1. Who is responsible for processing your personal data when you use the dreampathdx.net website?
Dreampath Diagnostics SAS (hereinafter referred to as «we» or «us») is responsible for processing the personal data collected from our customers, prospective customers and visitors (hereinafter referred to as «you») when they use the www.dreampathdx.net website (hereinafter referred to as our «website»).
2. How can you contact us to exercise your rights?
In accordance with the regulations on the protection of personal data, you may exercise your rights of permanent access, modification, rectification, opposition, portability and limitation of the processing of information concerning you by contacting us either by e-mail contact@dreampathdx.com or by post at the following address: Dreampath Diagnostics SAS, 8 rue Schertz, 67100 Strasbourg, France.
To enable us to respond quickly, please provide your surname, first name, email address, address and, if applicable, your customer reference, and specify the address to which you would like the reply to be sent.
If necessary, we may verify your identity in order to guarantee the confidentiality and security of your data. In certain cases, you may be asked to provide a copy of an identity document bearing your signature. A reply will be sent to you within one month of receipt of the request.
You also have the right to lodge a complaint with the French Data Protection Authority (CNIL), in particular on its website www.cnil.fr.
3. Why do we use your personal data?
3.1 Prospecting and commercial relations
Our website is presenting our products and services to future customers and prospects for accounting, prospecting and commercial relations purposes. This data is collected via a contact form on a voluntary basis using a tick box (art. 6.1 a General Data Protection Regulation or GDPR) or when a chatbot is opened (For more information, go to the «Cookies» page of our Site). We analyse your request for information in order to provide you with tailored offers and information.
3.2 Recruitment
Through our website, you can contact us to send us your application and initiate a recruitment operation. This data is collected via a contact form on a voluntary basis using a tick box (art. 6.1 a GDPR). We analyse your contact in order to provide you with tailored offers and information.
3.3 Our website audience
Your visit to our website is measured using Google Analytics 4. Analytics provides general geolocation data by collecting the following IP address metadata. For further information: https://support.google.com/analytics/answer/12017362?hl=en
This processing is carried out on the basis of article 6.1 f GDPR for the purposes of the legitimate interests pursued by the data controller or by a third party.
3.4 Personalisation of online advertising using cookies
Advertising profiles are based on browsing data collected via cookies. We do not pass on to our advertising partners any data that can be used to identify you directly. Only technical identifiers and socio-demographic data may be shared in order to identify the audience for our Site. Your profile only includes areas of interest from which advertisements will be displayed on behalf of advertising partners.
To accept advertising targeting for the benefit of advertising partners, you must accept advertising cookies. For more information and to manage advertising cookies, go to the «Cookies» page of our Site. The legal basis for the use of browsing data for advertising profiling purposes is your consent (art.6-1 a GDPR).
3.5 Fraud prevention, management and IT security on our website
The purpose of this processing is to manage our website and its security by logging events, as well as its technical administration in conjunction with service providers (third-party application maintenance, hosting);
We have a legitimate interest (art.6.1 f GDPR) in processing your data in the context of the fight against fraud and the IT security of our Site where such processing is justified, balanced and does not infringe your privacy. With certain exceptions, you may object at any time to processing based on legitimate interests by notifying our services.
3.6 Compliance with our legal, tax and accounting obligations
Some processing of your personal data is made compulsory by law (art.6.1 c GDPR). You may submit your comments to us at any time in relation to this purpose.
3.7 Social networks
When you connect to our various pages on social networks (Instagram, Facebook, YouTube, LinkedIn), in particular via our website, your personal data is used by these social networks. We invite you to consult the networks’ personal data protection policies to find out exactly what information is collected by these third parties. You can also configure the access and confidentiality of your data directly on the social networks.
4. What personal data is collected directly by our services?
The categories of personal data that we collect through our contact forms are your identification data (surname, first name, company/hospital, preferred job title, current position) and contact data (e-mail address, telephone number).
We use Google Analytics 4 that gives us insights about visitors. Google Analytics 4 does not log or store specific IP addresses. Analytics provides general geolocation data by collecting the following IP address metadata: City (and city-derived latitude and longitude), Continent, Country, Region and Subcontinent (and ID-based equivalents). For EU traffic, IP address data is used only to obtain geolocation data and is discarded immediately. It is not logged, cannot be accessed and is not used for any other purpose.
More information here: https://support.google.com/analytics/answer/12017362?hl=en
5. Where do we collect personal data from?
The personal data collected comes directly from users via our various contact forms or when browsing our site following the implementation of cookies.
6. Optional nature of data collection and consequences of failure to provide data
The data collected (in particular cookies) during browsing to measure the audience for our site is optional. Data collected for other purposes is also optional. If you do not provide the personal data requested, we will not be able to contact you again.
7. Automated decision-making
None of the processing on our website involves automated decision-making.
8. Who are the recipients of the data collected?
The recipients of the personal data collected are:
• Our staff are subject to a confidentiality clause,
• Our distributors are listed at (https://www.dreampathdx.net/contact/) and are subject to confidentiality agreements,
• Social networks, advertising agencies and third-party advertisers (for more details please consult our Cookies page).
Personal data may also be communicated to official authorities in application of a law or regulation or by virtue of a decision by the competent regulatory or judicial authority.
9. How long is your personal data kept?
Your personal identification and contact data collected through our questionnaire are kept for 3 years from the last contact with our Services.
Please consult our page on Cookies to find out how long they are retained.
We retain your personal data for fraud prevention and IT security purposes for a period of 3 years from the event giving rise to the data, such as inclusion on an alert list or attempted fraud.
10. Is your personal data transferred outside the European Union?
You are informed that data concerning you may be communicated to companies located outside the European Union, in particular to the USA.
As the European Commission has noted that the United States provides a level of protection substantially equivalent to that of the European Union, organisations subject to the GDPR, such as our company, may legally transfer personal data to certified organisations such as Meta (Facebook, Instagram), YouTube or Google.
When we transfer personal data to a distributor or subsidiary that is located in a country that does not have an adequate level of protection recognised by the European Union, or when this personal data is communicated to an entity that is not certified in the USA, we put in place agreements such as Binding Corporate Rules (BCR) or European Commission standard contractual clauses (CCT), in order to guarantee you a level of protection that complies with the GDPR.
11. Your safety
We implement organisational and technical security measures to protect the confidentiality of your data. The level of security is adapted to the risks raised by the processing that we put in place.
Our security measures are based on:
-On access control for our staff,
-The implementation of traceability measures (access logging), data recording (identifier, date and time of connection, etc.) and storage,
-Software protection measures (antivirus, security updates and patches, testing),
-Data encryption (site accessible via HTTPS, use of TLS).