I - Stago Data Controller
Stago, when acting as a controller in a manner that attracts compliance obligations in your jurisdiction, will handle your personal data in accordance with applicable laws and this policy.
In order to protect your privacy and your personal data as effectively as possible, we have appointed a data protection officer. This person, who is the privileged point of contact for the supervisory authority, is responsible for ensuring that we process your data in accordance with applicable law.
Click here to contact our data protection officer.
II – What are our commitments?
We are committed to ensuring the highest possible level of protection for the persons whose personal data we process ("data subjects").
We follow the applicable regulations for relevant data protection laws and we are committed to respecting the following principles:
- We process your personal data in a lawful, fair and transparent manner;
- We collect your personal data for specific, explicit and legitimate purposes and will not process it in a way incompatible with these purposes (Limitation of purposes);
- We ensure that the personal data processed are adequate, relevant and limited to what is necessary for the purposes for which they are processed (data minimisation); • We do our best to ensure that personal data is accurate and, if necessary, kept up to date. We will take all reasonable measures to ensure that inaccurate personal data, having regard to the purposes for which they are processed, are deleted or rectified without delay (Accuracy);
- We keep your personal data in a form allowing your identification only for the time necessary for the purposes of the processing (Storage limitation)
- We process your personal data in such a way that is appropriate to secure against illegitimate access, unauthorized alteration, or destruction for said data using technical and organizational measures (integrity and confidentiality).
- We make sure to be able to demonstrate our compliance (accountability)
These commitments are manifested as follows:
- We respect your privacy and your rights;
- We ensure that the protection and security of your personal data are at the center of our concerns;
- We consider each processing operation taking into account the principles of data protection, in order to satisfy the principle of data protection by design;
- We will not use your personal data for purposes that have not been brought to your attention or cannot otherwise be reasonably anticipated; We will only store your personal data in accordance with requirements at law
- We only share your personal data within Stago (including its affiliates), and with our processors (as defined below). We do not sell your personal data to third parties;
- We are committed to securing and protecting your personal data. To this end, we only work with trusted partners (our processors) who provide appropriate levels of guarantees for the protection of personal data;
- We respect your rights and will do our best to satisfy your requests, if they are justified.
III – Which personal data are we processing?
We remind you that personal data is information relating to an identified or identifiable natural person, which may include your email address, your first and last name, your IP address, etc.
We collect your personal data as part of our sales, after-sales service, distribution, and promotion purposes. In some cases, we collect your personal data directly from you. In other cases, your personal data is communicated to us by a third party (our customers, our suppliers, etc.).
The personal data that we are likely to collect and process are, for example:
- Identification data, such as your first and last name, your address, your telephone number, your e-mail address, your profession;
- Application data, such as your CV, diplomas, professional experience, if you wish to apply to Stago;
- Data relating to an order or a service provided to us, if you are a supplier or service provider to Stago.
IV – For what purposes are your personal data processed?
The processing of personal data carried out by Stago has an explicit, legitimate and determined purpose.
Your personal data may for example be processed for the following purposes:
- If you are a customer or a prospect, we may process your personal data for the following purposes:
- managing our relationship with you;
- organization, registration and invitation to events, trainings and webinars;
- management and follow-up of customer, supplier and third party files;
- prevention of money laundering and terrorist financing and the fight against corruption;
- If you submit an application for a position within Stago, we may process your data in order to manage your application.
- If you have subscribed to our newsletter, we may also process your personal data in order to send you said letter by e-mail.
- If you are one of our supplier or service provider, we can finally process your data for the management of our relationship with you.
If we need to process your personal data for any purpose other than a purpose originally communicated to or reasonably anticipate by you, the purpose of the processing will be communicated to you on a case-by-case basis, for each such additional processing that we carry out on your personal data.
V – How do we ensure the lawfulness of our processing operations?
We always ensure, when we process your personal data, that the processing has a lawful purpose and is carried out in accordance with applicable law and this policy.
The following purposes and processes may apply:
- When you have personally entered into a contract with Stago, and the performance of this contract requires us to process your personal data, the legal basis for the processing is the performance of the contract. For example, this could be the case if you are a Stago employee.
- When processing is necessary for the execution of pre-contractual measures taken at your request, our legal basis is based on these pre-contractual measures. For example, this is the case when you submit an application for a position to us, which requires us to review your CV in order to make a decision on your application.
- When the processing is necessary for the purposes of the legitimate interests which we pursue, our legal basis is constituted by these legitimate interests. For example, the processing of your personal data for prospecting purposes as part of the management of the contract of the company for which you work, as part of our clinical studies which are of a public interest nature and are necessary for the development of our medical devices.
- We may also process your personal data by relying on another of the legal bases listed in local and / or European legislation or regulations that are applicable to Stago as an employer or private company based in the European Union. For example: compliance with a legal obligation to which Stago is subject, your consent to processing.
VI – How long do we keep your personal data?
Stago will keep your personal data only for the time necessary for the purposes for which they are processed, and in accordance with applicable legislation. Thus, the retention period of your personal data depends on the purpose of the processing to which they are subject, according to the correspondences below:
- Management of the relationship with our clients: 5 years from the end of the relationship with the client;
- Organization, registration and invitation to Stago events: 3 years from the end of the relationship with the person concerned if they are a client and 3 years from the last contact if the person concerned is a prospect;
- Prevention of money laundering and terrorist financing and fight against corruption: until the legal or regulatory obligation incumbent on us is satisfied;
- Invoicing: 10 years from the end of the financial year concerned;
- Accounting: 10 years from the end of the financial year concerned;
- Management of candidates for a position: 2 years from the last contact with the candidate;
- Sending our newsletter: the duration of the newsletter subscription;
- Management of relationships with service providers and suppliers: 5 years from the end of the relationship;
- Response to requests sent to us through the contact form on our websites: the time required to respond to the request concerned.
VII – Who can access your personal data?
Authorized persons within Stago and in some cases, our trusted processors, may access your personal data. We do our best to ensure that the number of such persons is kept as small as possible and to maintain the confidentiality and security of your personal data.
We only provide our processors with the information they need in order to provide the service and ask them not to use your personal data for other purposes. We always do our best to ensure that all of our processors with whom we work maintain the integrity, availability, confidentiality and security of your data. When our relationship with a trusted processor comes to an end, we require that processor deletes your personal data as soon as possible.
We select our processors with great care, ensuring that they provide sufficient guarantees, particularly in terms of expertise, reliability and resources, to implement the technical and organizational measures to meet the requirements of the applicable legislation, in particular the security of the processing. In this regard, we require that our processors process your personal data only on our documented instructions. We also require that their staff are committed to confidentiality or are subject to an appropriate legal obligation of confidentiality.
We may ask our processors to provide a service that requires the processing of your personal data, for example in the following cases:
- hosting our website;
- the storage of your personal data;
- maintenance of our hardware / software.
- Where applicable, we ensure that the use of these processors does not infringe our obligation of confidentiality.
VIII – Where do we store your personal data?
Your personal data may be stored in Australia, the European Union (EU), and/or the European Economic Area (EEA) by Stago and its processors.
By providing us with your personal data, you acknowledge that your personal data may be used, stored, and disclosed overseas, including in jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. To protect your personal data, we take care to work with entities, partners, and service providers who are based in countries that provide adequate levels of data protection, or we otherwise take steps to ensure that your personal data receives adequate levels of data protection in the jurisdictions in which it is processed in accordance with all applicable privacy laws.
On a case-by-case basis, we will inform you of our intention to transfer personal data to a third country, of the existence or not of an adequate decision of the Commission and, where appropriate, of the reference to the appropriate safeguards and the means of obtaining a copy or the place where they have been made available.
IX – What are your rights as a data subject and how to exercise them?
Depending on the processing operations to which your data is subject, you may have the following rights:
The right to obtain confirmation from us whether or not personal data concerning you is being processed (right of access). If this is the case, you can access your personal data and obtain information such as the purpose of the processing, the categories of personal data concerned, etc.;
- The right to update or correct your personal data by contacting us, or by amending your information on your account if applicable.
- The right to obtain from us the rectification of inaccurate personal data concerning you (right of rectification);
- The right to obtain the erasure of your personal data, provided that one of the reasons justifying this right applies (right of erasure);
- The right to obtain restriction of processing, when one of the reasons justifying the exercise of this right applies (right to restriction of processing). If you choose to limit the personal data we process about you we may not be able to communicate with you or fulfil our purposes or services as outlined above;
- The right to remain anonymous or use a pseudonym. If you do not provide us with some or all of the personal data we request, or request to remain anonymous, we may not be able to provide you with the relevant services and this may also have an effect on whether we can begin or continue a relationship with you;
- The right to data portability when the processing is based on consent or a contract and the processing carried out using automated processes;
- The right to object, for reasons relating to your particular situation, to certain processing of personal data (right of objection);
- The right not to be the subject of a decision based exclusively on automated processing including profiling except in cases which allow it.
To exercise these rights, you can contact our data protection officer.
In order for us to process your request satisfactorily, you may need to prove your identity, by whatever means we reasonably request. If in doubt on our part, we may ask you for additional information, including the secure transmission of a copy of an identity document, signed by you with a specific mention across the copy "for the exclusive purpose of the exercise of rights from Stago", with the date.
We will do our best to promptly satisfy your requests. Whatever our response, we will get it to you within one month, but our response time may be extended by an additional reasonable period of time, depending on the complexity and number of requests or if we require further information from you.
If you request to access your data, we may require the payment of reasonable fees which take into account the administrative costs incurred in providing the information, making communications, or implementing the measures requested by the data subject.
If, for any reason whatsoever, you consider that our response is not satisfactory, we inform you that you can lodge a complaint with the relevant supervisory Authority in your jurisdiction, which may include the below:
European Union: For more information about the GDPR, please contact the European Data Protection Supervisor, the European Union’s independent data protection authority or visit their website at: https://edps.europa.eu/.
Australia: For more information about protecting your privacy in Australia, please contact the Office of the Australian Information Commissioner (“OAIC”) via their website at www.oaic.gov.au.
X – What information will we provide to you?
You may request, and Stago will provide, any information about our data processing operations that we are required to provide at law. Whenever Stago carries out processing operations on your personal data, it takes all required and reasonable steps to bring to your attention:
- The identity of the controller and the contact details of the data protection officer;
- The source from which the data comes when the data has not been collected from you;
- The purpose of the processing as well as the legal basis for the processing;
- When the processing is based on legitimate interests, the justification of these interests
- The recipients or categories of recipients of the data
- If applicable, the intention to make a transfer outside the EU and the terms and conditions authorizing this transfer
- The retention period of the data or the criteria used to determine this period
- The rights you have regarding this processing;
- Information on whether the requirement to provide data is regulatory or contractual in nature or whether it conditions the conclusion of a contract and whether you are required to provide such data as well as the possible consequences of not providing of this data;
- If applicable, the existence of automated decision-making, the underlying logic, importance and expected consequences;
- When Stago intends to carry out further processing for a different purpose, information about the other purpose.
This information will be made available to you as soon as possible and, in the case of direct collection of your data, at the time of collection.
Some of our obligations may limit your right to information: if the personal data concerning you is covered by confidentiality with regards to an obligation of professional secrecy incumbent on us, and if we have obtained it by means of an indirect collection, it is possible that we do not process your information.
XI – How do we take care of the security of your personal data?
Stago attaches great importance to the protection of your personal data and takes all reasonable precautions to this end. We ask our partners who process your data on our behalf to do the same.
We are constantly doing our best to protect your personal data. Upon receipt of your data, we apply strict procedures and security measures (technical and organizational) to prevent unauthorized access.
This policy was last updated in July 11, 2022.