General terms and conditions of sale

General conditions of sale Date of entry into force:

July 2023 These general conditions of sale (“Agreement”) are concluded by and between WESQUIID (“Seller”) and the buyer (“Buyer”), collectively called the “Parties”.

 

  1. Products and orders:
  • The seller agrees to sell, and the buyer agrees to buy, the products (“Products”) listed in the order placed by the buyer.
  • Orders are subject to the seller’s acceptance.

 

  1. Price and payment:
  • The buyer must pay the agreed purchase price for the products as indicated in the order.
  • Payment must be made by the payment methods accepted by the seller.

 

  1. Shipping and delivery:
  • Shipping conditions, costs and estimated delivery times are described in the order and may be subject to change.
  • The seller will not be responsible for delays caused by circumstances beyond his control.

 

  1. Returns and refunds:
  • The buyer may be eligible for returns or refunds in accordance with the seller’s return policy, provided that the products are returned in accordance with the policy.

 

  1. Ownership and risk of loss:
  • ownership of the products will be transferred to the buyer after full payment.
  • The risk of loss or damage to the Products passes to the Buyer upon delivery.

 

  1. Warranty and disclaimer:
  • The seller provides warranties for the products as indicated in the warranty policy, if applicable.
  • The seller disclaims any other warranty, express or implied, including suitability for a particular purpose.

 

  1. Limitation of liability:
  • The seller’s liability is limited to the purchase price of the products.
  • The seller will not be liable for indirect, incidental, consequential or punitive damages.

 

  1. Applicable law and jurisdiction:
  • This agreement is governed and interpreted in accordance with the laws below Any dispute arising from this agreement is subject to the exclusive jurisdiction of the courts of Law No. 78-17 of 6 January 1978 relating to data processing, files and freedoms

Last update of the data in this text: 26 January 2022 Chapter IV: Collection, recording and retention of personal information. (repealed) Chapter Va: Automated processing of personal data for the purpose of health research. (repealed) Chapter VI: Criminal provisions. (repealed) Chapter VIIa: Cooperation (repealed) Chapter X: Processing of personal health data for the purpose of evaluating or analyzing care and prevention practices or activities. (repealed) Chapter XIII: Provisions applicable to processing under the directive (EU 2016/680 Of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by the competent authorities for the purposes of the prevention, detection, investigation and prosecution of criminal offences or the enforcement of criminal offences, and on the free movement of such data, and repealing Council Framework Decision 2008/977/ JHA (repealed) Title I: Common provisions (Articles 1 to 41) Title II: Processing under the personal data protection regime provided for by Regulation (EU) 2016/679 of 27 April 2016 (Articles 42 to 86) Title III: Provisions applicable to processing under Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data by the competent authorities for the purposes of the prevention, investigation and prosecution of criminal offences or the enforcement of criminal offences, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (Articles 87 to 114) Title IV: Applicable to treatments concerning state security and defence (Articles 115 to 124) Title V: Overseas provisions (Articles 125 to 128) The National Assembly and the Senate have adopted. The President of the Republic promulgates the law with the following content: Chapter IV: Collection, registration and retention of nominative information. (repealed) Article 29-1 (repealed) Repealed by Law No. 2004-801 of 6 August 2004 – art. 4 () JORF August 7, 2004 Creation of Law No. 2000-321 of April 12, 2000 – art. 5 () JORF 13 April 2000 The provisions of this Law do not prevent the application, for the benefit of third parties, of the provisions of Title I of Law No. 78-753 of 17 July 1978 laying down various measures to improve relations between the administration and the public and various administrative, social and fiscal provisions and the provisions of Title II of the aforementioned Law No. 79-18 of 3 January 1979. Consequently, the holder of a right of access to administrative documents or public archives exercised in accordance with the aforementioned Laws No. 78-753 of 17 July 1978 and No. 79-18 of 3 January 1979 may not be considered as an unauthorized third party within the meaning of Article 29. Article 32 (repealed) Repealed by Law No. 88-227 of 11 March 1988 – art. 13 () JORF 12 March 1988 Access to the electoral register is open under identical conditions to candidates and political parties under the control of the electoral progagand commissions. Article 33-1 (repealed) Repealed by Law No. 2004-801 of August 6, 2004 – art. 5 () JORF 7 August 2004 Creation Law No. 2000-321 of 12 April 2000 – art. 5 () JORF 13 April 2000 The procedures for the application of this chapter are fixed by decree in the Council of State adopted after the opinion of the commission. Chapter V bis: Automated processing of personal data for the purpose of research in the health field. (repealed) Article 40-9 (repealed) Creation of Law No. 94-548 of 1 July 1994 – art. 1 () JORF July 2, 1994 Repealed by Law 2004-801 2004-08-07 art. 9 III JORF 7 August 2004 The transmission outside French territory of uncoded personal data subject to automated processing for the purpose of research in the field of health is only authorized, under the conditions provided for in Article 40-2, if the legislation of the receiving State provides protection equivalent to French law. Article 40-10 (repealed) Creation of Law No. 94-548 of 1 July 1994 – art. 1 () JORF July 2, 1994 Repealed by Law 2004-801 2004-08-07 art. 9 III JORF 7 August 2004 A decree in the Council of State specifies the procedures for the application of this chapter. Chapter VI: Criminal provisions. (repealed) Article 43 (repealed) Amended by Ordinance No. 2000-916 of 19 September 2000 – art. 3 (V) JORF September 22, 2000 in force on January 1, 2002 Repealed by Law 2004-801 2004-08-07 art. 5 JORF 7 August 2004 It is punishable by one year’s imprisonment and a fine of 15,000 euros for hindering the action of the National Commission for Informatics and Liberties: 1° Either by opposing the exercise of on-the-spot checks; 2° Or by refusing to communicate to its members, its agents or the magistrates made available to it the information and documents useful for the mission entrusted to them by the commission or by concealing the said documents or information, or by making them disappear; 3° Either by communicating information that is not compliant The content of the recordings at the time the request was made or that do not present it in a directly intelligible form. Article 44 (repealed) Repealed by Law No. 92-1336 of 16 December 1992 – art. 261 (V) JORF 23 December 1992 in force on 1 March 1994 Anyone, being the holder of personal information on the occasion of its registration, classification, transmission or any other form of processing, has diverted it from its purpose as defined in the regulatory act provided for in Article 15 above, or in the declarations made pursuant to Articles 16 and 17 above, shall be punished by imprisonment from one year to five years and a fine of 20,000 to 2,000,000 francs. Chapter VII bis: Cooperation (repealed) Article 49-1 (repealed) Repealed by Order No. 2018-1125 of 12 December 2018 – art. 1 Creation LAW n°2018-493 of June 20, 2018 – art. 6 I. – For the purposes of Article 62 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 cited above, the National Commission for Informatics and Liberties shall cooperate with the supervisory authorities of the other Member States of the European Union, under the conditions provided for in this Article. II. – Whether acting as a lead supervisory authority or as an authority concerned within the meaning of Articles 4 and 56 of the aforementioned Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, the National Commission for Informatics and Liberties is competent to deal with a complaint or a possible violation of the provisions of the same regulation that otherwise affecting other Member States. The chairman of the commission invites the other supervisory authorities concerned to participate in the joint control operations he decides to conduct. III. – When a joint control operation takes place on French territory, authorized members or agents of the commission, acting as host control authority, are present alongside the members and agents of the other control authorities participating, if necessary, in the operation. At the request of the supervisory authority of a Member State, the chairman of the commission may authorize, by special decision, those of the members or agents of the supervisory authority concerned who provide guarantees comparable to those required of the agents of the commission, pursuant to Article 19 of this Law, to exercise, under his authority, all or part of the powers of verification and investigation available to the members and agents of the commission. IV. – When the committee is invited to contribute to a joint control operation decided by the supervisory authority of another Member State, the chairman of the committee shall decide on the principle and conditions of participation, designate the members and authorized agents and inform the requesting authority under the conditions laid down in Article 62 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. Article 49-2 (repealed) Repealed by Order No. 2018-1125 of December 12, 2018 – Art. 1 Creation LAW n°2018-493 of June 20, 2018 – art. 6 I. – The processing operations referred to in Article 70-1 shall be the subject of cooperation between the National Commission for Informatics and Freedoms and the supervisory authorities of the other Member States of the European Union under the conditions provided for in this Article. II. – The Commission shall communicate to the supervisory authorities of the other Member States the relevant information and provide them with assistance, in particular by implementing, at their request, control measures such as consultation, inspection and investigation measures. The commission responds to a request for mutual assistance made by another supervisory authority as soon as possible and no later than one month after receipt of the request containing all the necessary information, including its purpose and reasons. It may refuse to comply with this request only if it is not competent to process the subject matter of the request or the measures it is invited to execute, or if a provision of European Union law or French law precludes it. The commission shall inform the requesting supervisory authority of the results obtained or, as the case may be, of the progress of the file or of the measures taken to comply with the request. The Commission may, for the exercise of its tasks, request the assistance of a supervisory authority of another Member State of the European Union. The commission gives the reasons for everything…

Article 70-21 (repealed) Repealed by Order No. 2018-1125 of December 12, 2018 – art. 1 Creation LAW n°2018-493 of June 20, 2018 – art. 30 I.-The rights of the natural person concerned may be subject to restrictions in accordance with the procedures provided for in II of this article from and as long as such a restriction constitutes a necessary and proportionate measure in a democratic society taking into account the fundamental rights and legitimate interests of the person to: 1° Avoid hindering investigations, searches or administrative or judicial proceedings; 2° Avoid harming the prevention or detection of criminal offences, investigations or prosecution in this matter or the execution of criminal sanctions ; 3° Protect public security; 4° Protect national security; 5° Protect the rights and freedoms of others. These restrictions are provided for in the act establishing the treatment. II.-When the conditions provided for in I are met, the controller may: 1° Delay or limit the communication to the data subject of the information mentioned in II of Article 70-18 or not communicate this information; 2° Refuse or limit the data subject’s right of access provided for in Article 70-19; 3° Not inform the person of the refusal to rectify or delete personal data or to limit the processing of such data, nor of the reasons for this decision, by way of derogation from Article 70-20. III.-In the cases mentioned in 2° of II of this article, the controller informs the data subject, as soon as possible, of any refusal or limitation of access as well as the reasons for the refusal or limitation. This information may not be provided when its communication may compromise one of the objectives set out in I. The controller records the reasons of fact or law on which the decision is based and makes this information available to the Commission nationale de l’informatique et des libertés. IV.-In the event of a restriction of the rights of the data subject pursuant to II or III, the controller shall inform the data subject of the possibility of exercising his rights through the Commission nationale de l’informatique et des libertés. Except in the case provided for in 1° of II, he also informs him of the possibility of bringing a judicial remedy. Article 70-22 (repealed) Repealed by Order No. 2018-1125 of 12 December 2018 – art. 1 Creation LAW n°2018-493 of June 20, 2018 – art. 30 In the event of a restriction of the rights of the data subject pursuant to II or III of Article 70-21, the data subject may refer the matter to the Commission nationale de l’informatique et des libertés. The second and third paragraphs of Article 41 shall then apply. When the commission informs the person concerned that the necessary checks have been carried out, it also informs him of its right to file a judicial remedy. Article 70-23 (repealed) Repealed by Order No. 2018-1125 of December 12, 2018 – art. 1 Creation LAW n°2018-493 of June 20, 2018 – art. 30 I.-The information mentioned in Articles 70-18 to 70-20 shall be provided by the controller to the data subject by any appropriate means, including by electronic means and, in general, in the same form as the request. II.-No payment is required to take the measures and provide the same information, except in the case of a manifestly unfounded or abusive request. In the event of a manifestly unfounded or abusive request, the controller may also refuse to comply with the request. In the event of a dispute, the burden of proof of the manifestly unfounded or abusive nature of the requests lies with the controller to whom they are addressed. Article 70-24 (repealed) Repealed by Order No. 2018-1125 of 12 December 2018 – art. 1 Creation LAW n°2018-493 of June 20, 2018 – art. 30 The provisions of this Section do not apply when the personal data appear either in a judicial decision or in a judicial file being processed in criminal proceedings. In these cases, access to this data and the conditions for rectification or erasure of this data can only be governed by the provisions of the Code of Criminal Procedure. Section 4: Transfers of personal data to States not belonging to the European Union or to recipients established in States not belonging to the European Union (repealed) Article 70-25 (repealed) Repealed by Ordinance No. 2018-1125 of 12 December 2018 – art. 1 Creation LAW n°2018-493 of June 20, 2018 – art. 30 The controller of personal data may transfer data or authorize the transfer of data already transmitted to a State not belonging to the European Union only when the following conditions are met: 1° The transfer of such data is necessary for one of the purposes set out in the first paragraph of Article 70-1; 2° Personal data shall be transferred to a controller established in that State not belonging to the European Union or within an international organization that is a competent authority responsible for the purposes falling within France of the First paragraph of Article 70-1; 3° If the personal data comes from another State, the State that transmitted this data has previously authorized this transfer in accordance with its national law. However, if prior authorization cannot be obtained in good time, these personal data may be transmitted again without the prior authorization of the State that transmitted these data when this new transmission is necessary to prevent a serious and immediate threat to the public security of another State or to safeguard the essential interests of France. The authority from which these personal data came is informed without delay; 4° The European Commission has adopted an adequacy decision pursuant to Article 36 of Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 or, in the absence of such a decision, a legally binding instrument provides appropriate safeguards with regard to the protection of personal data or, in the absence of such a decision and instrument, the controller has assessed all the circumstances of the transfer and considers that such appropriate safeguards exist. The appropriate guarantees provided by a binding legal instrument mentioned in 4° may result either from the data protection guarantees mentioned in the agreements implemented with that State not belonging to the European Union, or from legally binding provisions required on the occasion of the exchange of data. When the controller other than a court carrying out a processing activity in the course of its judicial activities transfers personal data solely on the basis of the existence of appropriate safeguards with regard to the protection of personal data, he shall notify the Commission nationale de l’informatique et des libertés des libertés of the categories of transfers on this basis. In this case, the controller must keep track of the date and time of the transfer, the information on the receiving competent authority, the justification for the transfer and the personal data transferred. This information is made available to the National Commission for Informatics and Liberties at its request. Where the European Commission has repealed, amended or suspended an adequacy decision adopted pursuant to Article 36 of the aforementioned Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016, the controller may nevertheless transfer personal data or authorize the transfer of data already transmitted to a State not belonging to the European Union if appropriate safeguards regarding the protection of personal data are provided in a legally binding instrument or if the controller considers, after assessing all the circumstances of the transfer, that there are Appropriate guarantees with regard to the protection of personal data. Article 70-26 (repealed) Repealed by Order No. 2018-1125 of 12 December 2018 – art. 1 Creation LAW n°2018-493 of June 20, 2018 – art. 30 By way of derogation from Article 70-25, the controller of personal data may not, in the absence of an adequacy decision or appropriate guarantees, transfer these data or authorize the transfer of data already transmitted to a State not belonging to the European Union only when the transfer is necessary: 1° To safeguard the vital interests of the data subject or another person; 2° To safeguard the legitimate interests of the data subject when French law so provides; 3° To prevent a serious and immediate threat to the Public security of another State; 4° In special cases, for one of the purposes set out in the first paragraph of Article 70-1; 5° In a special case, for the establishment, exercise or defence of legal rights in connection with the same purposes. In the cases mentioned in 4° and 5° of this article, the controller of personal data does not transfer such data if he considers that the fundamental rights and freedoms of the data subject outweigh the public interest in the context of the intended transfer. When a transfer is made for the purpose of backup…

Article 34 Amended by Ordinance No. 2018-1125 of December 12, 2018 – art. 1 I.-The Commission nationale de l’informatique et des libertés, seized under Articles 31 or 32, shall decide within eight weeks of receipt of the request. However, this period may be renewed by six weeks on a reasoned decision of the President. II.-The opinion requested from the commission on a treatment, which is not given at the end of the period provided for in I, is deemed favorable. NOTE: In accordance with Article 29 of Ordinance No. 2018-1125 of 12 December 2018, these provisions enter into force at the same time as Decree No. 2019-536 of 29 May 2019 adopted for the application of Law No. 78-17 of 6 January 1978 on data processing, files and freedoms on 1 June 2019. Article 35 Amended by Ordinance No. 2018-1125 of December 12, 2018 – art. 1 The acts authorizing the creation of processing pursuant to Articles 31 and 32 specify: 1° The purpose of the processing and, where applicable, its name; 2° The service with which the right of access provided for in Articles 49, 105 and 119 is exercised; 3° The categories of personal data recorded; 4° The recipients or categories of recipients entitled to receive communication of this data; 5° Where applicable, the derogations from the obligation to inform provided for in Article 116 III; 6° Where applicable, the limitations and Restrictions on the rights of data subjects provided for in Article 23 of Regulation (EU) 2016/679 of 27 April 2016 and Article 107. 7° Where appropriate, the designation, among the joint controllers, of the contact point for the persons concerned. NOTE: In accordance with Article 29 of Ordinance No. 2018-1125 of 12 December 2018, these provisions enter into force at the same time as Decree No. 2019-536 of 29 May 2019 adopted for the application of Law No. 78-17 of 6 January 1978 on data processing, files and freedoms on 1 June 2019. Article 36 Amended by Ordinance No. 2018-1125 of December 12, 2018 – art. 1 I.-The commission shall make available to the public, in an open and easily reusable format, the list of automated processing that has been the subject of one of the formalities provided for in Articles 31 and 32, with the exception of those mentioned in III of Article 31, as well as in Section 3 of Chapter III of Title II. This list specifies for each of these processing operations: 1° The act deciding the creation of the processing; 2° The purpose of the processing and, where applicable, the name; 3° The identity and address of the controller or, if the controller is not established either on the national territory or on that of another Member State of the European Union, those of its representative; 4° The function of the person or service with whom the right of access provided for in Articles 49,105 and 119 is exercised; 5° The categories of personal data subject to the Processing, as well as the recipients and categories of recipients entitled to receive communication; 6° If applicable, planned transfers of personal data to a non-member State of the European Union. II.-The commission shall make its opinions, decisions or recommendations available to the public. NOTE: In accordance with Article 29 of Ordinance No. 2018-1125 of 12 December 2018, these provisions enter into force at the same time as Decree No. 2019-536 of 29 May 2019 adopted for the application of Law No. 78-17 of 6 January 1978 on data processing, files and freedoms on 1 June 2019. Chapter V: Obligations of controllers and rights of individuals (Articles 37 to 39) Article 37 Amended by Ordinance No. 2018-1125 of 12 December 2018 – art. 1 I.-Subject to this article, Chapter I of Title V of Law No. 2016-1547 of 18 November 2016 on the modernization of justice in the 21st century and Chapter X of Title VII of Book VII of the Code of Administrative Justice apply to the action opened on the basis of this article. II.-When several natural persons placed in a similar situation suffer damage for the common cause of a breach of the same nature of the provisions of Regulation (EU) 2016/679 of 27 April 2016 or of this Law by a controller of personal data or a subcontractor, a class action may be brought before the civil court or the competent administrative court in the light of the individual cases presented by the applicant, who informs the Commission nationale de l’informatique et des libertés. III.-This action may be exercised either to put an end to the breach mentioned in II, or to incur the liability of the person who caused the damage in order to obtain compensation for the material and moral damage suffered, or for these two purposes. However, the liability of the person who caused the damage can only be incurred if the event giving rise to the damage is after May 24, 2018. IV.-Can only exercise this action: 1° Associations regularly declared for at least five years having as their statutory object the protection of privacy or the protection of personal data; 2° Consumer protection associations representative at national level and approved pursuant to Article L. 811-1 of the Consumer Code, when the processing of personal data affects consumers; 3° Trade union organizations of employees or representative officials within the meaning of Articles L. 2122-1, L. 2122-5 or L. 2122-9 of the Labour Code Or the III of Article 8 bis of Law No. 83-634 of 13 July 1983 on the rights and obligations of civil servants or representative unions of judicial magistrates, when the treatment affects the interests of the persons whom the statutes of these organizations instruct them to defend. When the action seeks compensation for the damage suffered, it is exercised within the framework of the individual compensation procedure defined in Chapter I of Title V of Law No. 2016-1547 of 18 November 2016 on the modernization of justice in the 21st century and in Chapter X of Title VII of Book VII of the Code of Administrative Justice. NOTE: In accordance with Article 29 of Ordinance No. 2018-1125 of 12 December 2018, these provisions enter into force at the same time as Decree No. 2019-536 of 29 May 2019 adopted for the application of Law No. 78-17 of 6 January 1978 on data processing, files and freedoms on 1 June 2019. Section 1: Obligations of controllers. (repealed) Article 34 bis (repealed) Repealed by Ordinance No. 2018-1125 of 12 December 2018 – art. 1 Creation Ordinance No. 2011-1012 of August 24, 2011 – art. 38 I. – This Article applies to the processing of personal data implemented in the context of the provision to the public of electronic communications services on electronic communications networks open to the public, including those supporting data collection and identification devices. For the purposes of this Article, personal data breach means any security breach accidentally or unlawfully resulting in the destruction, loss, alteration, disclosure or unauthorized access to personal data processed in connection with the provision of electronic communications services to the public. II. – In the event of a personal data breach, the provider of publicly available electronic communications services shall notify the National Commission for Informatics and Liberties without delay. When this violation may affect the personal data or the privacy of a subscriber or other natural person, the provider also notifies the person concerned without delay. However, the notification of a personal data breach to the person concerned is not necessary if the National Commission for Informatics and Liberties has found that appropriate protection measures have been implemented by the provider to make the data incomprehensible to any person not authorized to have access to it and have been applied to the data concerned by the said breach. Failing this, the Commission nationale de l’informatique et des libertés may, after examining the seriousness of the violation, give formal notice to the provider to also inform the interested parties. III. – Each electronic communications service provider keeps an inventory of personal data breaches, including their modalities, effect and measures taken to remedy them, and keeps it available to the commission. Section 2: Rights of individuals with regard to the processing of personal data. (repealed) Article 40-1 (repealed) Repealed by Order No. 2018-1125 of 12 December 2018 – art. 1 Amended by LAW No. 2016-1321 of October 7, 2016 – art. 63 I. – The rights open to this section are extinguished on the death of their holder. However, they may be provisionally maintained in accordance with the following II and III. II. – Any person may define guidelines on the retention, erasure and communication of his personal data after his death. These guidelines are general or specific. The general guidelines concern all personal data relating to the data subject and may be registered with a digitally trusted third party certified by the Commission nationale de l’informatique et des libertés. The references of the general directives and the trusted third party with whom they are registered are registered…

NOTE: In accordance with Article 29 of Ordinance No. 2018-1125 of 12 December 2018, these provisions enter into force at the same time as Decree No. 2019-536 of 29 May 2019 adopted for the application of Law No. 78-17 of 6 January 1978 on data processing, files and freedoms on 1 June 2019. Article 63 Amended by Ordinance No. 2018-1125 of 12 December 2018 – art. 1 In accordance with Article 36 of Regulation (EU) 2016/679 of 27 April 2016, the controller is required to consult the Commission nationale de l’informatique et des libertés libertés prior to the implementation of the processing when it appears from the impact assessment provided for in Article 62 that the processing would present a high risk if the controller did not take measures to mitigate the risk. NOTE: In accordance with Article 29 of Ordinance No. 2018-1125 of 12 December 2018, these provisions enter into force at the same time as Decree No. 2019-536 of 29 May 2019 adopted for the application of Law No. 78-17 of 6 January 1978 on data processing, files and freedoms on 1 June 2019. Section 3: Processing of personal data in the field of health (Articles 64 to 77) Article 64 Amended by Order No. 2018-1125 of 12 December 2018 – art. 1 When the exercise of the right of access applies to personal health data, it may be communicated to the person concerned, according to his choice, directly or through a doctor he designates for this purpose, in compliance with the provisions of Article L. 1111-7 of the Public Health Code. NOTE: In accordance with Article 29 of Ordinance No. 2018-1125 of 12 December 2018, these provisions enter into force at the same time as Decree No. 2019-536 of 29 May 2019 adopted for the application of Law No. 78-17 of 6 January 1978 on data processing, files and freedoms on 1 June 2019. Subsection 1: General provisions (Articles 65 to 71) Article 65 Amended by LAW No. 2019-774 of July 24, 2019 – art. 43 Processing containing data concerning the health of individuals is subject, in addition to those of Regulation (EU) 2016/679 of 27 April 2016, to the provisions of this section, with the exception of the following categories of processing: 1° Processing operations under 1° of Article 44 of this Law and a and c to f of 2 of Article 9 of Regulation (EU) 2016/679 of 27 April 2016; 2° Processing operations to carry out studies from data collected pursuant to 1° of Article 44 of this Law when these studies are Carried out by the staff providing this monitoring and intended for their exclusive use; 3° The treatments implemented for the exercise of their missions by the organizations responsible for the management of a basic health insurance plan as well as the coverage of benefits by the supplementary health insurance organizations; 4° The treatments carried out within health institutions by the doctors responsible for medical information, under the conditions provided for in the second paragraph of Article L. 6113-7 of the Public Health Code; 5° The treatments carried out by the regional health agencies, by the State And by the public person he designates pursuant to the first paragraph of Article L. 6113-8 of the same Code, within the framework defined in the same Article L. 6113-8; 6° The treatments implemented by the State for the purpose of designing, monitoring or evaluating public policies in the field of health as well as those carried out for the purpose of collecting, exploiting and disseminating statistics in this field. NOTE: In accordance with Article 41 XII of Law No. 2019-774 of 24 July 2019, these provisions enter into force the day after the date of entry into force of the provisions of Ordinance No. 2018-1125 of 12 December 2018 made pursuant to Article 32 of Law No. 2018-493 of 20 June 2018 on the protection of personal data and amending Law No. 78-17 of 6 January 1978 on data processing, files and freedoms and various provisions concerning the protection of personal data. Article 66 Amended by LAW No. 2019-774 of July 24, 2019 – art. 41 (V) I.-The processing operations covered by this section may only be implemented in consideration of the public interest purpose they present. Ensuring high standards of quality and safety of health care and medicines or medical devices is a purpose of public interest. II.-Standard standards and regulations, within the meaning of b and c of 2° of I of Article 8, applying to the processing operations covered by this section are established by the Commission nationale de l’informatique et des libertés, in consultation with the health data platform mentioned in Article L. 1462-1 of the Public Health Code and public and private bodies representative of the actors concerned. Processing in accordance with these standards may be implemented on the condition that their managers first send the National Commission for Informatics and Freedoms a declaration attesting to this conformity. These repositories may also cover the description and procedural guarantees allowing the provision for processing of health data sets with a low risk of impact on privacy. III.-The processing operations mentioned in I that do not comply with a reference framework mentioned in II can only be implemented after authorization from the National Commission for Informatics and Liberties. The application for authorization shall be submitted in the forms provided for in Article 33. IV.-The Commission nationale de l’informatique et des libertés may, by a single decision, issue to the same applicant an authorization for processing operations that meet the same purpose, relating to identical categories of data and having identical categories of recipients. V.-The National Commission for Informatics and Liberties shall decide within two months of receipt of the request. However, this period may be extended once for the same period by a reasoned decision of its president or when the ethics and scientific committee for research, studies and evaluations in the field of health is referred pursuant to the second paragraph of Article 72. When the National Commission for Informatics and Liberties has not ruled within these deadlines, the application for authorization is deemed to have been accepted. However, this provision is not applicable if the authorization is subject to prior notice under subsection 2 of this section and the notice or opinions rendered are not expressly favorable. NOTE: In accordance with the provisions of XIII of Article 41 of Law No. 2019-774 of 24 July 2019, the provisions resulting from a of 3° of XI of the said article shall enter into force on the date of approval of the convention constituting the health data platform, and no later than 31 December 2019. Article 67 Amended by Ordinance No. 2018-1125 of December 12, 2018 – art. 1 By way of derogation from Article 66, the processing of personal data in the field of health implemented by bodies or services entrusted with a public service mission appearing on a list fixed by order of the ministers responsible for health and social security, taken after the opinion of the National Commission for Informatics and Liberties, for the sole purpose of responding, in the event of an emergency situation, to a health alert and managing its follow-up, within the meaning of Section 1 of Chapter III of Title I of Book IV Of the first part of the Public Health Code, are subject only to the provisions of Section 3 of Chapter IV of Regulation (EU) 2016/679 of 27 April 2016. The processing operations mentioned in the first paragraph of this article that use the registration number of persons in the national register of identification of natural persons shall be implemented under the conditions provided for in Article 30 of this Law. The derogations governed by the first paragraph of this article shall end one year after the creation of the processing if it continues to be implemented beyond this period. NOTE: In accordance with Article 29 of Ordinance No. 2018-1125 of 12 December 2018, these provisions enter into force at the same time as Decree No. 2019-536 of 29 May 2019 adopted for the application of Law No. 78-17 of 6 January 1978 on data processing, files and freedoms on 1 June 2019. Article 68 Amended by Ordinance No. 2018-1125 of December 12, 2018 – art. 1 Notwithstanding the rules on professional secrecy, members of the health professions may transmit the personal data they hold to the person responsible for data processing authorized under Article 66. When this data allows the identification of persons, their transmission must be carried out under conditions such as to guarantee their confidentiality. The National Commission for Informatics and Freedoms may adopt recommendations or benchmarks on the technical processes to be implemented. When the result of the data processing is made public, the direct or indirect identification of the data subjects must be impossible. Persons called upon to implement data processing as well as those who have access to the data to which it relates are bound by professional secrecy under the penalties provided for in Article 226-13 of the Criminal Code. NOTE: In accordance with Article 29 of Ordinance No. 2018-1125 of 12 December 2018, these provisions enter into force at the same time as Decree No. 2019-536 of 29 May 2019 adopted for the application…

Article 99 Creation Order No. 2018-1125 of December 12, 2018 – art. 1 I.-In order to demonstrate that the processing is carried out in accordance with this Title, the controller and his processor shall implement the measures provided for in 1 and 2 of Articles 24 and 25 of Regulation (EU) 2016/679 of 27 April 2016 and the appropriate measures to ensure a level of security adapted to the risk, in particular with regard to the processing of special categories of personal data mentioned in I of Article 6 of this Law. II.-With regard to automated processing, the controller or his processor shall implement, following a risk assessment, measures intended to: 1° Prevent any unauthorized person from accessing the facilities used for processing; 2° Prevent data carriers from being read, copied, modified or deleted in an unauthorized manner; 3° Prevent the unauthorized introduction of personal data into the file, as well as the unauthorized inspection, modification or erasure of recorded personal data; 4° Prevent automated processing systems from Be used by persons who are not authorized to do so using data transmission facilities; 5° Ensure that persons authorized to use an automated processing system can only access the personal data to which their authorization is based; 6° Ensure that it can be verified and established in which instances personal data have been or may be transmitted or made available by data transmission facilities; 7° Ensure that it can be verified and ascertained a posteriori which personal data have been entered into the systems Automated processing and at what time and by which person they were introduced into it; 8° Prevent that, during the transmission of personal data as well as during the transport of data carriers, the data may be read, copied, modified or deleted in an unauthorized manner; 9° Ensure that the installed systems can be restored in the event of an interruption; 10° Ensure that the system functions operate, that operational errors are reported and that the personal data retained cannot be corrupted by a system malfunction. NOTE: In accordance with Article 29 of Ordinance No. 2018-1125 of 12 December 2018, these provisions enter into force at the same time as Decree No. 2019-536 of 29 May 2019 adopted for the application of Law No. 78-17 of 6 January 1978 on data processing, files and freedoms on 1 June 2019. Article 100 Creation Ordinance No. 2018-1125 of December 12, 2018 – art. 1 The controller and his processor keep a register of the processing activities under the conditions provided for in 1 to 4 of Article 30 of Regulation (EU) 2016/679 of 27 April 2016. This register also contains the general description of the measures to ensure a level of security adapted to the risk, in particular with regard to the processing of special categories of personal data mentioned in I of Article 6 of this Law, the indication of the legal basis of the processing operation, including transfers, for which the personal data are intended and, where appropriate, the use of profiling. NOTE: In accordance with Article 29 of Ordinance No. 2018-1125 of 12 December 2018, these provisions enter into force at the same time as Decree No. 2019-536 of 29 May 2019 adopted for the application of Law No. 78-17 of 6 January 1978 on data processing, files and freedoms on 1 June 2019. Article 101 Creation Order No. 2018-1125 of December 12, 2018 – art. 1 The controller or his processor shall establish for each automated processing a log of the collection, modification, consultation, communication operations, including transfers, interconnection and erasure, relating to such data. The logs of consultation and communication operations make it possible to establish the reason, date and time. They also make it possible, as far as possible, to identify the people who consult or communicate the data and the recipients thereof. This log is only used for the purposes of verifying the lawfulness of processing, self-checking, ensuring the integrity and security of data and for the purposes of criminal proceedings. This newspaper is made available to the National Commission for Informatics and Liberties at its request. NOTE: In accordance with Article 29 of Ordinance No. 2018-1125 of 12 December 2018, these provisions enter into force at the same time as Decree No. 2019-536 of 29 May 2019 adopted for the application of Law No. 78-17 of 6 January 1978 on data processing, files and freedoms on 1 June 2019. Article 102 Creation Order No. 2018-1125 of December 12, 2018 – art. 1 Articles 31,33 and 34 of Regulation (EU) 2016/679 of 27 April 2016 are applicable to the processing of personal data covered by this Title. If the personal data breach concerns personal data that has been transmitted by or to the controller established in another Member State of the European Union, the controller established in France shall also notify the controller of the other Member State of the breach as soon as possible. The communication of a personal data breach to the data subject may be delayed, limited or not issued therefore and as long as a measure of this nature constitutes a necessary and proportionate measure in a democratic society, taking into account the fundamental rights and legitimate interests of the person, to avoid hindering investigations, research or administrative or judicial procedures, to avoid harming the prevention or detection of criminal offences, the investigation or prosecution of them or the enforcement of criminal sanctions, to protect security Public, to protect national security or to protect the rights and freedoms of others. NOTE: In accordance with Article 29 of Ordinance No. 2018-1125 of 12 December 2018, these provisions enter into force at the same time as Decree No. 2019-536 of 29 May 2019 adopted for the application of Law No. 78-17 of 6 January 1978 on data processing, files and freedoms on 1 June 2019. Article 103 Creation Ordinance No. 2018-1125 of December 12, 2018 – art. 1 Except for jurisdictions acting in the exercise of their judicial function, the controller appoints a data protection officer. A single data protection officer may be appointed for several competent authorities, depending on their organizational structure and size. The provisions of 5 and 7 of Article 37, 1 and 2 of Article 38 and 1 of Article 39 of Regulation (EU) 2016/679 of 27 April 2016, in so far as they concern the controller, are applicable to the processing of personal data covered by this Title. NOTE: In accordance with Article 29 of Ordinance No. 2018-1125 of 12 December 2018, these provisions enter into force at the same time as Decree No. 2019-536 of 29 May 2019 adopted for the application of Law No. 78-17 of 6 January 1978 on data processing, files and freedoms on 1 June 2019. Chapter III: Rights of the data subject (Articles 104 to 111) Article 104 Creation Ordinance No. 2018-1125 of 12 December 2018 – art. 1 I.-The controller shall provide the data subject with the following information: 1° The identity and contact details of the controller and, where applicable, those of his representative; 2° Where applicable, the contact details of the data protection officer; 3° The purposes pursued by the processing for which the data are intended; 4° The right to lodge a complaint with the Commission nationale de l’informatique et des Libertés and the contact details of the commission; 5° The existence of the right to ask the controller for access to the data at Personal nature, their rectification or erasure, and the existence of the right to request a limitation of the processing of personal data relating to a data subject. II.-In addition to the information mentioned in I, the controller provides the data subject, in special cases, with the following additional information in order to enable him to exercise his rights: 1° The legal basis for the processing; 2° The retention period of personal data or, failing that, the criteria used to determine this duration; 3° Where applicable, the categories of recipients of the personal data, including those established in States not belonging to the European Union or within international organizations; 4° If necessary, Additional information, in particular when personal data is collected without the knowledge of the data subject. NOTE: In accordance with Article 29 of Ordinance No. 2018-1125 of 12 December 2018, these provisions enter into force at the same time as Decree No. 2019-536 of 29 May 2019 adopted for the application of Law No. 78-17 of 6 January 1978 on data processing, files and freedoms on 1 June 2019. Article 105 Creation Order No. 2018-1125 of December 12, 2018 – art. 1 The data subject has the right to obtain from the controller…

Creation Ordinance n°2018-1125 of December 12, 2018 – art. 1 However, the controller may transfer personal data to a State that does not meet the conditions of Article 123 if the person to whom the data relate has expressly consented to their transfer or if the transfer is necessary under one of the following conditions: 1° To safeguard the life of that person; 2° To safeguard the public interest; 3° To compliance with obligations to ensure the establishment, exercise or defense of a legal right; 4° To the consultation, under regular conditions, of a public register which, Under legislative or regulatory provisions, is intended to inform the public and is open to consultation by the latter or any person with a legitimate interest; 5° To the performance of a contract between the controller and the data subject, or pre-contractual measures taken at the request of the latter; 6° To the conclusion or performance of a contract concluded or to be concluded, in the interest of the data subject, between the controller and a third party. An exception may also be made to the prohibition provided for in Article 123 if such a transfer is authorized by decree, taken after the reasoned opinion of the Commission nationale de l’informatique et des libertés, when the processing guarantees a sufficient level of protection of privacy and the fundamental rights of individuals, in particular because of the contractual clauses or internal rules to which it is subject. When the data transferred comes from a processing created by a regulatory act exempted from publication pursuant to Article 31 III, the decree authorizing the transfer is itself exempt from publication. The committee shall decide within two months of receipt of the request for an opinion. However, this period may be renewed once upon a reasoned decision of its president. When the commission has not decided within these deadlines, the opinion requested from the commission on the transfer is deemed favorable. NOTE: In accordance with Article 29 of Ordinance No. 2018-1125 of 12 December 2018, these provisions enter into force at the same time as Decree No. 2019-536 of 29 May 2019 adopted for the application of Law No. 78-17 of 6 January 1978 on data processing, files and freedoms on 1 June 2019.

Title V: Overseas Provisions (Articles 125 to 128) Article 125

  • This agreement constitutes the entire agreement between the parties and replaces all previous agreements.
  1. Separability:

If any provision of this Agreement is found to be invalid or unenforceable, the other provisions will remain in full force and effect.

 

  1. Contact details:

The seller’s contact details are provided on the website www.wesquiid.com By making a purchase through WESQUIID, the buyer acknowledges having read, understood and agreed to comply with the terms and conditions set out in this agreement.

 

Contact

contact@wesquiid.com

Opening hours

Monday to Friday: 8.30am to 5.30pm

Saturday: 9am to 6pm

Available on :