Privacy Policy
Below, you will find our privacy policy for the website and the application. The version presented on the site is a translation into English that may contain errors. Only the original version in French is authoritative.
You can review the original version by clicking on the icon below:
We encourage you to carefully review this version for a complete understanding of our rules and commitments.
Cookie Settings
Click the button below to access your cookie settings
Terms of Use
You can view our term of use by clicking the button below:
User data protection policy
SURGPART (surgpart.com) is a trademark of SURGPART SASU.
The protection of personal data is one of the key values of SURGPART SASU, and as such:
- SURGPART SASU takes the necessary measures to protect the personal data entrusted to it in the context of its services.
- your data is hosted in France with the company scaleway.com, (SCALEWAY, 8 Rue de la Ville-l’Évêque, 75008 Paris, SIRET 43311590400057) in the DC3 datacenter (in Paris). Accommodation is provided exclusively in metropolitan France. scaleway.com’s hosting activities are ISO27001, ISO50001, HDS 1 certified and are therefore subject to regular security audits.
- SURGPART SASU does not in any way transmit your data to commercial and advertising actors.
Native GDPR compliance
The Website and the Application have been developed and are administered in accordance with Regulation (EU) No. 2016/679 on the protection of personal data (hereinafter “GDPR”), the provisions of the Data Protection Act of 6 January 1978 as amended in force, as well as with the provisions of Decrees No. 2006-6 of 4 January 2006 and No. 2018-137 of 26 February 2018 relating to the hosting of personal health data.
Secure hosting
The data is hosted by the company scaleway.com, a certified hosting provider in accordance with the regulations in force, RCS 433 115 904, 8 Rue de la Ville-l’Évêque, 75008 Paris). Accommodation is provided exclusively in metropolitan France. scaleway.com’s hosting activities are ISO27001, ISO50001, HDS 1 certified and are therefore subject to regular security audits.
Certificate Number: HDS 739219
Would you like to know how your personal data is processed via our website/app?
The purpose of this Personal Data Protection Policy (hereinafter the “Policy”) is to provide details on the purposes/reasons for which we collect your data on our website and via the SURGPART mobile application (hereinafter referred to as the “Site” and the “Application respectively”), how we use them and the rights available to you.
NB: Some of your Personal Data is considered to be personal health data, and is hereinafter referred to as “Personal Health Data”.
This Policy complements and forms an integral part of the General Terms and Conditions of Use of the Site and the available Application. The use of the Site and/or the Application implies your acceptance of the provisions in force on the date of access to the Site and/or the Application of the General Terms and Conditions of Use and this Policy.
This Policy may be modified, supplemented or updated in order to comply with any legal, regulatory, jurisprudential and technical developments. We invite you to review this Policy regularly to keep yourself informed of the current version.
WHO ARE THE DATA CONTROLLERS?
NB: The person responsible for the processing of personal data, within the meaning of the GDPR, is the person, public authority, company or body that determines the purposes and means of this file, which decides on its creation.
- SURGPART SASU is responsible for processing in the context of the creation and management of the User Account as well as in the context of browsing the Site and/or the use of the Application;
- The Healthcare Professional is responsible for processing when you transmit your Personal Data, including Personal Health Data, for the purpose of making an appointment or in the context of a Consultation.
SURGPART SASU may also act as a data processor within the meaning of the GDPR
The processor, within the meaning of the GDPR, is the person, company or other body that processes personal data on behalf of the controller.
SURGPART SASU also acts as a subcontractor, within the meaning of the regulations, on behalf of the Healthcare Professional using the subscribed services.
THE SECURITY OF YOUR DATA IS A PRIORITY FOR SURGPART SASU.
WHETHER IT IS A DATA CONTROLLER OR A SUBCONTRACTOR, SURGPART SASU TAKES APPROPRIATE MEASURES TO ENSURE THE PROTECTION AND CONFIDENTIALITY OF THE PERSONAL DATA IT HOLDS OR PROCESSES IN COMPLIANCE WITH THE LEGAL AND REGULATORY PROVISIONS IN FORCE (DATA PROTECTION ACT LIL AND GDPR)
WHAT PERSONAL DATA IS COLLECTED AND WHY IS IT COLLECTED?
Your Personal Data may be collected and processed by SURGPART SASU in its capacity as data controller on the legal bases and for the purposes set out below:
NB: This data may also be collected for the relative for whom you are making an appointment.
Use of the Site/Application and Services: General Use
Why is this data collected? | What is the legal basis for the processing? | What data does your data collect and process? | How long is your data stored? |
– User account management – Putting you in touch with a Healthcare Professional; – Management of appointments made with Healthcare Professionals; – Management of family members’ appointments; – Assistance in your own medical follow-up | Execution of the General Terms and Conditions of Use | – Your first and last name; – Your e-mail address; – Your landline and mobile telephone number; – Your date of birth; – Your gender; – Your password; – Your login and use data for the Site/Application; – Documents requested at the time of registration;
| Three years from the date of collection in the event of inaction on your part on the Site/Application or the last use of your login and use data for the Site/Application [CNIL Recommendation NS-048] or until you delete your accountFor connection logs: 6 months from the last appointment made. |
List of processing of your personal data for the general use of the site
Use of the Site/Application and Services: Instant Messaging Service
Why is this data collected? | What is the legal basis for the processing? | What data does your data collect and process? | How long is your data stored? |
– Follow-up and management of the connection between a Patient and a Healthcare Professional (management of any disputes related to the use of the instant messaging service); | Execution of the General Terms and Conditions of Use | – Messages received and transmitted via the instant messaging service; – Files received and transmitted via the instant messaging service; | Six months from the last message received or transmitted |
List of processing of your personal data for the use of the site for Instant Messaging.
Functioning of the Site/Application / Cookie Management
Why is this data collected? | What is the legal basis for the processing? | What data does your data collect and process? | How long is your data stored? |
Allows or improves navigation on the Site or the use of the Application, the quality of the services offered and the follow-up of appointments; Compilation of statistics, in particular on the activities carried out on the Site/Application | Legitimate interest | Your login and usage data for the Site/Application; | Six months from consent for cookies |
List of processing of your personal data for the operation of the site
Processing of requests strictly related to the use of the Site/Application
Why is this data collected? | What is the legal basis for the processing? | What data does your data collect and process? | How long is your data stored? |
Processing of requests strictly related to the use of the Site/Application | Execution of the General Terms and Conditions of Use | – Your first and last name – Your e-mail address – Content of the request | 5 years from the date of the request [Article L.110-4 of the French Commercial Code] |
List of processing of your personal data for the use of the site
Processing of requests relating to your data protection rights
Why is this data collected? | What is the legal basis for the processing? | What data does your data collect and process? | How long is your data stored? |
Processing of requests relating to your data protection rights | Legal Obligation | – Your first and last name – Your e-mail address | Retention time required for the processing of the application |
List of processing of your personal data for the processing of your rights
Preventing and combating computer fraud
Why is this data collected? | What is the legal basis for the processing? | What data does your data collect and process? | How long is your data stored? |
Preventing and combating computer fraud | Legitimate interest | – Your first and last name; – Your e-mail address; – Your landline and mobile telephone number; – Your date of birth; – Your gender; – Your password; – Your login and use data for the Site/Application; | For connection logs: 6 months from the last appointment made, except for legal obligations or particularly significant risks [CNIL recommendation on access traceability and incident management: https://www.cnil.fr/fr/securite-tracer-les-acces-et-gerer-les-incidents]For the IP address: 1 year from its registration [Article 3 of Decree No. 2011-219 of 25 February 2011] |
List of processing of your personal data for the fight against computer fraud
Providing information related to public health
Why is this data collected? | What is the legal basis for the processing? | What data does your data collect and process? | How long is your data stored? |
Public health campaigns (e.g. vaccination campaign)Health information from health authorities or other bodies, etc. Campaigns relating to the services available on the Site/Application | Legitimate Interest/Consent | – Your first and last name – Your e-mail address – Country/City | Until the User objects Three years from the collection or last use of your login and use data for the Site/Application [CNIL Recommendation NS-048] Until you delete your account |
List of processing of your personal data for public health
Your Personal Data may also be collected and processed by SURGPART SASU subcontractors, in the name and on behalf of Healthcare Professionals, for the following purposes:
What is the purpose of the processing? | What data does your data collect and process? |
Management and follow-up of the care pathway: -Putting the user in touch with a Healthcare Professional – Management of appointments made with the Healthcare Professional – Referring the user to other healthcare professionals – Management of the follow-up of the user’s appointments | – Your first and last name – Your e-mail address – Your postal address – Your landline and mobile phone number – Your date of birth – Your gender – Your geographical location, if any – The history of your appointments (type of consultation, doctor concerned, date, time, status of the appointment) – Data relating to the medical information that the Healthcare Professional wishes to share with you or that you wish to share with the Healthcare Professional |
Payment of subscriptions for healthcare professionals | The payment of a subscription on the Site and/or the Application is made by credit card through the payment service provider Stripe Payments Europe, Limited C/O A&L Goodbody, Ifsc, North Wall Quay, Dublin 1 (hereinafter “STRIPE”). The user must first read, understand and accept Stripe’s terms and conditions of use (https://stripe.com/fr/legal). |
Management of disputes between you and the Healthcare Professional in connection with the use of the service (calendar, instant messaging, etc.) | – Your first and last name – Your e-mail address – Content of your complaint |
Complaint and rights of the Patient user: – Processing of requests via our contact form– Processing of requests relating to your Data Protection rights | – Your first and last name – Your e-mail address – Content of your complaint |
Notification to the User Patient: – Confirmation of the appointment with the Healthcare Professional – Reminder of the User Patient of the booked appointment – Information as to new availability – Sharing of a new document by the Patient and/or Healthcare Professional | – Your first and last name – Your email address – Your mobile phone number |
Transmission of documents: – Sharing of documents as part of the appointment booking. | – Your first and last names – Your shared documents – The history of your appointments (doctor concerned, date, time, status of the appointment) |
List of processing of your personal data on behalf of Healthcare Professionals
NB: This data may also be collected for the relative for whom you are making an appointment.
WHO ARE THE RECIPIENTS OF THE PERSONAL DATA COLLECTED AND THE PROCESSORS?
The recipients of some of your Personal Data are:
- Healthcare Professionals when making appointments and/or instant messaging, and persons duly authorised by them;
- authorised persons within the company SURGPART SASU in charge of the execution of the services concerned. They have access only to the data that is necessary for their duties;
- Our SCALEWAY certified health data host;
- The payment service provider involved in the payment of subscriptions
- Where applicable, authorised persons from our subcontractors or partners, under conditions of strict confidentiality and exclusively in order to achieve the processing purposes set out in this Policy.
- An up-to-date list of subcontractors can be sent on request to the following address: [email protected], or by post to the following address: SURGPART SASU – 5 Impasse Joseph Kessel, 42300 Mably
HOW LONG IS YOUR PERSONAL DATA STORED?
Your Personal Data is kept by SURGPART SASU for a limited period of time determined according to the purpose of the processing as well as the legislation.
If you do not use your account for a period of time, we will delete it and the associated Personal Data after asking you whether or not you wish to keep it.
Beyond these periods, we will delete or archive this Personal Data in accordance with the legal or regulatory provisions in force.
Your Personal Data is stored by Healthcare Professionals in their capacity as data controller in accordance with the relevant legal requirements. If you wish to obtain more details about the retention period of personal data concerning you by Healthcare Professionals, we invite you to contact the Healthcare Professional concerned directly.
WHAT ARE YOUR RIGHTS AND REMEDIES?
In accordance with the regulations in force, you have the right to access, rectify and delete your Personal Data, as well as the right to limit processing, the right to portability and the right to object.
You also have the right to set your own guidelines for the retention, deletion and communication of your Personal Data in the event of your death.
To exercise these rights when SURGPART SASU is Data Controller, you can contact us either by email at the following address: [email protected], or by post at the following address: SURGPART SASU – 5 Impasse Joseph Kessel, 42300 Mably. You will need to indicate the Personal Data that you wish to correct, rectify or erase and identify yourself precisely. We will do what is necessary to respond satisfactorily to your requests and in accordance with the relevant laws and regulations.
To exercise these rights when SURGPART SASU is a data processor: you can contact your Healthcare Professional acting as data controller.
In addition, you can lodge a complaint with the CNIL, supervisory authority for the protection of personal data in France.
NB: We inform you that the deletion of certain data could lead to the cancellation of the scheduled Consultations. These deletions will be carried out subject to the applicable laws and regulations.
WANT TO DELETE YOUR ACCOUNT?
You can, at any time, request the deletion of your personal account from your personal space via the “My account” section, then by clicking on “Delete my account”.
NB: any fraudulent creation or use of an account or one that does not comply with the Terms and Conditions may result in its deletion. Any deletion of an account for any reason whatsoever will result in the permanent deletion of your Personal Data, unless otherwise required by law.
I AM A MINOR OR A PERSON UNDER GUARDIANSHIP/CURATORSHIP (Appointment for a relative):
- Minors: Users under the age of sixteen must obtain the consent of their legal representative prior to entering their Personal Data on the Site and/or the Application. Depending on the local regulations of the User’s habitual residence, the age of sixteen may be lowered to thirteen years.
- Persons under curatorship/guardianship: the collection, processing and storage of Personal Data is only permitted if the curator or tutor has given his or her consent.
In any case, the User undertakes that the consent has been given by the person legally responsible for it.
NB: Any appointment made for a loved one on the Site/Application by a User is made under his or her sole responsibility. He undertakes to ensure that the consent of the loved one has been given prior to any appointment being made against him.
WHAT IS SURGPART SASU COOKIE POLICY?
When you visit our Website or Application, cookies may be deposited and stored on your device (computer, tablet, smartphone, etc.).
The purpose of this Cookie Policy is to specify the different types of cookies and other similar technologies that may be used on our Site or App.
What is a cookie?
A cookie is a small text file that a website may deposit on your device’s hard drive. It records information relating to your device’s navigation on the site (such as, for example, the pages visited, the date and time of the consultation, etc.) and is installed on the browser.
Why do we use cookies?
Cookies allow us to improve navigation on the site, to optimize and personalize our services on the site, as well as to measure audiences in order to offer you a website that meets your expectations and preferences.
The cookies we use on our website are either issued by us or issued by third party companies on our behalf.
Cookies necessary for the provision of services and the improvement of the performance of the Site do not require your prior consent. More specifically, these cookies make it possible to offer the user access to their account or any other reserved area via their logins, to remember information relating, for example, to a form you have filled in or to a service, to implement security measures, to remember your browser’s display preferences and to adapt the presentation of the site.
With regard to cookies subject to your consent, their acceptance means that the relevant trackers used by our site will be deposited and recorded on the terminal with which you consult our Site. In this way, you will be able to use the Site’s services to their fullest extent.
If the rejection of cookies subject to your consent does not prevent the normal use of the website, some services may not be provided.
Our Site may contain audience measurement cookies issued by third parties allowing us to establish statistics on the number of visitors and use of the various elements that make up the Site in order to improve the interest and ergonomics of the Services offered.
If you do not wish to receive cookies from our website, you can set your browser to refuse them, block them entirely, or have them notify you when you receive one, asking you whether or not you agree to the placement of such a cookie.
You can manage and change the use of cookies at any time via your browser or the cookie management panel. We remind you that disabling first-party or third-party cookies for a purpose strictly necessary for the provision of the service may result in slowing down and/or disrupting access to and use of the site.
For more information on cookies and how to manage them in your browser, we invite you to consult the information provided by your browser or the following page: https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser.
English 
Français 
Türkçe