Privacy & Cookies
policy

PRIVACY NOTICE 

Last updated : 21/02/2024. 

1-Introduction 

SiVIEW, joint stock company (“Société par action simplifiée”) registered at the Paris trade register under number B 817 782 121, having its registered offices at  (75014) Paris, 9 boulevard Romain Rolland  (“SiVIEW”), is a technology company providing eye exam solutions and other related services to healthcare professionals. 

SiVIEW provides the SiVIEW Solution and related services (hereafter the “Services”) is an eye exam technology used by authorised professionals (such as opticians and optometrists) (the “Client”) to test patients’ eyes and which is accessible through a dedicated web platform.  

The SiVIEW Privacy Notice (the “Privacy Notice”) explains how we collect, use, disclose, and safeguard the information of our website users, and the information provided by our Clients, including eye exam data, when using the Services.  

The Privacy Notice expresses SiVIEW’s commitment to strive to protect personal data. The Notice indicates how this commitment shall be implemented when we act as controller or  processor within the meaning of the (EU 2016/679) General data protection regulation GDPR) in the course of delivering the Services.  

This Privacy Notice is incorporated into our General Terms and End User License Terms. 

If we make any changes to our Privacy Notice, we will post the revised Privacy Notice and update the “Last Revised” date of the Privacy Notice. Your use of our Website and Service following any such change means you accept the revised Privacy Notice.  

If you have any questions regarding this privacy Notice, please send us an email at [email protected].

* the terms controller, data subjects,  personal data, processing, processor, supervisory authority, transfer have the meaning of the GDPR. 

2-Summary 

SiVIEW is a controller when it collects and processes personal data for its own (business related) purposes, or to comply with regulatory and legal obligations to which SiVIEW is subject.   

The SiVIEW controller rules describe why and how SiVIEW processes the personal data of our Clients and of the users of our website https://siview.ai/ as a controller. 

SiVIEW is a processor, acting as processor on behalf of its Clients, when Clients use the Services, and in particular le SiVIEW eye exam solution, to perform eye exam testing. Indeed, SiVIEW’s Clients, and not SiVIEW, decide to use the Services, and of the eye exam data, and thus determine how and why personal data submitted to the Services, including eye exam data, is used, either by or at the direction of such Clients. 

The SiVIEW processor rules describe how SiVIEW processes personal data as a processor for the purpose of providing the Services to our Clients pursuant to the applicable data processing terms with those Clients. As Data controllers, SiVIEW’s Clients are responsible for disclosing the rights of data subjects with respect to their personal data and other information regarding the collection and use of that personal data, in accordance with the GDPR, and other laws requiring such disclosures.   

3- SiVIEW controller rulles

For our Clients and the visitors of our website 

For the reporters of incidents 

For the healthcare professionals and patients participating in our clinical evaluations and investigations  

Scope of application 

The SiVIEW controller rules describe how SiVIEW processes personal data as a controller under the GDPR.  

Postal address : 

SiVIEW 

9 boulevard Romain Rolland, 

75014 Paris 

France 

Where SiVIEW processes eye exam data and acts as processor on behalf of its Clients, the SiVIEW processor rules apply. 

To contact our data protection officer, send your mail to the attention of the data protection officer or email our DPO at [email protected]

Why do we process personal data? 

Purposes 

We collect personal data relating to our Clients and their users, business partners and other professional contacts when they interact with us in order to : 

• Manage our business and our website, 

• Manage our commercial and contractual relationship with our suppliers, business Clients or partners, and provide them or their representatives with trainings or demo sessions, 

• Create and maintain SiVIEW accounts, and give access to the Services,  

• Provide our Clients and their users with access to our Services, including Client portals, 

• Answer Client’s and user’s questions and requests, take their orders, and provide them with required information or support, product, or service, 

• To verify the identity of our Clients and their users (e.g., if they already have a SiVIEW account),  

• To deal with any subsequent issues that may arise from their enquiry, such as establishing, exercising, or defending ourselves from legal claims,  

• To comply with our regulatory obligations (as a manufacturer of medical devices, we are subject to regulatory obligations concerning the placing on the market, making available on the market or putting into service of medical devices for human use and accessories for such devices. Therefore, we continuously process personal data in order to ensure compliance with our regulatory obligations as manufacturer of medical devices),  

• To conduct clinical evaluations and investigations to assess the safety or performance of our medical devices priori to placing them on the market, 

• To inform our Clients about our products, services, and events. 

• Perform market studies, data analysis to improve our website, and our products and services, or our Client relationship.  

Lawful basis for processing

 The lawful bases we rely on to process your personal data for the purposes described in this section are: 

• our need to perform a contract to which you are subject, or to take pre-contractual steps at your request. 

• our legitimate interest, in particular our necessity to conduct business in a responsible manner, to conduct clinical evaluations and studies, and in line with local laws and regulations as well as to protect fundamental rights such as the right of defence, the right to property, and the freedom to conduct a business. 

• our need to comply with legal obligations we are subject to. 

What personal data do we use ?  

We collect and process the information necessary to realise the above mentioned purposes. This includes : 

• Identity and identification data (such your first name, surname, Client account number, clinical evaluation/investigation participant code). 

• Contact details (such as professional email and postal address and phone number) 

• Professional details (such as job title/ speciality),  

• Relationship and account history, 

• Invoicing and payment information,  

• Device data such as log-files, 

• Client feedback and incidents reporting data (Please note that we have no access to directly identifiable information about patients as they are kept confidential by the relevant healthcare professional and not required for the processing operations we undertake), 

• Clinical evaluation and investigation data (to carry out an activity in the public interest), including general information about patients (such as age) and data concerning heath (visual defects category, ophthalmological corrections, medical history data, eye health and visual complaints). 

How we protect your personal data 

SiVIEW uses organisational, technical and physical measures to protect your personal data, taking into account the nature of the personal data and the processing as well as the potential threats posed. We are constantly working to improve on these measures to help keep your personal data secure. 

We require third parties acting as processors to abide by the highest security standards in accordance with applicable data protection laws.  

We have put in place procedures to deal with any suspected personal data breach and will notify Clients and any relevant supervisory authority of a breach where we are legally or contractually required to do so. 

The personal health data of all patients and health professionals are stored by Amazone Web Services which has the HDS (Health Data Hosting) certification and has storage servers in France.  

With whom we share personal data  

We may share your information with the following categories of third parties :  

• Our service providers acting as processors. We may engage with third party service providers (e.g., IT providers, Client service providers) and ask them to perform certain processing operations on our behalf, such as hosting personal data. When we do so, we make sure that these service providers are contractually obliged not to use your personal data for purposes other than those requested by us or required by law. 

• Our business partners acting as controllers. We may use third party service providers  to provide you with certain additional services, and in this context, we may share your personal data with them.   (e.g., companies distributing EMR (electronic medical record) hardware and software distributors. 

• Public and governmental authorities, and professional advisors, if we determine that access, use, preservation or disclosure of your personal data is necessary to: 1) comply with applicable laws and regulations or enforceable governmental requests; 2) investigate, prevent or take actions regarding suspected or actual illegal activities or to assist government enforcement agencies; 3) enforce our terms and conditions with you; 4) investigate and defend ourselves against any claims or allegations; 5) protect the security or integrity of our services; 6) exercise or protect the rights and safety of SiVIEW, our Clients, personnel or others. 

• We may also share certain personal data with third parties in connection with corporate transactions (e.g., in case of merge with/acquisition of SiVIEW by a third party). 

How we transfer personal data abroad  

For the hosting and processing of personal data, we prefer relying on resources located in France.  

In the event that a personal data transfer outside the European Economic Area takes place to countries not recognized by the European Commission as providing an adequate level of data protection, we will make sure that such transfers are governed by the European Commission’s Standard Contractual Clauses or by another recognised mechanism providing for an adequate level of protection. 

How long we keep your personal data. 

We delete personal data when they are no longer necessary for the purposes described in this Privacy Notice. 

In any case, unless indicated otherwise in this Privacy notice, the criteria we use to decide our retention periods include: (i) whether we need your personal data to safeguard our legitimate interest, to perform a contract to which you are subject or to respond to your questions or provide to you the required service or support; (ii) whether there is a legal obligation to which we are subject; or (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations). 

In order to establish the appropriate retention period for the personal data we process, we take into account:  

• the volume, nature and sensitivity of the personal data.  

• the potential risks of harm arising from the fraudulent use or disclosure of personal data; and  

• the purposes for which we process personal data and whether we can achieve those purposes through other means and the applicable legal, regulatory, tax, accounting and other requirements. 

Your data protection rights. 

Depending on our reason for processing your personal data and applicable laws, you have certain rights on your personal data. Such rights include the following :  

• Right to access your personal data. This means that you can ask us for copies of or information about the personal data that we process about you.  

• Right to rectify your personal data. This means that, if you think that the personal data, we process about you is inaccurate, you can ask us to rectify or correct it.  

• Right to delete your personal data. This means that you can ask us to erase the personal data that we process about you. Please note that in certain cases (e.g., legal obligation to process your personal data, on-going contractual relationship etc.)  we may not be able to erase your personal data. 

• Right to data portability. This means that you can ask us to transfer the information about you (that you have directly given to us) to another organisation or give it to you. This right only applies in certain circumstances (for example, if we are processing your personal data with automated means and based on your consent or the contract, we have concluded with you in your individual capacity). 

• Right to ask us to restrict the processing of your personal data. This means that, in certain circumstances, you can ask us to limit the way we use your personal data. 

• Right to object to our processing of your personal data. This means that, in certain circumstances, you can object to the processing of your personal data, as carried out by us. 

Keep in mind that there may be situations where we are entitled to deny or restrict your data protection rights, for example, when it is necessary to establish, exercise or defend SiVIEW from legal claims or when your request is manifestly unfounded or excessive, in particular because of its repetitive character. 

To exercise your privacy rights, to submit a data protection complaint or to contact our Data Protection Officer, at the following address : 

SiVIEW 

To the attention of the Data Protection Officer 

9 boulevard Romain Rolland, 

75014 Paris  

Or by email to [email protected]

Should you wish to dispute the way SiVIEW process your personal data, you may bring a claim to your local data protection supervisory authority. 

Contact details of EU supervisory authorities may be found at: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm .

4-SiVIEW processors’ rules

Scope of application 

The SiVIEW processor rules describe how SiVIEW processes personal data as a processor for the purpose of providing the Services to our Clients pursuant to the applicable data processing terms with those Clients.  

SiVIEW Processing activities 

SiVIEW uses the personal data to provide the Services to our Clients pursuant to applicable data processing terms with those Clients.  

Storage periods depend on the data processing terms with our Clients and their choices, type of personal data, purposes of its collection and processing, and applicable law. 

SiVIEW processor Rules  

• SiVIEW shall process eye exam data only on the basis of a written contract with a Client. 

• SiVIEW shall process eye exam data only on behalf of the Client in compliance with applicable data processing terms with those Clients and in accordance with documented (written) instructions received from the Client, provided such instructions do not violate applicable data protection law. 

• SiVIEW shall Process eye exam only in accordance with the applicable data protection law and shall deal promptly and appropriately with requests for assistance of the Client to ensure compliance of the processing of the eye exam data with the applicable Data Protection Law. 

• SiVIEW will, to the extent required by law and the applicable Client contract, obtain assurances before disclosing personal data to a subcontractor or third-party agent that the recipient will: (a) use the Personal Data only to assist SiVIEW in providing, maintaining or improving the Services, (b) provide at least the same level of protection for personal data as is required of SiVIEW, and (c) notify SiVIEW if the recipient is no longer able to provide the required protections. Upon notice, SiVIEW will act promptly to endeavour to stop and remediate any unauthorised processing of personal data by the recipient. SiVIEW will remain liable for onward transfers to its subcontractors and third-party agents. A current list of the subprocessors that support the Services can be found here.  

• SiVIEW use standard, industry-wide practices relevant to the processing of health related data  to protect information it processes as processor from loss, misuse, loss of integrity and inappropriate access, including the use of Heath Data Hosting (HDS) accredited hosting service providers.  

• SiVIEW will use European Union Standard Contractual Clauses or other recognised mechanisms providing for an adequate level of protection , to meet the adequacy and security requirements for our Clients that operate in the European Economic Area,  

• Upon termination of the Client Service Agreement, SiVIEW shall, at the option of the Client, return the eye exam data and copies thereof to the Client or shall securely destroy such eye exam data and certify to the Client that it has done so, except to the extent the Client Service Agreement or applicable law provides otherwise. 

• SiVIEW shall, at the request of the Client or Relevant Data Protection Authority, allow its Processing facilities to be audited to verify that it has complied with its processor’s obligations under data protection laws.   

Data subjects’ rights 

As Data Controllers, SiVIEW’s Clients are responsible for disclosing the rights of data subjects with respect to their personal data and other information regarding the collection and use of that personal data, in accordance with the GDPR, and other laws requiring such disclosures.   

Questions 

If you have questions about our role as a Data Processor, you can submit your questions or request to [email protected] . 

5-Changes/Updates

SiVIEW reserves the right to update or modify this Privacy Notice at any time without prior notice. 

 Any updates will be posted on the SiVIEW website https://siview.ai/.

• Last up-date : 21/02/2024 

• Object : creation of a separate notice