- The manner in which their personal data is collected and processed. “Personal data” is defined as any data related to the identification, direct or indirect, of a user. This includes first and last name, age and gender, e-mail address, cell phone number, user’s location or IP address; and any information that may be associated with them;
- The rights that users have with regard to this data, and how they can exercise them;
- Responsibilities regarding the processing of personal data held by SUN ZU Lab SAS;
- The recipients of this data;
- The site’s policy on cookies and other trackers.
COLLECTION AND PROCESSING OF PERSONAL DATA
In accordance with the provisions of Article 5 of the European Data Protection Regulation 2016/679 (DPR), the collection and processing of data from users of the service comply with the following principles:
- Lawfulness, fairness and transparency: data may only be collected and processed with the consent of the user who is the owner of the data, or of his or her manager or legal guardian in the case of a person under guardianship. Each time a new type of personal data is collected, the user will be informed that his or her data is being collected, and for what purposes the data is being collected.
- Minimization of data collection and processing: only the data necessary for the proper execution of the objectives pursued by the system are collected.
- Data retention reduced in time: the data is kept for a limited period of time, of which the user is informed.
- Integrity and confidentiality of the data collected and processed: the data controller undertakes to guarantee the integrity and confidentiality of the data collected.
The lawfulness of the processing of personal data carried out in the context of the implementation of the service, in accordance with the requirements of Article 6 of European Regulation 2016/679, is based on the free and informed consent of the user (or his/her guardian) to the processing operations described herein – except when they are made necessary by the performance of a contract or by a legal obligation.
NATURE OF THE DATA
1. Data processed, purpose, storage period
The personal data collected by the service is as follows.
- Customer and/or user account data:
- Identity of the user (surname, first name) ;
- User’s contact information (email, address, cell phone number, country of residence).
This data is collected at the creation of the account by the user himself. They can be modified at any time by the user.
- Data generated or captured during the use of the service:
- Type of session, prescriber, agenda data (date/time)
This data is collected as soon as the user turns on the service, i.e. logs on to his computer, smartphone or tablet and starts a session. It is collected until the user stops the session.
The collection and processing of the data described above is for the following purposes:
- Customer and/or user account data:
- to allow the proper functioning of the service and to verify the validity and the correct parameterization of the user account ;
- to allow the management of the account and its permissions for each subscriber;
- to give access to general information on the products of SUN ZU Lab.
- Session Data:
- to collect anonymous statistical data and improve in the user’s experience of the service
The data controller will keep the data collected in its computer systems for the duration of the user account activity.
As soon as the account is no longer active (end of subscription, deletion by the user himself, etc.):
- user identity data as well as data from sessions on the service will be deleted from the operating servers and archived on a separate medium, access to which is limited to statistical or historical purposes, and kept for a period of five years;
- customer account data will be kept for a period of three years from the end of subscription, for the purpose of commercial offers.
All data is stored in optimal security conditions in relation to its sensitivity (see 3. Data hosting).
2. Third Party Data Recipients
The personal data collected by the site may be transmitted to third parties, the list of which is as follows:
- our IT development subcontractors (data accessible to this third party today: NONE);
- the professionals that you have authorized, or who have given you access to this service (data accessible to this third party today: NONE);
To date, no data is outsourced outside the European Union, whether for hosting or any other processing, or for sub-contracting.
3. Data hosting
The personal data processed within the framework of the use of the device are stored on the servers of OVH SAS, a French company incorporated in Lille, with a capital of 10 059 500 €, registered under the number 424 761 419 00045, domiciliated at: 2 rue Kellermann – 59100 Roubaix – France.
1. Responsible for processing
The person responsible for processing personal data is the company SUN ZU Lab SAS, represented by its President, Mr Stéphane Reverre. He can be contacted by email at: RGPD@sunzulab.com.
2. Obligations of the data controller
The person responsible for processing personal data determines the purpose of the processing and the means used to achieve it.
He undertakes to protect the personal data collected, not to transmit them to third parties without the user’s knowledge and to respect the purposes for which these data was collected.
He undertakes to notify the user in the event of rectification or deletion of data, unless this would entail disproportionate formalities, costs and steps.
In the event that the integrity, confidentiality or security of the user’s personal data is compromised, entailing a risk for the user, the data controller undertakes to inform the user by any means.
In accordance with the provisions of articles 15 to 22 of the European Regulation 2016/679, the user has the rights listed below.
1. Rights of the user with regard to the processing of personal data
a. Right of access, rectification and right to erasure
The user may view, update, modify or request the deletion of data concerning him/her – whether he/she has created his/her account himself/herself or whether it has been created by a third party.
The user has the right to request the deletion of his personal space if he has one.
b. Right to data portability
The user may request the portability of his personal data, held by SUN ZU Lab, to another site, requesting the provision of an archive in a format that meets market standards.
c. Right to limitation and opposition of data processing
The user has the right to request the limitation or to oppose the processing of his/her data by the data controller, without the latter being able to refuse, unless he/she can demonstrate the existence of legitimate and compelling reasons, which may prevail over the interest and right and freedom of the user.
d. Right not to be subject to a decision based exclusively on an automated process
The user has the right not to be subject to a decision based exclusively on an automated process if the decision produces legal effects concerning him or her, or affects him or her significantly in a similar way.
e. Right to determine the fate of data after death
The user (or his legal guardian if applicable) is reminded that he can organize the future of his data collected and processed if he dies, in accordance with the law n°2016-1321 of October 7, 2016. If he wishes to do so, he must send the company SUN ZU Lab a notification of his advance directive at the following address: RGDP@sunzulab.com.
f. Right to apply to the competent supervisory authority
In the event that the data controller decides not to respond to the user’s request, and the user wishes to contest this decision, or if he or she believes that one of the rights listed above is being infringed, he or she has the right to refer the matter to the CNIL (Commission Nationale de l’Informatique et des Libertés, https://www.cnil.fr/fr/plaintes) or any competent judge.
2. Conditions of exercise of rights by the user
Each of these rights can be exercised by e-mail, addressed to the person in charge of personal data within SUN ZU Lab: RGDP@sunzulab.com, or by post at the following address: SUN ZU Lab, RGDP Officer, 11 Rempart St Thiebault, 57000 METZ, FRANCE
To ensure that these rights cannot be exercised to the detriment of a third party and to prohibit any identity theft, the user is required to communicate to SUN ZU Lab his first and last name as well as his e-mail address, his account or personal or subscriber number, AND a copy of an identity document.
The data controller is obliged to respond to the user within a maximum of 30 (thirty) days.
USE OF TRACKERS
The website and the application constituting the service may have recourse to the use of external (fingerprinting) or internal (invisible pixels, cookies) trackers at the user’s terminal.
A tracker is a micro-file that we install on the user’s hard drive, or on our own servers in connection with the user’s IP address. It contains, in particular, information relating to the user’s browsing habits.
These files allow us to process statistics and traffic information, to facilitate navigation and to store certain preferences for use of the device.
To do so, the consent of the user is necessarily required. A consent panel is displayed during the user’s first visit, and allows the user to choose whether he or she consents to the installation of cookies and the use of trackers and to personalize his or her choice.
This consent of the user is considered valid for a maximum of 13 (thirteen) months. At the end of this period, the site will again request the user’s authorization to save cookies on his hard disk.
The user is informed that he or she may oppose the registration of these cookies by configuring his or her navigation software or by reopening the personalization panel accessible from the footer of the website and from the application menu.
If the user decides to disable cookies, he or she will be able to continue browsing the site. However, any dysfunction of the site caused by this manipulation could not be considered as being due to the site editor.
b. Description of cookies used by the site
The publisher of the site draws the attention of the user to the fact that the following cookies, in particular, are used during his navigation:
- cookies to identify the current browsing session;
- cookies identifying the remote server used by the host to manage the session;
- third party cookies to collect statistics (Google);
- third party cookies from contextual and behavioral advertising services (Google, Double Click).
In addition, the service may integrate social network buttons, allowing the user to share his activity. Cookies from these social networks are therefore likely to be stored on the user’s terminal when he uses these features.
The user’s attention is drawn to the fact that these social networks have their own privacy policies and different general conditions of use of the site. The site editor invites users to consult the privacy policies and general conditions of use of these sites.
However, in the event of a major modification, the latter will be brought to the attention of the users by various means: “push” notifications on the the website (https://www.sunzulab.com); SMS on the telephone number mentioned by the user; e-mail on the address mentioned by the user.