cidelec.net
Personal data protection policy
Preamble
CONTROLE INSTRUMENTATION ET DIAGNOSTIC ELECTRONIQUES - CIDELEC (hereinafter "CIDELEC" or "we") attaches fundamental importance to the protection of the privacy and personal data of its users and customers. The purpose of this policy is to provide you with transparent information about how CIDELEC collects, uses, stores, and protects your personal data when you browse the cidelec.net website.
It has been drafted in accordance with Regulation (EU) 2016/679 (GDPR) of April 27, 2016, and Law No. 78-17 of January 6, 1978, as amended (Data Protection Act).
By accessing and using the Site, you acknowledge that you have read this privacy policy.
Identity of the data controller
The controller of your personal data is:
- Company
- CIDELEC (SAS)
- Share capital
- €152,450
- SIREN
- 378 592 539
- Intra-community VAT
- FR70378592539
- Head office
- 20 rue des Métiers, 49130 Sainte-Gemmes-sur-Loire, France
- Phone
- +33 (0)2 41 66 20 88
- dpo@cidelec.net
- Website
- cidelec.net
Personal data collected
Data collected directly
Depending on the actions you take on the Website, CIDELEC collects the following categories of data:
Account creation (register)
- First and last name
- Password (stored in encrypted form)
- Professional information (healthcare facility, specialty, position)
Contact form
- First and last name
- Phone number (optional)
- Message and subject of the request
Newsletter subscription
- First and last name
Data collected automatically
When you browse the Website, technical data may be collected via cookies and similar technologies:
- IP address and connection data
- Browser type and version, operating system
- Pages visited, duration of visit, browsing history
- Session IDs
For more details, please see our Cookie Management Policy.
Purposes of processing and legal bases
User account management
Legal basis
Performance of a contract — necessary to enable you to access the secure document area (manuals, software setups, product resources).
Data: login credentials, professional information.
Processing of contact and support requests
Legal basis
Legitimate interest — CIDELEC has a legitimate interest in responding to requests for information and technical support. The data is integrated into our CRM tool Pipedrive (Pipedrive OÜ, Estonia), a subcontractor.
Data: name, email address, telephone number, message content, correspondence history.
Sending newsletters and monitoring commercial relationships
Legal basis
Consent — freely given during registration, withdrawable at any time via the unsubscribe link or by contacting our DPO. Communications are managed via Pipedrive (Pipedrive OÜ), our CRM and emailing tool.
Data: last name, first name, email address, interaction history.
Audience measurement and website improvement
Legal basis
Consent — analysis is performed via Google Analytics (Google Ireland Limited). Google Analytics may transfer data to Google's servers, including in the United States, under the EU-U.S. Privacy Shield Framework (DPF). You can opt out via the consent manager or the Google Analytics opt-out extension.
Data: browsing behavior, anonymized IP address.
Compliance with legal obligations
Legal basis
Legal obligation — retention of certain data to comply with applicable accounting, tax, and legal obligations.
Data recipients
Your data is processed by authorized CIDELEC personnel and may be transmitted to the following subcontractors:
- HOSTINGER INTERNATIONAL LTD (Larnaca, Cyprus) — Website hosting;
- Pipedrive OÜ (Estonia) — CRM, contact management, and newsletter distribution;
- Google Ireland Limited — audience measurement via Google Analytics (subject to your consent);
- Legal, judicial, or administrative authorities — in the event of a legal obligation.
CIDELEC does not sell, rent, or transfer your data to third parties for commercial purposes. Transfers outside the EU (in particular to the United States via Google Analytics) are governed by the European Commission's standard contractual clauses and/or the EU-US DPF mechanism.
Retention periods
- User account: for the duration of the account's activity, then 3 years after the last login;
- Contact and business relationship (Pipedrive): 3 years from the last contact;
- Newsletter: until consent is withdrawn or 3 years after the last engagement;
- Legal and accounting data: 10 years (legal obligations);
- Google Analytics cookies: maximum 13 months (CNIL recommendations).
At the end of these periods, the data is irreversibly deleted or anonymized.
Your data protection rights
In accordance with the GDPR and the French Data Protection Act, you have the following rights:
Right of access
Art. 15 GDPR
Obtain confirmation of the processing of your data and receive a copy of it.
Right to rectification
Art. 16 GDPR
Request the correction of inaccurate or incomplete data.
Right to erasure
Art. 17 GDPR
Request the deletion of your data, under certain conditions.
Right to restriction
Art. 18 GDPR
Request the temporary suspension of processing.
Right to portability
Art. 20 GDPR
Receive your data in a structured, machine-readable format.
Right to object
Art. 21 GDPR
Object to processing based on legitimate interest or for marketing purposes.
Withdrawal of consent
Art. 7 GDPR
Withdraw your consent at any time, without affecting previous processing.
Post-mortem directives
I&L Law
Define instructions regarding the fate of your data after your death.
To exercise these rights, please send your request to our DPO: dpo@cidelec.net. CIDELEC undertakes to respond within one month (this period may be extended by two months for complex requests).
In the event of disagreement, you may lodge a complaint with the CNIL: www.cnil.fr — 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France.
Data security
CIDELEC implements appropriate technical and organizational measures to ensure the security, confidentiality, and integrity of your data:
- Encryption of data in transit via the HTTPS/TLS protocol;
- Password encryption (secure hashing);
- Access restricted to authorized persons only;
- Secure hosting with a certified provider;
- Regular monitoring of systems and application of security updates.
In the event of a data breach that could pose a high risk to your rights and freedoms, you will be notified in accordance with Articles 33 and 34 of the GDPR.
Cookies and trackers
The Site uses functional cookies (necessary for proper functioning) and analytical cookies (Google Analytics, subject to your consent). When you first visit the Site, a banner allows you to accept or refuse non-essential cookies. You can change your preferences at any time via the consent manager at the bottom of the page.
For complete information: Cookie Management Policy.
Links to third-party sites & data relating to minors
Links to third-party sites
The Site may contain links to third-party sites. CIDELEC is not responsible for their privacy practices. We encourage you to review the privacy policies of these sites.
Data relating to minors
The Site is intended exclusively for healthcare professionals and is not intended for minors (under 18 years of age). If you are aware that a minor has provided us with data, please contact our DPO at dpo@cidelec.net so that we can delete it.
Changes to the privacy policy
CIDELEC reserves the right to modify this policy at any time, in particular to comply with legal, regulatory, or technical developments. In the event of a substantial modification, you will be informed by any appropriate means (notification on the Website, email, etc.).
The date of the last update is indicated at the top of this document. We invite you to consult this page regularly to review the current version.
Data Protection Officer (DPO) and contact details
CIDELEC has appointed a Data Protection Officer (DPO) in accordance with Article 37 of the GDPR, who is your primary contact for any questions relating to this policy or the exercise of your rights:
Data Protection Officer
Mr. Emmanuel JEAN-PIERRE
For any other commercial or technical requests, you can also contact CIDELEC at sales@cidelec.net.
