Version applicable on July 20, 2022

The purpose of this Privacy Policy is to inform and present to customers and users of the website the way in which MEDISUR processes the personal data collected as data controller in the context of ordering products and performing the contract.

  1. Description of processing: what processing of personal data and why?
  • Personal data concerning the customer, collected during the creation of the account 

MEDISUR collects and processes personal data concerning the customer for the creation of the account as follows:

Purpose of processingAccount creation and managementProspecting 
Personal data collectedCustomer name, email address, password, surname, first name, postal address, telephone number Last name, first name, email address
Purposes of processingManage the client's access to and use of the account Check the client's professional status 
Sending information or promotional emails, recontacting the customer after the end of the contract, carrying out statistical studies
Legal basisExecution of the contract Legal obligations regarding the sale of DMDIVLegitimate interests of MEDISUR in the context of its commercial and prospecting activity
Storage and archiving periodConservation: duration of the account Archiving: 5 years from the closing of the account*Retention 3 years from the last contact from the customer unless the customer objects

The data listed above is mandatory because it is necessary for MEDISUR to implement the purposes specified above. 

* The account may be closed at the request of the client or, in the event of an inactive account beyond a period of 2 years, MEDISUR may close the account after sending a notification to the client (unless the latter objects to closing their account).

  • Personal data concerning the customer, collected during the ordering of the products and the execution of the contract 

MEDISUR collects and processes personal data concerning the legal representative and his interlocutors within the customer for the conclusion and execution of the contract (orders) as follows:

Purpose of processingConclusion and execution of the contract
Personal data collectedData collected for account creation; order data; payment data; exchanges within the framework of the conclusion of the contract and its execution
Purposes of processingPre-contractual exchanges, conclusion of the contract, details of the order, management of invoicing and payment, communications with the customer for the execution of the contract, monitoring of the customer relationship, management of any complaints.
Retention of data for the purpose of meeting accounting obligations 
Retention of data for probative purposes (for the exercise or defense of legal rights) or in the context of archiving imposed by the Consumer Code (contracts over 120 euros)
Legal basisPerformance of the contract 

Invoices and retention of contracts over 120 euros: legal obligations (Commercial Code and Consumer Code)
Other data kept for evidentiary purposes: Legitimate interests of MEDISUR
Storage and archiving periodRetention as long as the account is active

Archiving for a period of 5 years from the end of the relationship and archiving for 10 years for invoices

The data listed above is mandatory because it is necessary for MEDISUR to implement the purposes specified above. 

  1. Recipients of personal data

Data controller : the person responsible for processing this data is MEDISUR, whose full contact details appear in the legal notices on the website.

Recipients : in compliance with the purposes set out above, the user's personal data may be communicated to MEDISUR staff and to MEDISUR's technical suppliers (the host) acting as subcontractors, as well as to the banking establishment managing payments, carriers, and, where applicable, its advice.

The host is located in Canada which may involve a transfer of data to this country. The level of personal data protection in this country is considered adequate by the European Commission.

  1. Rights of the customer or user on his personal data

The customer and more generally the users whose data is collected by MEDISUR have at all times the following rights over their personal data: 

  • Permission to access : obtain confirmation of the processing of his personal data as well as a certain amount of information on the processing, it being understood that this information is in any case given in this personal data protection policy; 
  • Right of rectification : obtain the rectification of his personal data when they are inaccurate or incomplete; 
  • Right to erasure (“right to be forgotten”): obtain the erasure of their personal data when they are no longer necessary for the purposes for which they were collected or in the event of opposition to the processing of their personal data. 

The right to erasure is not enforceable in the cases provided for in Article 17.3 of the GDPR. In particular, this right is not open as long as the customer or user wishes to use his account or order products, this personal data being necessary for MEDISUR for the management of the contract and the ordering of products.

  • Right to restriction of processing : obtain the limitation of the processing of his personal data, in particular in the event of contestation of the accuracy of the data, when the data retention period has expired but the person whose data is processed still needs to keep this data personal for the recognition, exercise or defense of a legal right; 
  • Right to portability : obtain the communication of the personal data communicated to MEDISUR in a readable format, or ask MEDISUR to transmit the personal data communicated to another data controller; 
  • Right of objection : object at any time, for reasons relating to his personal situation, to the processing of his personal data based on the legitimate interest of MEDISUR, in particular in the event that this opposition concerns commercial prospecting, except for compelling reasons for MEDISUR . 
  • Right to lodge a complaint : lodge a complaint with the National Commission for Computing and Liberties if the person whose data is processed considers that the processing carried out by MEDISUR constitutes a violation of their personal data. 
  • Right to define the directives relating to the fate of his personal data after his death.

These rights can be exercised at any time with MEDISUR:

  • By post to the following address: Pôle Yvon Morandat, 1480 Av. d'Armenie, 13120 Gardanne