(Version 1.0 Date 15.10.2020)
The purpose of this Privacy Notice is to inform you about the collection, use and processing of your personal data.
We may update this Privacy Notice by posting an amended version on our website, including to adapt it to legislative and regulatory developments or changes. If we do so, we will notify you of such changes by changing the effective date at the top of this Privacy Notice.
1. About us
In this Privacy Notice, INNOTHERA refers to Innothera and its affiliates.
INNOTHERA, as data controller, determines the purposes and means of the processing carried out.
We have appointed a Data Protection Officer. You can contact him at the e-mail address firstname.lastname@example.org.
2. The type of personal data we collect
When you browse our websites, you may provide us with personal data about yourself, including:
- Identifying data such as: name, postal address, e-mail address, telephone number, etc.;
- Login data regarding the use of our websites if you open or transfer our communications, including data collected using cookies and other tracking technologies. Additional information on this subject is available here in our cookie notice.
Within the framework of our online questionnaires and vigilance (side effects of the products), you can communicate personal data to us such as date of birth, gender, and sensitive data such as medical history, and so on.
3. How we use your personal data
INNOTHERA may collect your personal data for the following reasons:
- To communicate with you, for example when you send us a message via the contact form on our websites or to send you newsletter-type communications related to our products and services or to invite you to professional events and webinars;
- To give you access to our online services and in particular the management of your accounts;
- To improve our products and services and our communications with you;
- To identify and authenticate yourself, for example in case of exercising the right of access to your personal data we will ask for a copy of your national identity card or passport;
- To perform statistical analysis;
- To comply with our legal and regulatory obligations;
- To safeguard our legitimate interests or the legitimate interests of third parties, provided that your interests do not exceed ours (an analysis is carried out for each individual case);
- To respond to requests from administrative and judicial authorities.
4. Lawful bases we rely on for processing your personal data
We process your personal data only if we are permitted to do so by the data protection regulations.
Depending on the processing carried out, INNOTHERA will process your personal data according to one of the following legal bases:
- The performance of a contract concluded with you: we need to collect your personal data for drafting the contract and for its execution;
- Our legitimate business interests to send you communications with content that is relevant to you and enhance your experience using our products and services;
- Your consent: depending on the processing carried out, your consent may be required. You may withdraw your consent at any time and in the future according to the withdrawal terms set out in section 8 "Your data protection rights" below;
- Our legal obligations: for example, in the context of vigilance, we process the personal data that you communicate to us.
5. How long we keep your personal data
We keep your personal data only for as long as it is necessary for the purposes for which we process them.
6. How we share your personal data
We may share your personal data with:
- INNOTHERA Group companies for the purposes described in this Privacy Notice;
- Our service providers, for example to provide hosting for our websites;
- Partners we collaborate with for the development and promotion of our products or services;
- Administrative and judicial authorities.
INNOTHERA may transfer your personal data to countries outside the European Economic Area. In this case, we implement appropriate measures and use, for example, the Standard Contractual Clauses of the European Commission to ensure that the recipient of the data guarantees a sufficient level of data protection.
7. How we protect your personal data
The security measures taken by INNOTHERA aim to protect and maintain the security, integrity and availability of your personal data.
Although there is no data transfer or storage system that guarantees absolute security, INNOTHERA and its service providers and partners work to maintain the physical and electronic protection of your personal data.
We apply, inter alia, the following security measures:
- Our computer infrastructures have firewalls to prevent unauthorized access;
- Access to your personal data is strictly restricted on a "need-to-know" basis and for the reasons stated in section 3 "How we use your personal data" above;
- We constantly monitor access to computer systems to detect and prevent misuse of data.
8. Your data protection rights
Where the applicable regulations on data protection allows it, you may exercise the following rights:
- Request access to your personal data: this includes the categories of data processed, the reasons (purposes) for which we process your data, the origin of the data when we have not collected it from you and the recipients to whom we share your data;
- Obtain the rectification of your personal data in the event that they are inaccurate, incomplete or require an update;
- Obtain the deletion of your personal data provided that the law authorizes us to do so;
- Withdraw your consent at any time when we have collected and processed your personal data on the basis of your consent (withdrawal of consent does not affect the lawfulness of the processing carried out prior to the withdrawal);
- You may object at any time to the processing of your personal data where such data is collected and processed on the basis of the legitimate interests we are pursuing;
- Request a limitation of the processing to temporarily freeze the use of some of your data;
- Give instructions on the fate of your personal data after your death.
You can exercise your rights by contacting our data protection officer at email@example.com.
If you consider, after contacting us, that we have not properly responded to your request, you may submit a complaint to the competent personal data protection authority.