Data protection policy
1. Collection and storage of personal data
When you visit our websites or communicate with us, we may collect personal data. Personal data means any information that relates to an individual which may be directly or indirectly identified or identifiable such as but not limited to name, address, email address or phone number. We collect personal data through the websites for example when you send us a message through our contact form, apply for a job, post comments or pictures, request information, communicate with our customer, communication or pharmacovigilance teams through our websites. When you visit our websites, the browser on your device automatically sends information to the website’s server. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:
- IP address of the requesting computer;
- Date and time of access;
- Name and URL of the retrieved file;
- Website from which the website is accessed (referrer URL);
- the browser used and, if applicable, the operating system of your computer as well as the name of your access provider. The mentioned data will be processed by us for the following purposes:
- Ensuring a smooth connection to the website;
- Ensuring comfortable use of our website;
- Evaluation of system security and stability; as well as
- Other administrative purposes.
2. Purpose of use of your Information and legal basis
The Personal data we collect are used to communicate with you, respond to your requests, provide and improve our services or otherwise, as may be required by law, regulation or governmental obligations.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f) of the EU General Data Protection Regulation (“GDPR”). Our legitimate interest for data collection follows from the purposes listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally.
3. Information disclosure
We may share your information, on a need to know basis, with our affiliates and subsidiaries, to comply with legal obligations, to protect and defend our rights and property and with your permission.
Your personal data will not be transmitted to third parties for purposes other than those listed below.
We will only pass on your personal data to third parties if:
- You have given your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR,
- The disclosure pursuant to Art. 6 para. 1 sentence 1 f) GDPR is necessary to establish, exercise or defend legal claims and there is no reason to assume that such interests are overridden by your interests or fundamental rights and freedoms.
- A legal obligation exists for the data transfer pursuant to Art. 6 para. 1 sentence 1 lit. c) GDPR, and
- The data transfer is legally permissible and is necessary for the performance of a contract with you in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR.
Cookies for audience measurement:
In order to adapt the site to the demands of its visitors, we measure the number of visits, the number of pages viewed, as well as the activity of visitors on the site and their frequency of return. “Google Analytics”, the statistics tool used by our site, generates the following cookies:
- __utma: Used to distinguish between users and sessions. The cookie is updated each time the data is sent to Google Analytics.
- __utmb: Used to identify new visits / sessions on the site. The cookie is updated each time the data is sent to Google Analytics.
- __utmt: Used to reduce the demand rate.
- __utmc: Used in conjunction with the __utmb cookie to identify whether the user has previously visited the site.
- __utmz: Records the source of traffic, the origin of the visit. The cookie is updated each time the data is sent to Google Analytics.
- _ga: Used to distinguish visitors to the site.
- _gat: Used to limit the rate of demand. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id-id>.
Third party cookies:
During your first visit to www.ethypharm.com a banner informs you of the presence of these cookies and invites you to indicate your choice. They are only deposited if you accept them, or if you continue your navigation on the site by visiting a second page on our site. You can at any time set your cookies to accept or refuse them by going to here.
Here is the list of third-party cookies used on the www.ethypharm.com website:
– Tarteaucitron: Keeps the preferences as to the consent/refusal to deposit cookies.
These cookies enable the site to function optimally. You can oppose and delete them using your browser settings, however, your user experience may be degraded.
Cookies stored in your terminal or any other element used to identify you for statistical or audience purposes, will have a reasonable life span linked to the purpose of the processing envisaged within the limit of a maximum of thirteen (13) months. This period will not be automatically extended when you visit the site again. Beyond this period, the raw traffic data associated with an identifier is either deleted or anonymised.
5. Rights of data subjects
You have the right:
- in accordance with Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you may request information about the purposes of the processing; the category of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed; the envisaged period for which personal data will be stored; the existence of the right to request rectification, erasure, restriction of processing or to object to such processing; the right to lodge a complaint; the source of the personal data, where the data has not been collected by us; and the existence of automated decision-making, including profiling and, where applicable, meaningful information about the logic involved;
- in accordance with Art. 16 GDPR, to demand immediate rectification of inaccurate personal data or completion of incomplete personal data stored with us;
- in accordance with Art. 17 GDPR, to demand the erasure of personal data stored with us, unless the processing is necessary for exercising the right to freedom of expression and information; for compliance with a legal obligation; for reasons of public interest; or for the establishment, exercise or defence of legal claims;
- in accordance with Art. 18 GDPR, to demand the restriction of processing of personal data if you contest the accuracy of the personal data; the processing of the personal data is unlawful, but you oppose its erasure; we no longer need the data, but you require it for the establishment, exercise or defence of legal claims; or you have objected to processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, to receive the personal data you have provided in a structured, commonly used and machine-readable format or to demand transmission to another responsible party;
- in accordance with Art. 7 para. 3 GDPR, to withdraw your consent at any time. As a result, we will no longer be permitted to continue processing data based on the original consent; and
- in accordance with Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you have the right to lodge a complaint with the supervisory authority in your state of habitual residence, place of work or the place of our registered office.
6. Right to object
If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds relating to your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will implement irrespective of the particular situation.
If you wish to exercise your right to withdraw consent or object to processing, simply send an e-mail to the contact information indicated below.
7. Data security
We use the most common SSL (Secure Socket Layer) method for data security in connection with the highest level of encryption supported by your browser. Usually this is a 256-bit encryption. If your browser does not support 256-bit encryption, we instead use 128-bit v3 technology. Whether a single page of our website is transmitted in encrypted form is indicated by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use suitable technical and organisational security measures and take steps to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our data security measures are continuously updated in line with technological developments but the internet cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us.
8. Validity and changes to this data protection declaration
This data protection declaration has been updated to comply with GDPR and is valid as of 25 May 2018.
Future developments of our website and offerings or changes in legal or official requirements may necessitate subsequent changes to this Data Protection Policy. As a consequence, we may revise it from time to time and post any adjustment on this web page
9. Contact Information
If you have any questions or if you wish to exercise your choices or rights, please contact us at:
Mail: Data Privacy Officer, legal department, Ethypharm Group, 194 Bureaux de la Colline, 92213 Saint Cloud Cedex, France