Confidentiality Policy on Personal Data

Art. 1 - Definition of Personal Data and type of Data collected

During the course of your use of our Website, we might have to request you to provide us with some of your Personal Data or have access to such Personal Data.

For the purpose of this Policy, “Personal Data” shall mean any and all information that permit to identify an individual, directly or indirectly, including, but not limited to, your name, first name, physical and/or email address, phone number, birth date, in particular by reference to identification numbers, data exchanged with this Website, and any other related personal information that you would decide to share with us.

Art. 2 - Purpose of the present Policy

The purpose of the present Policy is to inform you on the means and aims of collection and handling of your Personal Data, in due compliance with your personal rights.

To this end, please be informed that we would comply with the requirements of the EU General Data Protection Regulation ref 2016/679 (together, the “GDPR”), in their latest versions, and any regulatory enactment thereof.

Art. 3 - Identity of the Data Controller

The Data Controller (as defined under the GDPR) in charge of ensuring the rightful collection, management, processing and storage of Personal Data is PhinC Development, a “SARL” (“limited liability company”) organised and existing under French laws, registered with the RCS of Évry (France) under number 508 730 587, with its registered offices located at:

PhinC Development SARL
5 rue Henri Auguste Desbruères
Genopole Campus 1
Bâtiment 8
91030 ÉVRY CEDEX
FRANCE

Art. 4 – Identity of the Data Protection Officer (DPO)

For the purposes of the European Data Protection Regulation, PhinC Development has appointed a Data Protection Officer (DPO).

For any questions relating to the processing of your data, you can contact our DPO as follows:

Phone : +33 9 70 70 20 09
E-mail : dpo@phinc.fr

Art. 5 - Purposes of collection, processing and storage of your Personal Data

Your personal data is collected to meet one or more purpose (s). The purposes and legal bases allowing PhinC Development to process your data are described in this table:

PurposeRetention periodLegal basis
Manage your access to the secure web client space (e-room) via this website and its useDuration of the contract with the clientLegitimate interest of PhinC Development
Perform operations relating to customer management concerning contracts, orders, deliverables, invoices, monitoring of the relationship with customersDuration according to the regulations of the Commercial CodeNecessary for the execution of a contract
Build a file of customers and prospects3 years after the end of the last contract with the client and 5 years after the end of the last contact with the prospectLegitimate interest of PhinC Development
Send newsletters (creation of a file)Until withdrawal of consent (unsubscribing)Consent to receive the newsletter
Develop commercial statistics and traffic to our services2 yearsConsent of the website visitor
Consent of persons receiving the newsletter
Collect and process testimonials from people on services5 yearsConsent of the person whose opinion is published
Respond to your questions when you contact us through our website1 yearConsent of the website visitor
Comply with our legal and regulatory obligationsAccording to applicable regulationsLegal obligation of PhinC Development

 

During the collection of Personal Data, you would be informed which Personal Data is mandatory and which is optional. We may also inform you about the non-obvious consequences of a lack of answer from your side.

Art. 6 - Recipients of the Data collected

The following individuals and entities may have access to and process your Personal Data:

Our company’s and its affiliates’ employees, agents, representatives and their IT providers and subcontractors having a need-to-know for the aforementioned purposes.

Auditors, officers, public institutions and committees, other authorities, agencies, jurisdictions and any similar entities controlling our company (such as, but not limited to, accounting and other regulatory compliance matters), as may be required by law or in order for us to demonstrate compliance with our contractual and/or legal obligations, undertakings and rights.

Art. 7 - Data transfers outside the European Economic Area (EEA)

Some recipients of your data may be outside the EEA where the standards for the protection of personal data may be different or less stringent. In this case, PhinC Development undertakes to transfer your data taking into account the adequacy decisions or putting in place appropriate safeguards such as standard data protection clauses. A copy of these guarantees can be provided to you if you request it from the DPO of PhinC Development.

Art. 8 - Duration of Personal Data storage

Your Personal Data will not be stored for more than strictly necessary for the needs of the purposes listed in Article 5 above. They will then be anonymized or destroyed if PhinC does not have a legal obligation to keep them. Specific retention periods have been defined in relation to certain data and processing below.

Art. 9 - Security

We inform you to take all precautions and organizational and technical measures appropriate to ensure a level of security adapted to the risk for your rights and freedoms in order to preserve the security, integrity and confidentiality of your personal data and in particular, to prevent that they are lost, destroyed, distorted, damaged or disclosed in violation of these conditions or that unauthorized third parties have access to them accidentally or illegally.

Art. 10 - Cookies

Cookies are files under text format, generally encrypted, and stored in your web browser. They are created when a user’s browser upload a website: the website send information to the browser, which creates a file under text format. Each time the user comes back on the same website, the browser retrieves such a file and send it to the server on which the website is hosted.

We may distinguish between two types of cookies, depending on their purposes: technical cookies and advertising cookies.

  • Technical cookies are used all along your website experience in order to improve and execute some functions. For instance, a technical cookie may save answers to a form or the preferences of a user with regard to language or website layouts, if such options are available. These are stored in your web browser for six months.
  • Statistical cookies: We are using Google Analytics (or any similar software), as audience measurement analytical tool. This cookie allows us to measure the number of visits on our Website, the number of pages hit and the visitors’ activities. Your IP address is also collected in order for us to solely determine the city from which you are connected. The storage duration of such cookie is stated above under article 5.

We hereby remind you, to all intents and purposes, that you may object to the storage of cookies by directly configuring your browser, being stated that, those operations might affect your browsing experience and compromise the proper operations of the Website.

Art. 11 - Exercise of your rights relating to the processing of your personal data

In compliance with the GDPR in their last version, you are reminded that you are entitled to request for exercising your legitimate Personal Data subject’s rights, including:

  • Right of access: you have the right to obtain confirmation whether or not your personal data is being processed and, where applicable, precise information about the processing of your data. You also have the right to request a copy of the information held about you.
  • Right of rectification: you have the right to ask us to rectify or complete all or part of the incorrect or incomplete information held about you.
  • Right to erasure ("right to be forgotten"): you have the right to ask us to delete from our systems all information held about you.
  • Right to restriction of processing: you can ask us to restrict the processing of your data. This means that your data can, except for storage, only be processed with your consent. They are then said to be locked.
  • Right to data portability: you can request to retrieve your information in a structured, commonly used and machine-readable format and to transfer it to other data controllers.
  • Right to object: you can object to the processing of personal data concerning you.

The application of these rights is not absolute. Requests for the exercise of rights will always be assessed on a case-by-case basis by the DPO of PhinC Development.

When the processing of your data is based on your consent, you can withdraw your consent at any time, simply and without any justification.

If you wish to receive more information about the processing of your data or if you wish to exercise your rights, your requests can be sent to the DPO of PhinC Development.

You also have the right to lodge a complaint with the Data Protection Authority of the Member State of the European Union of your habitual residence, your place of work or the place of the alleged infringement if you believe that your personal data is not processed in accordance with the GDPR.

You will find the contact details of the various European Data Protection Authorities via the following link: https://ec.europa.eu/justice/aricle-29/structure/data-protection-authorities/index_en.htm

Art. 12 - Effective Date of this Policy

The present Policy is effective as of October 7th, 2020.

Club Phase 1
GMP - Groupe de Métabolisme et Pharmacocinétique
EUFEMED
AFSSI