PixiLearn

Personal Data Policy

Last updated: 07/03/2025

Preamble

The General Data Protection Regulation (GDPR) came into force on May 25, 2018, and supplements the legislation on the protection of personal data.

For your information, personal data corresponds to any information relating to an identified physical person or one who can be identified, directly or indirectly, by reference to an identification number or to one or more elements specific to them (surname, first name, address, email, telephone, etc.).

Personal data processing refers to any operation on this type of data (collection, storage, transmission, deletion, etc.), whether on paper or digitally.

The data controller is the person who determines the purposes of each processing operation and the means to achieve these purposes.

The company reserves the right to modify this Privacy Policy at any time. Any modification will take effect immediately. Consequently, we invite you to regularly consult our Policy to keep yourself informed of the latest applicable version online.

Purpose of data processing

The purpose of the processing is the management of clinical trial imagery. In general, the company Pixilib does not process any of your data for purposes incompatible with those for which they were collected, unless you give prior agreement.

Data processed

The collected data can be classified into the following categories:

• Identity
• Contact details (surname, first name, date of birth, email address, city, telephone)
• Function, title, and workplace
• University degrees

The recipients of the data are:

• Pixilib
• Email sending service: Brevo

Retention period: The data is kept for the time necessary to achieve the purposes and does not exceed a maximum duration of 5 years.

Pixilib does not transmit any data outside the European Union.

Legal basis

The company Pixilib collects your personal data for the purposes described in the “Purpose of data processing” section of this Policy. In all cases, the company Pixilib collects your data only when their collection and processing are based on a legal basis. Subject to obtaining your prior consent, the company Pixilib may process your data to send you commercial offers on its products and services.

Security

The company Pixilib implements all technical, physical, and organizational measures to ensure the security and confidentiality of your data during the collection, processing, and transfer of your data. Pixilib's infrastructures are protected against malicious software; the security of your terminal is your responsibility. In the event that we may use service providers to process part of your data, we undertake to verify that they provide sufficient guarantees to ensure the protection of the personal data entrusted to them and to make them sign confidentiality clauses conforming to Article 28 of the GDPR.

In the event of a personal data breach, i.e., a security incident, whether malicious or not, and occurring intentionally or not, resulting in compromising the integrity, confidentiality, or availability of your personal data, we undertake to comply with the following obligations:

• The data breach does not entail any risk: Internal documentation, in the “register of breaches”.
• The data breach entails a risk: Internal documentation, in the “register of breaches”, Notification to the CNIL, within a maximum period of 72 hours.
• The data breach entails a high risk: Internal documentation, in the “register of breaches”, Notification to the CNIL, within a maximum period of 72 hours, and we will inform you as soon as possible.

The “register of breaches” contains the following elements:

• The nature of the breach;
• The categories and approximate number of data subjects;
• The categories and approximate number of files concerned;
• The probable consequences of the breach;
• The measures taken to remedy the breach and, where applicable, to mitigate the negative consequences of the breach;
• Where applicable, the justification for the absence of notification to the CNIL or information to the data subjects.

However, and in accordance with the regulations in force, we are not required to inform you of a breach in the following cases:

• Your personal data is protected by measures making it incomprehensible to anyone not authorized to access it;
• Measures have been taken so that the risk is no longer likely to materialize;
• This communication requires disproportionate efforts on our part, particularly lacking any means of contacting you to inform you.

Responsibility

In order to meet our responsibilities, our company:

• Adopts internal procedures aimed at ensuring compliance with the regulation (IT charter, personal data protection charter);
• Keeps a documentary trace of all processing carried out under its responsibility or that of the sub-contractor (keeping the register of processing activities, confidentiality agreements for employees and service providers, company security policy, procedures for managing access, rectification, opposition requests, etc.);
• Carries out impact analyses (PIA) for processing presenting particular risks with regard to rights and freedoms.

Your rights concerning your data

You can access and obtain a copy of the data concerning you, object to the processing of this data, have it rectified, or have it erased. You also have the right to restrict the processing of your data.

The Data Protection Correspondent is your contact person for any request to exercise your rights. Any request must specify, in the subject line, the reason for the request (exercise of the right of access, opposition, etc.). The request must also be accompanied by a double-sided copy of a valid identity document bearing the applicant's signature and specify the address to which the response should be sent.

The company Pixilib will send you its response within a maximum period of one (1) month, starting from the date of receipt of your request. This period may, however, be extended by two (2) months due to the complexity and number of requests.

Contact the Data Protection Correspondent by email: p.leguellec@yeched-mat.com

Contact the Data Protection Correspondent by post:

Pierre Le Guellec

Yec’hed Mat Conseil

256 rue de Bègles

33800 Bordeaux