DATA PROTECTION POLICY
As the data controller, the company Biocodex, whose registered office is established in France at 7 avenue Gallieni in Gentilly (94250) (hereinafter, the "Publisher"), undertakes to comply with the regulatory provisions applicable to the protection of personal data, in particular Regulation (EU) 2016/679 of 27 April 2016 - General Data Protection Regulation (hereinafter, the "GDPR"), on the processing that it implements on the website it.saforelle.com (hereinafter, the "Website").
Data protection policy
The user can navigate freely on the Website without having to explicitly provide personal information. Nevertheless, he may be asked to provide data concerning him, for example by contacting the Publisher. In addition, the Website uses "cookies", which can send data concerning the user to third-party companies.
Each online service implemented on the Website limits the collection of personal data to what is strictly necessary and is accompanied by information detailing in particular:
- The purpose of the processing (the aims) for which the personal, data collected are intended,
- The legal basis of the processing,
- The source of the data (if not provided by the user of the Website),
- The mandatory or optional nature of the data collection,
- The categories of persons concerned,
- The recipients of the data,
- The length of time the data is kept,
- The possible existence of data transfers outside the European Union,
- The rights of the person on his data and how to exercise them.
The Publisher takes all necessary precautions to preserve the security of the Website user's personal data and aims in particular to prevent them from being deformed or damaged, or from being accessed by unauthorized third parties.
In accordance with the GDPR, the user of the Website may exercise, on the data concerning him/her and by proving his/her identity, a right of access, rectification, deletion, portability, limitation, opposition, with the Data Protection Officer (DPO) of Biocodex (in English if French is not possible), by the contact form [or] e-mail (firstname.lastname@example.org) or by postal mail: DPO BIOCODEX, 7 avenue Gallieni, 94250 GENTILLY, France; he/she also has the right to lodge a complaint with a supervisory authority (in France: CNIL, Service des Plaintes, 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07 | www.cnil.fr).
The purpose of this processing of personal data is to manage the Website. It allows the Publisher:
- The preparation and publication of content,
- To put online services offered to users (contact form, newsletter subscription, etc.),
- The technical administration, in connection with the providers concerned by the processing,
- The management of security,
- The production of audience and usage statistics for the online services offered to users.
With reference to Article 6(1)(f) of the GDPR, the processing is necessary for the purposes of the legitimate interests pursued by the Publisher (communication and publication on the Internet of information of an institutional, promotional and/or scientific nature).
The processing concerns:
- The Publisher’s staff in charge of publishing content and technical administration of the Website,
- The persons identified in the publications,
- The Website’s users,
- The staff of the service providers concerned.
The categories of processed data are:
- Data relating to the persons who are the subject of publications (identity, functions, contact details, etc.),
- Data relating to navigation on the Website (time stamps, IP addresses of users, technical data relating to the equipment and browser used by users, geolocation, cookies) and on digital platforms via sharing buttons and media (cookies and other tracers),
- Data relating to the management of services offered to users,
- Data related to the management of publications (purpose, deliverable, follow-up, statistics),
- Data related to the management of technical services (time-stamping and purpose of requests, follow-up, follow-up data, statistics),
- Statistics on the Website’s audience and the use of online services offered to users.
The data can come from:
- The Publisher’s staff in charge of the publication of the contents and the technical administration of the Website,
- Contributors to the publications,
- Website’s users,
- The staff of the concerned service providers,
- Third party websites (websites, social networks, search engines, etc.).
The data collected during navigation, not necessary for the functioning of the Website (such as certain types of cookies), are optional. Unless otherwise indicated, the other data collected is mandatory.
- The published data are kept online until the site is closed, then archived for 5 years,
- Data relating to exchanges with service providers are kept for 5 years at the end of the contractual relationship,
- Except for legal obligations or particularly important risks, log data are kept for 6 months,
- The data necessary for the production of statistics on the audience and the use of online services are kept in a format that does not allow the identification of persons by their IP address, and include an identifier (relating to the cookie) kept for a maximum of 13 months (unless the person concerned objects).
Depending on their respective needs, the following are recipients of all or part of the data:
- Website’s users,
- Publisher's staff in charge of publishing the contents, technical administration of the Website, processing requests received via the contact form, supervision of security on the Publisher’s information system,
- Staff of the concerned service providers.
Because of their presence on the Internet, the publications may be accessible outside the European Union.
Online service "Contact form"
The purpose of this personal data processing is to manage requests made online. It allows the Publisher to:
- Receive requests and reports sent to it,
- Monitor correspondence with the user of the Website,
- Comply with its obligations in terms of health vigilance and data protection,
- Draw up statistics relating to the service.
The legal basis for the processing is the legitimate interests pursued by the Publisher (management of the relationship with the users of its websites).
The processing concerns any user of the Website who wishes to contact the Publisher electronically.
The categories of data processed are:
- The identity of the requester (name, company)
- His/her contact details (e-mail address)
- The request (message)
- The action taken
- The activity statistics
The contact form provides for a mandatory collection of data for the proper processing of the request.
The data is kept for 5 years from the time the request is processed. However, if the communication is part of the health vigilance, they may be kept for up to 10 years after the withdrawal of the product concerned from the market.
The data is intended for the Publisher’s staff:
- In charge of processing correspondence related to the Website
- In charge of publishing content and technical administration of the Website
- Assigned to the management of health vigilance
The staff of the service providers concerned are also recipients of the data.
No data is transferred outside the European Union.
Online service « Subscription to the Newsletter »
The purpose of this processing of personal data is the management of newsletters relating to the websites implemented by the Publisher. It meets the following purposes:
- Management of subscriptions and electronic mailings,
- Elaboration of statistics related to the service.management of requests made online.
With reference to Article 6(1)(a) of the GDPR, the processing requires the consent of the data subject.
The processing concerns persons who have subscribed or wish to subscribe to the Website's newsletter. In addition (optional), the person may consent to receive communications unrelated to the Website or promotional offers from the Publisher - his data are then entered in a database intended for the management of marketing campaigns organized by the Publisher.
The categories of data processed are :
- Subscriber's identity (e-mail address),
- Information allowing to personalize the communication (name, first name, nickname, etc.),
- Date of subscription,
- Statistics related to the newsletter service.
The collection of the e-mail address is mandatory for the sending of the newsletter.
The Publisher keeps the data as long as the person does not unsubscribe (via the unsubscribe link integrated to the newsletters).
According to their respective needs, are recipients of all or part of the data:
- The Publisher’s staff in charge of managing the newsletter service (departments responsible for the Website’s content and marketing departments),
- The Publisher’s staff in charge of the technical administration of the websites (IT department),
- The staff of the concerned service providers.
As the newsletter service may be provided by a third party, all or part of the data may be transmitted outside the European Union.
The user of the Website may withdraw his/her consent at any time via the unsubscribe link integrated into the newsletters.
The Publisher uses various computer "cookies" on the Website to measure the audience and integrate services to improve the interactivity of the Website.
What is a computer "cookie"?
A computer "cookie" is a text file that may be deposited on a user's terminal during navigation on a website. Cookies are an important tool that allows organizations to gain insight into the online activity of their users.
How it works: usually small and identified by a name, it is sent to the user's browser by the website visited. The browser will keep it for a certain period of time, and will send it back to the website each time it is reconnected. In principle, cookies can be easily viewed and deleted.
In themselves, cookies are harmless because they do not contain executable code. They perform important functions for websites: they can be used to store a customer account ID, browsing preferences, track browsing for statistical or advertising purposes, etc.
However, cookies can store enough data to identify a user without his or her consent and, in some cases, can be used to create profiles of individuals. This is why it is necessary that the management of cookies be controlled within the framework of data protection.
Controlling the deposit of cookies
The user can prevent cookies from being deposited on his or her terminal or delete existing ones by setting his or her web browser accordingly. For instructions on how to manage cookies, the user can refer to the help sections of their browser.
Please note, however, that deactivating cookies in the web browser may cause malfunctions on the Website and on other websites.
Two types of cookies are used on the Website:
Strictly necessary cookies
These cookies allow the main services of the Website to function in an optimal way. They do not require the user's consent.
Cookie name: Didomi
Purpose: Saves the user's choices regarding the consent of cookies
Conservation: 12 months
Third party cookies
The Website relies on certain services offered by third parties. These are:
- Google Analytics (mesure d’audience)
- YouTube (hébergement de vidéos)
- Facebook (réseau social)
- Twitter (réseau social), notamment via l’intégration de tweets (Twitter cards) et des flux d’actualités (Twitter timelines) dans les pages du site
- Swaven (point of sale)
Access the cookie management module
By default, these third-party cookies are not deposited. The user can consent to their deposit in the cookie management module or directly via a contextual consent request, for example by activating the playback of an external video. The user can indicate his preferences, either globally for the Website, or service by service. They can change their choices at any time by calling up the cookie management module via a permanent link located at the bottom of the page.
Data collected by the cookies may be transferred outside the European Union.