ELAA INTERNATIONAL

Facebook Instagram Linkedin Youtube

Privacy policy

Last updated: November 21, 2024

Personal Data Protection Policy

This personal data protection policy explains how ELAA INTERNATIONAL S.A.R.L collects, uses, shares, and protects your personal data in the context of its activities, including medical services, local and international assistance, consulting, and training for its clients in Tunisia and internationally (Europe, United States, etc.).

We are committed to protecting your privacy in accordance with:

  • Tunisian laws on personal data protection.
  • The General Data Protection Regulation (GDPR) for our European clients.
  • The Health Insurance Portability and Accountability Act (HIPAA) for our activities related to medical data of American clients.

Guiding Principles

ELAA INTERNATIONAL S.A.R.L is committed to protecting the confidentiality and security of your personal data. Our data protection policy is based on the following principles:

  1. Data Minimization:
    We only collect, process, and retain data that is strictly necessary for the defined, legitimate, and clear purposes for which it is collected. We are committed to:

    • Limiting the types of data collected: We only collect information relevant to providing our services and meeting your needs.
    • Regularly evaluating the necessity of data: We periodically reassess the data we retain to ensure that it remains necessary for the purposes pursued.
    • Deleting unnecessary data: We delete or anonymize data as soon as it is no longer necessary.

  2. Transparency:
    We are committed to being transparent about how we collect, use, and share your data. We inform you, in particular, about:

    • The purposes of processing: We clearly explain why we collect your data and how it will be used.
    • The categories of data collected: We specify the types of personal data we collect (e.g., name, surname, email address, etc.).
    • The recipients of the data: We indicate if your data is shared with third parties (e.g., our service providers).
    • Your rights: We inform you of your rights regarding data protection (access, rectification, erasure, etc.).

  3. Consent:
    Your consent is free, specific, informed, and unambiguous. We will only process your personal data for purposes for which you have given your consent unless required or authorized by law. We are committed to:

    • Obtaining explicit consent: We ask for your consent clearly and without ambiguity before processing your data.
    • Allowing you to withdraw your consent: You have the right to withdraw your consent at any time.

  4. Security and Confidentiality:
    We implement appropriate technical and organizational measures to ensure a level of security that protects your personal data against unauthorized or unlawful processing, accidental loss, alteration, or destruction.

  5. Integrity and Availability:
    We are committed to ensuring the integrity and availability of your data.

  6. Accountability:
    We are responsible for processing your personal data and commit to demonstrating our compliance with applicable regulations.

Data Collected by ELAA INTERNATIONAL S.A.R.L

At ELAA INTERNATIONAL S.A.R.L, we place great importance on respecting privacy and protecting your personal data. In line with our commitments and applicable regulations, we ensure that we only collect the necessary and relevant information to achieve the specific goals related to our services.

  1. Why Do We Limit Data Collection?
    We ensure that each piece of data we collect serves a clearly defined purpose, whether it’s providing our services, responding to your requests, or meeting our legal and contractual obligations. This approach ensures responsible use of your personal information and minimizes risks to your privacy.

  2. What Are the Consequences of Missing Data?
    The essential nature of certain data means that failing to provide them could prevent:

    • The effective handling of your requests or services.
    • The implementation of the contracted services.
    • ELAA INTERNATIONAL S.A.R.L’s compliance with applicable regulations.

Types of Data Collected

The information we collect varies depending on your needs, the services requested, and the context of our interactions. It is grouped as follows:

  1. Identity and Contact Information:

    • Name, surname, date of birth.
    • Postal address, phone number, email address.
    • Identification number/document: ID card, passport, driver’s license, etc.

  2. Administrative and Contractual Information:

    • File or contract number.
    • Contact details of third parties (e.g., emergency contacts).

  3. Medical and Sensitive Data (Subject to Explicit Consent):
    In compliance with legal requirements and our data protection commitments, ELAA INTERNATIONAL S.A.R.L collects and processes only medical and sensitive data strictly necessary for the services required. This data is collected with your explicit consent and in compliance with the strictest confidentiality standards.

    Medical information that may be collected includes, but is not limited to:

    • Medical histories directly related to care.
    • Medical reports.
    • Hospitalization records.
    • Results of clinical, biological, or radiological tests.
    • Medical prescriptions or treatment protocols.
    • Any other information essential for optimal service provision.

    This data is used exclusively for the purposes for which it was collected and is only accessible to authorized personnel bound by professional confidentiality. You have the right to withdraw your consent at any time, in accordance with applicable legislation.

  4. Technical and Usage Data:

    • IP address, browser/device characteristics, and other information collected through our website or applications.
    • Information related to the use of our platforms (pages visited, actions taken, etc.).

  5. Data Specific to Certain Situations:

    • Information required for quotation requests.
    • Data collected in the context of assistance requests.

  6. Call Recordings:
    As part of its commitment to service quality and protection for all parties involved, ELAA INTERNATIONAL S.A.R.L may record or monitor certain telephone calls addressed to its services.

    The recordings are strictly accessible to authorized personnel, including those from the training, quality, and legal departments, and are used solely for their intended purposes. They are retained for a maximum duration of one year. In the case of a dispute or legal procedure, this period may be extended until the dispute is fully resolved, including the exhaustion of legal recourse.

    In accordance with applicable law, you have the right to object to the recording of your calls unless they are necessary to fulfill a legal or contractual obligation. You can also request information about the use of recordings concerning you by contacting our Data Protection Officer at the following email address: data.protection@elaa-international.com.

    These recordings are made in strict compliance with the relevant regulations and pursue specific objectives, related to the improvement of our service quality and the protection of our legitimate interests, unless expressly opposed by you. The data collected is processed confidentially and used for the following purposes:

    1. Continuous improvement of our service quality:
      • Training and supporting staff: Analysis of exchanges to identify best practices and areas for improvement, optimizing service quality.
      • Client satisfaction tracking: Evaluation of client satisfaction and identification of areas for improvement to adjust our offerings and processes.
    2. Security and compliance:
      • Fraud prevention and risk management: Detecting and preventing fraud attempts or any illegal activity.
      • Compliance with legal and regulatory obligations: Retaining recordings to respond to any requests from competent authorities or to justify our practices.
    3. Dispute and complaint management:
      • Evidence gathering: Retaining recordings to serve as evidence in case of a dispute, complaint, or challenge.
      • Improvement of complaint management: Analyzing complaints to identify causes and take corrective actions.
    4. Protection of individuals:
      • Prevention of inappropriate behaviors: Detecting and preventing abusive, harassing, or discriminatory behavior.
      • Protection of employees: Recording exchanges to ensure the safety of employees in sensitive situations.

    5. Processing Purposes
      We collect and process your personal data to provide our services optimally and in compliance with current regulations. Specifically, your data is used for the following purposes:

      • Execution of our services and provision of requested services.
      • Management of our client and contractual relationships: client tracking, billing, collections, etc.
      • Compliance with legal and regulatory obligations: we are required to retain certain data to comply with applicable legal and regulatory obligations.
      • Continuous improvement of our services: customer satisfaction analysis, etc.
      • Information system security and fraud prevention.

      Legal Bases for Processing
      Committed to ensuring the protection of your personal data, ELAA INTERNATIONAL S.A.R.L pledges to process your data in accordance with current regulations and the following principles:

      • Execution of a pre-contractual obligation, contract, or requested service: Before the conclusion of a contract or agreement to perform a service, certain data may be processed to organize or finalize the terms of the agreement. Likewise, data processing is necessary for the execution of a contract you are part of or for a specific service you have requested.
      • Legal obligation: The processing is necessary to fulfill a legal obligation to which ELAA INTERNATIONAL is subject.
      • Legitimate interests: The processing is necessary for the legitimate interests pursued by ELAA INTERNATIONAL or a third party, provided these interests do not infringe on your fundamental rights and freedoms (e.g., fraud prevention, service quality improvement, risk management, etc.).
      • Consent: In some cases, we may request your explicit consent. This consent is freely given and can be withdrawn at any time.

      In particular, ELAA INTERNATIONAL S.A.R.L commits to complying with the following regulations:

      • Tunisian legislation on the protection of personal data
      • General Data Protection Regulation (GDPR)
      • HIPAA (Health Insurance Portability and Accountability Act)

      Data Sharing
      The data collected by ELAA INTERNATIONAL S.A.R.L is intended for internal use and is strictly regulated. We share your personal information only in the following cases, always adhering to legal requirements and our confidentiality commitments:

      • With third-party providers to perform the requested service:
        We may need to share your data with professionals or entities involved in delivering the service, such as:

        • Doctors
        • Healthcare professionals: caregivers, nurses, physiotherapists, etc.
        • Medical laboratories
        • Radiology centers
        • Clinics, hospitals
        • Ambulance or transport companies
        • Airlines, air carriers
        • Towing companies or other logistics providers

      • With our client, requester, or payer of services:
        In executing the service, we may share your data with third parties responsible for the request or payment, such as:

        • Your insurance
        • Your assistance company
        • Your employer or any other contracting entity

      • To comply with legal obligations:
        We may be required to share your data with competent judicial, regulatory, or administrative authorities in response to an official request or to comply with applicable laws.

      Principles Governing Data Sharing

      • Limitation to what is strictly necessary: The information shared is limited exclusively to what is required to perform the service or meet a legal obligation.
      • Enhanced confidentiality: The data is accessible only to authorized persons and, where necessary, subject to confidentiality or professional secrecy obligations.

      Data Retention and Deletion
      ELAA INTERNATIONAL S.A.R.L ensures the retention of your personal data only for the duration strictly necessary for the purposes for which it was collected, while complying with legal requirements and best practices in data protection.

      Retention Periods:
      Your data is retained for the following reasons and durations:

      • Execution of services: Data is retained for as long as necessary to complete the requested services, including administrative follow-ups related to these services.
      • Compliance with legal obligations: Certain information must be retained for specific durations required by law (e.g., tax and accounting data, medical records, etc.).

      Deletion or Anonymization:
      Once the retention period has expired and in the absence of a legal or contractual need to retain it, your data is:

      • Securely deleted: Information is permanently erased to prevent unauthorized access.
      • Anonymized: In some cases, data is anonymized to be used for statistical or service improvement purposes, without the possibility of identifying you.

      Security and Compliance
      ELAA INTERNATIONAL S.A.R.L implements rigorous technical and organizational security measures to ensure the protection of your personal data throughout its retention period. These measures aim to prevent unauthorized access, loss, alteration, or misuse of your information.

      Security Measures Implemented:

      • Encryption of sensitive data: Your sensitive information is protected by encryption technologies, making it impossible for unauthorized third parties to read or intercept.
      • Strict access control: Only authorized individuals, according to their roles and missions, can access the data. These accesses are regularly reviewed and monitored to limit intrusion risks.
      • Ongoing employee training: All our employees undergo regular training on cybersecurity, data management best practices, and obligations regarding personal data protection.
      • Proactive monitoring: We use monitoring tools and procedures to detect any breach attempts or suspicious activities, allowing for rapid intervention.

      Limits and Response in Case of an Incident:
      Although we employ all possible measures to secure your data, no system can be guaranteed as totally invulnerable. In the event of a confirmed breach affecting the confidentiality, integrity, or availability of your data:

      • We immediately notify the competent authorities in accordance with legal requirements.
      • We notify affected users by providing clear information on the nature of the incident, the data impacted, and the measures taken to limit the consequences.
        ELAA INTERNATIONAL S.A.R.L is committed to maintaining a high level of security and adopting continuous improvements in response to technological developments and new threats. For any questions regarding the security of your data, contact us at data.protection@elaa-international.com.tn

      Users’ Rights
      In accordance with applicable legislation, you have several rights regarding your personal data. These rights allow you to retain control over your information and ensure its use complies with your expectations and needs.

      • Right of Access: You have the right to request whether your personal data is being processed and, if so, to obtain a copy of the data in our possession, along with information on its processing (purposes, recipients, retention period, etc.).
      • Right to Rectification: If you find that any information concerning you is incorrect or incomplete, you can request that it be updated or corrected.
      • Right to Erasure (Right to be Forgotten): This right allows you to request the deletion of your personal data, within the limits provided by law. For example, this right cannot be exercised if the data must be retained for legal, contractual, or regulatory reasons.
      • Right to Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format. You can also request that it be transmitted directly to another provider when technically possible.
      • Right to Restriction of Processing: This right allows you to request the temporary or permanent suspension of the processing of your data in certain situations, such as when you dispute the accuracy of the data or if the processing is unlawful.
      • Right to Object: You have the right to object to the processing of your personal data when it is based on our legitimate interest or used for marketing or profiling purposes, unless compelling legitimate grounds justify the processing.

      These rights are designed to provide you with transparency and full control over your personal information. We remain available for any questions or assistance regarding the exercise of these rights.

      To exercise these rights, contact our Data Protection Officer (DPO) at: data.protection@elaa-international.com.tn

      Contact
      Whether to exercise your rights (access, rectification, deletion, objection, etc.), report a potential violation, or obtain additional information about our privacy policy, we are here to assist you.

      For any questions, requests, or concerns regarding the protection of your personal data, you can contact our Data Protection Officer (DPO), who is responsible for ensuring compliance with our personal data protection practices:

      Data Protection Officer
      ELAA INTERNATIONAL
      Rue Tarek Ibn Zied, Trocadero, Centre Kraiem, 3rd Floor
      Sousse 4000, Tunisia
      Email: data.protection@elaa-international.com.tn

      We guarantee:

      • A prompt and professional response to your requests, within the timeframes required by applicable regulations, typically within 30 days. In certain cases, this period may be extended if the request is complex or requires additional verification.
      • A clear and comprehensive response to all your inquiries.
      • Assistance in exercising your rights, including explanations on the processes and measures implemented to protect your data.
        For security and confidentiality reasons, we may ask you to provide additional information to verify your identity before responding to certain requests.

      Policy Update
      This policy may be updated at any time to reflect regulatory or technological changes. The latest version will always be available on our website.

Listening to you for all your requests
Do you have a question, need a service, or want to join our network?

We are here for you! Whether you want to request a quote, learn more about our services, or explore collaboration opportunities, feel free to send us an email. Our dedicated team will get back to you as soon as possible to meet your needs.

Contact us today and find out how we can support you.
Contact us
Our branches?

Accredited Training Center: For each specific field (first aid, medical training, team building, emotional intelligence, etc.), we offer a personalized and dedicated training process to enhance individual and/or collective performance.

Our training programs are designed to deliver specific knowledge, develop technical skills, and foster a deeper understanding.

IT: Our IT services cover a wide range of activities, primarily—but not exclusively—focused on software development and implementation, including ERP, CRM, and more.

AI (Artificial Intelligence): We offer a variety of services involving the application and integration of AI technologies to address various challenges, automate processes, and support decision-making.

These services are delivered by AI and development specialists.

MEDICAL SERVICES, LOCAL AND INTERNATIONAL ASSISTANCE, CONSULTING AND TRAINING
Quick Access
Our Assets
Contact
  • Tarek Ibn Zied street, Trocadero, Kraiem Center, 3rd floor, 4000, Sousse, Tunisia
  • (+216)73 369 300
  • contact@elaa-international.com

Follow us :

Facebook Instagram Linkedin Youtube