Data protection charter

Every Cerba Healthcare Group entity respects the privacy and protects the personal data of users of its website and its patients by providing for the protection, confidentiality, non-alteration, availability and security of the personal data you entrust to us.


Consequently, for your reassurance as you browse our site, we will explain how we collect, process and use your personal data.


We take all necessary measures to:

  • provide you with clear and transparent information about how your personal data will be collected and processed

  • put in place all the necessary technical and organizational measures to protect your personal data against disclosure, loss, alteration or access by an unauthorized third party

  • keep your personal data only for as long as is necessary for processing purposes or for the particular service

  • offer you the possibility at any time of accessing and modifying your personal data which we process directly via your personal spaces on our various sites.


To achieve these objectives, we put the appropriate technical and organizational measures in place to ensure that the processing complies with the applicable legislation relating to personal data protection.

The compilation and storage of personal data through the website or requests for analysis and the use of this data by all Cerba Healthcare Group entities comply with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council dated 27 April 2016 relating to the protection of individuals with regard to processing personal data and the free movement of such data, and repealing Directive 95/46/EC (“general data protection regulation").

1. Collecting and processing your personal data

    1. When do we collect your personal data?

Your personal data may be collected when:

  • you create an account on our websites or mobile applications

  • you visit our websites, which may use cookies

  • you subscribe to a newsletter.

    1. What personal information do we collect?

We collect the information that you give us, in particular:

  • when you create a customer account

  • during your communications with our services

The information collected and strictly necessary to provide you with the expected service generally concerns your last name, first name, postal address, e-mail address, landline or mobile number, and date of birth.

The data can only be collected by the site when you voluntarily register your personal data. It is not transferred to any commercial company or other organization.

It is used only within the limits specified at the time of collection with a view to providing you with the requested service or information. It will not be stored beyond the legally permitted period required for this purpose.

All Cerba Healthcare Group entities take all necessary measures to ensure that your personal data is processed in an honest manner and in compliance with the laws and regulations in force.

All Cerba Healthcare Group entities take all necessary measures to implement and comply with this Data Protection Charter.

All Cerba Healthcare Group entity employees and subcontractors with access to personal data are required to respect the confidentiality and security of your personal data. They access only the data they need to complete their task.

    1. How do we use your personal data?

The recipients of your personal data are:

  • Only persons authorized within the Cerba Healthcare Group and/or the entity concerned when this access is necessary for the performance of the service

  • Service providers performing the services we have entrusted to them.

Your data is stored in compliance with French legislation and European regulations.

Operations with a service provider receiving your data are performed under contract to ensure your personal data is protected and your rights are respected.

If our service provider operates outside the European Union, we protect the confidentiality of your personal information and your rights by using the data protection clauses recommended by the European Commission.

Data storage periods comply with CNIL recommendations and/or legal obligations.

2. Rights of the individual

In accordance with Articles 13 and 14 of the General Data Protection Regulation and within the limits laid down by law, you have the following rights:

  • Right of information: You are informed of the purposes of the processing

  • Right of access: You have the right to obtain confirmation regarding whether or not your data is processed by making a request to the data protection officer.

  • Right to rectification: You have the right to have inaccurate data rectified and incomplete data completed as soon as possible.

  • Right to erasure: You have the right to have your data erased as soon as possible if no legitimate reason justifies its storage.

  • Right to restriction of processing: You have the right to obtain restriction of the processing where you oppose it, where you dispute the accuracy of the data, where the processing is illegal, or where you need it for recording, exercising or defending your rights through the legal system.

  • Right to portability: where the processing is based on consent or a contract, and performed using automated processes, you have the right to receive the data in a structured, commonly used, machine-readable and interoperable format and to transmit it to another processing controller without the original processing controller obstructing this.

  • Right to object: You have the right to object at any time to the processing of the data, where this is necessary to perform a mission in the public interest or for the purposes of the legitimate interests of the data controller. You may also object to processing done for prospecting purposes.

  • Automated decision-making: You have the right not to have a decision taken about you based exclusively on automated processing, including profiling, producing legal effects concerning or affecting you, except where it is necessary for the conclusion or performance of a contract, is lawfully authorized, or is based on your consent.

To exercise your rights and make any complaints, please contact:, DPO Cerba HealthCare, 11 rue René Jacques 92130 Issy Les Moulineaux.

3. The security of your data

Respecting your rights to the protection, security and confidentiality of your data is our priority.

All Cerba Healthcare Group entities take all reasonable measures to protect your personal data collected when you use this site, against loss, misuse and unauthorized access, disclosure, modification or destruction.

Thus, all Cerba Healthcare Group entities have put organizational and technical security measures in place that have been tailored to the degree of sensitivity of the personal data in order to protect them against malicious intrusion, loss, alteration or disclosure to unauthorized third parties.

When drawing up, designing, selecting and using our services based on processing personal data, all Cerba Healthcare Group entities take into account the right to the protection of personal data from the earliest design stage.

Since all personal data is confidential, access is limited to employees of Cerba Healthcare Group and/or the entity concerned or service providers acting on their behalf who need it to perform their tasks. All persons with access to your data are bound by a duty of confidentiality and expose themselves to disciplinary measures and/or other sanctions if they do not respect these obligations.

Operations with recipient third parties are subject to contract to ensure your personal data is protected and your rights are respected.

We are fully committed to the effective protection of the personal data you entrust to us. With this constant concern for security and protection, we encourage you to exercise caution in order to prevent unauthorized access to your personal data and protect your devices (computer, smartphone, tablet) against any unwanted or malicious access by means of a robust password, which we recommend changing regularly. If you share a device, we recommend you log out at the end of each session.

Please note that no internet connection is ever 100% secure or error-free. In addition, it is your responsibility to protect passwords, identification numbers and other means of access on this site.

Our Data Protection Officer (DPO) is available to answer your questions at the following address:


4. Links to other websites

This site may contain links or references to other websites for the convenience of the user. Please be aware that Cerba Healthcare Group entities are not responsible for the privacy practices or the content of these other websites and that in no case does this Data Protection Charter apply to those websites. We encourage you to read the Privacy Policy of every website you visit.