Personal data protection policy

PREAMBLE

The purpose of this Personal Data Protection Policy is to inform you about how we STALLERGENES GREER and our affiliates use and manage your personal data for all data processing carried out in connection with our business relationships and activities. This policy includes in particular the collection and processing of your data via the site http://www.stallergenesgreer.com/.

STALLERGENES GREER is fully aware of the importance of privacy and of protecting personal data in the digital age and undertakes to ensure adequate protection of personal data with regard to all persons with whom it has a relationship in strict compliance with the amended the “Loi Informatique et Liberté” of 6 January 1978 (hereinafter “IEL Act”) and the (EU) General Data Protection Regulation of 27 April 2016 (hereinafter “GDPR”).

This includes all processing activities performed with respect to individuals with whom we have relationships in the course of our business and business relationships, namely:

  • Users of our products and services, including users of our websites and applications;
  • Representatives of our contractual partners and business partners;
  • Candidates for our recruitment operations

The purpose of this policy is to help you understand:

  • The purposes: the reasons and objectives for which we process your personal data.
  • The basis: what legal basis justify the processing of your personal data
  • From where and from which sources we collect your personal data
  • The authorised parties to whom we may disclose your personal data
  • Where we and authorised parties may process your personal data
  • What security measures the group has put in place to protect your personal data
  • For how long we keep your personal data and what is our approach to defining its retention period
  • What are your rights and how you can exercise them
  • How to contact us.

This policy may be modified by us over time, in particular to adapt it to changes in applicable law or our internal practices. These changes will appear on this page. We recommend that you consult this policy regularly.

In any event, we undertake to comply with the following two (2) key principles:

  • You remain in control of your personal data;
  • Your data is processed transparently, confidentially and securely.

ARTICLE 1. IDENTITY & CONTACT DETAILS OF THE DATA CONTROLLER

The data controllers are STALLERGENES GREER (hereinafter STALLERGENES) and its affiliates.

Your data may be shared between STALLERGENES GREER and its affiliates.

STALLERGENES S.A.S with capital of 13 893 505.00 euros, registered in RCS de Nanterre under the number B 808 540 371, with its head office located at 6 rue Alexis de Tocqueville 92 160 ANTONY – FRANCE

If you have any questions about the handling and use of your personal data, please contact us via:

ARTICLE 2. DETAILS OF OUR DATA PROTECTION OFFICER

Our Data Protection Officer is here to respond to all your requests relating to your personal data, including the exercise of rights.

You can contact them via this contact form , by sending an email to.gdpr@stallergenesgreer.com, or by sending a letter to Stallergenes S.A.S, 6 rue Alexis de Tocqueville 92 160 ANTONY – FRANCE

ARTICLE 3. DATA COLLECTION & ORIGIN

All data concerning you is collected:

  • Directly from you: with regard to the data that you send us via different media, including surveys, during registration or the use of an application, and any other direct or indirect interaction with our group. For example, this may be data you provide to us when you register for events we support, when you submit an application online or when you send us a request for information, etc.
  • Indirectly, in accordance with the “Loi Informatique et Liberté” of 6 January 1978 and the (EU) General Data Protection Regulation of 27 April 2016
    • Data that we automatically collect, for example, when we monitor your interactions with our websites, platforms, applications and services, particularly via cookies.
    • Data we collect in accordance with applicable law from public sources, including data published by you on various media.
    • Data that we lawfully obtain from third parties, for example when we need to confirm your contact details. In such cases, we generally receive such personal data from third parties authorised to do so within the framework of their own privacy and personal data protection policy or in accordance with the law. If necessary, we will inform you of the identity of these third parties under the applicable Information Notice and we recommend that you refer to their own privacy and personal data protection policies to learn more about the origin of this data and the conditions under which it is collected.

In all cases, you are informed of the purposes for which your data is collected by us via the various online data collection forms, your customer account or via our Cookie Management Policy.

ARTICLE 4. PURPOSES & LEGAL BASIS OF PROCESSING

Your data is collected and processed for:

  • Managing our websites and applications
  • Legal basis:
    • Our legitimate interest in ensuring the best performance and quality of our site and applications;
    • Your consent when you register;
  • This processing covers:
    • Provision of secure access to our online services, platforms and applications;
    • Management of your online accounts to provide you with or verify your access rights, in particular through passwords, password recovery hints, security questions and information, identity documents provided by the State, health professional numbers, data related to driving licences and passports;
    • Presentation of our products and offers that are tailored;
  • Staff recruitment
  • Legal basis:
    • Our legitimate interest in meeting our personnel needs,
  • This processing covers:
    • Carrying out the recruitment operations required to find a candidate with the skills required for a given job,
    • Powering the company’s CV database.
  • Pharmacovigilance
  • Legal basis:
    • Compliance with the legal and regulatory obligations in force and, in particular, the legal obligations relating to pharmacovigilance and the monitoring of potential product side effects
  • Pharmacovigilance covers:
    • Monitoring of side effects on patients treated with STALLERGENES products and detection of the link between consuming the product and the side effects;
    • Management of contacts, by STALLERGENES, with the notifier (patient, member of an approved patients association, health professionals, member of a health authority), with the person or the health professional who monitored the person presenting the side effect to be interviewed to obtain further details about the reported side effect;
    • Product safety and improvement, Risk-benefit assessment for each product
    • Security,
    • Crisis management,
    • The implementation of preventative operations and investigations,
    • Carrying out of administrative formalities, records, statements or audits
  • Medical information
  • Legal basis:
    • Your consent to process your order;
    • Contractual: when you are already a STALLERGENES customer
  • Medical information covers:
    • Management of responses to your questions concerning product characteristics, their use or regulations;
    • Patient support,
    • Provision of support to health services;
    • Management of patient participation;
    • Provision of prescription information;
  • Email campaigns
  • Legal basis:
    • Your consent when this is required by the regulations in force, in particular as regards marketing and cookies
  • Email campaigns covers:
    • Creation of email campaigns;
    • Distribution of newsletters;
  • Responding to requests from authorities
  • Legal basis:
    • Execution of requests from relevant official authorities in accordance with applicable law
  • Processing for responding to requests from the authorities covers:
    • Responses to requests from administrative or judicial authorities in accordance with applicable law;
    • Responses to court orders, injunctions or any other decision of a judicial or administrative authority.

ARTICLE 5. TYPES OF DATA PROCESSED

The mandatory or optional nature of the personal data requested and the possible consequences of a failure to reply to you are specified during its collection.

For managing our websites and applications

Identity and contact details
Connection data
Allergy status data
location data
Data on the impact of allergies on working life

For staff recruitment

Identity and contact details, information contained in the CV, photo, family situation, motivation for application.

For pharmacovigilance

Identity, contact details, date of birth, medical representatives or employees and reporting medical representatives, local case number and international case number, medical history of the patient (patient pathway) and their family medical history, product used, nature of side effect(s)
Please note that this processing and the data involved in said processing is pseudonymised

For medical information

Patient identity, telephone number, customer number, pathology (general description for transmission to pharmacovigilance).

For email campaigns

Identity, contact details, French Medical Council registration number for health professionals

For responding to requests from authorities

All data making it possible to respond to a court order, injunction or any other decision of a judicial or administrative authority

ARTICLE 6. RECIPIENTS OF YOUR DATA

Within the limits of their respective powers and for the purposes set out in Article 4, the main people who may have access to your data are as follows:

  • Our authorised staff and the authorised staff of our affiliated companies: the authorised staff of our marketing, production, sales, administrative, logistics and IT departments responsible for managing potential and existing customer relationships and those responsible for monitoring, including pharmacovigilance
  • The authorised staff of our partners (healthcare professionals and organisations, distributors, other members of the pharmaceutical industry and the health sector)
  • The authorised personnel of our sub-contractors:
    • Hosting providers
    • Analytics and database solution providers
    • Email solution providers
    • Electronic messaging service providers
    • CRM solution providers
    • Archiving providers
    • Telephone solution companies and service providers
    • Database companies

Please note that your data is not sold to third parties.

ARTICLE 7. TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION

We are a multinational organisation with subsidiaries, partners and contractors in many countries around the world. For this reason, we may have to transfer your personal data (including by providing access, visibility, or storage) to other jurisdictions, including from and outside the European Union, to countries that may not be considered as offering a level of protection equivalent to that of the country in which you reside.

In the event that we need to transfer personal data outside the European Union, we ensure that adequate safeguards such as those prescribed by the applicable data protection legislation are implemented (such as, in particular, the Contractual Clauses of the European Commission, where applicable).

ARTICLE 8. DATA RETENTION PERIOD

The retention period is defined according to the purposes of the processing and particularly takes into account the applicable legal provisions requiring a precise retention period for certain categories of data, any applicable limitation periods and the recommendations of the CNIL concerning certain categories of data processing.

ARTICLE 9. YOUR RIGHTS

You are able to exercise the rights that will be granted under the applicable data protection legislation.

To this end, we hereby inform you that you are entitled to:

  1. access your personal data upon a simple request, in which case you will receive a copy, unless this data is made available directly to you (Article 15 GDPR),
  2. obtain a rectification of your personal data in the event that it is inaccurate, incomplete or obsolete (Article 16 GDPR),
  3. secure the deletion of your personal data in the situations provided for by the applicable data protection legislation (“the right to be forgotten”) (Article 17 GDPR) where such data is inaccurate, incomplete, ambiguous, obsolete, or whose collection, use, communication or retention is prohibited
  4. withdraw your consent to the processing of your personal data, without this affecting the lawfulness of the processing, when your personal data has been processed and collected on the basis of your consent (Article 13-2c GDPR)
  5. object to the processing of your personal data, when it has been collected and processed on the basis of our legitimate interests, in which case it will be your responsibility to justify your request by explaining your particular situation to us (Article 21 GDPR)
  6. request a restriction of processing in the situations covered by applicable law (Article 18 GDPR),
  7. receive your personal data for transmission to the third party of your choice, or receive direct transmission of your data to this third party via us where technically feasible (this law is applicable only when the processing is based on your consent) (Article 20 GDPR).

If you wish to exercise any of these rights, please contact us via this contact form, by sending an email addressed to dpo.gdpr@stallergenesgreer.com, or by sending a letter to STALLERGENES addressed to Stallergenes S.A.S, 6 rue Alexis de Tocqueville, 92160 Antony – FRANCE, with proof of identity.

We will take the necessary steps to respond as quickly as possible.

You may also submit a complaint to the relevant personal data protection authority regarding the processing of your personal data. Although we recommend that you contact us first, if you wish to exercise this right, you must contact the relevant personal data protection authority directly, “CNIL” (https://www.cnil.fr/fr/plaintes)

ARTICLE 10. CONNECTION DATA AND COOKIES

On our website and on our mobile application, we use login data (date, time, web address, visitor's Internet Protocol (IP) addresses, page viewed) and cookies (small files saved on your computer) to identify you, remember your visits, in particular relating to the pages consulted, to analyse the audiences of our website and our mobile application and offer you promotional offers and advertisements targeted according to your browsing habits, your needs and your relevant centres.

You may consent, refuse or choose the type of cookies that you agree to store on your devices by visiting our Cookie Management Policy.