Close search
wk_academy_vertical_bicolor_black

PERSONAL DATA PROTECTION POLICY

Last updated on 15 august 2024

1. INTRODUCTION

WINBACK GROUP is committed to protecting your personal data and respecting your privacy. This policy explains how we collect, use, store, and protect your personal information when you use the Winback Academy platform (winback-academy.org).

In France, personal data is protected by Law No. 78-87 of January 6, 1978, Law No. 2004-801 of August 6, 2004, Article L. 226-13 of the Criminal Code, and the General Data Protection Regulation (GDPR) EU 2016/679 of May 25, 2018.

2. DATA CONTROLLER

The data controller responsible for your personal data is:

WINBACK GROUP

Quality and Regulatory Affairs Manager
Clémence Roux
Email: croux@winback.com

Data Protection Officer (DPO):
Grégory Rollin
Email: g.rollin@winback.com

3. PERSONAL DATA WE COLLECT

When you use our website, particularly when you register, fill in forms, or connect via a Google or Facebook account, we may collect the following personal data:

Mandatory information:

  • Your title, surname, and first name
  • Professional postal address
  • Email address and telephone number
  • Serial numbers of purchased devices
  • Email address(es) of colleague(s) to whom you grant platform access
  • Any specific requests you send us (mainly for archiving purposes)

Optional information:

  • Your specialization and qualifications
  • Professional biography
  • Languages spoken
  • Professional associates
  • Date of birth
  • Profile and banner photos
  • Survey responses (for scientific and statistical purposes)

Technical data automatically collected:

  • URL of links through which you accessed our site
  • Your access provider
  • Your Internet Protocol (IP) address
  • Browsing data and connection logs

4. LEGAL BASIS AND PURPOSES OF PROCESSING

We process your personal data based on the following legal grounds:

Your Consent:

  • Sending marketing communications and newsletters
  • Optional data collection (biography, photos, etc.)
  • Use of certain cookies and tracking technologies

Contractual Necessity:

  • Creating and managing your account on the Winback Academy platform
  • Providing access to educational content and training programs
  • Managing device registrations
  • Processing your requests and providing customer support

Legitimate Interest:

  • Improving our services and platform functionality
  • Managing customer relationships
  • Analyzing platform usage statistics
  • Preventing fraud and ensuring platform security

Legal Obligations:

  • Complying with accounting, tax, and regulatory requirements
  • Responding to requests from legal authorities

5. USE OF YOUR PERSONAL DATA

Your personal data is stored and processed in our customer relationship management system (HubSpot) for the following purposes:

  • Managing your access to the Winback Academy platform and your user account
  • Providing access to training content, webinars, clinical case studies…
  • Sending educational content, product updates, and relevant information about our training programs and TECAR therapy equipment
  • Conducting targeted email marketing campaigns related to physiotherapy, medical devices, and professional development
  • Analyzing platform usage to improve our services and user experience
  • Managing customer relationships, support requests, and feedback
  • Conducting surveys and statistical purposes

Marketing communications:
You may receive marketing communications from us based on your consent. You can unsubscribe at any time by:

  • Clicking the unsubscribe link in our emails
  • Contacting us at croux@winback.com
  • Updating your preferences in your account settings

6. DATA RECIPIENTS

Your personal data may be shared with the following recipients:

  • HubSpot: Our customer relationship management (CRM) platform, which acts as a data processor under strict confidentiality agreements and GDPR compliance
  • WINBACK GROUP employees: Authorized employees and collaborators who need access to process your requests and manage the platform
  • Technical service providers: Companies providing hosting, maintenance, and technical support services under data processing agreements
  • Legal authorities: When required by law or to protect our rights

We ensure that all third-party service providers comply with GDPR requirements and provide adequate data protection guarantees through Data Processing Agreements (DPA) and Standard Contractual Clauses (SCC) for international transfers.

No commercial disclosure:
Your personal data will not be sold, exchanged, transferred, or assigned to third parties for commercial purposes. Only in the event of a corporate acquisition or merger would data be transferred to the acquirer, who would be bound by the same data protection obligations.

7. DATA HOSTING AND STORAGE

Your personal data is hosted within the European Union to ensure compliance with GDPR requirements:

  • Winback Academy platform: Infomaniak (Switzerland)
  • HubSpot CRM data: European Union (Germany)

All data storage complies with European data protection standards. Switzerland, while not part of the European Union, has been recognized by the European Commission as providing an adequate level of data protection equivalent to EU standards.

8. DATA RETENTION PERIOD

Your personal data will be retained for the following periods:

  • Active user accounts: Duration of platform use + 3 years after last activity
  • Marketing data: Until you unsubscribe or object to processing
  • Connection logs: 12 months
  • Cookies: Maximum 13 months

After these periods, your data will be deleted or anonymized, unless a longer retention period is required or authorized by law.

9. YOUR RIGHTS

In accordance with the GDPR, you have the following rights regarding your personal data:

  • Right of Access: Obtain confirmation that your data is being processed and access to your personal data
  • Right to Rectification: Correct inaccurate, incomplete, or outdated personal data
  • Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data under certain conditions
  • Right to Restriction of Processing: Limit how we use your personal data in certain circumstances
  • Right to Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format
  • Right to Object: Object to the processing of your data, particularly for marketing purposes
  • Right to Withdraw Consent: Withdraw your consent at any time for processing based on consent
  • Right to Lodge a Complaint: Lodge a complaint with the CNIL (www.cnil.fr)
  • Right to Define Post-Mortem Instructions: Define instructions regarding your personal data after your death

To exercise these rights, contact:

General inquiries: croux@winback.com
Data Protection Officer: Grégory Rollin – g.rollin@winback.com

Your request must include a copy of your identity document with signature, specification of the right(s) you wish to exercise, and your preferred contact address.

We will respond within one month of receipt (may be extended by two months for complex requests).

10. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of sensitive data in transit and at rest
  • Access control and authentication systems
  • Regular security audits and penetration testing
  • Employee training on data protection
  • Incident response and data breach notification procedures
  • Regular backups and disaster recovery plans

Despite these measures, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. COOKIES

What are Cookies?
A cookie is a small file that records information relating to your computer’s navigation on our site.

Types of Cookies:

  • Essential cookies: Necessary for platform functionality (authentication, security)
  • Performance cookies: Collect information about site usage to improve functionality
  • Functional cookies: Remember your preferences and settings
  • Marketing cookies: Track activity for relevant advertising (requires your consent)

Cookies are stored for a maximum of 13 months.

Managing Cookies:

  • Internet Explorer: Tools > Internet Options > Privacy > Block all cookies
  • Firefox: Menu > Options > Privacy > Use custom settings for history > Uncheck cookies
  • Safari: Settings > Preferences > Privacy > Block cookies
  • Chrome: Menu > Settings > Advanced Settings > Privacy > Content Settings > Block cookies

Note: Refusing cookies may limit access to certain services on our platform.

12. CHANGES TO THIS POLICY

We may update this policy periodically. The “Last updated” date indicates when it was last revised. Significant changes will be communicated via email or a prominent notice on our platform.

13. CONTACT AND COMPLAINTS

Complaints:

If you believe your rights have been violated, you can lodge a complaint with:

Commission Nationale de l’Informatique et des Libertés (CNIL)
Website: www.cnil.fr
Address: 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07
Phone: +33 (0)1 53 73 22 22

15. APPLICABLE LAW AND JURISDICTION

This policy is subject to French law. In case of dispute, the courts of Paris have exclusive jurisdiction.

DEFINITIONS

User: Internet user connecting to and using the winback-academy.org site.

Personal Data: Any information relating to an identified or identifiable individual.

Data Controller: The entity that determines the purposes and means of processing personal data (WINBACK GROUP).

Data Processor: An entity that processes personal data on behalf of the data controller (e.g., HubSpot).

Processing: Any operation performed on personal data (collection, recording, storage, modification, etc.).

Consent: Freely given, specific, informed, and unambiguous indication of agreement to data processing.

By using the Winback Academy platform, you acknowledge having read and understood this Personal Data Protection Policy.