General data protection regulations
Relating to the following legislation:
- European Union Regulation No. 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC
- French law no. 78-17 of January 6, 1978 on data processing, data files and individual liberties in its latest version
- Recommendations, opinions and decisions of data protection supervisory authorities and the European Data Protection Committee
- Case law from national and European courts
Neuromed hereby certifies its compliance with the legal provisions, and in particular that :
- The RGPD Directives are applied in full to all the data we process, without exception, from 25.05.2018 at 08:00.
- The data we collect is necessary for the proper performance of our services.
- We do not collect or store any sensitive data (such as racial or ethnic origins, political, philosophical or religious opinions or trade union membership, or data relating to health or sex life, and we do not automatically process such data in such a way as to make any deduction or estimate, however false, based on such information).
- We store personal data for 5 years after the end of the contractual relationship, after which the data is simply deleted from our servers.
- Each holder of an e-mail address used by Neuromed in the context of its activities has the right to access, rectify, download, delete and port all data concerning him/her.
- Neuromed has made available to the competent authorities, a Register of all the databases hosted on our servers, as well as the type of data collected, stored, their retention and updating periods.
- Neuromed regularly audits its information systems and technical infrastructure. These audits are carried out on a quarterly basis by service providers authorized by Neuromed to access its information systems.
- A DPO has been appointed: Mr Benjamin SCHOLL, Managing Director of NEUROMED.
- We restrict access to personal data to Neuromed employees for whom such access is essential for the performance of their duties.
- Data will only be processed within the European Union.
- We have sent all our subcontractors and service providers a request for confirmation of RGPD compliance.
- Physical access to the premises of the server centers where we store the personal data we use is perfectly secure, as certified by our service providers.
- We have set up a procedure for notifying the CNIL and the partners concerned of any crisis, intrusion, threat or any other event likely to affect the integrity and security of data hosted on Neuromed servers.