DATA PROTECTION POLICY

1 – Preamble

The data protection policy, described in this document, applies to the website www.otipax.com (hereafter, « the Website »). Its purpose is to inform the user of the Website (hereafter, « the User ») of the processing carried out by the Website publisher – the company BIOCODEX SAS (hereafter, « the Publisher ») on the data concerning him, the rights he has over his data and how he can exercise these rights.

2 – General provisions

The following provisions apply to all processing of personal data by the Publisher on the Website, unless otherwise specified in the specific provisions.

Legal framework

The Publisher, as data controller, declares that it processes personal data on the Website, in accordance with the regulations applicable to the protection of natural persons with regard to the processing of personal data and the free movement of such data, in particular Regulation (EU) 2016/679 of 27 April 2016 – General Data Protection Regulation (hereafter, « the GDPR »).

Data controller

The data controller is identified as follows:

BIOCODEX, a simplified joint stock company under French law with a share capital of €4,284,000, registered in the Trade and Companies Register under No. 562 064 600 R.C.S. Créteil, with its registered office at 7 avenue Gallieni – 94250 GENTILLY – France, represented by Mr Jean-Marie Lefèvre, duly authorised in his capacity as Chairman and CEO.

Rights of the User on his data

In accordance with the GDPR, the User may exercise, on the data concerning him and proving his identity, a right of access, rectification, deletion, limitation, opposition, with the Data Protection Officer (DPO) of Biocodex (in French or English only) by email (dpo@biocodex.com) or by post (DPO BIOCODEX, 7 avenue Gallieni, 94250 GENTILLY, France) ; the User also has the right to lodge a complaint with a supervisory authority (the CNIL for France – www.cnil.fr).

Security of personal data

The Publisher takes all necessary precautions to preserve the security of the User’s personal data and aims in particular to prevent it from being distorted or damaged, or from unauthorised third parties having access to it.

The Publisher uses the https protocol on the Website. This security mechanism allows the User to verify the identity of the website he or she is accessing, thanks to an authentication certificate issued by a third party authority known for its reliability. It also guarantees the confidentiality and integrity of the data sent by the User, such as the information entered in the contact form.

3 – Specific provisions

The following provisions are specific to each processing of personal data carried out by the Publisher on the Website. In particular, they detail:

  • the purpose of the processing operation
  • its legal basis
  • the persons concerned
  • the personal data processed
  • their shelf life
  • the recipients of the data

 

These provisions may be supplemented or modified subsequently, depending on the evolution of the Site and the processing activities implemented by the Publisher in connection with the Site.

 

Contact form

Purpose of the processing operation

The contact form on the Website allows the User to contact the Publisher electronically. This processing of personal data allows the Publisher to:

  • receive the messages addressed to him
  • follow correspondence with the User
  • comply with its health vigilance obligations
  • develop service statistics

The legal basis of the processing operation is the legitimate interests pursued by the Publisher in its relationship with the User.

If the communication is part of the health vigilance framework, the User’s data are subject to further processing specifically provided for this framework.

The processing does not involve automated decision making (including profiling).

Persons concerned

The processing concerns any User wishing to contact the Publisher electronically, as well as the Publisher staff in charge of processing requests. 

Data processed

  • User identity and email address
  • date, subject and body of the message
  • follow-up
  • activity statistics

Mandatory data is needed for the proper consideration of the request.

The data are kept for 5 years from the processing of the request. However, if the communication falls within the framework of health vigilance, the storage period is defined in the further processing specifically provided for that purpose.

 

Data recipients

The processing concerns the Publisher staff:

  • in charge of processing correspondence related to the Website
  • in charge of the publication of the contents and the technical administration of the Website
  • assigned to the management of health vigilance

The data recipients are also the staff of the service providers concerned.

No data transfers are made outside the European Union.

Subscription to the newsletter

Purpose of the processing operation

The Publisher allows the User to subscribe to the Website’s newsletter, in order to be kept informed of the news associated with the Website. This processing of personal data allows the Publisher to:

  • manage subscriptions and electronic mailings
  • develop service statistics

The legal basis for the processing operation is the consent of the person concerned.

The User may unsubscribe (withdraw his consent) via the unsubscribe link in the newsletter he has received.

The processing does not involve automated decision making (including profiling).

Persons concerned

The processing concerns any User wishing to receive the newsletter on the e-mail address he has provided.

Data processed

  • E-mail address
  • Subscription date
  • Statistics related to the newsletter service

The collection of the e-mail address is mandatory for the sending of the newsletter.

The Publisher retains the e-mail address as long as the person concerned does not unsubscribe (via the unsubscribe link included in the newsletters).

Data recipients

Depending on their respective needs, all or part of the data are recipients:

  • the User of the Webite subscribed to the newsletter
  • the Publisher staff in charge of managing the newsletter service, publishing content, technical administration of the Website
  • the personnel of the service providers concerned by the Website

As the newsletter service may be provided by a third party, the data may be transmitted outside the European Union.

Restricted access

Purpose of the processing operation

The Publisher allows the User to connect to the Website using a login and a password, in order to benefit from personalised content. Depending on the case, it allows the Publisher to :

  • personalise communication
  • propose an ordering environment, in the case of an e-commerce website (shopping cart and order history, payment module, invoice history, sponsorship, etc.),
  • offer an e-learning environment, in the case of an e-learning website (training modules, evaluation questionnaires, quizzes, games, etc.),
  • to draw up statistics relating to the contents / services offered,

The legal basis of the processing is the legitimate interests pursued by the Publisher in its relationship with the User.

The processing does not involve automated decision making (including profiling).

Persons concerned

The processing concerns any User with a personal account on the site.

Data processed

  • Name and surname
  • E-mail address
  • Login ID and password
  • Information on the contents / services offered
  • Statistical information
  • Connection logging information

The e-mail address, as well as the login ID and password, are mandatory for the operation of the personal account.

The data is kept for a maximum of 3 years after the User’s last login.

Data recipients

Depending on their respective needs, all or part of the data are recipients:

  • the User of the Website with a personal account,
  • the Publisher personnel in charge of managing the contents / personalised services and the technical administration of the Website,
  • the personnel of the service providers concerned by the Site.

As certain personalised content may be provided by a third party organisation, the data may be transmitted outside the European Union. 

Cookie management

The management of cookies is a special processing of personal data, described in the cookie policy on the Website