Confidentiality policy

Information policy for the relevant people and personal data processing information.

N.B. : De Boissy is a Holtex SAS brand. In the Confidentiality Policy above, Holtex may also be called GSH, the name it trades under for its distribution business.

Holtex confidentiality declaration

Holtex acknowledges the fundamental importance of the privacy, safety and protection of data on our staff, customers and partners.

We seek to protect all of our operations by complying with the stipulations of Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 and Law 78-17 of 6 January 1978 modified by Law 2018-493 of 20 June 2018 (published in the Official Journal of 21 June 2018) with changes made to apply some of the “national leeway” as permitted by the General Data Protection Regulation (GDPR) and the transposition into French law of the “Police-Justice” directive. As both of these documents are applicable simultaneously we seek to implement rigorous and consistent policies and procedures.

This declaration on privacy protection informs you on our practices as regards the protection of your privacy and the choices that you can make as to the way in which we collect and use data relating to you and especially that which may be collected from your online activity as well as any data provided to Holtex for hiring purposes or as part of a job application. This privacy protection declaration applies to all of our current and future companies as well as to all websites, domains, services, applications and products attached to them.

It does not apply to applications, products, services, websites or access options to third party sites that can be accessed via links that we provide for your convenience and your information. By clicking on these links you leave our services and this action may lead to the collection and sharing of data relating to you by a third party. We have no oversight and we decline all liability as to the content of third party websites or their measures in terms of privacy protection, which may differ from those we implement. Before allowing any company to collect and use your data, we encourage you to inform yourself on their privacy protection policy.

Nos principes de confidentialité

Legality, equity and transparency

Holtex processes your personal data in line with Regulation (EU) 2016/679 and is fully transparent and equitable in relation to you. Our processing activities are performed:
1. with your permission
2. to fulfil our commitments to you
3. for our company’s legitimate operating purposes
4. in compliance with the law and with European regulations

Data usage notifications and choices

We are fully transparent and we clearly inform you on the kinds of personal data collected and the reasons why they are collected and processed.
We will not use personal data for any purpose that is incompatible with these principles and with our privacy protection declaration.

Access to data

We provide you with access allowing you to view, correct, rectify or delete any personal data you have entrusted to us.

Data integrity and restrictions on use

Holtex uses personal data only for the purposes described when they are collected or for other compatible purposes in line with Regulation (EU) 2016/679. We take the necessary measures to ensure that personal data is accurate, complete and up to date.

Data security

To protect personal data from any unauthorised use or release, we implement severe data security checks within Holtex thanks to cutting edge solutions coupled with personal data security measures.

Responsibility for subsequent transfers

Holtex acknowledges that it may be responsible for transfers of personal data to third parties. Personal data will only be shared if third parties are contractually bound to provide an equivalent degree of protection.

Recourse, monitoring and application

Holtex commits to resolving any issues relating to your personal data.

Using your data

Holtex collects and uses personal data to manage our relationships and to serve you better. Below you will find examples of how your data is used:

Administrative communication

Communicating with you about our services. Examples of administrative communications may include answers to your requests for information, communications relating to the performance of our services.

Commercial activities

Performing ordinary commercial activities including hiring, checking your identity, staff training and guaranteeing quality (including monitoring or recording calls made to our customer service department) and ensuring awareness.

Data collected

Legal basis for processing

The legal basis for collecting your personal data is:
1. To fulfil our contractual relationship. Failure to provide this data would make it impossible or difficult to deliver on our commitments,
2. Our legitimate interest in ensuring that you receive the best possible quality of service,
3. That where necessary, your permission is requested. You can easily withdraw this permission at any time,
4. To meet any legal requirement.

The personal data that we collect on you depends on the kind of interaction that you have with us or on the services that you use.

Information that you provide directly

Personal data means any information that allows you to be personally identified, whether directly or indirectly. We can collect your personal data when you use Holtex services or during conversations or any correspondence that you may have with Holtex representatives.

Contact information

We may collect your personal and/or professional contact information, especially your name, street address, phone number, fax number, email address and other similar information.

Demographic data

We may collect or receive from third parties certain kinds of demographic data such as the country, gender, age, education, professional qualifications and general professional centres of interest.

Other unique data allowing identification

Examples of other kinds of unique data that we may collect about you include: any information that you provide when you interact in person, online, by phone or email with our service centres or other customer service channels, your answers to surveys or customer competitions or any additional information that you have provided in response to any requests you have made.
You are not obligated to share the personal data that we ask for. If however you decide to not share this data, we cannot, in some cases, provide you with our services, some specialist features or effectively answer your questions.

Information from third party sources

We may also collect data from third party commercial or public sources that are deemed credible. This may be personal data such as your name, address, email address, your preferences, your centres of interest and some demographic data.

To provide some company services, your professional contact information may be provided to our company by a designated entity relating to your professional activity or your company (such as a member of your IT department). Where necessary, we may use data provided by you or your employer as well as data from sources that are in the public domain whether online or not.

To guarantee the accurate data and offer a better customer experience by offering better services, content, customised marketing and advertising, we may link or combine the data that we collect from the various sources described above. For example, we may match the geographic data from these commercial sources with the IP address collected by our automated data collection tools to identify your primary geographic location. This information may also be linked via a unique identifier such as a cookie or an account number.

Protecting the privacy of children

We do not knowingly set out to collect data on children as defined under French law and our websites or mobile applications are not aimed at children.

Data security

To avoid any unauthorised release of data or access to it and to ensure that this data is used compliantly, we have implemented a series of suitable physical, technical and administrative procedures aimed at guaranteeing the security of any data collected and processed. We retain data only for legitimate commercial reasons in line with applicable regulations.

Data sharing

We only share your personal data in the following way:

Sharing with service providers

We work with services providers who assist us in managing or supporting certain aspects of our operations. They are contractually obligated to maintain the confidentiality of the personal data received from us and cannot in any case use them for any purpose other than the provision of services in line with the instructions received from our company. We also take measures to provide adequate protection for all transfers of your personal data in line with applicable law.

Legal compliance

We may also share your personal data if we feel, in good faith, that we are required to:
1. Respond to requests for information from duly empowered state and law enforcement authorities, courts and other public authorities, including to the need to meet requirements in terms of national security or legal compliance,
2. Comply with the law, with regulations, a requirement to appear or a court order,
3. Detect and prevent security threats, fraud or other criminal or malicious activities,
4. Enforce/protect the rights and property of our company and its subsidiary companies,
5. Protect the rights or personal safety of our company, our staff and third parties or to use the property belonging to our company when this is allowed and is compliant with the requirements of applicable law.

If you choose to provide personal information to other companies, they will be processed in line with their data protection policy which may differ from the policies and practices applied by our company.

Personal data retention duration

We will retain your personal data for as long as is necessary to complete the purposes for which we collected them. We will also retain your personal data for the retention period provided for by law especially in civil and commercial matters.
The data required for commercial prospecting, especially your name, street address, phone number, email address are retained for a period of three years from the end of the commercial relationship. If you are a prospect, your data will be retained for a maximum of three years from the time when it is collected or from the last contact with you.

Using automated data collection tools

We do not collect personal data using automated and computer tools.

What are your rights regarding your personal data?

You have a variety of rights regarding your personal data within the limits and conditions set out by the law including the right to:

  • Access all of your personal data: you can obtain information on the processing of your personal data and a copy of them,
  • Rectify and update your personal data: if you deem your personal data inaccurate or incomplete, then you have the right to see your personal data modified accordingly,
  • Delete: you can ask to have your personal data deleted,
  • Ask for a restriction on processing performed by us on your personal data,
  • Ask for the portability of your personal data: you can ask to recover the personal data that we have provided or ask for them to be sent to a third party where this is technically feasible,
  • Withdraw your consent to the processing of your personal data subject to your consent and you can do this at any time,
  • Oppose the processing of your personal data: you may, for legitimate reasons linked to your own individual situation oppose the processing of your personal data and also, at any time, oppose the processing of your personal data for commercial prospecting purposes which includes profiling processing linked to this commercial prospecting.

How do I exercise my rights?

To exercise your rights, please contact us by email or postal mail stating your names, contact information and attaching a copy of your ID.

Addressed to the Data Protection Officer, Holtex, 30 rue Jean de Guiramand, 13290 Aix-en-Provence, France; email: data-protection@gsh-med.fr

We always appreciate your comments. If you have any questions or concerns relating to our privacy protection declaration, the way we collect and use your data or any possible violation of European law on privacy protection you can contact us by email addressed to our personal data processing manager.

All communications will be handled confidentially. On receipt of your communication, our personal data processing manager will contact you within a reasonable time frame to answer your questions or respond to your concerns. We wish to see your concerns resolved in a timely and appropriate manner.

If we are unable to address your concerns you are entitled to contact the French legal watchdog COMMISSION NATIONALE DE L’INFORMATIQUE ET DES LIBERTÉS (CNIL) – 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07 FRANCE – Phone: 01 53 73 22 22 tasked with handling data confidentiality or you may take legal action if you feel that your rights have been infringed.

Changes to our confidentiality declaration

If there is any change to this privacy declaration, the revised version will be made available on this page, stating the date of the last revision made. If there are any major changes made to this declaration likely to change our practices in this regard, we commit to informing you using other means, especially by email or with a warning on our website and/or on social media pages before any such changes take effect.

This confidentiality declaration was updated for the last time on 31 May 2022.