PRIVACY POLICY AND COOKIES

The Sanareva.co.uk website, hereinafter referred to as the "Site" is published by the company HOLDING OMNIPHAR' 07, hereinafter referred to as « the Data Controller ».

I – GENERAL INFORMATION

This text is dedicated to our privacy policy. It enables you to find out more about your rights and the origin and use of navigation information processed during your consultation of our Site.This policy is therefore important for you, who wishes to have a positive and reliable experience of our services, and for us, who wish to provide accurate and complete answers to your questions regarding your consultation of our site in a precise and comprehensive manner and to take your requests into account.

The Data Controller protects the privacy of its internet users by complying with current legislation. This text details how the Data Controller uses your personal data and informs you of the measures taken to ensure the protection of your personal data in the context of the use of the Site, in accordance with the terms of General Data Protection Regulations.

II – COLLECTION OF PERSONAL DATA

The personal data collected by the Data Controller depends on your use of the Site and can include the personal data that you have provided :

  • Through the « Contact Us » form ;
  • At the time of your registration to the customer area (creation of a customer account) and if needed, when modifying the personal information in your customer account ;
  • When subscribing to newsletters ;
  • When passing an order on the Site ;
  • As part of the referral program ;
  • As part of the referral scheme ;
  • When evaluating your satisfaction ;
  • When collecting data relating to the use of the Site and in particular the collection of Cookies (Article IV « ELECTRONIC IDENTIFICATION DATA: COOKIES» hereinafter) ;
  • In the event of requests, complaints and/or disputes.

« Personal data » refers to information about you that you provide voluntarily by filling out a form on the Site, or that the Data Controller collects in the context of your browsing on the Site and which, whatever its nature, enables them to identify you, directly or indirectly.

Personal data therefore includes individual data (such as names, contact details, photographs that you provide) and electronic identification data available on or taken from your computer (such as “cookies” or “IP addresses”). To clarify, electronic identification data makes it possible to identify your connection terminal or the pages consulted on the Site during your navigation and are generally not sufficient on their own to identify you individually. When you voluntarily provide personal data about yourself, particularly in the case of multimedia content (photographs, videos etc.), you are agreeing to provide accurate information not prejudicial to the interests and rights of third parties.

Information that is required in order to process your orders or when you complete a form on the Site is indicated by an asterisk. Other requested information, which is optional to provide, are intended to get to know you better and, thus, to improve the services offered to you.

III – PERSONAL DATA INVOLVED

  • Identity: title, surname, first name(s), delivery and billing addresses, post code, town, country, landline/mobile phone number, email addresses, date of birth, company name, internal processing code allowing customer identification, copy of an official identification document.
  • Sensitive data : When you browse the Site and particularly during your exchanges with our pharmacists through the « Contact-us», section, information about you that can be considered as sensitive may be collected by the Data Controller, such as data concerning your health or your sex life.
  • Data relating to bank cards, for fraud prevention purposes: the bank that issued the payment card, type of credit card, partial credit card number, cardholder, expiry date, country of the card used. This data does not allow us to reconstruct the person's bank card number. All of your bank details are collected by our PCI-DSS (Payment Card Industry Data Security Standard) certified payment service provider to ensure the security of payments.
  • Data relating to the transaction : transaction number, date and amount of the transaction, purchase details.
  • Data relating to commercial relationship monitoring : products purchased, quantity, amount,delivery and billing addresses, purchase history, product returns, communication with customer service, exchanges and reviews from customers and prospective customers.
  • Data necessary for the realisation of marketing activity such as the sending of newsletters, building loyalty, canvassing, study, sponsorship, survey or commercial promotion.
  • Data relating to the organisation and treatment of competitions and any other commercial promotion : participation data, competition responses, the nature of the prizes offered.
  • Data relating to the contributions of persons who submit opinions of products, services or content, including their screen name/pseudonym.

IV – ELECTRONIC IDENTIFICATION DATA : COOKIES

When consulting the Site, the Data Controller and partners, may be led, depending on your choices, to leave a file called a “Cookie” on your computer using your browser software. These Cookies record information relating to the navigation of our site from your terminal (pages you have consulted, the date and time of consultation, language settings, the time of connection etc.). During their period of validity or recording, these Cookies allow the Data Controller to identify your computer when you next visit, in order to facilitate your navigation and offer you a personalised browsing experience.

The Data Controller keeps these Cookies on your computer for a period of 13 months.

We would like to draw your attention to the fact that sharing the use of your terminal with other people is likely to modify the personalised nature of the operation of Cookies.

The Site uses several types of Cookies for different purposes :

  • Functionality Cookies: : Essential to the use of the Site, they allow you to use the main functionalities of the Site such as managing your shopping basket and the order process, maintaining your identification throughout your navigation, adapting the presentation of the Site to the display preferences of your terminal, managing and accessing your personal space in a secure manner, the security of your transactions, etc. These Cookies are necessary to the provision of our services during your navigation of the site. These functionality Cookies cannot be deactivated, the Site can not function correctly without these Cookies.
  • Analytical and Audience Measurement Cookies :These Cookies are used to better understand the use (e.g. which pages are visited most often) and performance of the Site in order to improve its operation. These Cookies can be installed onto your computer by the Data Controller or by its service providers and audience measurement partners. These Cookies are not essential for browsing, but make it possible to measure the Site's performance, to detect browsing problems, to facilitate searches and to analyse the content visited or to optimise the functioning of the Website.
  • Third Party Cookies : These Cookies are left on your terminal by third party companies. The Data Controller does not control the collection by third party websites of information relating to your browsing on the Site and the personal data available to them. It is recommended that you consult the Cookie policies of these third party websites in order to find out for what purpose they use these Cookies.
  • Personnalisation Cookies : They allow you to visit the Site in a personalised manner, based on your previous visits, purchases, etc. You will be able to find the offers that best suit you more quickly.
  • Advertising Cookies :These Cookies are used to present you with advertisements or to send you information tailored to your interests on our Site or outside of the Site when you browse the internet. The refusal of these Advertising Cookies has no impact on your use of the Site. However, refusing Advertising Cookies will not stop advertisements on our Site or the Internet, but will only result in the appearance of advertisements that do not take into account your interests or preferences.

How do I change my settings for Cookies ?

Settings on a cookie management platform

If you do not want the Data Controller to be able to leave Advertising Cookies, you can inform us of this choice by clicking the button below.

Web Browser Settings

You can choose at any moment to oppose or limit the saving of Cookies by configuring your browser software (Internet Explorer, Google Chrome, Safari, Firefox, etc.) and insofar as your device is likely to view content developed with Flash programming, you can access your Flash Cookie management tools.

Your web browser can be set up to notify you of Cookies that are left on your computer and ask you to accept them or not. You can accept or refuse Cookies on a case-by-case basis or refuse them systematically.

Warning, it is possible that this configuration of your browser may deprive you of access to certain content or significantly disrupt your browsing and the services you expect from our Site. If necessary, we deny all responsibility for consequences relating to the degradation of our Site due to the impossibility of using Cookies necessary for its operation. If your web browser is configured to refuse Cookies, you will not be able to complete purchases or benefit from the essential functions of the Site such as, for example, adding items to your shopping basket or receiving personalised recommendations.

In order to manage Cookies as accurately with your expectations, we invite you to adjust your browser settings, taking into account the purpose of Cookies as mentioned above.

The configuration of each web browser is different. It is described in the help menu of your help browser how to change your Cookie preferences. This tells you how to refuse new Cookies, how to be notified when you receive them, or how to deactivate Cookies, either systematically or according to the sender. You can also delete Cookies manually.

V – USE OF PERSONAL DATA - PURPOSES AND RECIPIENTS

The information that you provide to the Data Controller is subject to computer processing which may be for some or all of the following purposes :

  • customer relationship management, notably the payment and tracking of orders, delivery, billing, the management of your customer account and of our loyalty and referral programs ;
  • customer relation monitoring, such as measuring satisfaction or surveys;
  • the management of customer service complaints ;
  • the management of exchanges with the customer service via the contact form ;
  • the management of people’s opinions about products, services or content ;
  • the management of requests for right of access, rectification, erasure, objection, limitation of processing and portability of data ;
  • the organisation of competitions ;
  • the mailing of the newsletter to which you are subscribed ;
  • the sending of operations relating to prospects ;
  • the development of trade analysis and statistics.

The Data Control is the is the recipient of your personal data and shares the information with :

  • Subsidiaries of the Data Controller in accordance with the aforementioned purposes, without any further processing incompatible with these purposes and in accordance with the instructions of the Controller with regard to security and data protection without further processing incompatible with these purposes and in accordance with the instructions of the Data Controller regarding security and data protection ;
  • Partners of the Data Controller for commercial prospecting purposes, subject to your prior consent to receive information from partners of the Data Controller ;
  • Any subcontractors of the Data Controller within the limit of the information necessary for the execution of the services entrusted to them by the Data Controller (such as maintenance of the Site, the hosting of the Site, the delivery of orders, the sending of newsletters, service quality monitoring, etc.). They are obliged to process them solely for this purpose, exclusively on behalf of the Data Controller, without re-use for their own account, and in accordance with the instructions of the Data Controller regarding security and data protection.

VI –PERSONAL DATA PROTECTION

We take all precautions and appropriate technical and organisational measures, in accordance with applicable laws and regulations, to protect your personal data against unlawful or accidental destruction, accidental loss or alteration, or unauthorised disclosure or access. Only the authorised staff of the Data Controller (and their hierarchical superiors) may have access to your personal data.. The Data Controller puts in place all the necessary measures to secure its data processing systems.

In the event that your data is transferred to subcontractors (in particular for hosting, Site maintenance, etc.), the Data Controller shall ensure that these subcontractors provide a level of security that complies with the required standards and regulatory requirements.

Your data may, particularly due to the partial outsourcing of data processing, be transferred outside of the European Union. In this case, the Data Controller shall ensure that this transfer complies with the legal framework: transfer to a country providing a level of protection equivalent to that guaranteed in the European Union or signing of contractual clauses issued by the European Commission or, for a service provider established in the United States, verification of its prior adherence to the « Privacy Shield » legal framework.

VII – LEGAL BASIS FOR THE PROCESSING AND STORAGE OF PERSONAL DATA

The processing of personal data relating to customers is justified on various grounds (legal basis) depending on the use of such data by the Data Controller. Among the applicable legal bases :

  • Performance of the contract: the processing of the customer's personal data is necessary for the execution of the contract to which the customer has consented ;
    • or
  • Consent: The customer agrees to the processing of his personal data by means of an express consent (checkbox, click, etc.). The customer may withdraw this consent at any time ;
    • or
  • Legitimate interest: The Data Controller has a legitimate interest when the processing of personal data takes place in the context of a relationship with a customer, when it processes personal data for canvassing purposes, to prevent fraud, etc ;
    • or
  • The law: The processing of the customer's personal data is made compulsory by law.

In accordance with the legislation and regulations in force, the Data Controller keeps your personal data for the duration strictly necessary to achieve the purposes of the data processing. The length of time data is kept by the Data Controller varies according to the purposes of the processing operations being carried out.

Personal data relating to customers is not kept beyond the duration strictly necessary for the management of the commercial relationship. It will be removed after three years from the end of the commercial relationship (last activity of the customer on the Site or last contact from the customer). Once this period has elapsed, the Data Controller may contact the person concerned to find out whether he or she wishes to maintain the business relationship. In the absence of a positive and explicit response from the person, all data will be deleted.

Personal data relating to a non-customer prospect are kept for a period of three years from the time they are collected or from the last contact made by the prospect (for example, a request for documentation or a click on a hypertext link in an e-mail).

At the end of this three-year period, the Data Manager may contact the person concerned to find out whether he or she wishes to continue to receive commercial advertising. In the absence of a positive and explicit response from the person, all data will be deleted.

The information that you provide via the "Contact Us" form is kept for a period of one year.

At the end of the aforementioned time limits, personal data enabling proof of a right or contract to be established may be subject to an interim archiving policy in order to meet the legal, accounting and tax obligations of the Data Controller, for a period not exceeding the duration necessary for the purposes for which they are kept.

Data relating to bank cards are kept for the period corresponding to the time needed to complete the transaction, i.e. the actual payment, plus, where appropriate, the withdrawal period provided for sales of goods and supplies of services at a distance.

Data relating to bank cards are kept for the purpose of proof in the event of any dispute over the transaction, in interim archiving, for a period of fifteen months following the date of debit. This data will only be used in the event of a dispute over the transaction.

In addition, if you have agreed to register your card to facilitate the payment of your future purchases ("one-click payment"), a secure fingerprint different from your card number is recorded in your customer account, in order to avoid you having to re-enter it when placing future orders. You can consult the list of your registered cards, but you can also withdraw your consent by deleting the bank card(s) registered for this purpose in the "My Credit Cards" section of your customer account. Thus, this data may be kept until the customer's consent is withdrawn and/or the validity of the credit card data expires.

VIII – EXERCISING YOUR RIGHTS

In application of the General Data Protection Regulations, you have a right of access, of rectification, of deletion, of opposition, and of limitation to the processing and portability of data concerning you.

You can exercise your rights by sending a request to the following postal address by mail: OMNIPHAR - Personal Data Protection Officer - Lieu-dit Bel Souleil - 31850 Montrabé – FRANCE ; or by email to the following email address: dpd@omniphar.com.

You have the right to submit a complaint with a supervisory authority, if you consider that the processing of personal data concerning you represents a violation of General Data Protection Regulations.

To unsubscribe or manage your newsletter subscriptions, simply click on the unsubscribe link located at the bottom of the newsletter email or set your choices within the “Newspaper Subscriptions” area of your customer account.

By connecting to your customer account, you can also modify, rectify and update all the information in the « Account Information » section.

IX – INFORMATION

For all questions or comments regarding this Privacy policy or cookies, or the way in which the Data Controller collects and uses data concerning you, you can send a letter to the following postal address: Personal Data Protection Officer - OMNIPHAR –Lieu-dit Bel Souleil - 31850 Montrabé ; or an email to the following email address: dpd@omniphar.com.