Data protection


Updated on 2020-11-06

1 – Preamble


The data protection policy, described in this document, applies to the website (hereinafter referred to as “the Website”). Its purpose is to inform the user of the Website (hereinafter referred to as “the User”) of the processing carried out by BIOCODEX SAS (hereinafter referred to as the “Publisher”) on the data concerning him, the rights he has over his data and how he can exercise these rights.


2 – General provisions


The following provisions apply to all processing of personal data by the Publisher on the Website, unless otherwise specified in the specific provisions.


Legal framework

The Publisher, as data controller, declares that it processes personal data on the Website, in accordance with the regulations applicable to the protection of natural persons with regard to the processing of personal data and the free movement of such data, in particular

Regulation (EU) 2016/679 of 27 April 2016 – General Data Protection Regulation (hereafter, the “GDPR”).


Data controller

The data controller is identified as follows:

Biocodex, a simplified joint stock company under French law with a share capital of €4,284,000, registered in the Trade and Companies Register under No. 562 064 600 R.C.S. Créteil, with its registered office at 7 avenue Gallieni – 94250 Gentilly – France, represented by Mr Jean-Marie Lefèvre, duly authorised in his capacity as Chairman and CEO.


Rights of the User on his data

In accordance with the GDPR, the User may exercise, on the data concerning him and proving his identity, a right of access, rectification, deletion, limitation, opposition, with the Data Protection Officer (DPO) of Biocodex (in French or English only) by email ( or by post (DPO BIOCODEX, 7 avenue Gallieni, 94250 GENTILY, France) ; the User also has the right to lodge a complaint with a supervisory authority (the CNIL for France –


Security of personal data

The Publisher takes all necessary precautions to preserve the security of the User’s personal data and aims in particular to prevent it from being distorted or damaged, or from unauthorised third parties having access to it.

The Publisher uses the https protocol on the Website. This security mechanism allows the User to verify the identity of the website he or she is accessing, thanks to an authentication certificate issued by a third party authority known for its reliability. It also guarantees the confidentiality and integrity of the data sent by the User, such as the information entered in the contact form.


3 – Specific provisions


The following provisions are specific to each processing of personal data carried out by the Publisher on the Website. In particular, they detail:

  • the purpose of the processing operation
  • its legal basis
  • the persons concerned
  • the personal data processed
  • their shelf life
  • the recipients of the data


Contact form

Purpose of the processing operation

The contact form on the Website allows the User to contact the Publisher electronically. This processing of personal data allows the Publisher to:

  • receive the messages addressed to him
  • follow correspondence with the User
  • comply with its health vigilance obligations
  • develop service statistics

The legal basis of the processing operation is the legitimate interests pursued by the Publisher in its relationship with the User.

If the communication is part of the health vigilance framework, the User’s data are subject to further processing specifically provided for this framework.

The processing does not involve automated decision making (including profiling).


Persons concerned

The processing concerns any User wishing to contact the Publisher electronically, as well as the Publisher staff in charge of processing requests.


Data processed

  • User identity and email address
  • date, subject and body of the message
  • follow-up
  • activity statistics

Mandatory data is needed for the proper consideration of the request.

The data are kept for 5 years from the processing of the request. However, if the communication falls within the framework of health vigilance, the storage period is defined in the further processing specifically provided for that purpose.


Data recipients

The processing concerns the Publisher staff:

  • in charge of processing correspondence related to the Website
  • in charge of the publication of the contents and the technical administration of the Website
  • assigned to the management of health vigilance

The data recipients are also the staff of the service providers concerned.


Cookie management

The management of cookies is a special processing of personal data, described in the cookie policy on the Website.