This Privacy Policy (hereinafter the "Policy") relates to personal data processed in connection with the "Relaxation by Newpharma" application accessible via app' stores and owned by Smartvalue SRL (referred to in this Policy as "We", also referred to as "Us", "Our", etc.; see Our contact details in section 2 hereof).
We value the personal data of individuals who access, visit and generally use Our Service. These individuals are referred to in this Policy as "User(s)", "You", "Your", etc.
Our primary concern is to treat Your personal data with the utmost care and to ensure the highest level of protection in accordance with Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter "GDPR") and the applicable national law on this matter.
This Policy informs You about :
A glossary of key legal terms used in this Policy is available below.
We are the controller of the processing of Your personal data described in this Policy.
Please find below our full contact details:
Smartvalue SRL
the attention of the Data Protection Officer
Rue du Charbonnage 10 b2
4020 Wandre (Liège)
Belgium
Any questions or requests concerning the processing of Your personal data can be sent to the following email address: feedback@experience.newpharma.health
We collect personal data about You for a number of reasons.
We may only collect and use Your personal data if such use is based on one of the legal grounds determined by the GDPR (for example, Your consent or the performance of a contract with Us).
The purposes of using Your personal data and the corresponding legal basis are listed below.
We have a legitimate interest in processing the personal data of people who contact Us in order to respond appropriately (Article 6.1.f) GDPR).
We process Your personal data in order to respond to requests for prior information about the Service and/or questions that You send to Us.
We have a legitimate interest in processing the personal data of persons wishing to become Users of Our Service insofar as these data enable Us to respond to their requests and/or questions (cf. Article 6.1.f) of the GDPR). This may also include processing necessary for pre-contractual measures (see Article 6.1.b) of the GDPR).
This includes the processing of data necessary for the management of the relationship with the Users of Our Service in the broadest sense, and includes, among other things, the performance of the services that You request from Us, including the proper administration of Our Service, the provision of Our Service to Users, the proper handling of users' requests regarding the use of Our Service, the maintenance of the security of Our Service, etc.
We process personal data to carry out operations relating to the management of Users.
We have a legitimate interest in collecting and processing data relating to Our Users in order to ensure the proper performance of the contract (Article 6.1. f) GDPR). The processing of such data is also necessary for the performance of the contract to which Our Users are party (Article 6.1.b) of the GDPR).
This includes, among others
We have a legitimate interest in processing the personal data of Users of Our Service in order to inform them about the services and features available on the Service.
In order to provide You with the most relevant experience possible, We may personalise Your emails and other communications provided that We have obtained Your prior explicit consent (article 6.1.a) and 9.2.a) of the GDPR). For this purpose, Your interactions with Us will be analysed.
We have a legitimate interest in processing the personal data of online users of social networks who subscribe to our pages in order to inform and promote our services (Article 6.1. f) of the GDPR).
We have a legitimate interest in collecting and processing data relating to Users of Our Service for the purpose of managing disputes with them. This purpose is also based on the need to perform the disputed contract concluded with them (Article 6.1. f) and b) of the GDPR).
Statistical purposes" means any collection and processing of personal data necessary for the production of statistical results. These statistical results may also be used for various purposes, in particular to improve Our services.
We have a legitimate interest in processing the personal data of Users of Our Service in order to improve Our services and to have a better understanding of the target audiences and visitors (Article 6.1.f) of the GDPR).
Below we detail the personal data we collect during each of these interactions for each use we make and the reason for and method of collection.
E-mail address and/or personal information sent by the person making contact.
For this purpose, data is collected directly from You.
Personal identification data (surname, first name, e-mail address, company, telephone number, etc.).
For this purpose, data is collected directly from You.
For this purpose, data is collected directly from You.
Personal identification data (surname, first name, e-mail address, name of the pharmacy/parapharmacy, etc.); any information that You have given Us voluntarily (for example in the context of information surveys); any information from social networks; etc.
For this purpose, data is collected directly from You or indirectly via a third party to whom You have given permission to transmit Your data to Us.
Identification data (email address, telephone number, etc.); any information relating to the contractual relationship; any information arising from the dispute or litigation surrounding it.
For this purpose, data is collected directly from You.
Personally identifiable information (name, surname, e-mail address, postal address, etc.); any information that You have voluntarily given Us (for example, in the context of information surveys or by communicating with Us by e-mail).
Concerning site traffic statistics: information about Your visits and Your use of Our Service, including pages viewed, length of visit, navigation paths, etc.; Your frequency of use of Our Service; electronic identification data (IP address, connection records, geographic location, type and version of Your browser, operating system, etc.); etc.
For this purpose, data is collected directly from You.
In order to pursue the purposes listed above in Article 3, We entrust certain processing tasks to subcontractors. We may also communicate Your data to service providers and/or contractual and commercial partners who may intervene in the context of the above-mentioned processing of personal data (articles 3 and 4) and may thus have access to Your personal data.
Except as otherwise provided in this policy, we will not pass on your personal information to third parties.
|
Subcontractor/service provider or other third party involved in sharing Your personal data |
Location(s) of subcontractor/service provider or other third party |
|
Hosting service providers |
Microsoft Azure Cloud Solution |
|
Email solution providers |
Twilio Send Grid |
|
Service providers for infrastructure and systems maintenance and application maintenance |
Microsoft Azure Cloud Solution |
In response to legal requests, including to meet national security or law enforcement requirements (e.g. NSSO, tax authorities, etc.).
We do not pass on Your information to any other organisation or company.
We do not have any partnerships or special relationships with internet advertising agencies.
We have determined precise rules concerning the duration of the retention of Your personal data. This period varies according to the different purposes and must take into account any legal obligations to retain certain data.
Below is a list of the purposes and the retention periods:
The time needed to respond to the request. They are then deleted.
3 years from the last action/reaction by the person concerned.
The retention period is 10 years from the date of deletion of the application, except for images (photos and/or videos), which are deleted at the end of each session ("experience").
3 years from the last action/reaction by the person concerned.
10 years from the end of the dispute.
3 to 10 years depending on the initial purpose for which the data was collected.
2 years for the production of statistics on the use of the Service.
We wish to inform You as clearly as possible of the rights You have with regard to Your personal data. We also want to make it as easy as possible for You to exercise these rights.
Below is a summary of Your rights with a description of how to exercise them.
You can access all of the following information about :
You may ask Us to correct and/or update Your personal data.
You may contact Us at any time to ask Us to delete the personal data We process about You, if You are in one of the following situations:
However, we may not be able to grant your request. This is because we must remember that this right is not absolute. We have to balance it with other important rights or values, such as freedom of expression, compliance with a legal obligation to which We are subject, or important public interest considerations.
Our Site may contain personal data about You. If You do not wish to have this information displayed, You may request that We delete it if You are in one of the following situations:
However, it is possible that We will not be able to grant your request for the right to be forgotten. Indeed, we must keep in mind that this right is not absolute. We have to balance it with other important rights or values, such as freedom of expression, compliance with a legal obligation to which We are subject, or important public interest reasons.
You have the right to ask Us to restrict Your data, i.e. to mark (e.g. temporarily move Your data to another processing system or block Your data so that it is inaccessible) Your stored personal data, in order to restrict its further processing.
You can exercise this right when:
In case of limitation of processing, Your personal data will no longer be processed in any way without Your prior consent, with the exception of its retention (storage).
However, your personal data may still be processed for the establishment, exercise or defence of legal claims, or for the protection of the rights of another legal or natural person, or for important reasons of public interest within the Union or the Member State.
In the event of a restriction on the processing of some of Your personal data, We will inform You when the restriction will be lifted.
You may object to the use of Your personal data for commercial solicitations, and in particular, for advertising purposes.
You have the right to object to Our processing of Your personal data if for any reason You consider that any of the processing infringes Your privacy and causes You undue harm.
However, you cannot prevent Us from processing Your data in any way:
However, it may be that, for other reasons, We are unable to comply with your request. Of course, in this case We will make sure to give You the clearest possible answer.
This right offers You the possibility to control more easily Your personal data and more precisely :
This right covers both Your actively and knowingly declared data such as data You provide (e.g. personal identification data) and information We collect.
Conversely, personal data that is derived, calculated or inferred from the data You have provided is excluded from the right to portability because it is created by Us.
However, You should be aware that We have the right to refuse Your request for portability. Indeed, this right applies only to personal data based on your consent or the execution of a contract concluded with You (to know precisely which personal data can be the object of the right to portability: see the section on purposes and grounds). Likewise, this right must not affect the rights and freedoms of third parties whose data is included in the data transmitted following a portability request.
For any request, please send us an email or a letter (see contact details above).
It is important to indicate the right you wish to exercise, the reasons for your request , and to attach a copy of both sides of your identity card. The request should specify the address to which the reply should be sent.
We have a period of one (1) month to respond to Your request, increased by two (2) additional months in the event of a request requiring in-depth research or in the event that We receive an excessive number of requests.
However, We may not be able to comply with Your request. Of course, in this case We will make sure to give You the clearest possible answer.
For the purposes of certain processing operations, some data is transferred to Europe.
Within the European Economic Area, you should be aware that personal data enjoys the same level of protection.
Your data will not be transferred outside the European Economic Area.
Do you have a question or suggestion about this Policy? Do not hesitate to contact Us by email or by post (see contact details above). We will read you carefully and respond as soon as possible.
You believe that We do not sufficiently protect Your personal data? We invite You to contact Us directly. You also have the right to lodge a complaint with the Belgian Data Protection Authority:
This Policy may be amended at any time, in particular to take account of any legislative or regulatory changes and the development of our services.
We encourage You to periodically review this Policy to learn how We protect Your personal data.
Date of last modification: 12/01/2023
Version of this Policy 1.0.
|
Terms frequently used in this Policy |
Definition under the GDPR |
Explanations of terms in common language |
|
Personal data |
Any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an "identifiable natural person" is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity. |
All types of information that relate to a natural person, i.e. an individual, identifiable directly or indirectly, as distinct from other persons. For example: a name, a photo, a fingerprint, an e-mail address, a telephone number, a social security number, etc. |
|
Treatment |
Any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, limitation, erasure or destruction. |
Any use of personal data, regardless of the process used (recording, organising, storing, modifying, linking with other data, transmitting, etc. of personal data). For example: the use of Your data for the purposes of contract performance, sending communications from the firm relating to news, legal information and invitations to events, etc. |
|
Data controller |
The natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing. |
The person, public authority, company or organisation that has control over Your data and decides on any use of it. He or she decides whether to create or delete a processing operation and determines why Your data will be processed and to whom it will be transmitted. He or she is primarily responsible for ensuring that Your data is protected. |
|
Subcontractor |
The natural or legal person, public authority, department or other body which processes personal data on behalf of the controller. |
Any person, natural or legal, who carries out processing tasks on the instructions and under the responsibility of the controller. |