1 – Preamble
The data protection policy, described in this document, applies to the website www.dravet-syndrome.com (hereinafter referred to as “the Website”). Its purpose is to inform the user of the Website (hereinafter referred to as “the User”) of the processing carried out by BIOCODEX SAS (hereinafter referred to as the “Publisher”) on the data concerning him, the rights he has over his data and how he can exercise these rights.
2 – General provisions
The following provisions apply to all processing of personal data by the Publisher on the Website, unless otherwise specified in the specific provisions.
The Publisher, as data controller, declares that it processes personal data on the Website, in accordance with the regulations applicable to the protection of natural persons with regard to the processing of personal data and the free movement of such data, in particular
Regulation (EU) 2016/679 of 27 April 2016 – General Data Protection Regulation (hereafter, the “GDPR”).
The data controller is identified as follows:
Biocodex, a simplified joint stock company under French law with a share capital of €4,284,000, registered in the Trade and Companies Register under No. 562 064 600 R.C.S. Créteil, with its registered office at 7 avenue Gallieni – 94250 Gentilly – France, represented by Mr Jean-Marie Lefèvre, duly authorised in his capacity as Chairman and CEO.
Rights of the User on his data
In accordance with the GDPR, the User may exercise, on the data concerning him and proving his identity, a right of access, rectification, deletion, limitation, opposition, with the Data Protection Officer (DPO) of Biocodex (in French or English only) by email (firstname.lastname@example.org) or by post (DPO BIOCODEX, 7 avenue Gallieni, 94250 GENTILY, France) ; the User also has the right to lodge a complaint with a supervisory authority (the CNIL for France – www.cnil.fr).
Security of personal data
The Publisher takes all necessary precautions to preserve the security of the User’s personal data and aims in particular to prevent it from being distorted or damaged, or from unauthorised third parties having access to it.
The Publisher uses the https protocol on the Website. This security mechanism allows the User to verify the identity of the website he or she is accessing, thanks to an authentication certificate issued by a third party authority known for its reliability. It also guarantees the confidentiality and integrity of the data sent by the User, such as the information entered in the contact form.
3 – Specific provisions
The following provisions are specific to each processing of personal data carried out by the Publisher on the Website. In particular, they detail:
Purpose of the processing operation
The contact form on the Website allows the User to contact the Publisher electronically. This processing of personal data allows the Publisher to:
The legal basis of the processing operation is the legitimate interests pursued by the Publisher in its relationship with the User.
If the communication is part of the health vigilance framework, the User’s data are subject to further processing specifically provided for this framework.
The processing does not involve automated decision making (including profiling).
The processing concerns any User wishing to contact the Publisher electronically, as well as the Publisher staff in charge of processing requests.
Mandatory data is needed for the proper consideration of the request.
The data are kept for 5 years from the processing of the request. However, if the communication falls within the framework of health vigilance, the storage period is defined in the further processing specifically provided for that purpose.
The processing concerns the Publisher staff:
The data recipients are also the staff of the service providers concerned.