1. Purpose
This privacy policy (hereinafter the "Privacy Policy") reflects the commitment of PLANINNOVIA, a SAS (Société par Actions Simplifiée) with a share capital of €15,000, registered with the Evry Trade and Companies Register (RCS) under number 900 626 706, with intra-Community VAT number FR 32900626706, and whose registered office is located at 3 rue Joliot Curie, 91190 Gif-sur-Yvette (hereinafter the "Company"), to respecting the privacy and protecting the personal data of users of the following website: https://hopia.eu (hereinafter the "Website").
The Website allows you in particular to:
- learn about the Company, its founders, and the software solution offered by the Company (hereinafter the "HOPIA Software Solution");
- consult use cases, the blog and information about the support offering;
- request a demonstration of the HOPIA Software Solution;
- log in to your customer area;
- access the Company's job and internship offers;
- contact the Company.
2. Processing of your personal data
2.1 Description of processing activities
In accordance with applicable laws and regulations, the Company, acting as data controller, collects certain personal data when you visit the Website.
In order to respond to your contact requests on the Website or to your request for a demonstration of the HOPIA Software Solution, the Company collects the following personal data:
- your last name;
- your first name;
- your email address;
- your phone number;
- the name of your organization;
- your role (selected from a predefined list);
- the subject / content of your message.
If you are a healthcare professional using the Software Solution, you may access your personal area via the following link: https://app.hopia.eu/login. The Company then collects your email address.
When you connect to the Website, the Company also collects the following personal data: connection logs, connection data, IP address.
Purposes, legal bases and retention periods
| Purpose | Legal basis | Retention period |
|---|---|---|
| Receiving and handling contact requests | Consent | Until consent is withdrawn or 3 years from the last contact |
| Request for a demonstration of the Software Solution | Consent and pre-contractual measures | 3 years from receipt of the request |
| Access to your personal area, identity verification and assistance in case of password loss | Consent and pre-contractual measures | Duration of the contractual relationship / deletion request |
| Handling of requests to exercise rights (access, portability, erasure, restriction, rectification, objection) | Legal obligation and consent | 1 year from the request |
| Handling of requests to object to direct marketing | Legal obligation | 3 years from the exercise of the right to object |
3. Recipients and transfers of your personal data
Access to your personal data is restricted to persons who need your personal data in order to carry out the purpose of the processing.
Your personal data may also be shared by the Company with third parties:
- if the law or a legal proceeding requires the Company to disclose your personal data;
- in response to a request from a public or judicial authority;
- where the Company considers that disclosure is necessary or appropriate to ensure the safety of persons or to protect the public.
Your personal data is transmitted to CENTRALESUPELEC, whose registered office is located at 3 rue Joliot Curie, 91190 Gif-sur-Yvette, which hosts the Website on servers located in France (Guyancourt).
Your personal data is not transferred outside the European Economic Area.
4. Security of personal data
The Company takes care to secure your personal data by implementing appropriate technical and organizational measures to ensure a level of security appropriate to the risk. The Company maintains measures to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services, means to restore the availability of and access to your personal data, and a procedure for regularly testing, analyzing and evaluating the effectiveness of the technical and organizational measures in place.
5. Retention of personal data
Your personal data is retained only for as long as is necessary to fulfill the purpose for which the Company holds your data, to meet your needs, to comply with its legal or regulatory obligations, to enable it to exercise its rights, and/or for statistical or historical purposes.
At the end of the retention periods set out above, your personal data will be deleted or anonymized.
6. Your rights regarding your personal data
You have the following rights:
- Right of access and rectificationYou may request access to your personal data, request its rectification if it is inaccurate, or its completion if it is incomplete. You also have the right to know the source of your data.
- Right of erasureYou may request the deletion of your data where: (1) it is no longer necessary for the purposes of the processing; (2) you withdraw your consent; (3) you object to the processing; (4) your data has been processed unlawfully; (5) a legal obligation requires it; or (6) compliance with the law demands it.
- Right to objectYou may object to the processing of your personal data in accordance with applicable legal obligations.
- Right to restrictionYou may request restriction of processing if (1) you contest the accuracy of your data; (2) the Company no longer needs your data; or (3) you have objected to the processing.
- Right not to be subject to an automated decisionYou have the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you.
- Right to data portabilityYou may request to receive your data in a structured, commonly used and machine-readable format, or to have it transmitted to another data controller, where the processing is based on your consent and carried out by automated means.
- Post-mortem directivesIn accordance with Article 85 of the French Data Protection Act (Loi Informatique et Libertés), you may define directives regarding the processing of your data after your death.
- Right to withdraw consentYou may withdraw your consent at any time, without affecting the lawfulness of processing carried out before such withdrawal.
- Right to lodge a complaintYou may lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés, the French data protection authority), 3 Place de Fontenoy, 75007 Paris, telephone: 01 53 73 22 22, cnil.fr/fr/plaintes.
You may exercise your rights by email at dpo@hopia.eu, or by mail to: PLANINNOVIA, Data Protection Officer, 3 rue Joliot Curie, 91190 Gif-sur-Yvette.
7. Links to third-party sites
The Website may include links to third-party sites that have a different and independent privacy policy.
8. Cookies
No cookies are placed on the Website.
9. Updates to the Privacy Policy
The Company reserves the right to make changes to this Privacy Policy at any time. In the event of significant changes, the Company will notify users of such changes.