Introduction
At Innova Medical Group, we know that people care about their privacy and data protection — so do we.
We won’t resell personal data.
We comply with relevant data protection and privacy legislation, including but not limited to:
- California Consumer Protection Act
- EU & UK General Data Protection Regulation
- US Health Insurance Portability and Accountability Act
This Privacy Notice (Notice) explains how we may collect, use, and share personal information. It applies to our website, health apps, research activities, operations, regulatory, human resources, and customer service (collectively Services). If you have questions about this Notice, please feel free to contact us as at dpo@innovamedgroup.com. You have several rights concerning your information. Please read this Notice carefully to understand what we do and what your rights are.
This Notice first covers general information which is applicable to all Innova Medical Group processing of personal data in the scope of the applicable legislation. After that you will find details relating to specific processing operations, such as using our websites or health apps.
Readers of this Notice
In this Notice:
- “We,” “us,” and “our” means Innova Medical Group and its affiliates
- “Third-party” means someone who is not you or us.
- In this Notice, “you” means you as a
- Consumer – someone who is using our products
- Visitor – a visitor to the Innova Medical Group websites (including this one) who may submit a contact form with questions, queries, complaints, or other concerns
- Candidate – someone who wishes or has applied for a position at Innova Medical Group
Contact Details
For Innova Medical Group in the EU:
INNOVA MEDICAL GROUP SAS
14 rue Beffroy
92 200 Neuilly-Sur-Seine
France
+33 (0) 1 86 70 83 10
For Innova Medical Group in the US and the rest of the world:
Innova Medical Group, Inc.
800 E. Colorado Blvd., Suite 288,
Pasadena, CA 91101, USA
+1 (626) 239-0025
You can contact our Data Protection Officer covering all locations at: dpo@innovamedgroup.com if you have any questions regarding this Notice.
We also contract a Data Protection Representative in the EU and UK who can be contacted if you have any concerns and are resident in these regions.
For the EU:
MyData-TRUST France
Valpark – rue Louis Duvant, 1
59220 Rouvignies
France
+33 9 70 70 20 09
innovamg.dpr.eu@mydata-trust.info
For the UK:
Waldeck House
Lyne Lane, Chertsey
KT16 0AW
United Kingdom
+44 56 0375 0073
innovamg.dpr.uk@mydata-trust.info
Your Rights
You may have rights dependent on the precise nature of the data processing performed by us. These rights are listed below. You can exercise these rights by contacting:
Note, not all rights may apply to you, it will be assessed on a case-by-case basis by the DPO and others.
Your Right to be Informed
You have the right to be informed of your personal data that we hold.
Your Right to Access Personal Data
In addition to the information that is available on Innova Medical Group’s website, you have the right to access the personal data that Innova Medical Group holds about you, all subject to the exemptions as contained in applicable laws and regulations. If you request the data, then Innova Medical Group will assist you. Your identity will need to be confirmed before you are provided with access to personal data. Generally, Innova Medical Group does not charge for providing information, but if the request requires significant staff time, Innova Medical Group reserves the right to charge a fee for such requests.
Your Right to Correct or Amend Personal Data
If you feel there is a mistake in your personal data, you have a right to ask for the information to be corrected. We may ask you to provide documentation to show where Innova Medical Group’s files are incorrect. We will amend the erroneous data within 90 days and will notify you once the correction you have requested has been completed. The CCPA and the GDPR statutes provides you with the right to request correction of your personal data held by Innova Medical Group if you believe there is an error or omission. You are entitled to attach a statement of disagreement with the information, reflecting any correction you requested, but which was not made by Innova Medical Group. We will notify any person or organization to which your personal data was disclosed within the year before you requested correction and advise them about the correction or statement of disagreement.
Your Right to Take Personal Data with You (Portability)
You may obtain and reuse the personal data held by Innova Medical Group for your own purposes across different services. Innova Medical Group allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. This right applies to your personal data held by Innova Medical Group, where the processing was automated and used considering our service provision within the contract you have with Innova Medical Group, or where such processing was based on the consent you gave Innova Medical Group for it.
This right only applies where the legal basis is consent.
Your Right to Be Erased or Forgotten
Innova Medical Group does not store personal data without a predefined and documented purpose. We follow laws that require us to delete personal data if the reason for its collection and storage no longer exists. We believe this fulfills the requirements of the privacy principle of “the right to be forgotten.”
Where the personal data that Innova Medical Group holds is based on the consent you provided or legitimate interest, and you wish to be removed from our systems prior to the retention period indicated in the “How Long We Use Personal Data” section of each specific data processing operation below.
Your Right to Restrict the Use of Your Data
If you are contesting the accuracy of the personal data we hold, believe the processing to be unlawful or have raised a complaint with the regulatory authorities regarding the legitimate interest grounds, then you may request that Innova Medical Group halts the processing until the contested issues are resolved.
Your Right to Object to the Use of Your Data
You may object to the processing of your personal data when the legal basis is legitimate interest or consent.
This right cannot be exercised when the legal basis is legal obligation.
Your Right to Appeal an Access Decision under CCPA
Requesters of information can appeal Innova Medical Group’s decision about access to the California Department of Justice Privacy Unit. To make an appeal, you must complete an appeal form or write a letter to them within 90 days of receiving Innova Medical Group’s decision. This correspondence must include a description of the circumstances of your case, a copy of Innova Medical Group’s decision and, if available, a copy of your original access request to Innova Medical Group. Note there may be a fee involved, depending on the California Department of Justice Privacy Unit’s instructions.
Once your appeal request has been processed, the California Department of Justice Privacy Unit will send you a written confirmation, explaining how your appeal will be handled or whether it will be dismissed.
Enforcement and Audit
Innova Medical Group uses a self-assessment approach to ensure compliance with this privacy policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible, and in conformity with privacy principles.
Complaints
We encourage anyone interested to raise any concerns using the contact information provided in our “Contact Us” page. We will investigate and attempt to resolve any complaints and disputes regarding the use and disclosure of personal data.
If you would like to address your complaint to the relevant regulatory authorities, you may consider the following:
- U.S. Federal Trade Commission’s Complaint Assistant
- The European Union: National Data Protection Authorities
- Information Commissioner’s Office (UK)
Automated Decisions
Certain countries provide restrictions relating to automated decisions that affect individuals. Such automated decisions that affect individuals are decisions that are the result of the automated processing of personal data and that have a legal effect on the individual or affect him or her negatively.
Apart from a few specific exceptions (for example, a preselection of job applicants who applied online), Innova Medical Group does not render any automated decisions that affect individuals. In those exceptional cases in which such automated decisions are rendered by Innova Medical Group, the individuals will be notified about the presence of such automated decisions and
shall be allowed to object to the respective decision. In such a case, the decision will be reviewed again.
Definitions
“Personal data” (or “personal information”) means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly — in particular, by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural, or social identity.
“Special Categories of Personal Data” pertains to personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and the processing of data concerning health or sex life.
“Sensitive personal data” either indicates “special categories” (see above) or is personal data of which the sensitivity level has been assessed and classified, indicating potential severe impact on an individual when confidentiality of such data is breached.
“Anonymization” is the deletion or changing of personal data in such a way that it can no longer be assigned to a certain or ascertainable individual or only with a disproportionately high effort in terms of time, cost, and work.
“Pseudonymization” is the replacement of an individual’s name and other identifiable characteristics with a label to prevent identification of the individual by unauthorized parties or to render such identification substantially difficult. Pseudonymization techniques include certain levels of masking, redaction, tokenization and/or encryption of personal data.
“Consent” is any freely given, specific and transparently, well-informed indication of the will of the individual, whereby the individual agrees that his or her personal data may be processed. Requirements about consent can arise from the respective national laws. Where possible, consent is obtained in an explicit manner (unambiguously).
Adequate Protection
We transmit your personal data only within countries of the European Economic Area (EEA) and to or from countries that provide adequate protection, as confirmed by the European Commission or where there is no adequacy decision, we use the European Commission Standard Contractual Clauses (see section below). For more information, see European Commission, “Rules for the protection of personal data inside and outside the EU.”
Standard Contractual Clauses
Innova Medical Group signs contracts with standard contractual clauses approved by the European Commission and the California Department of Justice Privacy Unit when transferring personal data from within the EEA to countries outside the EEA. This allows us to comply with the EU’s data protection laws that otherwise restrict exporting personal data.
Innova Medical Group is also willing to sign standard contractual clauses where our non-EEA legal entities receive personal data from legal entities within the EEA.
Collaboration With Authorities
Innova Medical Group will cooperate with the regulatory authorities — in particular, data protection agencies of the countries in which Innova Medical Group operates. This relates to the notification of privacy breaches as required by law. Innova Medical Group will observe the authorities’ findings, if they have been rendered following due process of law.
Review and Ratification
We may occasionally update or modify this Notice. To ensure that the importance of this privacy policy is communicated uniformly throughout the enterprise, all members of Innova Medical Group’s board of directors will review, update, and ratify this privacy policy at least annually.
For material changes to this Notice, we will notify you by placing a prominent notice on the homepage of our website or, if legally required, by directly sending you a notification. We encourage you to periodically review this Notice to stay informed about how we are helping to protect the personal data we collect. Your continued use of the service constitutes your agreement to this privacy policy and any updates.
CONSUMER-FACING WEBSITES
Logging Practices
Innova Medical Group’s web servers automatically record the Internet Protocol (IP) addresses of visitors.
As well as recording the IP addresses of users, Innova Medical Group may also keep track of sites that users visited immediately prior to visiting Innova Medical Group’s website and the search terms they used to find it. The web server keeps track of the pages visited on Innova Medical Group’s website, the amount of time spent on those pages, the types of searches done on them, and products looked at. Your searches remain confidential and anonymous. Innova Medical Group uses this information only for statistical purposes, to find out which pages users find most useful and to improve the website.
Innova Medical Group servers also capture and store information that your browser transmits. This includes:
- Browser type/version/plug-ins used or security levels
- Operating system used
- Media Access Control (MAC) address
- Screen resolution
- Date and time of the server request
- Location-related data (such as the geographic location of the IP address)
- Volume of data transferred
- Access status (“file transferred,” “file not found” and so on)
This data will be used to generate statistics that help us to further optimize our websites to meet your individual needs. We will not deduce personal information from this data.
Cookies
Cookies are small text files that are placed on your computer by websites to track your individual movements on that website over time.
At Innova Medical Group, we do not use Advertising Cookies. We use the following categories of cookies:
- Essential cookies — These are used to authenticate you, prevent fraud, and provide you with the services that you have requested.
- Functional cookies — These are used to remember you and recall your settings or preferences (such as language) when you return to our website. These cookies are not used to track you when you visit other websites.
- Performance cookies — These are used to measure the performance of our website and online services. We use the information gathered from these cookies to improve our sites, as well as the products and services we offer.
Cookies used by Innova Medical Group may be session-based or persistent. Session-based cookies last only for the duration of a user’s session, while a persistent cookie remains on the user’s hard drive. A persistent cookie can help us recognize you when you return to our website and recall your settings or preferences.
You will have the option of accepting or rejecting cookies through each website’s cookie notice.
Note that if you do reject cookies, some aspects of Innova Medical Group websites may be unavailable to you.
Do Not Track (DNT)
Our web servers honor the DNT setting in all web browsers that currently support it.
External Links Disclaimer
Some of Innova Medical Group’s websites link to other sites created and maintained by other public-sector and/or private-sector organizations. Innova Medical Group provides these links solely for your information and convenience. When you transfer to an outside website, you are leaving the Innova Medical Group domain, and Innova Medical Group’s information management policies no longer apply. Innova Medical Group encourages you to read the privacy statement of each external website that you visit before you provide any personal data.
Communicating With Us
If you choose to contact Innova Medical Group staff using an email address, a discussion forum, a blog, a text message, or other electronic communication method, or if you choose to complete an online form provided on the Innova Medical Group website (e.g., a customer feedback form or online job application), we may ask you to provide your name, email address or other personal data. You will be provided with a notice of collection statement, which includes Innova Medical Group’s legal authority for the collection; the principal purposes for which the personal data is intended to be used; and the title, business address and business telephone number of a Innova Medical Group employee who can answer questions about the collection.
The purpose of collecting this information is to allow staff to respond to your inquiry or to evaluate individual web services. Only authorized staff will have access to the information provided, and the information will be used only for the purpose it was intended. Completed surveys are sent to staff anonymously. We will ask you to provide us only with a method of contacting you (email, phone, fax or mailing address) if you wish to be included in future surveys or to have us respond to you.
Personal Data About Minors and Children
Innova Medical Group does not knowingly collect data from or about children under 18. If we learn that we have collected personal information from a child under 18, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 18 please contact us at dpo@innovamedgroup.com.
What Personal Data We Use
Innova Medical Group uses the following personal data in line with the use purposes explained below:
- Your name and contact details
- Communication details
- Authentication data
- Support information
- Any other information you upload or provide us with
How We Use Personal Data
Innova Medical Group uses the information collected to provide a safe, efficient, and customized experience. Here are some of the details on how we do that:
- To manage the service — We use the information we collect to provide our services and features to you, to measure and improve those services and features, and to provide you with customer support. We use the information to prevent potentially illegal activities and to enforce our terms and conditions. We also use a variety of technological systems to detect and address anomalous activity and to screen content to prevent abuse, such as spam. These efforts may, on occasion, result in a temporary or permanent suspension or termination of some functions for some users.
- To contact you — We may contact you regarding:
- Service-related announcements from time to time. You may opt out of all communications except for essential updates
- Regarding medical research, product quality and safety measures.
How Long We Use Personal Data
To maximize privacy protection, Innova Medical Group structurally deletes your personal information after the useful period or as specified in relevant legislation
Following legal requirements:
- To manage the service — We retain the personal data as indicated for this purpose for up to 5 years.
- To contact you —
- Regarding service-related announcements we will retain your data for up to 5 years
- Regarding recruitment, we will keep your data for 1 years after the end of the recruitment process unless you provide explicit consent to keep the data for longer.
- As required by In Vitro Diagnostic Regulations (EU) 2017/746 we will keep data for 10 years after the product was placed on the market to support and product quality and safety measures.
- To support medical research, we will keep your data for at least 25 years as required by the Clinical Trial Regulation EU) No 536/2014
- When the service impacts the safety of the use of medical devices and products, we are required to keep the data without retention limit under the requirements of Good Clinical Practice and the Clinical Trial Regulation.
What is the legal basis for processing your Personal data
Under EU and UK GDPR, it is required that Innova Medical Group inform you of the legal basis for the use of your personal data:
- The legal basis for the processing initiated via the Contact Form is our Legitimate Interest to develop relationships with new clients, to identify and select potential staff or subcontractors and to maintain satisfactory communication with people interested in us and our work
- The legal basis for processing cookies, except for the strictly necessary cookies (technical) and your data provided if you subscribe to our newsletter is your consent
- The legal basis for medical research, product quality and safety is our legal obligation to perform these tasks.
Who Else May Process Personal Data
Innova Medical Group may share the information collected with third parties to provide a safe, efficient, and customized experience. Here are some of the details on how we do that:
- To provide services: Innova Medical Group may share your personal data with agents, contractors, or partners of Innova Medical Group in connection with services that these individuals or entities perform for or with Innova Medical Group. These agents, contractors or partners are restricted from using this data in any way other than to provide services for Innova Medical Group, or for the collaboration in which they and Innova Medical Group are engaged. For example, some of our products are developed and marketed through joint agreements with other companies. We may, for example, provide your information to agents, contractors, or partners for hosting our databases, data processing or mailing you information that you requested.
- To make a payment: When you enter into transactions with others or make payments on Innova Medical Group’s website, we will share transaction information with those third parties necessary to complete the transaction. We will require those third parties to respect your privacy and to adequately protect your information.
- To respond to legal requests and prevent harm: Innova Medical Group reserves the right to share your information to respond to duly authorized information requests of governmental authorities or where required by law. In exceptionally rare circumstances where national, state or company security is at issue (such as terrorist attacks), Innova Medical Group reserves the right to share our entire database of visitors and customers with appropriate governmental authorities.
We never sell your personal data to third parties. We do not provide any personal data to “people finder,” “public directory” or “white pages” sites.
If our company is involved in a bankruptcy, merger, acquisition, reorganization or sale of assets, your information may be sold or transferred as part of that transaction. The promises in this privacy policy will apply to your information as transferred to the new entities.
RECRUITMENT CANDIDATES
Logging and Cookies
Please see the relevant sections above on Consumer-Facing Websites
What Personal Data We Use
The candidate’s privacy notice is attached to each job description.
How Long We Use Personal Data
We will keep your data for 6 months after the end of the recruitment process unless you provide explicit consent to keep the data for longer. If you provide consent, we will re-validate this consent every 2 years.
What is the legal basis for processing your Personal Data
Under EU and UK GDPR, it is required that Innova Medical Group inform you of the legal basis for the use of your personal data:
The legal basis for the processing candidate’s information is our Legitimate Interest to recruit the best people possible for the roles we have.
This applies until 1 year after the end of the recruitment process.
You may be asked to allow us to keep your data for longer, to facilitate contacting you if further suitable positions arise. The legal basis for this is your consent.
Who Else May Process Personal Data
We may share your data with recruitment specialists who assist us in the recruitment process.
HEALTH APP USERS
The details of what data is collected, for how long the data will be retained, the legal basis of the processing and whom the data may be shared with is app-dependent.
Each App has its own Privacy Notice that is maintained within the app.
MISCELLANEOUS
Sources and References
Policies:
- IMG IT Policy
- Subject Rights Request Policy and Procedure
- Data Breach Procedure
- Code of Conduct/Ethics
Standards and frameworks:
- California a Consumer Protection Act (CCPA) — California, U.S. (effective as of 1 January 2020)
- EU General Data Protection Regulation (GDPR) Regulation (EU) 2016/679 – (EU GDPR)
- Data Protection Act. 2018 (as amended) – (UK GDPR)
- Health Insurance Portability and Accountability Act (HIPAA) — U.S.