Ergosanté specializes in the design and distribution of custom ergonomic solutions for the maintenance of employment of disabled workers and the improvement of working conditions.
Ergosanté has been engaged since 2018 in a process of compliance with its systems and practices, pursuant to the European Data Protection Regulation - n° 2016/679 (GDPR).
The purpose of this commitment is to describe the operating principles used by Ergosanté in order to comply with the regulations and protect the privacy of natural persons whose data are processed. Ergosanté progressively sets up all the necessary instruments and procedures for compliance in accordance with these principles.
The commitment also specifies the general framework for personal data processing carried out by Ergosanté and, in this sense, is intended to provide the necessary information to the persons concerned.
1. Data processed by Ergosanté
Ergosanté works in close collaboration with its users, customers, suppliers and partners, and therefore collects personal information through its activities, some of which makes it possible to identify individuals.
In accordance with existing legislation, Ergosanté has adopted the principle of minimization in the collection and collects only the data strictly necessary for the purpose pursued and clarified with the natural persons concerned, leaving them any capacity to exercise their rights.
1.1.Trade relations
The data processed by Ergosanté for its customers, suppliers and partners are:
-Identification data: name, first name
-Contact data: address, email, telephone
1.2.Users of Ergosanté equipment
Data processed by Ergosanté for users of its solutions are:
-Identification data: name, first name
-Contact data: email, phone
-Morphological data (size, weight and other information useful for the manufacture of materials)
2Information processing
2.1.Legal basis
The treatments carried out by Ergosanté are based on the following legal bases:
- The consent of the person concerned (contact or quote requests in particular)
- Contract execution (manufacture or purchase of equipment in particular)
- The legitimate interest of the data controller
- A legal obligation to perform the treatment
2.2.Treatment
The personal data mentioned above will be used by Ergosanté as part of its activities. They are used only in the strict limits defined by the legislation in force.
Ergosanté may use an individual's personal data in particular for the following purposes:
- To record it on its information systems and manage the delivery and billing of solutions provided by Ergosanté,
- In order to manufacture equipment that meets the needs of the user (especially morphological data),
- For the purpose of fulfilling its legal obligations,
- For the purposes of monitoring, critical review and improvement of its offer,
- In order to keep files for internal administrative use (complaints, loyalty, etc.),
- For prospecting purposes (by email or via social networks)
- For exchanges with suppliers and payment of invoices.
3Collection of information
3.1. Direct collection
Ergosanté collects contact information from its interlocutors (users, customers, suppliers and partners):
- By direct contact (face-to-face meeting, telephone conversation)
- By email contact
- Via its institutional website:
o Contact form
- Via the online store:
o Contact form
o Request for quotation form
o Customer account creation form
Where possible, the telephone contact is confirmed by sending an email that allows the person concerned to keep a written record of the conversation and to be able to exercise their rights at any time.
3.2. Cookies
The term “cookies” covers all registered or read tracers when consulting a website.
Cookies, based on a file that can be stored on the user's computer while browsing, are intended in particular to simplify navigation on sites and to measure their effectiveness.
Ergosanté’s online sales website is based on two categories of cookies:
(1) Cookies strictly necessary for the provision of the service requested by the user. Without them the proper operation of the site would be altered. For example:
o Visitor authentication
o Session identifiers: it allows each user to remain identified throughout its control path, once the user has created its customer account. This cookie has a life of 30 days
o Merchant basket: it is recorded each time an item is added to the basket so that the latter is not emptied when the visitor changes pages. This cookie has a lifespan of 3 days when the user is not authenticated and 30 days when he is. This cookie is deleted when disconnecting or validating customer payment.
o User interface customization (language or presentation choice)
o « already seen» cookies: allows each user to see the latest articles consulted. Its lifetime corresponds to the session time.
2) Audience analysis cookies, which allow Ergosanté to improve its content and online services through various measurements of Internet users' navigation. Issued by Google Analytics and site analyzer, the information collected allows Ergosanté to measure the number of visits, the path and the interests of each visitor anonymously. This data allows us to improve our content and the user experience.
Certain cookies are placed by Ergosanté directly when browsing one of its sites. Other cookies are placed by companies outside Ergosanté in order to collect users' browsing data when they browse different sites. For more information, users are advised to consult the privacy policies of these companies.
In accordance with CNIL’s recommendations, the collection of consent is made by the appearance of a banner visible on the website, which contains the following information:
- the purposes of the cookies used ;
- the possibility of opposing these cookies and changing the settings by clicking on a link “learn more and setting cookies”
- because the continuation of its navigation is agreed to the deposit of cookies on its terminal.
Cookies can be disabled at any time by setting the browser. Any setup on the web browser, concerning the acceptance or refusal of cookies, will be likely to change the browsing on the Internet and on our website, as well as the conditions for access to certain services requiring the use of these same cookies.
4. How and how long are the data stored ?
Treatment actions are carried out on the data in Ergosanté’s files and databases, applying strict control rules, in accordance with the state of technological art and the recommendations of the competent control authority.
4.1. Personal data security
Ergosanté takes all necessary precautions to preserve the security and confidentiality of personal data and in particular to prevent them from being distorted, damaged or from unauthorized third parties having access to them.
Ergosanté progressively extends the scope of its security measures, and develops procedures specific to the consideration of the regulation.
4.2. Data retention and archiving
The shelf life depends on the activity concerned, the nature of the contact (customer or prospect) and the uses of the sector.
- Ergosanté has set the retention period for personal data at two years by default.
-Some data are retained for a shorter shelf life:
o Cookies expire thirteen months after their last update.
o The lead data is deleted over a period of 2 years without response to any solicitation.
-Ergosanté retains certain mandatory documents (invoices etc.) depending on the legal duration of conservation.
-The length of time is sometimes linked to the relevance or necessity of processing: client data are retained for the duration of the commercial relationship or data present in the directories are retained for the duration of the warrants of the persons concerned.
Old data is archived, strict access control is then activated. Data that is no longer needed is destroyed.
5. Who has access to personal data collected ?
5.1. At Ergosanté
The personal data collected are accessible to the various services of Ergonsanté according to the necessary treatments, including:
-Commercial service for order processing, delivery
-Manufacturing service for the design and manufacture of suitable equipment
-Accounting service for invoice management
-Commercial and Webmaster service for online store
5.2. Outside Ergosanté
Ergosanté is likely to transfer the personal data it holds to different third parties such as:
- contractors, contractors and suppliers to perform services on their behalf (e.g. technical services, equipment manufacturing),
- other companies, financial agencies or law enforcement agencies/services for the prevention or detection of fraud, where such disclosure is necessary to safeguard the rights of Ernsanté,
- in cases where the law provides for it or on a formal request of an authority (especially in a judicial process), public, parapublic or private bodies within the framework of a public service mission.
Only data relevant to the performance of the contract are provided, and no sensitive data is shared outside Ergonsanté.
5.3. Working arrangements with third parties
In the event that personal data are transmitted to a third party for some reason (e.g., subcontracting), Ergosanté applies the conditions defined by the legislation in force, including the information of the persons concerned of the transfer.
Ergosanté will lead to its subcontractors in the RGPD sense a campaign to monitor the compliance of contracts and the conditions for the execution of personal data processing.
In no case are the data transferred to a third party for commercial purposes.
6Obtaining personal data from third parties
Ergosanté may receive from third parties (e.g. employers and partners) personal data such as name, first name, email address, telephone, in order to execute a contract for the provision of equipment.
Morphological data are collected exclusively from the data subject if the data subject agrees to provide them. These data are used to ensure adequate manufacturing of the equipment requested.
The data are added to the file at the time of the preparation of the quotes and used only in the course of the completion of the case. They are accessible only to Ergosanté business and manufacturing teams, as well as to potential subcontractors.
7. Are the data transferred outside the EU ?
Ergosanté does not transfer any personal data outside the European Union.
8. Who is speaking to exercise his rights ?
Ergosanté adapted its organization to meet the requirements of the European Data Protection Regulation and to provide any person with information on the personal data held concerning them, as well as on the treatments performed on these data.
Any request related to the exercise of rights (access, opposition, limitation, rectification, portability, suppression) must be sent to contact@ergosante.fr. This request must include as much detail as possible so that it can be treated at reception within a maximum of 30 days, in accordance with the requirements of the Regulations.
In case of doubt, an identity document may be requested to process the request.
Any person has the opportunity to contact directly the Autorité de contrôle de son pays (for France, CNIL:www.cnil.fr).
9. Where are our data hosted ?
The servers on the Ecosiège website are exclusively hosted atOVH, inFrance, in data centers located north of France.
These servers host our database for the proper operation of the site. In this database are stored client accounts .
In order to have access to your order history, this data is only deleted if you request it via your dedicated customer space or by email.
10. Does Ergosante resell my personal data ?
No! All the collected data remain with us and will never be given, leased or sold to a third company.
11. Are passwords safe ?
Passwords are stored "encrypted“and impossible to decrypt.
12. Concerning bank card numbers ?
For bank card payments, we work with a French provider namedPayPlug, data security guarantee.
At no time we have access to our customers’ bank card numbers.
Our provider has numerous approvals to justify the security of their computer system.
More information: https://www.payplug.com/fr/politique-de-confidentialite
We also work with societyPaypalBut only customers with an account can order, so their data is secured byPaypalDirectly.
13. What personal data are collected and what are they used for ?
When ordering:
When a customer creates a customer account on our site, we record in our database all the necessary information to be able to process the order: email, name and first name, company, postal address and telephone number in order to be able to prepare and deliver the package.
This order data is transmitted to the various service providers so that the order arrives at the customer's premises: our manufacturers and logisticians prepare the packages and the carriers drop them off at the customer's premises.
They absolutely do not have the right to use the data for any purpose other than to process your order and must delete this data from their computer system after processing. These providers store data in European data centres. However, if the customer chooses to be delivered outside of Europe, the data as the postal address will necessarily be transmitted to the logistics services of the carrier who will deliver in this country.
Statistics:
In order to constantly improve our service, we use systems and services operated by third-party providers allowing us to monitor our activity. As such, we provide these systems with tracking of our customer base, and their consultation history on our site as well as information concerning the products viewed and ordered. Most of our systems are hosted in France assite analyzer, and others are domiciled in the United States asgoogle analytics.
14. Do you want to modify or delete your personal data ?
Most data are editable directly by you even from your customer area on our website. You can also download or delete all of these data.
If you can't access this information, we invite you to write an email to usdpo@ergosante.frSpecifying your request.