1. Personal data collected

We only collect data that is strictly necessary:

• Contact and medical pre-admission forms: identity, contact details, medical information relevant to the preoperative assessment (special categories within the meaning of the GDPR).
• Appointment booking: if made via Doctolib, your data will be processed in accordance with Doctolib's privacy policy.
• Browsing data: IP address, anonymized login credentials, cookies/trackers (see cookie policy).
• Accounts/Comments (if applicable): data entered, IP address, and browser agent for anti-spam purposes.

2. Purposes of processing

• Respond to your requests and schedule your appointments.
• Ensure your care and medical follow-up.
• Comply with our legal and regulatory obligations applicable to healthcare facilities.
• Measure website traffic and improve our services.
• Secure the site and prevent fraud (anti-spam, technical logging).

3. Legal basis

• Consent (Art. 6-1-a GDPR): contact forms, non-essential cookies, communications.
• Performance of a contract/pre-contractual measures (Art. 6-1-b): organizing appointments and providing support.
• Legal obligation (Art. 6-1-c) & public interest in health (Art. 9-2-h): maintenance of medical records and health obligations.
• Legitimate interest (Art. 6-1-f): site security, improvement of user experience.

4. Recipients of the data

Access restricted to authorized persons:

• Medical and administrative teams at the PHENICIA Clinic.
• Technical service providers (hosting, maintenance, anti-spam, emailing tools) acting on instructions and bound by contract.
• Doctolib, if applicable, for making appointments.

Your data is never sold to third parties.

5. Hosting & Security

• Health data is hosted by an HDS-approved hosting provider in France: [Name of HDS hosting provider].
• Site protected by HTTPS, access control, backups, and appropriate organizational measures.
• Security tests and updates applied regularly.

6. Retention periods

• Medical data: in accordance with the legal obligations of healthcare institutions (in principle, up to 20 years from the last visit, subject to specific cases provided for by law).
• Contact details: 3 years after the last exchange.
• Browsing data (cookies): maximum 13 months; proof of consent: 6 months. See the cookie policy.
• Accounts/Comments (if applicable): time required for service and abuse prevention (anti-spam).

7. Cookies & trackers

We use cookies that are necessary for the website to function and, subject to your consent, audience measurement and/or marketing cookies. You can manage your preferences at any time via the banner or the "Manage my cookies" link. Details:PHENICIA VISION cookie policy.

8. Transfers outside the European Union

In principle, your data will not be transferred outside the EU. If a transfer were to take place (for example, via a subcontractor), it would be governed by standard contractual clauses adopted by the European Commission or by an equivalent protection mechanism.

9. Your rights

In accordance with the GDPR and the French Data Protection Act, you have the following rights: access, rectification, erasure, restriction, objection, portability, and the right to define post-mortem guidelines.

You may also contact the supervisory authority: CNIL.

10. Contact & Data Protection Officer (DPO)

To exercise your rights, please specify the subject of your request and, if necessary, attach proof of identity. We will respond within a maximum of 30 days.

11. Policy update

This policy may evolve to reflect legal, technical, or organizational changes. The date of the last update is indicated in the header.