Version of 26/06/2020
The website https://www.drnatalierajao.com/ (hereinafter the « Site » or « Nous« ) is published by Doctor Natalie Rajaonarivelo, 24 rue Boissière 75116 PARIS, aesthetic surgeon SIREN 508621406 – RPPS No. 10004023130 – Registered with the National Board of Physicians under no. 75/73023 (hereinafter « the Publisher »).
The user is an internet user, a natural person using the site (hereinafter the « User« , the « Users » or « You« ).
The Site is a website dedicated primarily to publicising and making the aesthetic surgery carried out by Doctor Natalie RAJAONARIVELO accessible. In this context, the collection and processing of personal information from Users, including identification information, is essential and necessary for the effective operation of the Site, but also to ensure efficient contact with Doctor Natalie RAJAONARIVELO.
For this purpose, we collect and process User data so they can access and use the services on the Site and particularly in the « contact » section.
This information is intended exclusively for Doctor Natalie RAJAONARIVELO who can also allow restricted access to her associates or assistants, or her webmaster, within the strict needs of their functions. It is recalled that all these recipients are part of Doctor Natalie RAJAONARIVELO’s team and are subject to the obligation of professional secrecy (medical practitioners being subject to medical confidentiality).
Your data will not be passed on to third parties. However, you are informed that the data can be disclosed under a law, regulation, or pursuant to a decision by a competent regulatory or judicial authority.
The data are collected and processed in accordance with current legislation and according to the terms and purpose described herein.
The Users can exercise their rights to access, correct, transfer, delete, restrict and object to the use of their personal data, as well as the withdrawal of their consent according to the applicable regulations and depending on the data collected, in writing at the following address: firstname.lastname@example.org or by explicit request via the « contact » section on the Site.
Some information provided by the Users is considered as sensitive data as it may relate to their health or sex life, or reveal directly or indirectly the racial or ethnic origin of the User. This information is subject to special protection. When this type of data is collected, the express and unequivocal agreement to collect and process this category of data is requested.
Pursuant to the provisions of article 30 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of personal data (hereinafter « GDPR« ), we maintain records of our processing activities. These records can be disclosed to the French data protection authority (CNIL), particularly within the context of its monitoring of data processing.
Furthermore, and to provide our Users with full information, we would like to inform you that our Site is already up-to-date regarding the applicable rules in terms of processing personal data with the CNIL: declaration of compliance with the simplified standard NS 50 Medical and Paramedical Practice (no. 2189449 V0), declaration of compliance with the simplified standard NS 40 Customers/Prospects File (no. 2189529 V0).
2. Information collected
No prior subscription or identification is required to visit the Site. You can access the Site without disclosing any personal data (name, surname, address, etc.). We do not record any personal data for just visiting the Site.
However, we collect some data automatically or with your consent.
2.1. The data we collect automatically:
When you use the Site, some information can be collected automatically. This concerns more particularly information regarding your use of the Site such as information relating to the devices or networks you use to access the service (IP address, connection data, type and version of the internet browser used, operating systems or platforms…), your clickstream data on the Site (content you consult, search terms used, Site performance, duration of consultation of some pages), and any other information concerning your use of the Site required for the effective operation of the Site.
If you use features linked to other social networks, personal information may be collected automatically by these third-party platforms. We will not be held liable regarding the use of the information collected by these sites when you click on the links or use these features.
We can also receive anonymous information, particularly the number of shares or citations.
2.2. The information you choose to give us:
By using the « contact » section on the Site you have chosen to disclose to us your surname (compulsory), your given name (optional), your email (compulsory), your telephone number (optional), as well as any personal information provided in the message you choose to send to us.
The latter can include details regarding your health, your physique, your personality, your lifestyle, your hobbies, as well as other information about you.
Consequently, some information you share may be considered as sensitive data (see below). We recommend that you check carefully the information you decide to include in your message. This is a spontaneous transmission on the part of the User who in doing so gives their explicit consent for the data collected to be processed in accordance with the present policy.
For this purpose and in accordance with the form submitted to you in the « contact » section, you expressly acknowledge that you are over the age of 16 (sixteen) years. Indeed, you are reminded that our Site only addresses requests from people aged over 16 years in accordance with article 8 of the GDPR: personal data concerning children aged 16 must be sent by their legal representative to be processed by us.
3. Sensitive personal data
Some information you disclose on the Site via a message in the « contact » section may reveal directly or indirectly your racial or ethnic origin or be related to your health or sex life. This information is considered as sensitive personal data by the applicable regulation and is subject to special protection.
This information can only be collected once the User has provided it via the « contact » section. This is an exclusively spontaneous process on the part of the User.
Furthermore, this spontaneous disclosure is exclusively to determine a medical diagnosis as provided in article 9 paragraph 2, point (h) of the GDPR. This processing is therefore authorised by a health professional subject to the obligation of professional secrecy or by other persons under their responsibility (article 9 paragraph 3 GDPR).
Finally, to ensure the explicit consent of the User regarding the processing of their personal data, the latter must check a box indicating their agreement to this end before sending their message.
4. How do we use the data we collect?
Les informations personnelles que nous recueillons sont nécessaires pour l’accès et l’utilisation des services du Site. Nous utilisons également vos données personnelles afin de rendre possible la prise de rendez-vous ou l’entrée en relation avec le docteur Natalie RAJAONARIVELO aux fins d’établissement d’un diagnostic médical, ainsi que pour comprendre, améliorer, sécuriser et développer le Site, et pour nous conformer à nos obligations légales et à la constatation, à l’exercice ou à la défense de droits en justice.
Vous trouverez ci-dessous un résumé des finalités de traitements des données que nous recueillons :
|Data collected automatically (IP address, etc.)||Your consent and/or the processing are necessary for the performance of pre-contractual steps taken at the request of the data subject and/or our legitimate interest and/or our legal obligations and/or the establishment, exercise, or defence of legal claims.|
|The data collected through messages sent via the « contact » section||Your consent and/or our legal obligations and/or the establishment, exercise, or defence of legal claims.|
|Communication and exchanges with our service||Performance of pre-contractual steps and/or your consent and/or our legitimate interest and/or our legal obligations and/or the establishment, exercise, or defence of legal claims.|
|Analyse, improve and optimise our Site, including a personalised experience of our Services and behaviour adapted to the access terminal||Performance of pre-contractual steps and/or your consent and/or our legitimate interest and/or our legal obligations and/or the establishment, exercise, or defence of legal claims.|
The recipient of this information and personal data is Doctor Natalie RAJAONARIVELO who can also authorise restricted access to her associates or assistants, or her webmaster, within the strict needs of their functions and the purpose described herein.
Thus, the administrative staff only have access, in compliance with the provisions on professional secrecy, to information relating to the management of the practice and in particular the management of appointments.
It is recalled that all these recipients are part of Doctor Natalie RAJAONARIVELO’s team and are subject to the obligation of professional secrecy (medical practitioners being subject to medical confidentiality).
5. Storage of your personal data
Subject to the specifications provided for in article 17-3 of the GDPR, your personal data will be stored after collection and throughout any subsequent contractual relationship for a maximum period of 5 (five) completed years from the last operation on the patient’s file (e.g. your last consultation or medical procedure with the Doctor RAJAONARIVELO), then for 15 years on a separate medium in accordance with the recommendations of the CNIL (simplified standard 50) and article R 1112-7 of the public health code. Caution, for any « contact » that is not followed up by a contractual relationship (no consultation or appointment), only the data relating to your identity (name, surname, email, date of birth, telephone number) will be stored and this for a maximum period of 3 years (Prospect file).
Concerning the technical data collected from visitors to the site who have not initiated a contractual relationship with us or sent a message via the « contact » section, the latter will be kept for only as long as strictly necessary to achieve the purposes referred to in article 9, and in the absence of cookies for only the duration of the visit to the Site by the User.
Beyond these periods, the data can be anonymised and stored by us solely for statistical purposes and will not give rise to any use of any kind.
At any time, the User can send a request to delete their personal data to the following address: email@example.com
6. Transfer of your personal data
Your data will only be disclosed to third parties referred to in article 5 as well as a company offering cloud services (hereinafter « Cloud ») for the purposes of a secure backup.
This Cloud is located in the United States of America: the transfer of the data from the Site, therefore, involves communication outside the European Union of which the control is carried out by a company located in Ireland (which uses standard contractual clauses for the international transfer of personal information collected in Europe).
However, and given the profession of Doctor RAJAONARIVELO, the medical secrecy of your personal data will be safeguarded under the terms set out in the applicable law (Doctor RAJAONARIVELO can inform the National Board of Physicians in the event of any problems).
7. Your rights regarding your personal data
You can freely exercise your rights listed above by contacting us at the following address: firstname.lastname@example.org or sending a request via the « contact » section on the Site.
7.1. You can request a copy of your personal data (« right of access »). You can also request a copy of the data in a file to be transferred to another controller (« right to data portability »).
You can download a backup file directly from your online account in the section dedicated to this purpose, even if your account is suspended.
7.2. You also have the right to request the erasure of your personal data (« right to erasure ») as well as the rectification of erroneous or obsolete data (« right to rectification »).
7.3. Subject to what is set out in article 21 of the GDPR, you can object to the processing of your personal data for direct marketing purposes (including profiling) or processing carried out based on our legitimate interest (« right to object »).
7.4. You can withdraw your consent to the processing of your personal data at any time. In certain cases, consent can be withdrawn directly in writing at the following address: email@example.com. We remind you that we can process your personal data without your express permission for some purposes according to the applicable regulations.
7.5. You can request the restriction of the processing of your personal data (« right to restriction »). Please note that this right does not apply if you dispute the accuracy of your personal data; or in the case of unlawful processing; or if we no longer need your personal data for the purposes of the processing but are still necessary for you for the establishment or defence of legal claims; or if you exercise your right to object pending the verification whether our legitimate grounds override yours.
7.6. You have the right to lodge a complaint with the competent supervisory authority or obtain redress with the competent courts if you consider that we have not respected your rights.
7.7. You also have the right to define guidelines regarding the fate of your personal data after your death.
8. Details concerning Cookies
8.1 What is a cookie ?
A « cookie » or a « tracker » is a computer file, often very small, that can be sent to your browser by a website to which you connect or an application. It will be kept for a certain period of time on your device and can be read by the website or by the application each time you reconnect.
Cookies have numerous uses. They enable us to conduct statistical or performance analyses to improve the quality of our services.
There is no advertising on our website. Consequently, we never place advertising cookies or trackers on your device.
8.2 What types of cookies does our Site use?
We use own cookies, placed directly by us, and third-party cookies, placed by our partners.
There are session cookies and permanent cookies. Session cookies only exist while your browser is open. Permanent cookies have a longer life and memorise information from one visit to the next. The permanent cookies we use have a maximum life of 13 months, in compliance with applicable regulations.
We use four types of cookies of which the purposes are described below:
- Site functionality and customization cookies
These cookies are required to navigate on our website (like session usernames) and enable you to use the main functionalities of the site and secure your connection. They are used to optimise and personalise its operation and thus help us to improve your user experience.
- Analytics cookies
These cookies are used to collect information about how our Users use our services (for example, to identify the pages a User opens the most often or if they receive error messages for some pages…). These cookies analyse the performance, establish statistics, determine the volume of traffic and use of various elements…
The information thus collected helps us improve the general operation of the site and provide you with an enhanced service.
- Conversion cookies
We use conversion cookies of which the main aim is to enable us to determine if an internet user ended up visiting the Site or not after clicking on an external hyperlink. These cookies are not for advertising purposes.
- Functionality cookies of third-party platforms
The settings in each browser are different. They are described in the help menu of your browser.
To facilitate your search, you will find below the direct links for each of the main browsers used:
We remind you that refusing cookies, even partially, may affect your navigation on our website.
8.4 Google Analytics
For more information on the confidentiality rules relating to the use of Google Analytics click here: https://www.google.com/policies/privacy/
9. Links to other sites and social networks
The site sends and sometimes redirects its Users to others sites and social networks. Please note that these platforms have their own privacy policies that you must read before transmitting your personal data. We will not be held liable regarding the use of the information collected by these sites when you click on the links or use these features.
The present policy is likely to be amended from time to time.
Please consult this page regularly to review any possible changes.
11. Indication in the event of a security breach
We undertake to implement all the appropriate technical and organisational measures to guarantee an appropriate level of security in terms of the risk of accidental access, unauthorised or illegal, disclosure, alteration, loss, or even destruction of your personal data.
If we become aware of illegal access to your personal data stored on our servers or those of our service providers, or unauthorised access resulting in the materialization of the risks identified above, we undertake to:
- Inform you of the incident as soon as possible;
- Examine the causes of the incident and inform you;
- Take the necessary measures within reason to diminish the negative effects and prejudice that may result from the incident.
The commitments set out in the section above relating to the notification in the event of a security breach can in no way constitute any acknowledgement of negligence or responsibility on our part regarding the occurrence of the incident in question.
12. Contact – Data controller
The data controller for the site is Doctor RAJAONARIVELO Natalie.
We are at your disposal to provide you with any necessary information by email.
Any conflict or dispute regarding the application of the present Policy, and subject to the absence of reply from the data processor within one month following the message addressed by the User, the latter is invited to contact the CNIL directly via the following link: https://www.cnil.fr/fr/plaintes