Data protection policy

Our specialties
Our Innovations

Since 1967, we have been innovating to support scientific and technological progress in the service of diagnosis, prevention and precision medicine for all.

Discover our innovations
Our pathologists
Our exams
About Cerba Path

Introduction

Cerba Path processes your personal data as part of its anatomocytopathology activity, in compliance with the legislation in force.
This policy provides you with information on how Cerba Path processes your personal data.
This policy, which is accessible in our offices and on our website, is updated regularly to take into account legislative and regulatory developments, and any changes in the company's organisation or in the processing it carries out.
This policy was updated on 16/12/2022.

What are our commitments?

We undertake to comply with the applicable regulations for all processing of personal data that we carry out. Thus, we undertake to respect the following principles:

We process your personal data in a lawful, fair and transparent manner.
We collect your personal data for specific, explicit and legitimate purposes and do not process it in a way that is incompatible with those purposes.
We ensure that personal data is adequate, relevant and limited to what is necessary for the purposes for which it is processed.
We make every effort to ensure that personal data is accurate and, where necessary, kept up to date. We take all reasonable steps to ensure that personal data which is inaccurate, having regard to the purposes for which it is processed, is deleted or rectified without delay.
We shall keep your personal data in a form which allows your identification only for as long as is necessary for the purposes of the processing.
We guarantee an appropriate level of security for the personal data we process.

These commitments are manifested in the following ways:

We respect your privacy.
We ensure that the protection and security of your personal data is our primary concern.
We do not use your personal data for purposes that have not been brought to your attention.
We do not consider that your personal data should be stored indefinitely.
We do not sell your personal data to third parties.
We work with trusted partners who provide sufficient guarantees that technical and organisational measures are in place to ensure that our processing operations meet the requirements of the applicable regulations.
We respect your rights as a data subject, and as a patient, and make every effort to respond to your requests as soon as they are justified.

How do we collect your personal data?

We collect your data either directly from you or indirectly. In the latter case, your personal data has been entrusted to us by our health partners (doctors, prescribers, laboratories, hospitals, clinics and health centres) who are involved, where applicable, in the taking of samples.

What personal data do we process and for how long?

We remind you that personal data is information relating to an identified or identifiable natural person (the "data subject"), such as your first and last names, your postal address or data concerning health.
We undertake to process only personal data that is strictly necessary for the purposes for which it is collected and to keep it only for as long as is necessary for those purposes.

The categories of personal data that we process are as follows :

Processing activities	Legal basis	Categories of personal data	Retention period (active basis)
Management of the medical office (carrying out your exams, interpretation and transmission of your results and administrative management of the medical office)	Performance of the contract	Identification data, data concerning health and social security number.	5 years from the last visit
Anonymisation of data for re-use in scientific research or quality control	Legitimate interest (establishment of specific safeguards for processing for scientific research or quality control purposes)	data concerning health	Not applicable
Sending out satisfaction surveys	Legitimate interest (improvement of services)	Identification data	Duration of the survey
Management of the website (management of contacts, connections, account creation)	Legitimate interest	Identification data, connection data and logs, data relating to the management of contacts and account creation	3 years from the last contact 6 months for connection logs
Management of the website (management of online orders and payments)	Performance of the contract	Identification data, order data, bank details	3 years from the end of the contractual relationship 10 years for invoices from the date of issue The duration of the transaction for bank details
Recruitment management	Performance of pre-contractual measures	Identification data and data relating to the professional situation of the applicant	2 years from the date of application (unless objected to)
Supplier management	Performance of the contract	Identification data, professional data	3 years from the end of the contractual relationship 10 years for invoices from the date of issue
Customer management	Performance of the contract	Identification data, business data	3 years from the end of the contractual relationship 10 years for invoices from the date of issue

Who can access your personal data?

Your data will only be communicated, if necessary, to the following recipients:

Authorised Cerba Path staff;
Subcontractors, trusted service providers of the laboratory, in charge of IT or debt collection.

With regard more specifically to data concerning patients:

The responsible doctor or the co-responsible doctor and, within the limits of the authorisations issued by them and under their responsibility, the members of the anatomocytopathology office (biologists, doctors, technicians, nurses, etc.) for the above-mentioned purposes.
The laboratories or reference centres to which your samples are sent for certain exams.
Health establishments, prescribing doctors (unless you object), external samplers, who have sent us your samples for analysis or at whose request we have carried out the samples and analyses.
The administration (SI-DEP, etc.).
regional cancer screening coordination centre (CRCDC) ;
Subcontractors, trusted service providers of the laboratory, in charge of IT or debt collection.

We make every effort to ensure that the number of such persons remains as limited as possible.
We only provide our trusted service providers with the information they strictly need to provide the service and they may not use your personal data for any other purpose.
We always make our best efforts to ensure that all our trusted service providers with whom we work maintain the security of your data.
We also ensure that when our relationship with a trusted service provider comes to an end, that service provider deletes your personal data without delay.
We select our trusted service providers with great care, ensuring that they have sufficient guarantees, including expertise, reliability and resources, to implement technical and organisational measures to meet the requirements of applicable legislation, including security. In this respect, we ensure that our trusted service providers process personal data only on our documented instructions. We also ensure that their staff are committed to confidentiality or are subject to an appropriate legal obligation of confidentiality.

What are your rights as a data subject?

You have the right to access, rectify, delete and port your personal data, as well as the right to limit the processing of this data.

For more information about your rights, please visit cnil.fr.

You can exercise your rights with the "Personal Data Referent" of Cerba Path

either by e-mail to the following address : Rpd@Cerbapath.com
or by post to the following address RPD Cerba Path - 30 Boulevard de Vaugirard 75015 Paris

You can exercise your right to oppose the processing of your data by your Regional Cancer Screening Coordination Centre by writing directly to the latter (e-cancer.fr).

If you feel, after contacting us, that your rights have not been respected, you may submit a complaint to the CNIL.