Privacy policy

We place great importance on the protection of your personal data. This page explains how we collect, use, and protect your information in accordance with the General Data Protection Regulation (GDPR). By using our website, you agree to our privacy policy.

Download the Privacy Policy

Introduction

This privacy policy applies to the https://www.gepromed.com website of the Gepromed Association. The whole is hereinafter referred to as "the device".
The Gepromed Association, the association that publishes the device (see Legal Notice), makes every effort to respect and protect the privacy and confidentiality of its users' data.

The purpose of this Privacy Policy is to present to users of the device:

How their personal data is collected and processed. "Personal data" refers to any data directly or indirectly identifying a user and any information that may be associated with such data ;
The rights that users have with regard to this data, and how they can exercise them;
Responsibilities with regard to the processing of personal data held by the Gepromed Association;
The recipients of this data;

The site's policy on cookies and other tracking device.

This privacy policy supplements the legal notices that users can consult at https://www.gepromed.com/en/about-us/legal-notice.

Collection and processing of personal data

In accordance with the provisions of Article 5 of the European Regulation 2016/679 for data protection (GDPR), the collection and processing of the data from users of the device complies with the following principles:

Lawfulness, fairness and transparency: data may only be collected and processed with the consent of the user who owns the data, or their manager or legal guardian if they are a person under guardianship. Whenever a new type of personal data is collected, the user will be informed that their data is being collected, and for what purposes their data is being collected.
Limited purposes: data collection and processing are carried out to meet one or more of the purposes determined in this privacy policy.
Minimization of data collection and processing: only the data necessary for the proper execution of the objectives pursued by the system are collected.
Data storage limited in time: data is stored for a limited period of time, of which the user is informed.
Integrity and confidentiality of the data collected and processed: the data controller undertakes to guarantee the integrity and confidentiality of the data collected.

The lawfulness of the processing of personal data carried out in the context of the implementation of the device, in accordance with the requirements of Article 6 of European Regulation 2016/679, is based on the free and informed consent of the user (or their guardian) to the processing, which is described to them in this document – except when it is made necessary by the performance of a contract or by a legal obligation.

Nature of the data

Data processed, purpose, retention period

The personal data collected by the system are as follows.

Registration data for Gepromed training courses via the training tab and HelpMeSee

Identity of the candidate (surname, first name, professional status);
Contact details of the candidate (e-mail, mobile phone number, city, country);
Dietary constraints (not compulsory and depending on the candidate's need for indication);
The candidate's question about the training via the "question" form;
Payment data via the HelloAsso website processed only by the website and the HelloAsso payment provider.

This data is collected at the request of registration by the candidate on the site and is processed by Gepromed's training organization team.

In the event that an external link to the training is indicated, and if you complete your application via this link, then the data will be processed by the external website.

The data described above is collected and processed for the following purposes :

to allow registration for Gepromed training;
to allow the study of the registration file for Gepromed's training courses;
to enable the organization of Gepromed's trainings;
to answer your questions about Gepromed's training courses.

The data is processed on an Excel file for internal training organization and the candidate's identification data is transmitted to the companies sponsoring the courses when your application is validated via a training document. A QR code is created for you to access training information.

Application data is kept for the entire duration of the training for the organization of the training and up to five years after the training, in order to comply with the legal basis of the legal obligation to keep certain supporting documents for the training.

Registration data for the Gepromed Congress held every two years

This data is collected via an external link on the https://congres-esvb.pourdevrai.events website. This data is processed by Gepromed's communication teams.

Identity of the participant (surname, first name, professional status);
Participant's contact details (e-mail, mobile phone number, city, country);
Dietary constraints (not mandatory and depending on the congress participant's need for indication);
Type of participation (attendance and financial participation).

The data described above is collected and processed for the following purposes:

to allow registration for the Gepromed Congress;
to allow the study of the application for registration to the Gepromed Congress;
to enable the organization of the Gepromed Congress;
to answer your questions about the Gepromed Congress.

The data related to Gepromed's participation in the Congress is kept for the duration of the organization of the Congress and up to three years after the Congress in which you participated.

Membership or donation data to the Gepromed Association

This data is collected via an external link on the https://helloasso.com/associations/gepromed. This data is processed by the HelloAsso website.

Identity of the donor (surname, first name);
Participant's contact details (e-mail, mobile phone number);
Payment details (collected only by HelloAsso and HelloAsso's financial provider).

The data related to the membership are kept by Gepromed for the entire duration of the membership and up to 3 years after the end of the membership and the donation data is kept for a minimum of 6 years as proof of donation to the tax authorities and proof to the tax services.

For any payments made on https://helloasso.com/associations/gepromed, please refer to HelloAsso's privacy policy on the processing of your data via the following link: https://info.helloasso.com/politique-de-confidentialite and https://info.helloasso.com/cgu-utilisateurs.

Third-party data recipients

The personal data collected by the website may be transmitted to third parties, the list of which is as follows:

our IT development subcontractors (data accessible to this third party: Codein – 6 Rue de Maguelone 34000 Montpellier, France – contact@codein.fr – +33 (0)9.72.42.26.03);
the Office suite for email processing and internal organization;
our sponsors.

To date, no data is outsourced outside the European Union, either for hosting or for any other processing, or for subcontracting.

Data hosting

All personal data processed in connection withe the use of the system is sent via Brevo’s SMTP relay and stored on their servers.

Data controller and DPO

Data controller

The person responsible for the processing of personal data is the Gepromed Association, in the person (legal controller) of Mr. Nabil CHAKFÉ, President. He can be contacted by phone at +33(0) 3.68.85.40.94.

Obligations of the data controller

The person responsible for the processing of personal data determines the purpose of the processing and the means implemented to achieve it.

It undertakes to protect the personal data collected, not to transmit it to third parties without the user having been informed and to respect the purposes for which this data was collected.

It undertakes to notify the user in the event of rectification or deletion of the data, unless this would entail disproportionate formalities, costs and procedures for the user.

In the event that the integrity, confidentiality or security of the user's personal data is compromised, resulting in a risk for the user, the Data Controller undertakes to inform the user by any means.

Data Protection Officer (DPO)

In order to ensure that it complies as closely as possible with the national and European legal and regulatory provisions in force, and to optimally protect the data and privacy of its users, the Gepromed Association has appointed a Data Protection Officer (DPO) to the Commission Nationale Informatique et Libertés (CNIL), in the person of Mrs. SCHMUCK Laetitia.
The DPO can be contacted by email: dpo@gepromed.com.

User rights

In accordance with the provisions of Articles 15 to 22 of European Regulation 2016/679, the user has the rights listed below.

User rights with regard to the processing of personal data

Right of access, rectification and deletionent

The user can access, update, modify or request the deletion of data concerning him or her – regardless of whether he or she has created his or her account himself or whether it has been created by a third party.

The user has the right to request the deletion of his personal space if he has one.

Right to data portability

The user may request the portability of his personal data, held by the Gepromed Association, to another site, by requesting the provision of an archive in a format that meets market standards.

Right to restriction and objection to data processing

The user has the right to request the restriction or to oppose the processing of their data by the data controller, without the latter being able to refuse, unless it can be demonstrated that there are legitimate and compelling reasons that may override the interests and rights and freedoms of the user.

Right not to be subject to a decision based solely on an automated process

The user has the right not to be subject to a decision based exclusively on an automated process if the decision produces legal effects concerning him, or similarly significantly affects him.

Right to determine the fate of data after death

The user (or their legal guardian if applicable) is reminded that they can organize the fate of their data collected and processed if they die, in accordance with Law No. 2016-1321 of 7 October 2016. If he wishes, he must send the Gepromed Association a notification of his advance directive by email address to dpo@gepromed.com.

Right to refer the matter to the competent supervisory authority

In the event that the data controller decides not to respond to the user's request, and the user wishes to contest this decision, or if he believes that one of the rights listed above has been infringed, he or she is entitled to refer the matter to the CNIL (Commission Nationale de l'Informatique et des Libertés, https://www.cnil.fr/fr/plaintes) or any competent judge.

Conditions for the exercise of rights by the user

Each of these rights can be exercised by e-mail to the DPO of the Gepromed Association (dpo@gepromed.com), or by post to the following address:

Gepromed Association / Confidentiality – 4 rue Kirschleger 67085 Strasbourg – France

In order to ensure that these rights cannot be exercised to the detriment of a third party and in order to prohibit any identity theft, the user is required to communicate to the Gepromed Association his first and last name as well as his e-mail address, his account or personal or subscriber space number, AND a copy of an identity document.

The Data Controller is obliged to respond to the User within a maximum of 30 (thirty) days.

Use of cookies and trackers

The website and the application that makes up the device may use external (fingerprinting) or internal (pixel tags, cookies) trackers on the user's terminal.

A tracker is a micro-file that we install on the user's hard drive, or on our own servers in connection with the user's IP address. In particular, it contains information relating to the user's browsing habits.

These files allow us to process statistics and information on traffic, to facilitate navigation and to remember certain preferences for the use of the device.

To do so, the user's consent is necessarily requested. A consent panel is displayed on the user's first visit, and allows them to choose whether they consent to the installation of cookies and the use of trackers and to personalize their choice.

This consent of the user is considered valid for a maximum period of 13 (thirteen) months. At the end of this period, the site will again ask for the user's permission to save cookies on their hard drive.

Opposition of the user to the use of cookies by the device

The user is informed that he or she can oppose the recording of these cookies by configuring his or her browser software or by reopening the personalization panel accessible from the footer of the website and from the application menu.

In the event that the user decides to disable cookies, he or she may continue browsing the site. However, any malfunction of the site caused by this manipulation cannot be considered to be the fault of the site publisher.

Description of the cookies used by the site

The website publisher draws the user's attention to the fact that the following cookies, in particular, are used when browsing:

Cookies for the use of Youtube.

In addition, the device integrates social network buttons, allowing the user to share his activity. Cookies from these social networks may therefore be stored on the user's terminal when using these features.

The user's attention is drawn to the fact that these social networks have their own privacy policies and general terms and conditions of use that are different from the website. The publisher of the site invites users to consult the privacy policies and general terms and conditions of use of these sites.

Terms of modification of the privacy policy

This privacy policy can be consulted at any time at the https://www.gepromed.com/en/about-us/legal-notice address, as well as in access to the legal notices provided by the application.

The publisher of the device (website and application) reserves the right to modify it in order to guarantee its compliance with the law in force. Therefore, the user is invited to come and consult this privacy policy regularly in order to stay informed of the latest changes that will be made to it.

However, in the event of a major change, the latter will be brought to the attention of the users by e-mail at the address mentioned by the user.

The user is informed that this privacy policy was last updated on June, 11^th 2025.