis: Compliance with the law
5. Concerning data collected for the purpose of facilitating the user’s navigation and promoting products related to the Customer’s preferences (cookies)
- Retention period: 13 months from the time the cookies are placed on the user’s browser
- Archiving: N/A
- Legal basis: Consent
- Article 6 – Means of data protection
In accordance with Article 5 and Article 32 of the Regulation, the Data Controller has an obligation to ensure the security of the personal data of Users that it stores and processes.
The Controller shall maintain a register containing all personal data of Users collected. The Data Controller affirms that it implements all necessary security measures to protect the personal data of Users contained in this register and to avoid any violation of the User’s personal data.
To this end, the Data Controller asserts to the Users that it has undertaken a study of the risks associated with the storage and processing of the Users’ personal data in order to implement adequate security measures as follows:
- By allowing pseudonymisation and encryption of the User’s personal data
- By implementing means to ensure the confidentiality, integrity, availability and resilience of the processing systems and services at all times;
- Implementing means to restore the availability of and access to personal data within an appropriate timeframe in the event of a physical or technical incident;
By guaranteeing the use of a procedure aimed at regularly testing, analysing and evaluating the effectiveness of technical and organisational measures to ensure the security of processing.
The Data Controller assures Users that the data it holds and processes is stored within the European Union, in a Member State subject to the Regulation.
In the event of a breach of the User’s personal data, the Controller undertakes to notify the competent supervisory authority of the breach within 72 hours in accordance with Articles 33 and 34 of the Regulation.
- Article 7 – Cookies
1 – Purpose of the use of cookies
As explained above, a cookie is a text file that is automatically saved in the browser of any User when visiting a website. This text file may contain personal data and/or information relating to the User’s navigation.
The sole purpose of the cookies used on the Site is to improve your browsing experience as a User. The cookies used facilitate your browsing by memorising some of your personal data when you access and browse the Site. Three types of cookies are used on the Site, their purpose varying according to their type:
- Functional cookies: these cookies enable us to remember your data entered during authentication or searches carried out on the site.
- Advertising cookies: these cookies make it possible to identify the consumption and search habits and preferences of Users in order to offer them advertising content in line with their personal preferences.
- Security cookies: these cookies enable the security of Users’ personal data by guaranteeing the encryption of data contained in other cookies.
§2 – Cookies used, lifespan and function
Each cookie used on the Site is identifiable by a name. Each cookie has a lifetime, i.e. a period of time after which it disappears and ceases to be active, forgetting any personal data that it stored. Each cookie also has a function, i.e. a purpose that justifies its installation on the Site.
Here is the list of cookies used on the Site with their name, their lifespan and their function:
1. Cookie : CONSENT
Lifetime : 24 months
Supplier : google.com
Function: Used to detect whether the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for the website’s compliance with the GDPR.
2. Cookie : rc::a
Lifetime: Persistent
Supplier : google.com
Function : This cookie is used to distinguish humans from robots. This is beneficial to the website in order to create valid reports on the usage of their site.
3. Cookie : rc::c
Lifetime: Session
Supplier: google.com
Function: This cookie is used to distinguish between humans and robots.
4. Cookie : CookieConsent
Lifetime : 12 months
Supplier : surgiris.com
Function: Stores the user’s permission to use cookies for the current domain
5. Cookie : has_js
Lifetime: Session
Provider: surgiris.com
Function: Records whether or not the user has JavaScript enabled in the browser.
6. Cookie: visitor
Lifetime: 12 months
Supplier : surgiris.com
Function: Keeps track of user settings across page requests.
7. Cookie : CONSENT
Lifetime: 24 months
Supplier: youtube.com
Function: Used to detect whether the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for the website’s compliance with the GDPR.
8. Cookie : _ga
Lifetime: 399 days
Supplier: surgiris.com
Function: Stores a unique identifier used to generate statistical data on how the visitor uses the site.
9. Cookie: _gat
Lifetime: 1 day
Supplier : surgiris.com
Function: Used by Google Analytics to drastically reduce the rate of queries
10. Cookie : _gid
Lifetime: 1 day
Supplier : surgiris.com
Function: Stores a unique identifier used to generate statistical data on how the visitor uses the site.
11. Cookie : visit
Lifetime: 1 day
Supplier : surgiris.com
Function: Unique identifier for the user to be recognised on subsequent visits.
12. Cookie : DEVICE_INFO
Lifetime: 179 days
Supplier: youtube.com
Function: Allows YouTube to identify the type of device with which the user connects to the Site.
13. Cookie : VISITOR_INFO1_LIVE
Lifetime: 179 days
Supplier: youtube.com
Function: Attempts to estimate user bandwidth on pages with embedded YouTube videos.
14. Cookie: YSC
Lifetime: Session
Supplier: youtube.com
Function: attempts to estimate user bandwidth on pages with embedded YouTube videos.
15. Cookie : ytidb::LAST_RESULT_ENTRY_KEY
Lifetime: Persistent
Provider: youtube.com
Function: Stores user’s video playback preferences for embedded YouTube videos
16. Cookie : yt-remote-cast-available
Lifetime : Session
Provider: youtube.com
Function: Stores the user’s video playback preferences for embedded YouTube videos.
17. Cookie : yt-remote-cast-installed
Lifetime: Session
Provider: youtube.com
Function: stores the user’s video playback preferences for embedded YouTube videos.
18. Cookie: yt-remote-connected-devices
Lifetime: Persistent
Provider: youtube.com
Function: Stores the user’s video playback preferences for embedded YouTube videos.
19. Cookie : yt-remote-device-id
Lifetime: Persistent
Provider: youtube.com
Function: stores the user’s video playback preferences for embedded YouTube videos
20. Cookie : yt-remote-fast-check-period
Lifetime: Session
Provider: youtube.com
Function: Stores the user’s video playback preferences for embedded YouTube videos.
21. Cookie : yt-remote-session-app
Lifetime: Session
Provider: youtube.com
Function: Stores the user’s video playback preferences for embedded YouTube videos.
22. Cookie : yt-remote-session-name
Lifetime: Session
Provider: youtube.com
Function: Stores the user’s video playback preferences for embedded YouTube videos.
23. Cookie : api/v1/analytics/create
Lifetime: Session
Provider: youtube.com
Function: Stores the user’s video playback preferences for embedded YouTube videos.
§3 – Managing cookies: activation and deactivation
It is possible for the User to manage the Cookies on the browser he/she uses at any time. The User can activate or deactivate them at any time. The means of managing cookies depends on each browser. To make it easier for Users to manage their cookies, below is an explanatory help for managing cookies on the main browsers used by Users:
- Google chrome: https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=fr
- Safari: https://support.apple.com/fr-fr/guide/safari/sfri11471/mac
- Mozilla Firefox: https://support.mozilla.org/fr/kb/activer-ou-desactiver-les-cookies on-firefox-for-android
- Internet Explorer: https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies
- Article 8 – Users’ rights
The User has the right to request from the Data Controller access to his/her personal data, the rectification or deletion thereof, or a limitation of the processing relating to the User concerned, or the right to object to the processing and the right to the portability of data.
The User has the right to withdraw his consent to the processing of his personal data at any time. This withdrawal of consent will take effect at the time the Data Controller receives notification of the User’s withdrawal of consent.
The User has the right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL) via the contact form available at the following website: https://www.cnil.fr/fr; or with the Direction Générale de la Concurrence, de la Consommation et de la répression des fraudes via the contact form available at https://www.economie.gouv.fr/dgccrf.
The User may also exercise his rights previously stated in relation to this Policy by notifying the Data Controller at the following e-mail address: info@surgiris.com.
MERCASAFE© User Licence: MS 1001-179023