Privacy Policy & Protection of Personal Data

The protection of individuals with regard to the processing of personal data is a fundamental right, whose legal framework has been significantly strengthened by both Regulation (EU) 2016/679 on the protection of natural persons concerning the processing of personal data and the free movement of such data (GDPR) and Law No. 78-17 of January 6, 1978, as amended, relating to data protection, files, and freedoms. As the data controller, VIVAGO is committed to ensuring the continuous protection of personal data and complying with its legal obligations regarding the collection, use, and storage of such data.

In a spirit of transparency and strict adherence to its obligations, VIVAGO has adopted this Privacy Policy to inform all data subjects about the principles governing the use and protection of collected personal data. This Privacy Policy describes how VIVAGO collects, uses, stores, and protects the personal data of its clients, users, and prospects, in accordance with the General Data Protection Regulation (GDPR).

1. Identity of the Data Controller

VIVAGO acts as the data controller under the General Data Protection Regulation (GDPR). For any questions regarding this policy or to exercise your rights, please contact our Data Protection Officer (DPO):

E-mail : dpo@vivago.biz

Adress : 10 Rue de la Bourse 75002 Paris – France

2. Services Provided by VIVAGO

VIVAGO offers medical concierge services, which include:

  • Providing medical concierge services
  • Scheduling appointments and handling patient requests
  • Coordinating with healthcare professionals
  • Organizing medical stays abroad

The primary end users of our services are individual clients based in Africa, who interact with us through:

  • A website and CRM with GDPR-compliant functionalities
  • A personal, secure space on our platform
  • Email
  • WhatsApp for communication and follow-up

3. Data Collection

3.1. Types of Data Collected
  • Identification Data: Name, surname, date of birth, gender, address, phone number, email.
  • Health Data: Medical history, diagnoses, treatments, test results.
  • Banking Data: Bank account details, IBAN, payment information.
  • Cookies and Trackers: We use internal cookies to facilitate navigation on our website and, where applicable, conversion pixels (see "Cookies" section).
3.2. Data Collection Methods
  • Online Form: We use this method to collect identification information during registration or when you request information on our website.
  • Phone Recordings: We use this method to supplement identification information, if necessary, when you contact our customer service and provide details.
  • Secure Private Space on Our CRM: We use this method to collect health data securely.
  • Cookies: Deployed during your browsing on our website.
3.3. Data on Minors

Our services are strictly reserved for adults; we do not knowingly collect data on minors.

4. Finalités et bases légales du traitement

Your personal data is used for the following purposes:

  1. Providing medical concierge services
    Legal basis: Execution of the service contract.
  2. Managing medical appointments (transmitting necessary information to healthcare institutions)
    Legal basis: Contract execution & patient consent.
  3. Organizing medical stays (travel planning, accommodation, hospitalization)
    Legal basis: Contract execution.
  4. Managing payments and billing
    Legal basis: Contract execution & compliance with legal obligations.
  5. Marketing & Commercial Prospecting
    Legal basis: Consent (opt-in checkbox) or legitimate interest for existing customers (subject to opposition rights).
  6. Internal Statistics & Analysis (to improve services and performance tracking)
    Legal basis: Legitimate interest (anonymized data)

Note: We do not rely on the "vital interest" legal basis except in cases of genuine emergency.

5. Data Retention Period

When processing is based on a legal obligation, the retention period for personal data is determined by the applicable regulations. Otherwise, VIVAGO retains data:

  • For the duration of the contractual relationship
  • Until consent is revoked, when processing is based on consent
  • For the time necessary to provide the relevant service and until the applicable statutory limitation and archiving periods expire, which generally begin from the end of the relationship or the completion of the operation

For cookies, please refer to the "Cookies" section for specific retention periods.

6. Data Sharing and Transfers

6.1. Recipients of Data

The personal data collected is intended for authorized VIVAGO personnel. VIVAGO may use external service providers and subcontractors acting on its instructions to process all or part of the personal data, strictly within the limits necessary for the performance of their services.

VIVAGO may be required to share data with third parties to comply with a legal obligation or fulfill a contract. For example, sharing health data with partner healthcare institutions and professionals, payment service providers, and payment system managers.

Your identification data may be shared with our subcontractors (hosting providers, airlines, ride-hailing companies) if necessary for the organization of your medical stay.

Personal data is stored by VIVAGO within the territory of the European Union.

We only share data that is strictly necessary for the intended purpose and have contractual agreements in place to ensure confidentiality and compliance with the GDPR (Data Processing Agreements).

6.2. Transfers Outside the EU

VIVAGO ensures that data communication is carried out under conditions that preserve the security and confidentiality of the information. To this end, equivalence procedures between personal data protection systems are managed by the European Commission.

In the event of data transfer to a recipient located in a country outside the European Union that does not benefit from an adequacy decision by the European Commission (e.g., Morocco, Turkey, UAE), VIVAGO commits to implementing appropriate protection measures. This includes regulating data transfers through Standard Contractual Clauses (SCCs) or similar safeguards to protect your data.

You can obtain more details about these safeguards by contacting us at dpo@vivago.biz.

7. Data Security & Confidentiality

To ensure and be able to demonstrate that the processing of personal data complies with applicable legal and regulatory provisions, VIVAGO implements appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, accidental loss, alteration, disclosure, or unauthorized access, including:

  • Use of an authorized data hosting provider to securely store personal data (DCP) and health data (DDS), ensuring compliance with regulations such as the GDPR.
  • Access control, with rights granted only to authorized personnel.
  • Restricted access to sensitive data, available only to users with advanced authentication features, session expiration policies, and security recommendations.
  • Encryption of data exchanges (via HTTPS) and encryption of data at rest.
  • Regular training for our staff on data confidentiality.

These measures ensure a level of security appropriate to the risks associated with data processing and the nature of the protected data.

In the event of a detected personal data breach, the Banque de France, as the data controller, informs the CNIL, the competent national supervisory authority, in accordance with applicable regulations, and, where necessary, notifies the affected individuals.

8. Your Rights

In accordance with the GDPR, you have the following rights:

  • Right of access: To know whether we hold data about you and obtain a copy.
  • Right to rectification: To request the correction of inaccurate data.
  • Right to erasure ("right to be forgotten"): To request the deletion of your data, within the limits of our legal obligations.
  • Right to restriction of processing: To temporarily restrict the use of your data in certain cases.
  • Right to object: To oppose certain types of processing, particularly direct marketing based on VIVAGO's legitimate interest.
  • Right to data portability: To receive your data in a structured, machine-readable format.
  • Right to withdraw consent: When processing is based on your consent (especially for sensitive data), you may withdraw it at any time without affecting the lawfulness of past processing.

The concerned person is informed about the collected data, the purposes and legal bases of the processing, the data retention period, and their rights through collection documents, the agreement binding them to VIVAGO as the data controller, or the "Legal Information" section at the bottom of our website.

The data subject can exercise their rights by submitting a request to VIVAGO – Data Protection Officer (DPO)

E-mail : dpo@vivago.biz

Adress: 10 Rue de la Bourse 75002 Paris – France

We respond within one (1) month, which may be extended by two (2) months if necessary.

If the individual believes that their rights are not being respected, they may file a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) (www.cnil.fr) or the competent data protection authority in their country of residence.

9. Cookies & Trackers

We use internal cookies to facilitate your navigation on the website and remember your preferences.

We also use conversion pixels (Facebook Ads, Instagram Ads, LinkedIn Ads) to measure the effectiveness of our advertising campaigns.

Upon your first visit to our website, a consent banner invites you to accept or decline these cookies/pixels (excluding strictly necessary cookies). You can modify your preferences at any time in the "Settings" section or through your browser.

For more details (types of cookies, purposes, retention periods), please refer to our Cookie Policy or contact the DPO at: dpo@vivago.biz

10. Policy Updates

We will update this Privacy Policy in the event of legal, technical, or operational changes. If the modifications are significant, you will be informed (via email or a notification on the website) along with a summary of the changes.

The Privacy Policy is published on VIVAGO's website and is available upon request from the Data Protection Officer (DPO), whose contact details are mentioned in Section 9 above.

Any changes to this Privacy Policy take effect upon their publication on VIVAGO's website. Only the most up-to-date version is accessible on the site.

11. Contact

VIVAGO has appointed a Data Protection Officer (DPO). The DPO's contact details are: dpo@vivago.biz

Conclusion

This Privacy Policy aims to transparently inform you about the collection, use, and protection of your personal data by VIVAGO.

We remain available for any questions or further clarification you may need.

Vector