Privacy Policy

Privacy Policy

SPENGLER MEDICAL Privacy Statement

SPENGLER MEDICAL recognises the fundamental importance of privacy, security and data protection for our employees, customers and partners.

We strive to protect all our operations by complying with the guidelines of EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 and Law 78-17 of 6 January 1978, as amended by Law No. 2018-493 of 20 June 2018 (Official Journal of 21 June 2018), changes made in order to exercise certain “national margins of manoeuvre” permitted by the General Data Protection Regulation (GDPR) and to transpose the “police-justice” Directive into French law, both documents being applicable simultaneously, and we strive to implement rigorous and consistent policies and procedures.

This privacy statement informs you about our privacy practices and the choices you can make regarding how we collect and use information about you, including information that may be collected from your online activity, as well as information provided to SPENGLER MEDICAL for recruitment purposes or a job application. This privacy statement applies to all our current and future companies, as well as to all related websites, domains, services, applications and products.

It does not apply to third-party applications, products, services, websites or social media access options that may be accessed via links we provide for your convenience and information. By clicking on these links, you leave our services, and this action may result in a third party collecting and sharing data about you. We have no control over, and accept no responsibility for, the content of third-party company websites or their privacy provisions, which may differ from those we have implemented. Before allowing any company to collect and use your data, we invite you to review its privacy policy.

Our privacy principles

Lawfulness, fairness and transparency

SPENGLER MEDICAL processes your personal data in accordance with EU Regulation 2016/679, with full transparency and fairness towards you. Our data processing activities are carried out:
1. with your consent
2. in order to fulfil our obligations towards you
3. for legitimate purposes in operating our business
4. in compliance with European legislation and regulations

Notice and choice regarding the use of data

We are transparent and clearly inform you about the types of personal data collected and the purpose for which they are collected and processed.
We will not use personal data for purposes incompatible with these principles and our privacy statement.

Access to data

We provide you with access enabling you to view, correct, rectify or delete the personal data you have entrusted to us.

Data integrity and restriction of use

SPENGLER MEDICAL uses personal data only for the purposes described at the time of collection or for other compatible purposes, in accordance with EU Regulation 2016/679. We take the necessary measures to ensure that personal data is accurate, complete and up to date.

Data security

In order to protect personal data against any unauthorised use or disclosure, we implement strict data security controls within SPENGLER MEDICAL through state-of-the-art solutions combined with personal data security protection.

Accountability for onward transfer

SPENGLER MEDICAL acknowledges its potential liability for transfers of personal data to third parties. Personal data will be shared only if third parties are contractually required to provide an equivalent level of protection.

Recourse, monitoring and enforcement

SPENGLER MEDICAL undertakes to resolve any concerns relating to your personal data.

Use of your data

SPENGLER MEDICAL collects and uses personal data to manage our relationships and serve you better. Below are examples of how your data may be used:

Administrative communications

To communicate with you about our services. Examples of administrative communications may include responses to your requests for information and communications relating to the performance of our services.

Business activities

To carry out ordinary business activities, including recruitment, verifying your identity, staff training and quality assurance (including monitoring or recording calls with our customer service) and awareness-raising.

Data collected

Legal basis for processing

The collection of your Personal Data is based on:

1. The performance of our contractual relationships. Failure to provide such data would result in an inability or difficulty in fulfilling our commitments,
2. Our legitimate interest in ensuring you receive the best possible quality of service,
3. Where necessary, your consent is requested. This consent may be withdrawn at any time and easily,
4. To comply with any legal obligation.

The personal data we collect about you depends on the nature of your interaction with us or the services you use.

Information you provide directly

Personal data refers to any information that allows you to be identified directly or indirectly. We may collect your personal data when you use SPENGLER MEDICAL services or during conversations or correspondence with representatives of SPENGLER MEDICAL.

Contact details

We may collect your personal and/or professional contact details, including your last name, first name, postal address, telephone number, fax number, email address and other similar contact details.

Demographic data

We may collect or receive certain demographic data from third parties, including country, gender, age, education and professional experience, and general areas of professional interest.

Other unique identifying information

Examples of other unique information we may collect about you include: information you provide when you interact in person, online, by telephone or by email with our service centres or other customer service channels; your responses to customer surveys or competitions; or additional information you have provided in response to your requests.
You are not required to share the personal data we request. However, if you choose not to share it, we may not be able, in some cases, to provide you with our services, certain specialised features, or respond effectively to your questions.

Information from third-party sources

We may also collect data from commercial or public third-party sources deemed credible. This may include personal data such as your name, address, email address, preferences, interests and certain demographic data.

In order to provide certain services at company level, your professional contact details may be transmitted to our company by a designated entity within your organisation or business (such as a member of your IT department). If necessary, we may use data provided by you or your employer, as well as information from publicly available sources, online or otherwise.

In order to ensure data accuracy and provide a superior customer experience by offering better services, content, marketing and personalised advertising, we may link or combine the information we collect from the various sources specified above. For example, we may compare geographic data from these commercial sources with the IP address collected by our automatic data collection tools to identify your primary geographic area. This information may also be linked via a unique identifier such as a cookie or an account number.

Children’s privacy

We do not knowingly collect information from children as defined by French law, and our websites or mobile applications are not intended for children.

Security of your information

To prevent unauthorised access or disclosure and to ensure proper use of this data, we have implemented a range of appropriate physical, technical and administrative procedures designed to safeguard the security of the data collected and processed. We retain data only for legitimate business purposes and in accordance with regulations.
You are not required to share the personal data we request. However, if you choose not to share it, we may not be able, in some cases, to provide you with our services, certain specialised features, or respond effectively to your questions.

Data sharing

We will share your personal data only as follows:

Sharing with service providers

We work with service providers who assist us in managing or supporting certain aspects of our operations. They are contractually required to maintain the confidentiality of the personal data received from us and may not use it for any purpose other than performing the services in accordance with our company’s instructions. We also take steps to provide adequate protection for all transfers of your personal data, in compliance with applicable legislation.

Compliance with the law

We may also share your personal information if we believe, in good faith, that we are required to:

1. Respond to requests for information from duly authorised government and law enforcement authorities, courts and other public authorities, including to meet national security or law enforcement requirements,
2. Comply with laws, regulations, a subpoena or a court order,
3. Detect and prevent security threats, fraud or other criminal or malicious activities,
4. Enforce/protect the rights and property of our company and its subsidiaries,
5. Protect the rights or personal safety of our company, our employees and third parties, or use our company’s assets where permitted and in compliance with applicable legal requirements.

If you choose to provide personal information to other companies, it will be processed in accordance with their data protection policy, which may differ from our company’s policies and practices.

Retention period for your Personal Data

We retain your Personal Data for as long as necessary to fulfil the purposes for which it was collected. We also retain your Personal Data for the retention period required by law, in particular in civil and commercial matters.

Data required for commercial prospecting, including last name, first name, postal address, email address and telephone numbers, is retained for a period of three years from the end of the business relationship. If you are a prospect, your data is retained for a maximum of 3 years from collection or the last contact with you.

Use of automatic data collection tools

We do not collect personal data automatically by electronic means.

What are your rights regarding your personal data?

You have various rights regarding your personal data, within the limits and conditions permitted by regulations, including the right to:

  • Access all your personal data: you may obtain information relating to the processing of your personal data as well as a copy of it,
  • Rectify and update your personal data: if you consider that your personal data is inaccurate or incomplete, you have the right to have it amended accordingly,
  • Erase: you may request the deletion of your personal data,
  • Request a restriction of the processing we carry out relating to your personal data,
  • Request the portability of your personal data: you have the right to request to retrieve the personal data you have provided to us or to have it transmitted to a third party where technically possible,
  • Withdraw your consent at any time for the processing of your personal data subject to your consent,
  • Object to the processing of your personal data: for legitimate reasons related to your particular situation, you may object to the processing of your personal data, and you may also object, at any time, to the processing of your personal data for prospecting purposes, including profiling related to such prospecting.

How can you exercise your rights?

To exercise your rights, please contact us by email or post, stating your last name, first name and contact details, and providing a copy of your identity document.

Addressed to the Data Protection Officer, SPENGLER MEDICAL, 30 rue Jean de Guiramand, 13290 Aix-en-Provence- France; email: data-protection@spengler-med.fr

Thank you for your comments. If you have any questions or concerns regarding our privacy statement, the collection and use we make of your data, or a potential breach of European privacy legislation, you may contact us by email addressed to our controller for the processing of personal data.

All communications will be treated confidentially. Upon receipt of your communication, our officer will contact you within a reasonable timeframe to respond to your questions or concerns. We want your concerns to be resolved in a timely and appropriate manner.

If we are unable to resolve your concerns, you have the right to contact the COMMISSION NATIONALE DE L’INFORMATIQUE ET DES LIBERTÉS (CNIL) – 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07 – Tel: 01 53 73 22 22, which is responsible for data privacy, or to bring legal proceedings if you believe your rights have been infringed.

Changes to our privacy statement

If this privacy statement is amended, the revised version will be made available on this page, stating the date of the last revision. In the event of significant changes to this statement that may alter our practices in this area, we undertake to inform you by other means, including by email or by a notice on our website and/or on social media pages before such changes take effect.

This privacy statement was last updated on May 31, 2026.