Privacy Policy

In the course of its business, STEMCIS is required to process personal data.

This privacy policy tells you how STEMCIS uses and protects any personal information you give STEMCIS.

This privacy policy may be modified or supplemented at any time by STEMCIS, in particular in order to comply with any changes in legislation, regulations, case law or technology. You will be informed of any updates by email.

1. Definitions

  • “Data” means any personal data as defined by the General Data Protection Regulation ;
  • The “Policy” refers to this Privacy Policy;
  • “Data Controller” means the person who, alone or jointly with others, determines the purposes and means of Data processing;
  • “GDPR” or “General Data Protection Regulation” means EU Regulation 2016/679 of April 27, 2016 ;

2. Identity of the data controller

The data controller is STEMCIS, a simplified joint stock company with registered office at 2 rue Maxime Rivière – 97490 SAINT-DENIS, RCS SAINT-DENIS DE LA REUNION 504 934 050.

Telephone: +33 9 67 50 12 98

Email : contact@stemcis.com

3. Collected data

STEMCIS collects certain Data for customer relationship management purposes.

When your Data is collected, the optional or compulsory nature of the answers to be provided is indicated.

In order to place an order on the site, the user must create a customer account.

The following data is collected when a customer account is created: Civility, surname, first name, e-mail address, fixed or mobile telephone number, place of delivery.

Once an account has been created, STEMCIS may also collect the following data: order history, payment history, payment information (e.g. banking information or credit card type), order management information.

We use this information to process your order placed on our site.

STEMCIS undertakes to use such Data only for the purposes set out in Article 4.1 below. STEMCIS will not disclose your personal data to third parties without your express prior consent and will take all reasonable measures to protect such data from unauthorized access.

STEMCIS does not collect any Sensitive Data within the meaning of Article 9.1 of the RGPD (sexual orientation and sex life, ethnic origin, genetic data, health data, political opinions and trade union membership, religious beliefs and biometric data for identification purposes).

4. Use of Data

4.1 Objectives of Data processing

STEMCIS only uses User Data in the cases provided for by the legal and regulatory provisions in force.

The Data provided by the user mentioned above are necessary for the use of the services offered by the STEMCIS site. Any user who refrains from communicating some of this information or who is opposed to its use may not have access to all the functionalities of the STEMCIS site.

The user’s e-mail address may also be used to inform the user about the execution and delivery tracking of the order placed on the STEMCIS website.

STEMCIS may process your Data for the following purposes:

– the processing, execution and delivery of your order;

– managing requests made via the various forms available on the site (requests for information via the “Contact” section)

– customer relationship management (accounting, invoicing, loyalty programs, sponsorship, surveys, product testing and promotions);

– after-sales customer relations: satisfaction surveys and complaints management;

– To manage requests for the exercise of rights by the persons concerned, as well as any disputes or unpaid bills;

4.2 Legal basis

Data processing by STEMCIS is based on the following legal grounds:

  • The execution of a contract concluded between the user and STEMCIS ;
  • The user’s consent to the use of his/her Data;
  • Compliance with a legal obligation, in particular STEMCIS’s tax obligations;

4.3 Data retention

STEMCIS keeps User Data only for as long as is strictly necessary to fulfill the purpose for which it was collected or in compliance with applicable regulations. In this respect:

  • When a user’s account does not show any activity for a period exceeding 36 months, STEMCIS sends an e-mail to the user to inform him/her that, without any action on his/her part within one month, the account will be deleted along with the Data associated with it;
  • When a user has made a purchase, the Data is retained to provide a transaction history in the event of a dispute; this retention period is six years from the last transaction carried out, in order to take account of the moving starting point of the legal prescription period of five years;
  • Transaction histories are kept for statistical and service improvement purposes, and include only the IP address, the date and the amount of the transaction, to the exclusion of any other Data.

STEMCIS may be required by law to retain certain Data for a minimum period.

It is recalled here that the RGPD specifies, in its Recital 68, that the right to erasure of Data, which in principle is held by the data subject, should not apply when the processing of Data is necessary for compliance with a legal obligation to which the data controller is subject. The same applies when the retention of Data is necessary for the establishment, exercise or defense of legal claims (Cf. art. 17.3, b and e RGPD).

5. Data security

STEMCIS implements all technical means required to ensure the security of User Data and to prevent risks of loss or misuse thereof.

6. Data Recipients

6.1 Internal use of Data

User Data may be processed by STEMCIS employees within the scope of their respective responsibilities and exclusively for the purposes set forth in this Policy.

6.2 Transmission of Data to third parties

Under no circumstances does STEMCIS sell the personal data of visitors and users of the site.

STEMCIS is the sole recipient of your personal data. This data, whether in individual or aggregated form, is never transmitted to a third party, with the exception of the cases described below.

6.2.1 As an exception to the above, in the event that the healthcare professional placing the order would like delivery to a country where STEMCIS has an exclusive distributor, STEMCIS will be unable to process the order online and will inform the healthcare professional concerned by e-mail so that he or she can place the order directly with this exclusive distributor. To this end, the Contact Data of the healthcare professional will be transmitted by STEMCIS to the distributor concerned, pursuant to Article 49.1.b of the RGPD Regulation, which authorizes the transfer of personal data to a third country when the transfer “is necessary for the performance of a contract between the data subject and the controller or for the implementation of pre-contractual measures taken at the request of the data subject“.

6.2.2 STEMCIS also uses certain service providers to ensure the proper functioning of its services. On this occasion, the Data strictly necessary for these services may be transmitted to certain specialized service providers, exclusively for the purposes set out in this Policy:

  • Payment service provider for payment flow transactions ;
  • Secure server hosting provider ;
  • Providers of audience analysis services ;
  • Customer support provider ;
  • Emailing service providers.

In the latter case, the purpose is: a) to check the validity of e-mail addresses declared by users; b) to organize appropriate e-mailing campaigns for marketing purposes, it being specified that, in this case, the service provider holds data such as the pseudonym, e-mail address, title, date of last connection (in order to know the level of activity of the User and to send him appropriate messages), as well as the notification preferences defined by the User himself.

6.3 Transmission of Data to a third country

STEMCIS does not host or transfer your Data outside the European Union.

It is however specified that, should the healthcare professional placing the order wish delivery to a country where STEMCIS has an exclusive distributor, STEMCIS will be unable to process the order online and will inform the healthcare professional concerned by e-mail so that he or she can place the order directly with this exclusive distributor. (Already said in 2.6.1, right?) To this end, the healthcare professional’s personal contact data will be transmitted by STEMCIS to the distributor concerned, pursuant to Article 49.1.b of the RGPD Regulation, which authorizes the transfer of personal data to a third country when the transfer “is necessary for the performance of a contract between the data subject and the controller or for the implementation of pre-contractual measures taken at the request of the data subject“.

On this occasion, it is therefore possible that your Data may be transferred to a country outside the European Union, it being specified that such transfer will be limited to the Data strictly necessary to enable the STEMCIS distributor in the territory concerned to process your request, namely: your first and last name, e-mail address and telephone number.

STEMCIS also undertakes to draw the attention of all its distributors located in countries outside the European Union to the need to implement strict rules regarding the confidentiality, use, protection and retention of personal data.

6.4 Data transmitted to public bodies or authorities in compliance with legal obligations

STEMCIS may transmit certain information to public bodies or authorities when required to do so by mandatory legal provisions.

7. User rights

7.1 Users’ rights to their Data

Any user may access the Data concerning him or her (art. 15 RGPD), to rectify, complete or update it if it is inaccurate (art. 16 RGPD).

STEMCIS informs you that it will be entitled, if necessary, to oppose manifestly abusive requests (due to their number, repetitive or systematic nature).

The user may also request the portability of the Data concerning him and which he has provided, i.e. that such Data be transferred to him in a structured, commonly used and machine-readable format or be addressed to a third-party data controller, if the conditions of art. 20 RGPD are met.

In addition, the user may request the limitation of the processing of his/her Data under the conditions of Article 18 of the RGPD.

Users may exercise their right to digital oblivion (erasure of Data), for one of the reasons set out in Article 17 RGPD (the Data in question are no longer necessary; their processing is unlawful; a legal obligation requires their erasure; in the event of withdrawal of the consent on which the processing was based).

The User may object to the processing of his/her Data, under the conditions of Article 21 RGPD, i.e. for the case of use of the Data for canvassing purposes, or when the User, due to a particular situation, would be able to prevail his/her fundamental rights and freedoms against the legitimate interest of STEMCIS, which STEMCIS will have to assess according to the nature of the Data in question.

In accordance with the requirement of article 48, paragraph 3, of the French Data Protection Act (Loi n° 78-17 Informatique et Libertés), the user has the possibility of defining the fate of his or her Data after his or her death under the conditions set out in article 85 of the said Act.

For further information on your rights, please consult the CNIL website (www.cnil.fr).

7.2 How to exercise your rights

To exercise these rights or if you have any questions about the processing of Data, please contact the support department by email: contact@stemcis.com or by post addressed to STEMCIS at the following address: 850 boulevard Sébastien Brant, Bioparc II, c/o Inoviem Scientific 67400 Illkirch-Graffenstaden.

STEMCIS undertakes to respond to your request for access, rectification, deletion, limitation, portability or opposition or any other additional request for information within a reasonable period of time, which may not exceed 1 month from receipt of your request. If necessary, this period may be extended by two months, depending on the complexity and number of requests. You will be informed of this extension and the reasons for the postponement within one month of receipt of the request.

8. Claims

If you consider that STEMCIS is not complying with its obligations with regard to your personal data, you may lodge a complaint or a request with the competent authority. In France, the competent authority is the CNIL, to which you can send an electronic request by clicking on the following link: www.cnil.fr/fr/plaintes.