Privacy Policy

Version of 18/11/2024

This website accessible at www.stellasurgical.com (the “Website“) is published by GRAFT SMART SAS, a simplified joint stock company with a capital of 1000 euros, registered in the Montpellier Trade and Companies Register under number 983 307 075, whose registered office is located at 10 boulevard Vieussens, 34000 Montpellier, France (hereinafter referred to as the “Publisher“).

The Publisher undertakes to comply with French and European law on the protection of personal data, in particular the General Data Protection Regulation of 27 April 2016 (RGPD) and the amended Data Protection Act of 6 January 1978 (LIL).

1. The identity of the Data Processor

GRAFT SMART is the Processor for Personal Data.

The Processor undertakes to take the necessary measures to ensure the protection and confidentiality of the Personal Data present in accordance with the General Data Protection Regulation of 27 April 2016 (RGPD) and the amended Data Protection Act of 6 January 1978 (LIL).

2. Origin of the Personal Data

The Publisher collects Personal Data on the Website from Internet users who contact GRAFT SMART via online contact form. This data is necessary to respond to the solicitation of the Internet users. The Publisher processes only the Personal Data strictly necessary for the contact request of the Internet users.

3. Purposes and Processing of the Personal Data collected

3.1. Need for collection

When using the Website, the Internet user provides the Publisher with certain Personal Data necessary for the proper functioning of the Website:

Either directly via one of the contact form : last name, first name, telephone number, e-mail address, company ;

Or indirectly : data relating to the connection (IP address…), browsing (statistics on pages consulted, activity or inactivity rates, etc.), and use of the features offered on the Site.

The collection of Personal Data is carried out for the needs of operation and access to the Website and in particular for :

The processing of prospect or client requests ;

Processing of applications ;

The realization of the statistics of analysis ;

Site Internet – Politique de protection des données EN

Propriété exclusive de GRAFT Smart – Ne pas reproduire [3]

The security of the Website.

The Internet user acknowledges that the Publisher does not process Personal Data on its behalf and/or for its account other than for the purposes of the Processing mentioned in this policy.

3.2. Storage period

All Personal Data collected are processed and stored for a period of time determined by the purpose of the Processing and the laws applicable in the context of the Website’s activity.

At the end of each storage period, the Personal Data of the Users shall be anonymized or permanently deleted.

3.3. Description of the Processing of Personal Data as Data Controller Purpose of use

Personal Data

Legal basis for processing

Storage period

Contact from the Internet user :

Request for information,

Request for information on partnerships,

Request for information on GRAFT SMART products,

Other requests.

Last and first name,

E-mail address,

Telephone number,

Subject of the application (from a list of choices)

Content of the application.

Consent

Information request and other requests : Up to 3 years after the last contact with the prospect.

(Plus the period for processing the request of up to one month, three months in the case of a complex request or one justified by the data controller).

Candidacy submission

Last and first name,

E-mail address,

Telephone number,

Letter of motivation.

Legitimate interest

Candidacy : 3 months

If the candidates gives her consent, up to 2 years after the last contact.

Suscribe to news updates

Last and first name,

E-mail address.

Consent

Up to the request for deletion from the marketing mailing list and up to three years after the last contact from the data subject (plus the period for processing the request of up to one month, three months

4. Processor and receiver of Personal Data

4.1. Internal use

All the Personal Data of the Internet user may be processed by GRAFT SMART employees, within the limits of their respective functions (technical, commercial, human resources departments, …) and only to achieve the purposes of this GTCU.

The Publisher may use the services of specialized companies for certain activities related to the operation of the Website, the list of which companies may be indicated to Internet users who request them via the contact address : dpo@raft-smart.com.

4.2. Hosting

All Personal Data is hosted within the European Union by OVH.

The host OVH has access to the said data within the limits of its respective attributions, for the hosting of the Website. It has limited access to this data, within the framework of the execution of its services and has a contractual obligation to use it in compliance with the provisions of the applicable regulations on the protection of Personal Data.

For more information, please consult OVH’s privacy policy.

4.3. Commercial actors and service providers

No Personal Data is transmitted to a commercial or advertising actor without the consent of the Data Subject.

The Personal Data of Internet users may be used for commercial and/or marketing purposes by GRAFT SMART, especially in the context of sending news.

4.4. Third-party providers

The Site relies on certain third-party services to provide certain functions. The latter have limited access to the data in the context of the execution of these services and have a contractual obligation to use them in compliance with the provisions of the applicable regulations on the protection of Personal Data.

To know the list of service providers, please send a request by e-mail to the following address : dpo@graft-smart.com.

4.5. Legal obligations Site Internet – Politique de protection des données EN

Propriété exclusive de GRAFT Smart – Ne pas reproduire [5]

Data may also be transmitted by GRAFT SMART to third parties and competent authorities in order to comply with legal, judicial, fiscal or regulatory obligations.

5. Internet User’s rights to Personal Data

5.1. Internet user’s rights

In accordance with European regulations (GDPR and LIL), each Internet user has the following rights :

  • Right to withdraw Consent (Article 13.2 of the GDPR) for Processing based on the Internet user’s Consent.
  • Right of access of the data subject (article 15 of the GDPR) : This right allows the Internet user to request the list of Personal Data held by the Data Controller.
  • Right of rectification (article 16 of the GDPR) : This right allows the Internet user to rectify or modify incomplete or erroneous information concerning him/her.
  • Right to erasure / Right to be forgotten (Article 17 of the GDPR) : This right allows the Internet user to request, at any time, that the Data Controller erase the Personal Data held about him/her.
  • Right to the limitation of Processing (article 18 of the GDPR) : This right allows the Internet user to request, at any time, that the controller no longer uses the Personal Data held about him/her (the data is temporarily frozen).
  • Right to data portability (article 20 of the GDPR) : This right allows the Internet user to be able to retrieve the list of Personal Data held by the controller in a machine-readable format.
  • Right to object (article 21 of the GDPR) : This right allows the Internet user to refuse at any time that the controller uses some of the Personal Data held by him.
  • Right to define the fate of Personal Data after death : Any person may indicate directives and make them known to a trusted digital third party certified by the CNIL concerning the use of his or her Personal Data post-mortem. In the absence of information indicated by the Internet user, the heirs may exercise certain rights (right of access, right to object, right to delete).

5.2. How to exercise the Internet user’s rights

When an Internet user wants to know how the Publisher uses his or her Personal Data or how to exercise his or her rights, the Internet user may contact the Publisher by e-mail at the following contact address: dpo@graft-smart.com or by post by sending a letter to : GRAFT SMART, 10 boulevard Vieussens, 34000 Montpellier, France or by the contact form available is the Website.

The Internet user must indicate the purpose of the request.

Requests will be processed within maximum one month from the date of receipt of the request unless the Publisher has a compelling reason to extend the deadline.

To ensure the security of Personal Data, GRAFT SMART may request confirmation of the Internet user’s identity by the transmission of a valid identification document. Site Internet – Politique de protection des données EN

Propriété exclusive de GRAFT Smart – Ne pas reproduire [6]

In the event of a dispute, the Internet user may lodge a complaint with the “Commission Nationale de l’Informatique et des Libertés” (www.cnil.fr), the supervisory authority in charge of compliance with obligations regarding the protection of personal data.

5.3. Information in case of theft of Personal Data

If, despite all the protections implemented by the Publisher and its subcontractors, some of the Personal Data were to suffer a security breach, the Publisher undertakes to inform the Internet users within the legal deadlines in force. This legal information obligation cannot be interpreted as an acknowledgment of responsibility or negligence on the part of the Publisher or its subcontractors.

6. Cookies

Internet users of the Website are informed and accept that when visiting the Website, cookies may be installed on their computer equipment by the Publisher or its partners in order to store and access Personal Data such as browsing data, in particular for the purpose of improving the content and analyzing the traffic on the Website.

Different types of cookies may be used on the Website, in particular to facilitate the Internet user’s navigation on the Website :

  • Functional cookies (always active) and technical cookies :

Cookies that allow the Website to function better. The Website uses these cookies to temporarily record information about the Internet user’s session (visit to the Website), for example by remembering what the Internet user has entered in a form. Some of these functional cookies are essential. This means that these cookies are necessary for the proper functioning of the Website. The Internet user may not refuse or deactivate the cookies deemed necessary.

  • Analytical or statistical cookies :

Cookies that allow us to know the use and performance of the Website, to establish statistics, volumes of traffic and use of the various elements of the Website (content visited, path) and to improve the interest and ergonomics of the information offered on the Website (the pages or sections most often consulted, etc.). These cookies are also used to count visitors to a page.

  • Social network cookies :

The Site contains links to our social networks (Twitter, LinkedIn, …) to promote or share content. Social networks set their own cookies to store and process certain information for personalized advertising purposes. For more information, please consult the privacy policies of these social networks.

The Internet user must give his consent to the deposit of certain cookies, the information of which is communicated to him in the cookie information banner visible when he first connects to the Website.

The consent thus given is valid for a maximum period of six (6) months from the first deposit in the Internet user’s terminal equipment.

For statistical cookies exempt from consent (except Google Analytics, see article 11 below), the maximum retention period is thirteen (13) months.

Each Internet user has the possibility to refuse the installation of cookies on his or her device. However, in the event of a refusal, browsing and the experience of the Internet user may be limited.

The acceptance of cookies facilitating the connection and the navigation of the Website can be modified at any time by clicking on “Manage the consent to cookies”. Site Internet – Politique de protection des données EN

Propriété exclusive de GRAFT Smart – Ne pas reproduire [7]

The Internet user is informed that the Publisher’s partners and any other third party may place cookies on the Website. Only the issuer of a cookie is likely to read or modify the information contained therein and the Publisher has no access or control over the cookies that third parties may use. The issue and use of cookies by third parties are subject to the privacy policies of these third parties in addition to the present GTCU. Consequently, the Internet user is invited to visit the sites of these third parties for more information on the cookies they store and how to manage them.

The Internet user’s browser settings can also be used to inform and refuse the installation of cookies.

7. Google Analytics

The Publisher uses Google Analytics to track Internet users on the Website.

Cookies are used by Google Analytics to collect data about the Internet user’s browsing.

In order to comply with the new regulation, Google Analytics has included changes regarding the processing of this type of data. For more information, please refer to the Google Analytics privacy policy.