Privacy Policy
Object
This Privacy Policy is established by:
ADIPOPHARMA SAS : registered under SIREN N° 831 282 959 with its headquarters located at Nextmed, Bâtiment eXplora (Bureau A203), 2 rue Marie Hamm, 67000 Strasbourg, France.
Hereafter designated as the « data controller ».
This Privacy Policy aims to inform visitors and users of the website http://adipopharma.com/ (hereafter “the website”) on how the data controller is collecting and processing your personal data.
This Privacy Policy is in line with the controller's commitment to act in full transparency and in compliance with applicable national laws regarding data protection and with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
(Hereafter the « general data protection regulation » or the “GDPR”).
The data controller is particularly vigilant in protecting the privacy of its users and therefore undertakes to take all appropriate measures to protect the personal data it collects from loss, theft, disclosure or unauthorized use.
"Personal data" shall be defined as is in article 4 of the GDPR, i.e. any information relating to an identified or identifiable natural person (hereafter referred as the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
If the user wishes to comment on any of the practices described below, he or she may contact the data controller at the postal or email address indicated in the "Contact" section of this Policy.
What personnal data are we collecting
The data controller collects and processes, in accordance with the terms and principles described below, the following personal data regarding its users:
- Its IP address;
- Its e-mail address if the user decides to disclose it, for example by contacting the data controller by e-mail or via the contact form;
- All information concerning the pages that the user has consulted on the website.
The data controller may also collect non-personal data. This data is qualified as non-personal data because they do not allow the direct or indirect identification of a particular person. It may therefore be used for any purpose, for example to improve the website, the products and services offered or the advertisements published by the data controller. Non-personal data is not subject to the requirements set by the GDPR.
In the event that non-personal data is combined with personal data resulting in a possible identification of the data subjects, such data will be considered as personal data and will therefore be subject to the requirements set by the GDPR.
Collecting and processing practices
The data controller may process personal data which have been collected from:
- The contact form;
- The cookies used on the website.
Categories of personal data collected, purposes, legal basis for processing and retention period
The personal data collected on the website will be processed only for the purposes mentioned below:
| Processing | Categories of personal data | Purposes | Legal basis | Retention periods |
|---|---|---|---|---|
| Contact form for Internet users | Last name, first name, email, phone number, content of the message | Respond to Internet users' requests and allow the users for an efficient way to communicate with the data controller. | Legitimate interest of the data controller to offer a mean for its users to communicate with its services. | 3 years from the last contact with the user. Mandatory request to the user to extend the retention period of the collected data by 3 years. |
| Cookies | IP login data | - Ensuring the proper functioning of the website - Allow the users to log in - Carry out audience analysis - Perform conversion follow-ups | User’s consent | 13 months maximum |
The data controller may be required to carry out processing operations that are not yet provided for in this Policy. In this case, the data controller will contact the user before reusing his/her personal data, in order to inform him/her of the changes and give him/her the possibility, where appropriate, of objecting to such reuse.
Data Recipients and Disclosure to Third Parties
Internal recipients: only the authorized personnel of the data controller in charge of security, commercial relations and development may be the recipients of the personal data.
External recipients :
| Third parties | Disclosed data |
|---|---|
| AWS-Amazon (website hosting company) | All data stored on the server |
| TIZ Website management, assistance and maintenance | All data |
Should the personal data be disclosed to other third parties for the purposes of direct marketing or commercial prospecting, the user will be informed prior to such disclosure to allow him/her to give his/her consent.
As long as such disclosure is based on the user's consent, the user may, at any time, withdraw his/her consent for this specific use of his/her data.
The data controller complies with the legal and regulatory provisions in force and will ensure in all cases that its partners, employees, subcontractors or other third parties with access to such personal data comply with this Policy.
The data controller may have to disclose its user's personal data in the event that a legal provision, a legal proceeding or an order from a public authority makes such disclosure necessary.
Exercising your rights
To exercise his or her rights, the data subject must prove his or her identity. As a principle, this justification can be made "by any means". Thus, it is not necessary to attach a photocopy of an identity document when exercising a right as long as the identity of the person is sufficiently established.
However, if the data controller has a "reasonable doubt" about the applicant's identity, the data subject may be asked to attach any other document proving his / her identity, such as, if necessary, a photocopy of his / her identity card.
Such request for additional information will be made within one month from the submission of the request by the user.
Right of access
The user may obtain, free of charge, the written communication or a copy of his / her personal data collected and processed by the data controller.
However, the data controller may charge a reasonable fee based on administrative costs for any additional copies requested by the user.
Where the user submits this request electronically, the information will be provided in a commonly used electronic form, unless the user requests otherwise. Unless one of the exceptions provided for in the GDPR applies, the user will be provided with a copy of his personal data no later than one month following the reception of the request by the data controller.
For example, the data controller can be allowed to extend the time limit by two months, "taking into account the complexity and number of requests", provided that the person concerned is informed within one month following the reception of the request by the data controller.
Right to withdraw one's consent
For all processing based on the data subject consent, such as the processing based on the use of cookies or direct marketing, the data subject has the right to withdraw his / her consent at any time.
Right to rectification
The user may obtain, free of charge, as soon as possible and within one month at the latest, the rectification of his personal data that would be inaccurate, incomplete or irrelevant, as well as complete them if they prove to be incomplete.
Right to object to the processing
The user may at any time, for reasons relating to his / her particular situation, object to the processing of his /her personal data free of charge, except when:
- The processing is necessary for the performance of a task carried out in the public interest or relating to the exercise of the official authority vested in the data controller;
- Processing is necessary for purposes based on the legitimate interests pursued by the data controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data (in particular where the data subject is a child) prevail.
The data controller may refuse to enforce the user's request to object to the processing of his / her personal data if it can prove the existence of compelling and legitimate reasons justifying the processing, which take precedence over the interests or the rights and freedoms of the user, or for the establishment, exercise or defense of a right in court. In the event of a dispute, the user may file a complaint in accordance with the section "Complaints and claims" of this Policy.
The user may also, at any time, objects, without justification and free of charge, to the processing of his / her personal data when it is collected for direct marketing purposes (including profiling).
Where personal data are processed for the purposes of scientific or historical research or for statistical purposes in accordance with the GDPR, the user has the right to object, for reasons relating to his / her particular situation, to the processing of his / her personal data, unless the processing is necessary for the performance of a task carried out in the public interest.
Right to restriction of processing
The user can obtain the restriction of the processing of his/her personal data in the cases listed below:
- The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
- The data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
The data controller will inform the user when the restriction on processing is lifted.
Right to erasure ("right to be forgotten")
The data subject can request the erasure of his / her personal data without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws his / her consent on which the processing is based and there is no other legal ground for the processing;
- the data subject objects to the processing and there are no overriding legitimate grounds for the processing, and/or the data subject exercises its right to object to the processing of his/her personal data for direct marketing purposes (including profiling);
- The personal data have been unlawfully processed;
- The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- The personal data have been collected in relation to the offer of information society services targeting children.
The right to erasure does where the processing is necessary:
- For exercising the right of freedom of expression and information;
- Or compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;
- For reasons of public interest in the area of public health;
- For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing;
- For the establishment, exercise or defense of legal claims.
Right to data portability
The user may, at any time, request to receive his personal data free of charge in a structured, commonly used and machine-readable format, especially for the purpose of forwarding them to another data controller, where:
- Data processing is carried out using automated means; and when
- The processing is based on the consent of the user or on a contract concluded between the user and the data controller.
Under the same conditions, the user has the right to obtain from the data controller that his / her personal data be forwarded directly to another data controller, insofar as this is technically possible.
The right to data portability does not apply to processing where it is necessary for the performance of a task carried out in the public interest or in the exercise of the official authority vested in the controller.
Security of the processing
The data controller implements the appropriate technical and organizational measures in order to guarantee a high level of security of the processing and the personal data collected in relation to the risks presented by the processing and the nature of the data to be protected. It takes into account the state of knowledge regarding security practices, the costs of implementation and the nature, scope, context and purposes of the processing as well as the risks to the rights and freedoms of users.
The data controller has implemented appropriate security measures to protect and prevent the loss, misuse or alteration of the personal data collected on the website.
In the event that the personal data under the data controller's responsibility should be compromised, the data controller will act promptly to identify the cause of the breach and take appropriate remedial action.
Subject to its legal obligations and the risks generated by such security breach, the data controller will notify the CNIL and/or the data subjects concerned by such incident.
Claims and complaints
If the user wishes to comment or has questions regarding any of the practices described in this Policy, he / she can contact the data controller directly (see “Contact” section below).
If the user has unresolved concerns, he/she also has the right to complain to the CNIL via its website or by postal mail:
Commission nationale de l'informatique et des libertés (CNIL)
3 Place de Fontenoy
TSA 80715
75334 Paris cedex 07
Tel : +33 1 53 73 22 22
In addition, the user has the possibility to file a complaint to the competent national courts.
Contact
For any questions and/or complaints relating to this Policy, the user may contact the data controller at the following e-mail address: contact@adipopharma.com, or by postal mail at :
ADIPOPHARMA SAS
Nextmed, Bâtiment eXplora (Bureau A203)
2 rue Marie Hamm
67000 Strasbourg
France
Changes made to this Policy
The data controller reserves the right to modify the provisions of this Policy at any time. Changes will be published directly on the website of the data controller.
Miscellaneous
If any provision of Policy should be held unlawful, void, or unenforceable, then it shall be severable without affecting the validity, legality and enforceability of all remaining provisions.
Applicable law and jurisdiction
This Policy is governed by the national law of the principal establishment of the data controller, namely France.
Any dispute relating to the interpretation or execution of this Policy shall be subject to the jurisdiction of such national law.
This Policy has been updated last on 22nd January 2024.
AdipoPharma SAS
Headquarters
Nextmed, Bâtiment eXplora (Bureau A203)
2 rue Marie Hamm
67000 Strasbourg
France
AdipoPharma LLC
US Office
Pennsylvania, USA
© Copyright AdipoPharma 2024 - Privacy Policy - Legal Notice