Privacy Policy
Preamble
The purpose of this Privacy Policy (the “Policy”) is to provide You with information regarding how ROHTO MEDILUXE EUROPE collects and processes Your Personal Data, in accordance with the applicable legislation and in particular Regulation (EU) No. 2016/679 of 27 April 2016 (the “GDPR”) and the Law No. 78-17 of January 6, 1978, on Information Technologies, Data Files and Individual Libertiesas as amended (the “French Data Protection Act”), in connection with the use of the website [Medesthe.com] (hereinafter referred to as the “Website”).
This Policy may be updated, in particular to reflect legislative or regulatory developments. If ROHTO MEDILUXE EUROPE makes changes to this Policy, the Data Subjects will be informed accordingly.
1. Definitions
The terms set out below shall have the following meanings in this Policy:
“Client”: means any natural or legal person acting for purposes relating to their commercial, industrial, craft, liberal or agricultural activity, including when acting in the name of or on behalf of another professional, within the meaning of the French Consumer Code.
“Data Controller”: means the person who, alone or jointly with others, determines the purposes and means of the Processing.
“Data Subject” or “You”: means the individuals whose Personal Data are processed by ROHTO MEDILUXE EUROPE in its capacity as data controller. For the purposes of this Policy, the Data Subjects are the Users.
“Personal Data”: means any personal data, as defined in Article 4(1) of the GDPR, relating to the Data Subjects and processed under this Policy.
“Processing/Process”: means any of the operations referred to in Article 4(2) of the GDPR carried out on Personal Data on behalf of and in accordance with the instructions of ROHTO MEDILUXE EUROPE, pursuant to Article 4(8) of the GDPR.
“Processor”: means the person who processes Personal Data on behalf of the Data Controller. The Processor acts under the authority of the Data Controller and on its instructions.
“Products”: means all products manufactured by ROHTO MEDILUXE EUROPE.
“Services”: means the features and services provided by ROHTO MEDILUXE EUROPE to the User on the Website.
“Users”: means any natural person who accesses the Website and benefits from the Services offered, whether or not they are a Client.
2. Identity of the data controller
Your Personal Data are collected and processed by ROHTO MEDILUXE EUROPE, acting as Data Controller, for the purposes detailed in Article 4 of this Policy.
For any questions, you may contact ROHTO MEDILUXE EUROPE:
By post at 19 Boulevard Malesherbes, 75008 Paris, FRANCE ;
By email at info@r-mediluxe.com.
3. Context of Processing
In the course of its activities and when You use the Services, ROHTO MEDILUXE EUROPE collects and processes Personal Data relating to You. Such Personal Data may be obtained directly from You or collected from third parties.
Your Personal Data may be collected and processed by ROHTO MEDILUXE EUROPE on various occasions, including in particular:
When using the features of the Website;
When contacting ROHTO MEDILUXE EUROPE.
4. Purposes and Legal Bases of the Processing
ROHTO MEDILUXE EUROPE collects Personal Data that is necessary for the specific and explicit purposes set out below.
Purposes
Description of the Processing Purposes
Legal Basis
Management of contact requests
Management of Your information requests, follow-up of requests, responses to questions relating to the services offered, informational follow-up
Consent of the Data Subject
Sending promotional offers
Managing subscriptions to the email marketing list
Consent of the Data Subject
Security, administration, and proper functioning of the Website
Ensuring the proper operation and continuous improvement of the Website and its features
The consent of the Data Subject where required The legitimate interest of ROHTO MEDILUXE EUROPE in ensuring the highest level of performance and quality of the Website and in preventing fraud and malicious activities. Data Subjects may obtain, upon simple request to ROHTO MEDILUXE EUROPE, further information regarding the balancing of the interests involved.
Management of requests to exercise rights under the GDPR
Processing operations necessary to handle and follow up on rights requests submitted by Data Subjects to ROHTO MEDILUXE
Legal obligation of ROHTO MEDILUXE EUROPE arising from Articles 15 et seq. of the GDPR.
ROHTO MEDILUXE EUROPE may also use Your Personal Data in order to comply with any legal or regulatory obligations to which it is subject.
5. Data Collected
In the course of a Data Subject’s browsing of the Website, ROHTO MEDILUXE EUROPE may collect and process a number of Personal Data, including in particular:
For the management of contact requests:
Identity data: first name, last name, email address, telephone number;
Data relating to your profession;
Data relating to the use of the Website’s features, including Personal Data communicated to ROHTO MEDILUXE EUROPE when You submit requests or inquiries.
For the sending of promotional offers:
Identity data: first name, last name, email address, telephone number;
For the security, administration, and proper functioning of the Website:
Data collected via cookies and other trackers present on the Website, such as pages viewed, browser type, operating system, IP address, device information, and Your mobile operating system (OS).
For the management of requests to exercise rights under the GDPR:
Identity data: title, first name, last name, address, email address, telephone number, date of birth;
Where applicable, a copy of an identity document;
Data relating to Your request to exercise Your rights.
The information provided above is not intended to be exhaustive and is primarily aimed at informing You of the categories of Data that ROHTO MEDILUXE EUROPE may process.
6. Data Recipients
Within the limits of their respective responsibilities and for the purposes described in Article 4 of this Policy, the main persons who may have access to Your Data are the following:
Service providers responsible for the management, hosting, and development of the Website;
Where applicable, authorized personnel of Processors;
Supervisory authorities;
Third parties likely to place cookies on Your devices where You have consented to such placement;
Where applicable, the relevant courts, mediators, statutory auditors, lawyers, bailiffs, etc.
ROHTO MEDILUXE EUROPE may disclose Personal Data to any third party where a legal obligation requires it or where ROHTO MEDILUXE EUROPE believes in good faith that such disclosure is necessary in order to:
Respond to any claims brought against it;
Comply with judicial and/or administrative requirements;
Perform any contract to which the Data Subject is a party;
Protect the vital interests of any natural person;
Carry out a task carried out in the public interest.
7. Personal Data Retention Period
We retain Your Personal Data only for as long as necessary for the purposes pursued, as summarized in the table below:
Purposes
Data Retention Period
Management of contact requests
Personal Data are retained for the time necessary to process Your request and then stored until You withdraw Your consent, or for a period of three (3) years following the end of the commercial relationship, or for three (3) years from the last contact initiated by the Data Subject.
Sending promotional offers
Personal Data is retained until the Data Subject withdraws their consent or for a period of three (3) years from the last contact between the Data Subject and ROHTO MEDILUXE EUROPE.
Security, administration, and proper functioning of the Website
Cookies and other commercial trackers may be placed on Your device for a maximum period of thirteen (13) months.
Personal Data collected through cookies and trackers are retained for a period of twenty-five (25) months.
Management of requests to exercise rights under the GDPR
Personal Data is retained for the entire period necessary to process the request and is then archived for the applicable criminal statute of limitations period (six (6) years). Where a copy of an identity document is provided, it may be retained for one (1) year following receipt of the request.
8. Cookies and other Trackers
ROHTO MEDILUXE EUROPE uses cookies on its Website (small files stored on Your device) that allow it to identify You, remember Your browsing activity, and generate audience measurement statistics for the Website, including information relating to the pages viewed.
Depending on their purposes, Users may consent to, refuse, or choose which types of cookies may be placed on their devices.
For more information, Users are encouraged to refer to the Cookie Policy [insert a link to the Site’s Cookie Policy].
9. Transfers Outside the European Union
As a general principle, we process Your Personal Data within the European Union.
However, depending on the nature of our activities and subject to informing You beforehand, we may transfer Your Personal Data outside the European Union.
In such cases, ROHTO MEDILUXE EUROPE will inform You of the measures implemented to govern these transfers and to ensure that they comply with applicable regulations.
10. Your Rights
In accordance with the French Data Protection Act and the GDPR, You have the following rights:
Right to withdraw Your consent at any time (Article 7 of the GDPR);
Right of access (Article 15 of the GDPR);
Right to rectification, updating, and completion of Your Personal Data (Article 16 of the GDPR);
Right to erasure of Your Personal Data where they are inaccurate, incomplete, ambiguous, outdated, or where their collection, use, disclosure, or storage is prohibited (Article 17 of the GDPR);
Right to restriction of processing (Article 18 of the GDPR);
Right to object to the processing of Your Personal Data (Article 21 of the GDPR);
Right to data portability for the Personal Data You have provided to us, where such data are processed by automated means based on Your consent or on a contract (Article 20 of the GDPR);
Right not to be subject to a decision based solely on automated processing (Article 22 of the GDPR); R does not carry out any such decision-making;
Right to determine what happens to Your Personal Data after Your death and to choose that ROHTO MEDILUXE EUROPE communicates Your Personal Data to a third party that You have previously designated (Article 85 of the French Data Protection Act).
These rights may be exercised, upon simple request, by sending an email to the following address: info@r-mediluxe.com or by post to the following address: 19 Boulevard Malesherbes, 75008 Paris, FRANCE.
You may also lodge a complaint with the competent supervisory authorities, in particular the CNIL.
11. Security of your personal data
ROHTO MEDILUXE EUROPE implements appropriate technical and organizational measures to ensure the security of the Processing carried out and to protect Your Personal Data against any destruction, loss, alteration, misuse, or unauthorized access.
For this purpose, the following measures are implemented, on a non-exhaustive basis:
ROHTO MEDILUXE EUROPE implements appropriate technical and organizational measures, in accordance with Article 32 of the GDPR, to ensure the security of personal data and to protect it against unauthorized access, loss, alteration or disclosure.
Access to personal data is restricted to authorized personnel only, and service providers involved in data processing are subject to contractual confidentiality and security obligations.
However, due to the nature of the Internet, ROHTO MEDILUXE EUROPE cannot guarantee absolute security of data transmissions. In the event of a personal data breach, appropriate measures will be taken in accordance with applicable regulations.
Preamble
The purpose of this Privacy Policy (the “Policy”) is to provide You with information regarding how ROHTO MEDILUXE EUROPE collects and processes Your Personal Data, in accordance with the applicable legislation and in particular Regulation (EU) No. 2016/679 of 27 April 2016 (the “GDPR”) and the Law No. 78-17 of January 6, 1978, on Information Technologies, Data Files and Individual Libertiesas as amended (the “French Data Protection Act”), in connection with the use of the website [Medesthe.com] (hereinafter referred to as the “Website”).
This Policy may be updated, in particular to reflect legislative or regulatory developments. If ROHTO MEDILUXE EUROPE makes changes to this Policy, the Data Subjects will be informed accordingly.
1. Definitions
The terms set out below shall have the following meanings in this Policy:
“Client”: means any natural or legal person acting for purposes relating to their commercial, industrial, craft, liberal or agricultural activity, including when acting in the name of or on behalf of another professional, within the meaning of the French Consumer Code.
“Data Controller”: means the person who, alone or jointly with others, determines the purposes and means of the Processing.
“Data Subject” or “You”: means the individuals whose Personal Data are processed by ROHTO MEDILUXE EUROPE in its capacity as data controller. For the purposes of this Policy, the Data Subjects are the Users.
“Personal Data”: means any personal data, as defined in Article 4(1) of the GDPR, relating to the Data Subjects and processed under this Policy.
“Processing/Process”: means any of the operations referred to in Article 4(2) of the GDPR carried out on Personal Data on behalf of and in accordance with the instructions of ROHTO MEDILUXE EUROPE, pursuant to Article 4(8) of the GDPR.
“Processor”: means the person who processes Personal Data on behalf of the Data Controller. The Processor acts under the authority of the Data Controller and on its instructions.
“Products”: means all products manufactured by ROHTO MEDILUXE EUROPE.
“Services”: means the features and services provided by ROHTO MEDILUXE EUROPE to the User on the Website.
“Users”: means any natural person who accesses the Website and benefits from the Services offered, whether or not they are a Client.
2. Identity of the data controller
Your Personal Data are collected and processed by ROHTO MEDILUXE EUROPE, acting as Data Controller, for the purposes detailed in Article 4 of this Policy.
For any questions, you may contact ROHTO MEDILUXE EUROPE:
By post at 19 Boulevard Malesherbes, 75008 Paris, FRANCE ;
By email at info@r-mediluxe.com.
3. Context of Processing
In the course of its activities and when You use the Services, ROHTO MEDILUXE EUROPE collects and processes Personal Data relating to You. Such Personal Data may be obtained directly from You or collected from third parties.
Your Personal Data may be collected and processed by ROHTO MEDILUXE EUROPE on various occasions, including in particular:
When using the features of the Website;
When contacting ROHTO MEDILUXE EUROPE.
4. Purposes and Legal Bases of the Processing
ROHTO MEDILUXE EUROPE collects Personal Data that is necessary for the specific and explicit purposes set out below.
| Purposes | Description of the Processing Purposes | Legal Basis |
|---|---|---|
| Management of contact requests | Management of Your information requests, follow-up of requests, responses to questions relating to the services offered, informational follow-up | Consent of the Data Subject |
| Sending promotional offers | Managing subscriptions to the email marketing list | Consent of the Data Subject |
| Security, administration, and proper functioning of the Website | Ensuring the proper operation and continuous improvement of the Website and its features | The consent of the Data Subject where required The legitimate interest of ROHTO MEDILUXE EUROPE in ensuring the highest level of performance and quality of the Website and in preventing fraud and malicious activities. Data Subjects may obtain, upon simple request to ROHTO MEDILUXE EUROPE, further information regarding the balancing of the interests involved. |
| Management of requests to exercise rights under the GDPR | Processing operations necessary to handle and follow up on rights requests submitted by Data Subjects to ROHTO MEDILUXE | Legal obligation of ROHTO MEDILUXE EUROPE arising from Articles 15 et seq. of the GDPR. |
ROHTO MEDILUXE EUROPE may also use Your Personal Data in order to comply with any legal or regulatory obligations to which it is subject.
5. Data Collected
In the course of a Data Subject’s browsing of the Website, ROHTO MEDILUXE EUROPE may collect and process a number of Personal Data, including in particular:
For the management of contact requests:
Identity data: first name, last name, email address, telephone number;
Data relating to your profession;
Data relating to the use of the Website’s features, including Personal Data communicated to ROHTO MEDILUXE EUROPE when You submit requests or inquiries.
For the sending of promotional offers:
Identity data: first name, last name, email address, telephone number;
For the security, administration, and proper functioning of the Website:
Data collected via cookies and other trackers present on the Website, such as pages viewed, browser type, operating system, IP address, device information, and Your mobile operating system (OS).
For the management of requests to exercise rights under the GDPR:
Identity data: title, first name, last name, address, email address, telephone number, date of birth;
Where applicable, a copy of an identity document;
Data relating to Your request to exercise Your rights.
The information provided above is not intended to be exhaustive and is primarily aimed at informing You of the categories of Data that ROHTO MEDILUXE EUROPE may process.
6. Data Recipients
Within the limits of their respective responsibilities and for the purposes described in Article 4 of this Policy, the main persons who may have access to Your Data are the following:
Service providers responsible for the management, hosting, and development of the Website;
Where applicable, authorized personnel of Processors;
Supervisory authorities;
Third parties likely to place cookies on Your devices where You have consented to such placement;
Where applicable, the relevant courts, mediators, statutory auditors, lawyers, bailiffs, etc.
ROHTO MEDILUXE EUROPE may disclose Personal Data to any third party where a legal obligation requires it or where ROHTO MEDILUXE EUROPE believes in good faith that such disclosure is necessary in order to:
Respond to any claims brought against it;
Comply with judicial and/or administrative requirements;
Perform any contract to which the Data Subject is a party;
Protect the vital interests of any natural person;
Carry out a task carried out in the public interest.
7. Personal Data Retention Period
We retain Your Personal Data only for as long as necessary for the purposes pursued, as summarized in the table below:
| Purposes | Data Retention Period |
|---|---|
| Management of contact requests | Personal Data are retained for the time necessary to process Your request and then stored until You withdraw Your consent, or for a period of three (3) years following the end of the commercial relationship, or for three (3) years from the last contact initiated by the Data Subject. |
| Sending promotional offers | Personal Data is retained until the Data Subject withdraws their consent or for a period of three (3) years from the last contact between the Data Subject and ROHTO MEDILUXE EUROPE. |
| Security, administration, and proper functioning of the Website | Cookies and other commercial trackers may be placed on Your device for a maximum period of thirteen (13) months. Personal Data collected through cookies and trackers are retained for a period of twenty-five (25) months. |
| Management of requests to exercise rights under the GDPR | Personal Data is retained for the entire period necessary to process the request and is then archived for the applicable criminal statute of limitations period (six (6) years). Where a copy of an identity document is provided, it may be retained for one (1) year following receipt of the request. |
8. Cookies and other Trackers
ROHTO MEDILUXE EUROPE uses cookies on its Website (small files stored on Your device) that allow it to identify You, remember Your browsing activity, and generate audience measurement statistics for the Website, including information relating to the pages viewed.
Depending on their purposes, Users may consent to, refuse, or choose which types of cookies may be placed on their devices.
For more information, Users are encouraged to refer to the Cookie Policy [insert a link to the Site’s Cookie Policy].
9. Transfers Outside the European Union
As a general principle, we process Your Personal Data within the European Union.
However, depending on the nature of our activities and subject to informing You beforehand, we may transfer Your Personal Data outside the European Union.
In such cases, ROHTO MEDILUXE EUROPE will inform You of the measures implemented to govern these transfers and to ensure that they comply with applicable regulations.
10. Your Rights
In accordance with the French Data Protection Act and the GDPR, You have the following rights:
Right to withdraw Your consent at any time (Article 7 of the GDPR);
Right of access (Article 15 of the GDPR);
Right to rectification, updating, and completion of Your Personal Data (Article 16 of the GDPR);
Right to erasure of Your Personal Data where they are inaccurate, incomplete, ambiguous, outdated, or where their collection, use, disclosure, or storage is prohibited (Article 17 of the GDPR);
Right to restriction of processing (Article 18 of the GDPR);
Right to object to the processing of Your Personal Data (Article 21 of the GDPR);
Right to data portability for the Personal Data You have provided to us, where such data are processed by automated means based on Your consent or on a contract (Article 20 of the GDPR);
Right not to be subject to a decision based solely on automated processing (Article 22 of the GDPR); R does not carry out any such decision-making;
Right to determine what happens to Your Personal Data after Your death and to choose that ROHTO MEDILUXE EUROPE communicates Your Personal Data to a third party that You have previously designated (Article 85 of the French Data Protection Act).
These rights may be exercised, upon simple request, by sending an email to the following address: info@r-mediluxe.com or by post to the following address: 19 Boulevard Malesherbes, 75008 Paris, FRANCE.
You may also lodge a complaint with the competent supervisory authorities, in particular the CNIL.
11. Security of your personal data
ROHTO MEDILUXE EUROPE implements appropriate technical and organizational measures to ensure the security of the Processing carried out and to protect Your Personal Data against any destruction, loss, alteration, misuse, or unauthorized access.
For this purpose, the following measures are implemented, on a non-exhaustive basis:
ROHTO MEDILUXE EUROPE implements appropriate technical and organizational measures, in accordance with Article 32 of the GDPR, to ensure the security of personal data and to protect it against unauthorized access, loss, alteration or disclosure.
Access to personal data is restricted to authorized personnel only, and service providers involved in data processing are subject to contractual confidentiality and security obligations.
However, due to the nature of the Internet, ROHTO MEDILUXE EUROPE cannot guarantee absolute security of data transmissions. In the event of a personal data breach, appropriate measures will be taken in accordance with applicable regulations.