Welcome to the "Exafield" internet site.
Through its policy of personal data protection, Exafield, data controller, commits to treating your personal data with all necessary care and the exclusively legitimate purposes for which they have been collected, in accordance with its principles, law number 78-17 of January 6th 1978, modified, relating to data processing, files, and freedoms known as "Data Protection Act" and of the regulation (EU) number 2016/679 of April 27th 2016 known as "General Data Protection Regulation" (GDPR) and more widely, all the current legal provisions.
This policy describes the manner in which Exafield commits to collect, use and protect your personal data.

Why is your data collected?

Your data is used solely for legitimate purposes which are brought to your attention and remain strictly confidential.

A description of the aims or purposes of the data processing implemented is provided for you when you authorise the collection of your personal data so that you clearly understand what we use it for.
On our exafield.com site, the purposes for which we collect your data are the following:

  • studies concerning health, therapeutic treatment, medications...
  • to know the opinions and attitudes of the medical world about a pathology, therapeutic care, medication...

Exafield commits to process your personal data in strict respect of these ends and intends in no case to use them for other ends. These are described in our register of processing actions and are the object of vigilance from our Data Protection Officer.

What categories of data are collected?

We only collect pertinent and necessary data.

The categories of data collected in the context of our studies are the following:

  • Patients, consumers of healthcare products, opinions, thoughts on health, therapeutic treatments, medication, etc. This data is anonymous and presents no risk to the private life of those people concerned
  • Healthcare Professionals: full name, sex, year of birth, e-mail, year of qualification or when diploma was obtained, professional address, language of answer, telephone, fax, profession.

Personal data collected by Exafield is solely necessary for the carrying-out of the purposes of the data-processing implemented. Exafield commits to not collecting more data than is necessary.

Who is the recipient of your data?

Only authorised people have access to your data.

Access to your personal data is strictly limited to authorised and specific people from Exafield and our service providers whose personal and organisational measures for the protection of your data are established. These people are those who by virtue of their position are legitimate in receiving the communication of your data in order to carry out the purposes which have previously been described to you.
Your personal data will never be sold, shared, communicatecd or transferred to an unidentified third party under the present protection policy for personal data.

For how long do you retain the data you collect?

Your data will only be retained for the length of time necessary.

According to the current legal requirements Exafield only keeps your personal data for the time necessary to carry out the indicated purposes; the length of time the collected data is retained by the panel is limited to 3 years. Beyond that period your consent is required again.

How does Exafield protect your personal data?

Your data is secure.

Exafield sets up means of physical and logical security in order to protect your personal data from unauthorised access, inappropriate access, disclosure, loss and destruction.

It is, however, your responsibility to ensure that the terminals which you use have appropriate security and protection against malware such as Trojan horses and viruses. You are informed of the fact that without appropriate security measures, you run the risk of your data being captured or disclosed to unauthroised third parties.

What are your rights over your data and how can you exercise them?

You retain control of your data.

In accordance with the Technology and Individual Freedom Act of January 6th 1978 in its applicable version and the GDPR (General Protection of Personal Data) of April 27th 2016 and more widely to all the arrangements in force, Stethos informs you that you have access to the following rights:

  • the right of access to the personal data collected,
  • the right to correct or erase personal data collected,
  • the right to oppose the data processing of your personal data on legitimate grounds,
  • the right to be forgotten (the right to be delisted),
  • the right to data portability,

To exercise any of these rights, please send your request to the Data Protection Officer, using one of the contact options below:


Letter : Exafield – Délégué à la protection de données

E-mail :dpo@exafield.com