This personal data protection policy defines and informs you on how GMED (“we”, us” and “our”) collects, uses, stores and transfers personal data that you may communicate to us when you use our website: https://lne-gmed.com, or otherwise interact with us.

The processing of personal data by GMED is carried out in accordance with applicable law including the UK GDPR, the Data Protection Act 2018 (and regulations made thereunder), the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) (as amended), the General Data Protection Regulation (GDPR) 2016-679 of 27 April 2016, and French law no . 78-17 of 6 January 1978, (as amended), and its implementing decree no. 2019-536 of 29 May 2019, (collectively “Data Protection Law”).

 

Data controller identity

GMED SAS is the data controller for UK and EU personal data collected and processed under this privacy notice. GMED SAS is a wholly-owned subsidiary of LNE (Laboratoire nationale de métrologie et d’essais) , an Industrial and State-owned Establishment. GMED is a simplified joint-stock company (SAS) with its registered office at 1 rue Gaston Boissier 75015 Paris, France, Tel. + 33 1 40 43 37 00, dpo.rgpd@lne-gmed.comhttps://lne-gmed.com.

 

Personal data we collect about you

Personal data, means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of personal data about you, these include the following categories:

  • Identity Data includes you first name, last name and title.
  • Contact Data includes you email address, telephone number, the company you work for, and its country of location.
  • Technical Data includes you internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Location Data includes information we collect information through the website as to your real time location to deliver content, advertising or other services that are dependent on knowing where you are. This information may also be collected in combination with an identifier associated with your device to enable us to recognise your mobile browser or device when you return to the website. Delivery of location services will involve reference to one or more of the following: (a) the coordinates (latitude/longitude) of your location; (b) look-up of your country of location by reference to your IP address against public sources; and/or (c) your Identifier for Advertisers (IFA) code for your Apple device, or the Android ID for your Android device, or a similar device identifier. See the section on “Cookies” below for more information on how we use cookies and device identifiers on the website.
  • Usage Data includes information about how you use our website including the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), service you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number or social media handle used to connect with our customer service team.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and third parties, your communication preferences, any personal data you provide when you fill in a form hosted on our website, register for and/or attend an event or training that we are hosting, and any other personal data you provide when you communicate with us.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

 

Ways to collect personal data

We collect your personal data in the following ways:

  • Information you give us: This is information about you that you give us directly when you interact with us. This may include your Identify, Contact, and Marketing and Communications Data.
  • Information we collect automatically: This is information about you that we automatically collect each time you visit our website. This may include Technical, Location and Usage data mentioned above.

Purposes of personal data processing

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you, including: notifying you about changes to our service, process your job or internship applications, facilitating the completion of administrative formalities for signing up for an event organized by GMED.
  • To provide you with information about our services that we feel may interest you and to respond to your requests and manage our relationship with you. If you have given your consent to receiving marketing material from us at the point we collected your information, where required by law or otherwise in our legitimate interests provided these interests do not override your right to object to such communications.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests, including to:
    • ensure content from our website is presented in the most effective manner for you and your computer;
    • ensure we provide you with the information, products and services that you request from us;
    • administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
    • keep our website safe and secure;
    • measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
    • allow you to participate in interactive features of our service, when you choose to do so; and
    • to provide you with information about GMED and technical, regulatory, or standard developments that are likely to interest you
  • Where we need to comply with a legal obligation.

 

Our promotional updates and communications

Where permitted in our legitimate interest or with your prior consent (where required by law), we will use your personal information for marketing analysis and to provide you with promotional update communications by about our services.

You can object to further marketing at any time by selecting the “unsubscribe” link at the end of all our marketing and promotional update communications to you, or by sending us an email to dpo.rgpd@lne-gmed.com.

 

Personal data recipients

We may share your personal data with:

  • Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, who support our processing of personal data under this policy.
  • Selected third parties, including:
    • Organisations who process your personal data on our behalf and in accordance with our instructions and the Data Protection Law. This includes in supporting the services we offer through the site in particular those providing website and data hosting services, providing fulfilment services, distributing any communications we send, supporting or updating marketing lists, facilitating feedback on our services and providing IT support services from time to time. These organisations (which may include third party suppliers, agents, sub-contractors and/or other companies in our group) will only use your information to the extent necessary to perform their support functions. For more information please email dpo.rgpd@lne-gmed.com.
    • Analytics and search engine providers that assist us in the improvement and optimisation of our website and subject to the cookie section of this policy (this will not identify you as an individual).

We will disclose your personal data to third parties: in the event of merger, acquisition, or sale of business assets, your personal data may be transferred to the new controlling entity.

 

Storage and transfers

Whenever we transfer your personal data out of the UK or EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Adequacy: We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK Government and/or the European Commission.
  • Standard contractual clauses: Where we use certain service providers, we may use specific contracts approved for use in the UK and/or EEA, which give personal data the same protection.

Please contact us at dpo.rgpd@lne-gmed.com if you want further information on the specific mechanism used by us when transferring your personal data out of the UK and/or the EEA.

 

Personal data retention period

Personal data is stored no longer than necessary to fulfil the purpose of the processing, while complying with applicable legal and regulatory limits; or for another period taking into account operational constraints and efficient customer relations management; or responses to legal claims, or requests from supervisory authorities.

  • For existing GMED’s customers, information is stored for the duration of the contractual relations and for 10 years after the end of the contractual term.
  • For prospective customers, information is stored for 3 years from the time it was collected or from the last contact with the prospective customer.

We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from aggregate information retained or used for these purposes.

In addition, GMED regularly analyses the data stored and removes data that appears obsolete or expired.

 

Rights of the persons whose personal data is collected

In accordance with applicable regulations on personal data protection, under certain circumstances you have the right to:

  • to be provided with a copy of your personal data held by us;
  • to request the correction or deletion your personal data held by us;
  • to restrict the processing of your personal data
  • to object to further processing of your personal data (including the right to object to marketing); and
  • to request that your personal data be moved to a third party (also known as ‘portability’).

You can exercise these rights by sending an email to dpo.rgpd@lne-gmed.com or by letter to the following address:

GMED
Direction Commerciale
1 rue Gaston Boissier
75015 PARIS
FRANCE

GMED will respond to anyone exercising their aforementioned rights within a period of one (1) month of receiving the request. This deadline may be extended by two (2) months, taking into account the complexity and number of ongoing requests.

Where the processing of your personal data by us is based on consent, you have the right to withdraw that consent without detriment at any time – see the “Our promotional updates and communications” section of this privacy notice for more information.

If you are located in the UK, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). If you are located in France, you have the right to appeal to the French Data Protection Commission (Commission nationale de l’informatique et des libertés – CNIL) in the event of any violation of applicable regulations on personal data protection. We would, however, appreciate the chance to deal with your concerns before you approach the regulator, so please contact us in the first instance.

 

Information systems security

GMED implements all reasonable technical and organizational measures, with regard to the nature, scope, and context of the personal data you share with us and the risks of processing it, to keep your personal data secure, and, in particular, to prevent any destruction, loss, alteration, disclosure, intrusion, or unauthorized access to this data, whether by accidental or illicit means.

 

Third Party Links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

 

Cookies

For information on how we use cookies and similar technologies, please refer to our Cookie Policy.

 

Policy updates

GMED reserves the right to modify or supplement to this privacy policy, at any time and without prior notice, particularly for the purposes of complying with any legislative, regulatory, legal, or technological developments. Changes take effect as soon as they are posted on the GMED website (https://lne-gmed.com) and you are legally bound by them.

By using our website, you fully and completely accept any revisions or changes to our rules governing the protection of your personal data.

January 2024