PERSONAL DATA PROTECTION POLICY
September 2021 release
WE INVITE YOU TO READ THIS DOCUMENT CAREFULLY
Some of the hypertext links or social network buttons on our website may redirect you to websites of partner companies that do not belong to Paris Biotech Santé. The publishers of these websites have their own personal data protection rules which may differ from ours: it is your responsibility to be aware of them. Paris Biotech Santé is not responsible for the subsequent use made of your data by the publishers of these third-party websites for their own account.
Use of our website implies your full acceptance of this Policy. If you disagree with any of its terms, you are free not to or no longer use our services. The content of our Policy may change. In this case, you will be informed of updates, by any means (email, pop-up window, etc.). In general, the Policy is always easily accessible at the bottom of the page on the various pages of the website.
3. Our Commitment to Compliance
“The processing of Personal Data of Internet users and users of our services is subject to European Regulation 2016/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. (known as “RGPD”) and to law n ° 78-17 of January 6, 1978 relating to data processing, files and freedoms, modified (known as “Data Processing and Freedoms Law”) (hereinafter the “Regulations”) .
Within the meaning of this Regulation, Paris Biotech Santé is responsible for the processing of Personal Data carried out from the website, and undertakes by this Policy to comply with the legal and regulatory obligations incumbent upon it.”
4. What types of data do we collect?
“Personal data means any information relating to a natural person who can be identified, directly or indirectly, by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to elements specific to his physical, physiological, genetic, psychological, economic, cultural or social identity (“Personal Data”).
When you contact us, regardless of the channel chosen (telephone, mail, contact form or any other means), you are required to send us information allowing us to identify you.
The data we collect are for example the following:
• Application form (project leader): last name, first name, function, email, and professional information.
• Application form (joining the Paris Biotech Santé team): surname, first name, telephone number, email address and CV.”
5. On what legal basis do we collect your personal data?
“We will only use your Personal Data on the following legal bases:
• when you have consented by completing the online form, for example;
• taking into account the contract that binds us, when your application has been selected to join the Incubator or La Pépinière or the Paris Biotech Santé team (eg incubation agreement, sub-occupation agreement, employment contract, etc. .);
• if this use is based on the protection of our legitimate interests, to respond to your requests/complaints, the prevention and fight against fraud, the retention of computer traces to detect security incidents in a preventive manner;
• if this use is based on compliance with a legal or regulatory obligation, for compliance with the regulations applicable to our activity, the management of responses to official requests from public or judicial authorities empowered for this purpose or the management of your requests to exercise rights.”
6. Why do we collect your personal data?
“In addition, we use Personal Data for the following reasons and purposes:
• Manage contact requests (eg respond to your requests);
• Manage applications;
• Manage recruitment;
• Improve the quality of our services (eg measurement of website traffic) (see section 11 below);
• Ensuring the security of Personal Data (eg preventing digital identity theft);
• Resolve any potential dispute or resolve any problem in connection with the use of the services.”
7. With whom are we likely to share your personal data?
“Beyond the processing of your Personal Data within the internal Paris Biotech Santé team, these may be transmitted to third parties involved in the provision of our services (member of the evaluation committee, technical and hosting service providers , security incident management, chartered accountant, etc.). Paris Biotech Santé undertakes to communicate your Personal Data only to authorized and trusted service providers, who process it on our behalf, according to our instructions.
In addition, your Personal Data will be disclosed to a third party if Paris Biotech Santé is required to do so by law, a regulatory provision, or a court order, or if this disclosure is made necessary for the purposes of an investigation, injunction or legal proceedings, on national territory or abroad.”
8. How long are your personal data kept?
“The retention period of your Personal Data may vary in number of days, months or even years depending on your profile (project leader candidate or paris biotech health team candidate), the category of personal data (email address vs resume ) and the purposes of the processing.
In any event, these retention periods comply with legal and regulatory requirements as well as the recommendations of the CNIL. As such, we will not keep your Personal Data for longer than necessary and when we no longer need it, we will securely destroy it or make it anonymous.
Specifically, we keep your Personal Data as follows:
a) Management of contact requests: 3 years from the last contact with the person concerned;
b) Management of applications (project leaders):
• immediate deletion on first request;
• failing this: 3 years from the last contact with the project leader concerned;
• if successful application: for the entire duration of incubation or occupation in the Nursery.
c) Recruitment management:
• immediate deletion on first request;
• failing this: 2 years from the date of submission of the application with the person concerned;
• if successful application: for the entire duration of the employment contract.
d) Computer security management:
• until the definitive deletion of the data in question;
e) Management of requests to exercise rights: for one (1) or six (6) years, depending on the right exercised.
f) Litigation management: 5 years (civil action limitation period).”
9. How do we ensure the security of your Personal Data?
“We implement organizational and technical measures to protect your Personal Data against unauthorized access and disclosure, modification, alteration, damage, accidental loss or accidental or unlawful destruction (e.g. secure server access, VPN for remote access, place of Virtual Local Area Network, secure wifi network, SSL certificate, captcha).
To do this, we require our staff and our technical service providers to comply with strict rules in terms of security and protection of information (e.g. obligation of confidentiality, implementation of physical security measures, etc.).
Finally, we inform you that your Personal Data is stored on servers located in France. Finally, be aware that we do not transfer your Personal Data outside the European Union.”
10. What rights do you have over your personal data?
“The list of your rights
Any Internet user or user of our services whose Personal Data is processed has the following rights:
• Right of access (eg check the data concerning you that we keep and obtain a copy of it);
• Right to rectification (eg update or correct your data if it is incomplete or incorrect);
• Right to object at any time to the collection and processing of all or part of your data for commercial prospecting purposes, for example, including profiling insofar as it is linked to such prospecting. This right thus offers you the possibility of modifying your notification preferences at any time;
• Right to limitation (eg in certain cases provided for by law, and if you question the processing of some of your data, you can request that we limit its use during the management of our dispute);
• Right to portability (eg you have the right to recover your data or to require their transmission to third-party service providers);
• Right to erasure (eg you can claim the permanent deletion of your file);
• Right not to be the subject of a decision based exclusively on automated processing, including profiling, producing legal effects concerning you or significantly affecting you in a similar way.
How to exercise your rights
You have the means to effectively exercise your rights by contacting us:
By email: firstname.lastname@example.org
By post: Paris Biotech Santé, GDPR Service, 24 rue du Faubourg Saint Jacques – 75014 Paris.
In case of doubt about your identity, and as authorized by law, Paris Biotech Santé may ask you for proof of identity.
In accordance with the recommendations of the CNIL, the processing of your request will be done in a short time (1 month to 3 months maximum, depending on the case).
In addition, you have the right to lodge a complaint with the competent supervisory authority (the CNIL: https://www.cnil.fr/) and/or to obtain a right to compensation from the competent courts if you consider that your rights have not been respected.”
11. Management of cookies deposited via our website
“a) What are cookies?
Cookies are small text files added to a user’s terminal browser while visiting websites. Cookies are widely used by websites. They guarantee their proper functioning or improve navigation. They also provide certain information, particularly in terms of audience measurement, to the owners of these sites. You are informed of the existence of cookies as soon as you connect to our site by the presence of an information banner placed at the bottom of the home page.
b) What types of cookies do we use?
Cookies strictly necessary for the proper functioning of our site
These cookies cannot be disabled and do not require your consent.
Cookies to help us measure the audience of our site
These are audience measurement cookies that allow us to know the use and performance of our website and to improve its operation (for example, the pages most often consulted, the number of visitors). Thus Paris Biotech Santé can measure the audience of its website using tools provided by Google (Google Analytics). To find out how the cookies of this third-party service are managed: https://www.google.com/intl/en/policies/privacy/
c) How long are cookies stored?
The data retention period may not exceed thirteen (13) months. However, the information collected via the cookies that we use to measure the audience of our site is kept for 25 months.
You have different ways to manage the cookies present on our site:
- By making your choice via the cookie banner visible when you first connect to our website;
- By making your choice via our cookie manager accessible at the bottom of the page on the left via the “Set cookies” section;
- By configuring your internet browser.
Therefore, you have the option of configuring your terminal at any time:
- By accepting all cookies, or
- By being informed when a cookie is issued, or
- By refusing only some cookies, or
- By refusing all cookies.
Settings instructions are provided for this purpose on the website of each browser. To get there, you can follow the directions given below:
- For Internet Explorer: click the Tools button, then click Internet Options. On the General tab, under Browsing history, click Settings. Click the View Files button.
- For Firefox: Go to the Tools tab of the browser then select the Options menu. In the window that appears, choose Privacy and click on Show cookies
- For Safari: In your browser, choose the Edit menu > Preferences. Click Security. Click Show Cookies.
- For Google Chrome: Click on the Tools menu icon. Select Options. Click on the Advanced Options tab and navigate to the Privacy section.”