To ensure peace of mind when using our websites, EVOLUCARE provides you with full information on the collection and use of your personal data. If you have any remarks or suggestions, please contact us using the contact form. We make a particular effort to comply with the requirements of the GDPR (European Data Protection Regulation) applicable within the European Union, for all users from any country.
The Evolucare Technologies Group (hereinafter the “Evolucare Group”) is committed to respecting the privacy and security of personal data to which it has access during its business.
Personal data refers to any information relating to an identified or identifiable individual.
All processing of personal data carried out for the use of our systems and services complies with the applicable regulations on the protection of personal data and in particular the provisions of the French Data Protection Act of 6 January 1978 as amended and the General Data Protection Regulation (EU Regulation 2016/679), the “GDPR” (hereinafter collectively the “Applicable Regulations”).
Ensuring the security and confidentiality of personal data is a top priority for the Evolucare Group.
The Evolucare Group has appointed a Data Protection Officer (DPO). If you have any questions regarding the protection of personal data, please refer to the question “What are your rights and how to exercise them?”.
How is the Evolucare Group commited to privacy?
The Evolucare Group is committed to the protection of personal data. It is committed to ensuring a high level of protection of the personal data of its candidates, prospects, partners, customers and, more generally, of the users of the products and services it markets, to which it has access.
The Evolucare Group undertakes to comply with the Regulations applicable to all processing of personal data that it operates. More specifically, the Evolucare Group undertakes to adhere to the following principles:
- lawfulness, fairness, transparency: your personal data is processed in a lawful, fair and transparent manner,
- limitation: your personal data is collected for specific, explicit and legitimate purposes and is not further processed in a way that is incompatible with these purposes,
- data minimization: your personal data is stored in an adequate and relevant manner and is limited to what is necessary for the purposes for which it is processed,
- accuracy: your personal data is accurate and updated, and all reasonable steps are taken to ensure that inaccurate data, as regards the purposes for which it is processed, is erased, or rectified without delay.
Evolucare Group implements the appropriate technical and organizational means to guarantee your data remains secure in accordance with the risks inherent in the processing operations carried out, right from the design of said processing.
Similarly, the Evolucare Group contractually imposes the same level of personal data protection on its subcontractors (service providers, suppliers, etc.).
Evolucare Group undertakes to comply with all other principles required by the Applicable Regulations, in particular regarding the rights conferred on the persons concerned, the periods of retention of personal data and the obligations relating to cross-border transfers of personal data, where applicable.
When is the Evolucare Group responsible for processing?
The data controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing.
For example, in its management of applicants, prospects, partners, clients, commercial contracts and its websites, the companies of the Evolucare Group act as data controllers.
The Evolucare Group company responsible for processing varies according to the processing concerned: Evolucare Technologies – Corwin – ETMCP
When is the Evolucare Group your processor?
A processor is a natural or legal person who processes personal data on behalf of the controller.
In the context of the implementation and use of Evolucare Group products and services under contracts with Evolucare Group companies, you may also process personal data as a data controller.
If an Evolucare Group company accesses or otherwise processes personal data on your behalf to enable the use of its products or the provision of its services, then, and only then, does the company act as a processor within the meaning of the Applicable Regulations.
In this context, the Evolucare Group undertakes to comply with all the provisions of the Applicable Regulations for processors, and, in particular, to implement appropriate technical and organizational measures, in order to:
- ensure data security,
- recommend products that are compliant with the principles of protection by design and by default.
Who does Evolucare Group process personal data for?
Personal data is only accessible to authorized personnel when strictly necessary.
- other companies in the Evolucare Group,
- subcontractors (service providers) and partners of the Evolucare Group. We remind you that in this context, the Evolucare Group requires its service providers and partners to implement strict confidentiality and data protection measures.
Lastly, the Evolucare Group may be obliged to transfer personal data at the request of legal authorities or, more generally, if a legal or regulatory provision requires it to do so.
What personal data does Evolucare Group collect?
In particular, the following categories of personal data may be processed: last name, first name, address, email address, password, telephone number, job title, IP address, connection data and navigation data, order history, membership organization, photo.
Evolucare Group does not collect or process personal data from children under the age of 16 without the prior consent from the child’s parents or guardians.
In certain circumstances, and only when we are acting as a processor on your behalf, we may have access to personal data that you process as a data controller while using our products and services. The processing of this data is carried out in strict compliance with your instructions as defined contractually.
In this context only, given the core business of our customers, we may have access to health data. Evolucare Group implements appropriate and relevant security measures to ensure the confidentiality and integrity of such data, in compliance with Applicable Regulations, legal and regulatory provisions specific to health data, where applicable, and the state of the art.
Where does the data come from?
We collect information when:
- You complete an Evolucare technologies contact form,
- You visit our website,
- You post comments on our social media pages,
- You submit an application,
- You send us requests (exercise of rights, product actions, etc.),
- You subscribe to a newsletter,
- We draw up a quote/contract with you,
- If applicable, and depending on the nature of the products and/or services concerned, we perform the contract between us and you.
What is the purpose of the personal data that may be collected by the Evolucare Group?
Purposes of processing your data
Personal data is processed for specific, explicit and legitimate purposes. Depending on the case, personal data may be used for the following purposes:
- communicate with our prospects and clients, and providing them with the documentation necessary for preparing our sales proposals,
- enable our users, customers and partners to benefit from all the products and/or services offered by the Evolucare Group,
- manage our business relationship, in particular to contact you to facilitate the administrative formalities necessary to process your requests and invoicing,
- enable you to browse our sites and, where applicable, to send you an application or subscription to a newsletter or newsletters.
We may also use your personal data for administrative purposes or for any other purpose under the legislation in force.
Your personal data is processed based on different grounds (legal bases) depending on the use we make of the personal data (purpose concerned).
The legal bases for our main processing operations are as follows:
- consent: you agree to the processing of your personal data by means of an express consent (checkbox, acceptance banner). You can withdraw this consent at any time,
- the contract: personal data must be processed to execute the contract to which you have consented,
- legitimate interest: Evolucare Group has a business interest in processing your data, in particular to improve its products and services, customer relations as well as commercial prospecting which is justified, balanced and does not infringe on your privacy. With certain exceptions, you may object to processing based on legitimate interest at any time by notifying the Evolucare Group,
- legal or regulatory provisions: your personal data must be processed pursuant to a legal or regulatory text.
How long is your personal data kept?
Personal data is kept in accordance with the legal provisions for a period not exceeding that necessary for the purposes for which it was collected and processed.
Is personal data ever transferred outside the European Union?
Evolucare Group does not transfer any personal data collected to a country outside of the European Union, without first informing you, and only if required by your contract or by applicable law.
What are your rights and how can you exercise them?
In accordance with the Applicable Regulations, you may exercise your rights of access, rectification or deletion of data concerning you as well as your rights to limit and oppose the processing and portability of your personal data.
These rights can be exercised at any time, either:
- Online by filling out a form: Access the User Data Management Form
- By mail to the following address:
Groupe Evolucare Technologies – DPO, Parc des Grillons – Bâtiment 4
60, route de Sartrouville,
78230 Le Pecq
- By email to the following address: firstname.lastname@example.org
To do so, we kindly ask that you include the information necessary for your identification (last name, first name, email, company name) as well as any other information necessary to confirm your identity with your request.
You also have the right to appeal to the Commission Nationale de l’Informatique et des Libertés (CNIL) if you believe the Applicable Regulations have been violated.
Where the relevant Evolucare Group company acts as a processor, you are responsible for ensuring that the rights of the data subjects are respected. The relevant Evolucare Group company will, to the extent possible and in accordance with the Applicable Regulations, assist you in meeting this obligation.
How do we safeguard your personal data?
Evolucare Group implements all appropriate technical and organizational measures, in accordance with the state of the art, with regard to the nature, scope and context of the personal data we collect and the risks presented by its processing, to keep your personal data safe and, in particular, to prevent any accidental or unlawful destruction, loss, alteration, disclosure, intrusion or unauthorized access to this data.
Through these measures, we ensure a high level of confidentiality and protection of health data that may be hosted and processed.
The security and confidentiality of personal data depends on the good practices of each individual. For this reason, we encourage you not to share your personal data with third parties who may be impersonating the Evolucare Group.
The Evolucare Group has established a procedure for handling personal data breaches. In the event that a personal data breach as defined by the GDPR is detected, the Evolucare Group undertakes to communicate this breach to the French supervisory authority, the CNIL, and in the event of a high risk, to inform you as soon as possible.
When you visit “ophtai.com” (hereinafter referred to as the “website”), some information relating to your browsing history may be recorded in “cookies” files installed on your terminal (computer, tablet, cell phone or any other device optimized for the Internet). These cookies are issued in order to facilitate your navigation on this website and/or for audience measurement purposes.
What is a cookie?
A “cookie” is a series of information, generally small in size and identified by a name, which may be transmitted to the user’s browser by the site or application to which the user connects. The browser software stores it on the user’s terminal (computer, tablet, cell phone or any other device optimized for the Internet) for a certain period of time, and sends it back to the web server each time the user reconnects. Cookies are, for the most part, used to make a website or an application work better and more efficiently. A website or application can read these files and query them, which allows it to recognize the user’s terminal and record important information that will facilitate the use of the site.
What cookies do we use?
Technical cookies essential to the operation of the website
These cookies are purely technical and strictly necessary for the proper functioning of our website. Therefore, they are not subject to consent. You can technically disable cookies in your browser settings, but your experience on the site may be worsened. For example, this is the cookie that records your choices in terms of cookies or cookies that allow you to personalize your user interface.
Cookies for measuring the audience of the website via “Google Analytics 4” cookies, a web analysis service provided by Google Inc (“Google”)
The data collected by Google Analytics can be accessed at the following link: “Data collected by Google Analytics – Google Analytics Help“. The information generated by the cookies on the use of the website will be sent to a Google server where it will be stored for 14 months (unless the user withdraws their consent, in which case the data collected by these cookies will be deleted). Google uses this information to measure the interactions of website users and to provide us with statistical reports on this information. IP addresses are used to ensure the security of the service and to let us know from which part of the world users come. Google does not associate the IP address sent by the user’s browser software within the framework of Google Analytics with other data stored by Google. The data collected by these cookies may be processed by Google and its worldwide service providers for hosting, technical support and IT management purposes. Data may be processed within the European Union or in countries outside of the European Union. These third countries may sometimes offer the same level of protection as the European Union (e.g. Japan, Argentina, Israel, which benefit from a decision of the European Commission recognizing the adequacy of their legislation in terms of data protection), or may not offer the same level of data protection as the European Union (e.g. the United States, Singapore, Taiwan, Philippines, India, Brazil, Kenya, Malaysia, Australia, United Arab Emirates). Transfers to countries that do not offer the same level of data protection as the European Union are based on the European Commission’s standard contractual clauses. More information on the processing of data by Google Analytics can be found at “Google Analytics Help“. The user may also prevent the storage of data generated by cookies and related to the use of the website (including the user’s IP address) and the processing of this data by Google by downloading and installing the browser plug-in available at this link.
User choices concerning cookies
When the user connects to the website, a banner aimed at collecting their consent or refusal concerning the deposit of audience measurement cookies and social networks appears on their terminal. Every six (6) months, the banner will appear on the terminal again to ask the user to confirm or modify their choice (to refuse or to accept the cookies). At any time, the user can withdraw their consent and modify their choice using the button below. The user can also configure their browsing software so that cookies are saved in their terminal or, that they are rejected, either systematically or according to their sender. The user can also configure their browsing software so that they are asked to accept or reject cookies in a timely manner, before a cookie is likely to be recorded in their terminal.
If the user refuses to accept cookies or deletes them from their terminal, the user may no longer be able to use certain functions that are necessary to use the site. In this case, we decline all responsibility for any worsened functioning of the website resulting from the inability to record or consult the cookies necessary for their functioning and that the user rejected or deleted.