Privacy Policy

As data controller, Sim&Cure places great importance to data protection and undertakes to comply with the regulations relating to the protection of privacy and personal data, particularly the General Data Protection Regulation n°2016/679 (known as “GDPR”) and the French data protection law.

This policy describes our practices regarding the collection and use of personal information that you may provide on this website or otherwise. We would recommend that you read it before browsing our website.

1. What types of personal information do we collect?

When you browse our website or interact with us, we may collect information about you, including:

Identification data when you submit a request through our contact form or subscribe to our newsletter, such as your name, first name, email, and the subject of your request.
Navigation data: we can collect navigation data that enables recognition of your device (computer, phone, or tablet). This includes: IP address, screen size, type of device, location, type of browser, operating system used, language preference, Internet service provider, domain name of the website from which you are visiting us, pages of our website that you viewed, time spent on pages of our website. These data are used to ensure the proper functioning of the website (performance and safety). These data can also be used to measure website activity and track user behavior, under the conditions laid down in our cookie policy.
Identification and business data collected within the scope of our relationship with you as a client, lead, or partner: depending on the nature of your relationship with us, we may process your name, first name, phone number, email, postal address, details regarding your professional activity (business line, position, home institution, source of data, etc.), and billing information. These data are collected directly from you or obtained from available public sources, such as LinkedIn.

2. For what purposes and on which legal bases do we process your personal data?

Your personal data are processed for the following purposes:

Managing your requests: the information you provide is used on the basis of our legitimate interest to process your request and maintain traceability.
Conducting direct marketing activities: if your request is related to our products or services, we may contact you by email and/or by phone for commercial purposes, based on our legitimate interest to promote our products and services and develop our accounts. You have the right to oppose the use of your information for direct marketing purposes at any time.
Managing our relationships with our clients, leads, and partners: we may process personal data concerning our clients/leads/partners and/or their employees. These data are necessary in the course of pre-contractual negotiations, to promote our products (on the basis of our legitimate interest) or for the performance of a contract (e.g.: product delivery, billing…). We can also use these data for legitimate administrative purposes (e.g. management of client files) and to meet our legal obligations (e.g. fiscal, accounting…). Depending on the context, the refusal to provide such information may make it impossible to continue our business relationship.
Managing your subscription to our newsletter: this processing activity is based on your consent. You can unsubscribe at any time by following the relevant link included in our emails.
Audience measurement and analytics: we use navigation data collected from cookies to measure and analyze the site traffic, based on your consent. You can withdraw your consent at any time by using the cookie management module placed in the footer of the website.
Analyzing user behavior for marketing purposes and user experience improvement: with your consent, we use cookies to track the pages you have visited and your interactions with our website to better understand your expectations and optimize your experience. You can withdraw your consent at any time by using the cookie management module placed in the footer of the website.
Managing data subjects’ rights requests: when you exercise your rights concerning data collected by us, we ask for your details and keep them, based on our legal obligations.
Optimizing the website: we use your navigation data to secure and smooth your browsing and adjust the website to your browser type, device, and preferences. This processing activity is based on our legitimate interest to provide you with a safe and friendly browsing experience.
Establishing, exercising, or defending legal claims: we can process and store your personal data when it is necessary for the establishment, exercise, or defense of legal claims, based on our legitimate interest to protect ourselves in the event of a dispute.

3. For how long do we store your data?

Personal data are kept only for such time required to achieve the purposes for which they were collected. The table below summarizes our practices:

Purposes	Retention period	Archiving period
Managing your requests	3 years from the last contact with the data subject	/
Conducting direct marketing activities	3 years from the last contact with the data subject	3 years
Managing data subjects’ rights requests	Until the processing of the request is complete.	Current calendar year + 5 years (for purposes of proof) Your credentials are kept for the time required to run checks.
Managing your subscription to our newsletter	3 years from the last contact with the data subject	The proof of consent is kept during the term of limitation for purposes of proof
Managing our relationships with our clients, leads and partners	D uration of the business relationship	5 years from the end of the business relationship 10 years for accounting docments
Audience measurement and analytics	25 months	25 months
Managing your preferences (cookie consent)	6 months	/
Analyzing user behavior for marketing purposes and user experience improvement	25 months	/

For more information on data collected by means of cookies, read our Cookie Policy.

4. Who has access to your information and to whom is it disclosed?

The personal information that we collect is meant to be used by our services on a need-to-know basis. The main services involved are:

Marketing and communication department
Product Life department (customer service)
IT department
Quality and regulatory affairs department

Your personal data may be processed by third-party processors under contract with us and bound by an obligation of confidentiality. These processors belong to the following categories:

Hosting company
Email and marketing automation platform
Service providers in charge of audience measurement and analytics
Customer Relationship Management software company

When accepting cookies, your personal data may also be shared with third-party providers located outside the European Union or the European Economic Area. Those who are based in the EU / EEA are the following:

Purposes	Company name	Head office
Email and marketing automation platform	Brevo	France
Analytics for marketing purposes and user experience improvement	Hotjar Ltd	Malte
Consent management and storage	Axeptio	France

When personal data are exported to countries outside the EU / EEA not covered by a decision of adequacy, Sim&Cure commits itself to put in place appropriate safeguards such as standard contractual clauses. The processors located in countries outside the EU / EEA are the following:

Company name	Head office	Safeguards
Google	USA	Adequacy decision (Data privacy Framework)
Innocraft (Matomo)	New-Zealand	Adequacy decision
SalesForce	USA	Adequacy decision (Data privacy Framework)
AWS	USA	Adequacy decision (Data privacy Framework)

5. What security and safeguards are in place to protect personal information?

Sim&Cure takes appropriate steps to ensure data privacy and security through various technical and organizational measures. Your personal data are stored on secured servers and flow encryption is in place. Our employees are subject to contractual confidentiality obligations and must comply with an IT charter. We also choose processors that provide sufficient guarantees regarding security and confidentiality.

6. What are your rights regarding personal data?

In accordance with the GDPR and the French data protection law, and subject to the conditions laid down by these regulations, you have the following rights:

Right to access your personal data
Right to ask for the correction of inaccurate data
Right to request the deletion of your personal data
Right to oppose the use of your personal data for a legitimate reason
Right to request data portability if technically possible
Right to limit the processing of your data
Right to withdraw your consent
Right to define advance directives for the processing of your data after your death

We may require additional information from you to verify your identity following a request to exercise these rights (only if there is some doubt about your identity). In this case, we do not store your proof of identity beyond the time necessary for running checks.

To exercise your rights or to obtain any further information on the processing of your personal data, please contact our Data protection officer to the following address: dpo@sim-and-cure.com.

If you are not satisfied with the outcome of your request, you can lodge a complaint with the French data protection authority (CNIL) on its website or by post.

7. What happens in case of changes to this privacy policy?

This website and our activities may evolve, for example in case of changes in commercial policy or new technological choices. Therefore, we may make changes to this Privacy Policy at any time and without need for justification.

We encourage you to revisit this Privacy Policy on a regular basis, particularly before providing us your personal details. The date of the latest privacy policy update will appear on top of this page.

Your continued use of the website after the effective date of any changes will constitute your acceptance of all the changes.