Ergosanté specialises in the design and distribution of tailor-made ergonomic solutions to help disabled workers remain in employment and improve working conditions.

Since 2018, Ergosanté has been committed to bringing its systems and practices into compliance with the European Data Protection Regulation - No. 2016/679 (GDPR).

The purpose of this commitment is to describe the operating principles adopted by Ergosanté in order to comply with the regulation and protect the privacy of individuals whose data is processed. Ergosanté is gradually implementing all the measures and procedures necessary to ensure compliance with these principles.

The commitment also specifies the general framework for the processing of personal data carried out by Ergosanté and, in this sense, aims to provide the necessary information to the individuals concerned.

1. Data processed by Ergosanté

Ergosanté works closely with its users, customers, suppliers and partners, and as a result collects personal information through its activities, some of which can be used to identify individuals.

In accordance with the legislation in force, Ergosanté has adopted the principle of minimisation in its data collection and only collects data that is strictly necessary for the purpose pursued and explained to the individuals concerned, allowing them to exercise their rights.

1.1.Business relationships

The data processed by Ergosanté for its customers, suppliers and partners are:

- Identification data: surname, first name

- Contact details: address, email, telephone number

1.2.Users of Ergosanté equipment

The data processed by Ergosanté for users of its solutions are:

- Identification data: surname, first name

- Contact details: email address, telephone number

- Morphological data (height, weight and other information useful for manufacturing equipment)

2. Processing of information

2.1. Legal basis

The processing carried out by Ergosanté is based on the following legal grounds:

The consent of the data subject (in particular, requests for contact or quotes)

The performance of a contract (in particular, the manufacture or purchase of equipment)

The legitimate interest of the data controller

A legal obligation to process the data

2.2.Processing

The personal data mentioned above will be used by Ergosanté in the course of its activities. It will only be used within the strict limits defined by the legislation in force.

Ergosanté may use an individual's personal data for the following purposes, among others:

To register them on its information systems and manage the delivery and invoicing of solutions provided by Ergosanté,

To manufacture equipment that meets the user's needs (morphological data in particular),

To comply with its legal obligations,

To monitor, critically review and improve its offering,

To maintain records for internal administrative purposes (complaints, customer loyalty, etc.),

For marketing purposes (by email or via social media)

For communication with suppliers and payment of invoices.

3. Collection of information

3.1. Direct collection

Ergosanté collects the contact details of its contacts (users, customers, suppliers and partners):

- Through direct contact (face-to-face meetings, telephone conversations)

- Through email contact

- Via its corporate website:

o Contact form

- Via the online shop:

o Contact form

o Quote request form

o Customer account creation form

Where possible, telephone contact is confirmed by email, allowing the person concerned to keep a written record of the conversation and to exercise their rights at any time.

3.2. Cookies

The term ‘cookies’ covers all trackers deposited or read when visiting a website.

Cookies, based on a file that can be stored on the user's computer while browsing, are intended in particular to simplify navigation on websites and measure their effectiveness.

The Ergosanté online store uses two categories of cookies:

1) Cookies that are strictly necessary to provide the service requested by the user. Without them, the proper functioning of the site would be impaired. For example:

o Visitor authentication

o Session identifiers: these allow each user to remain identified throughout the ordering process, once they have created their customer account. This cookie has a lifespan of 30 days

o Shopping basket: this is saved each time an item is added to the basket so that it is not emptied when the visitor changes pages. This cookie has a lifespan of 3 days when the user is not authenticated and 30 days when they are. This cookie is deleted when the user logs out or when the customer's payment is validated.

o Customisation of the user interface (choice of language or layout)

o ‘Already seen’ cookies: allow each user to see the last items viewed. Their lifetime corresponds to the session time.

2) Audience analysis cookies, which enable Ergosanté to improve its content and online services through various measures of internet user browsing. Issued by Google Analytics and Site Analyzer, the information collected enables Ergosanté to measure the number of visits, the path taken and the interests of each visitor anonymously. This data enables us to improve our content and the user experience.

Some cookies are placed by Ergosanté directly when browsing one of its websites. Other cookies are placed by companies outside Ergosanté in order to collect user browsing data when they browse different websites. For more information, users are invited to consult the privacy policies of these companies.

In accordance with the recommendations of the CNIL, consent is obtained by displaying a banner on the website containing the following information:

the purposes of the cookies used;

the possibility of objecting to these cookies and changing the settings by clicking on a link ‘learn more and configure cookies’

the fact that continuing to browse the website constitutes consent to the storage of cookies on the user's device.

Cookies can be disabled at any time by adjusting your browser settings. Any settings made in your web browser regarding the acceptance or rejection of cookies may affect your browsing experience on the Internet and on our website, as well as the conditions of access to certain services that require the use of these same cookies.

4. How and for how long are the data stored?

Processing operations are carried out on the data contained in Ergosanté's files and databases, applying strict control rules in accordance with the state of the art in technology and the recommendations of the competent supervisory authority.

4.1. Security of personal data

Ergosanté takes all necessary precautions to preserve the security and confidentiality of personal data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorised third parties.

Ergosanté is gradually extending the scope of its security measures and developing specific procedures to take account of the regulation.

4.2. Data retention period and archiving

The retention period depends on the activity concerned, the nature of the contact (customer or prospect) and industry practices.

- Ergosanté has set the default retention period for personal data at two years.

- Certain data is retained for a shorter period:

o Cookies expire thirteen months after their last update.

o Prospect data is deleted after a period of two years without response to any solicitation.

- Ergosanté retains certain mandatory documents (invoices, etc.) in accordance with the legal retention period.

- The retention period is sometimes linked to the relevance or necessity of processing: customer data is retained for the duration of the commercial relationship, and data in directories is retained for the duration of the mandates of the persons concerned.

Old data is archived, and strict access controls are then activated. Data that is no longer needed is destroyed.

5. Who has access to the personal data collected?

5.1. At Ergosanté

The personal data collected is accessible to various departments at Ergosanté depending on the processing required, in particular:

- Sales department for order processing and deliveries

- Manufacturing department for the design and manufacture of adapted equipment

- Accounting department for invoice management

- Sales department and webmaster for the online shop

5.2. Outside Ergosanté

Ergosanté may transfer the personal data it holds to various third parties, such as:

service providers, subcontractors and suppliers in order to perform services on its behalf (e.g. technical services, manufacture of equipment),

other companies, financial institutions or organisations/services responsible for enforcing laws for the purposes of preventing or detecting fraud, where such disclosure is necessary to protect Ergosanté's rights,

in cases where required by law or upon formal request from an authority (particularly in the context of legal proceedings), public, semi-public or private organisations in the context of a public service mission.

Only data that is useful for the performance of the contract is provided, and no sensitive data is shared outside Ergosanté.

5.3. Terms and conditions for working with third parties

In the event that personal data is transferred to a third party for any reason (e.g. subcontracting), Ergosanté applies the conditions defined by the legislation in force, in particular informing the persons concerned of this transfer.

Ergosanté will conduct a campaign among its subcontractors, within the meaning of the GDPR, to check the compliance of contracts and the conditions for processing personal data.

Under no circumstances will data be transferred to a third party for commercial purposes.

6. Obtaining personal data from third parties

Ergosanté may receive personal data such as surname, first name, email address and telephone number from third parties (employers and partners in particular) in order to perform a contract for the supply of equipment.

Morphological data is collected exclusively from the person concerned if they agree to provide it. This data is used to ensure the proper manufacture of the requested equipment.

The data is added to the file when the quotation is drawn up and is used solely for the purposes of completing the transaction. It is only accessible to Ergosanté's sales and manufacturing teams, as well as any subcontractors.

7. Are data transferred outside the EU?

Ergosanté does not transfer any personal data outside the European Union.

8. Who should I contact to exercise my rights?

Ergosanté has adapted its organisation to meet the requirements of the European Data Protection Regulation and to provide anyone with information about the personal data held about them and how it is processed.

Any request relating to the exercise of rights (access, opposition, limitation, rectification, portability, deletion) must be sent to ‘contact@ergosante.fr’. This request must include as much detail as possible so that it can be processed upon receipt within a maximum of 30 days, in accordance with the requirements of the Regulation.

In case of doubt, proof of identity may be requested in order to process the request.

Any person may contact the Supervisory Authority in their country directly (for France, the CNIL: www.cnil.fr).

9. Where is our data hosted?

The Ecosiège website servers are hosted exclusively by OVH in France, in data centres located in northern France.

These servers host our database, which is necessary for the proper functioning of the site. Customer accounts are stored in this database.

In order to access your order history, this data is only deleted if you request it via your dedicated customer area or by email.

10. Does Ergosante sell my personal data?

No! All data collected remains with us and will never be given, rented or sold to a third party.

11. Are passwords secure?

Passwords are stored in encrypted form and cannot be decrypted.

12. What about credit card numbers?

For credit card payments, we work with a French service provider called PayPlug, which guarantees data security.

At no time do we have access to our customers' credit card numbers.

Our service provider has numerous accreditations that guarantee the security of their IT system.

More information: https://www.payplug.com/fr/politique-de-confidentialite

We also work with PayPal, but only customers with an account can place orders, so their data is secured directly by PayPal.

13. What personal data is collected and what is it used for?

When placing an order:

When a customer creates an account on our website, we store all the information necessary to process the order in our database: email address, first and last name, company name, postal address and telephone number, so that we can prepare and deliver the parcel.

This order data is sent to various service providers so that the order can be delivered to the customer: our manufacturers and logistics providers prepare the parcels and the carriers deliver them to the customer.

They are not permitted to use the data for any purpose other than to process your order and must delete this data from their computer systems after processing. These service providers store the data in European data centres. However, if the customer chooses to have their order delivered outside Europe, data such as the postal address will necessarily be transmitted to the logistics services of the carrier delivering to that country.

Statistics:

In order to constantly improve our service, we use systems and services operated by third-party providers that enable us to monitor our activity. As such, we provide these systems with our customer database, their browsing history on our website, and information about the products they have viewed and ordered. Most of our systems are hosted in France, such as Site Analyzer, while others are based in the United States, such as Google Analytics.

14. Would you like to modify or delete your personal data?

Most data can be modified directly by you from your customer area on our website. You can also download all of this data or delete it.

If you are unable to access this information, please send us an email at dpo@ergosante.fr specifying your request.