Personal data protection policy

 

PREAMBLE

The purpose of this Personal Data Protection Policy is to inform you about how we STALLERGENES GREER and our affiliates use and manage your personal data for all data processing carried out in connection with our business relationships and activities. This policy includes in particular the collection and processing of your data via the site https:/www.stallergenesgreer.co.uk

STALLERGENES GREER is fully aware of the importance of privacy and of protecting personal data in the digital age and undertakes to ensure adequate protection of personal data with regard to all persons with whom it has a relationship in strict compliance with the UK Data Protection Act 2018.

This includes all processing activities performed with respect to individuals with whom we have relationships in the course of our business and business relationships, namely:

  • Users of our products and services, including users of our websites and applications;
  • Representatives of our contractual partners and business partners;
  • Candidates for our recruitment operations

The purpose of this policy is to help you understand:

  • The purposes: the reasons and objectives for which we process your personal data.
  • The basis: what legal basis justify the processing of your personal data
  • From where and from which sources we collect your personal data
  • The authorised parties to whom we may disclose your personal data
  • Where we and authorised parties may process your personal data
  • What security measures the group has put in place to protect your personal data
  • For how long we keep your personal data and what is our approach to defining its retention period
  • What are your rights and how you can exercise them
  • How to contact us.

This policy may be modified by us over time, in particular to adapt it to changes in applicable law or our internal practices. These changes will appear on this page. We recommend that you consult this policy regularly.

In any event, we undertake to comply with the following two (2) key principles:

  • You remain in control of your personal data;
  • Your data is processed transparently, confidentially and securely.

ARTICLE 1. IDENTITY & CONTACT DETAILS OF THE DATA CONTROLLER

The data controller is STALLERGENES GREER UK (hereinafter STALLERGENES) with its head office located at 30 Old Bailey, London, EC4M 7AU, United Kingdom.

Your data may be shared between STALLERGENES GREER and its affiliates.

If you have any questions about the handling and use of your personal data, please contact us via:

ARTICLE 2. DETAILS OF OUR DATA PROTECTION OFFICER

Our Data Protection Officer is here to respond to all your requests relating to your personal data, including the exercise of rights.

You can contact them via this contact form , by sending an email to dpo.gdpr@stallergenesgreer.com, or by sending a letter to Stallergenes, 6 rue Alexis de Tocqueville 92 160 ANTONY – FRANCE

ARTICLE 3. DATA COLLECTION & ORIGIN

All data concerning you is collected:

  • Directly from you: with regard to the data that you send us via different media, including surveys, during registration or the use of an application, and any other direct or indirect interaction with our group. For example, this may be data you provide to us when you register for events we support, when you submit an application online or when you send us a request for information, etc.
  • Indirectly:
    • Data that we automatically collect, for example, when we monitor your interactions with our websites, platforms, applications and services, particularly via cookies.
    • Data we collect in accordance with applicable law from public sources, including data published by you on various media.
    • Data that we lawfully obtain from third parties, for example when we need to confirm your contact details. In such cases, we generally receive such personal data from third parties authorised to do so within the framework of their own privacy and personal data protection policy or in accordance with the law. If necessary, we will inform you of the identity of these third parties under the applicable Information Notice and we recommend that you refer to their own privacy and personal data protection policies to learn more about the origin of this data and the conditions under which it is collected.

In all cases, you are informed of the purposes for which your data is collected by us via the various online data collection forms, your customer account or via our Cookie Management Policy.

ARTICLE 4. PURPOSES & LEGAL BASIS OF PROCESSING

Your data is collected and processed for:

  • Managing our websites and applications
  • Legal basis:
    • Our legitimate interest in ensuring the best performance and quality of our site and applications;
    • Your consent when you register;
  • This processing covers:
    • Provision of secure access to our online services, platforms and applications;
    • Management of your online accounts to provide you with or verify your access rights, in particular through passwords, password recovery hints, security questions and information, identity documents provided by the State, health professional numbers, data related to driving licences and passports;
    • Presentation of our products and offers that are tailored;
  • Staff recruitment
  • Legal basis:
    • Our legitimate interest in meeting our personnel needs,
  • This processing covers: 
    • Carrying out the recruitment operations required to find a candidate with the skills required for a given job,
    • Powering the company’s CV database.
  • Pharmacovigilance
  • Legal basis:
    • Compliance with the legal and regulatory obligations in force and, in particular, the legal obligations relating to pharmacovigilance and the monitoring of potential product side effects
  • Pharmacovigilance covers:
    • Monitoring of side effects on patients treated with STALLERGENES products and detection of the link between consuming the product and the side effects;
    • Management of contacts, by STALLERGENES, with the notifier (patient, member of an approved patients association, health professionals, member of a health authority), with the person or the health professional who monitored the person presenting the side effect to be interviewed to obtain further details about the reported side effect;
    • Product safety and improvement, Risk-benefit assessment for each product
    • Security,
    • Crisis management,
    • The implementation of preventative operations and investigations,
    • Carrying out of administrative formalities, records, statements or audits
  • Medical information
  • Legal basis:
    • Your consent to process your order;
    • Contractual: when you are already a STALLERGENES customer
  • Medical information covers:
    • Management of responses to your questions concerning product characteristics, their use or regulations;
  • Customer Service
  • Legal basis:
    • Our legitimate interest in managing your questions;
    • Contractual: when you are already a STALLERGENES customer;
  • Customer service covers:
    • Management of responses to questions concerning your order or our products and services (excluding medical information)
  • Email campaigns
  • Legal basis:
    • Your consent when this is required by the regulations in force, in particular as regards marketing and cookies
  • Email campaigns covers:
    • Creation of email campaigns;
    • Distribution of newsletters;
  • Responding to requests from authorities
  • Legal basis:
    • Execution of requests from relevant official authorities in accordance with applicable law
  • Processing for responding to requests from the authorities covers:
    • Responses to requests from administrative or judicial authorities in accordance with applicable law;
    • Responses to court orders, injunctions or any other decision of a judicial or administrative authority.
  • Professional whistleblowing
  • Legal basis:
    • Compliance with applicable and legal and regulatory obligations
    • This document covers the reporting and processing of professional whistleblowing

ARTICLE 5. TYPES OF DATA PROCESSED

The mandatory or optional nature of the personal data requested and the possible consequences of a failure to reply to you are specified during its collection.

For managing our websites and applications

Identity and contact details
Connection data
Allergy status data
location data
Data on the impact of allergies on working life

For staff recruitment

Identity and contact details, information contained in the CV, photo, family situation, motivation for application.

For pharmacovigilance

Identity, contact details, date of birth, medical representatives or employees and reporting medical representatives, local case number and international case number, medical history of the patient (patient pathway) and their family medical history, product used, nature of side effect(s)
Please note that this processing and the data involved in said processing is pseudonymised

For medical information

Patient identity, telephone number, customer number (if applicable), question raised, medical situation of the author of the question.

For Customer Service

 

Identity, contact details, customer number, question raised and any information about the author of the question necessary to provide an answer.

For email campaigns

Identity, contact details, French Medical Council registration number for health professionals

For responding to requests from authorities

All data making it possible to respond to a court order, injunction or any other decision of a judicial or administrative authority

For professional whistleblowingIdentities, duties and contact details of the whistleblower; facts reported, information gathered as part of the process of verifying the reported facts; report on verification operations, whistleblowing follow-up, login data

ARTICLE 6. RECIPIENTS OF YOUR DATA

Within the limits of their respective powers and for the purposes set out in Article 4, the main people who may have access to your data are as follows:

  • Our authorised staff and the authorised staff of our affiliated companies: the authorised staff of our marketing, production, sales, administrative, logistics and IT departments responsible for managing potential and existing customer relationships and those responsible for monitoring, including pharmacovigilance and quality insurance departments.
  • The authorised staff of our partners (healthcare professionals and organisations, distributors, other members of the pharmaceutical industry and the health sector)
  • The authorised personnel of our sub-contractors:
    • Hosting providers
    • Analytics and database solution providers
    • Email solution providers
    • Electronic messaging service providers
    • CRM solution providers
    • Archiving providers
    • Telephone solution companies and service providers
    • Database companies
    • Market research and clinical research providers (CRO, CMO, analysis laboratories, agenda) 

Please note that your data is not sold to third parties.

ARTICLE 7. TRANSFER OF DATA TO A THIRD PARTY 

We are a multinational organisation with subsidiaries, partners and contractors in many countries around the world. For this reason, we may have to transfer your personal data (including by providing access, visibility, or storage) to other jurisdictions, including outside the European Union, to countries that may not be considered as offering a level of protection equivalent to the one offered by the UK.

In the event that we need to transfer personal data to a third party, we will ensure that appropriate safeguards such as those described in Article 46 of the UK Data Protection Act 2018 are implemented, except for some specific situations listed as derogations in Article 49 of the UK Data Protection Act (such as, in particular, when the data subject has explicitly consented the proposed transfer of data after having been informed of the associated risks).  

ARTICLE 8. DATA RETENTION PERIOD

The retention period is defined according to the purposes of the processing and particularly takes into account the applicable legal provisions requiring a precise retention period for certain categories of data, any applicable limitation periods. 

ARTICLE 9. YOUR RIGHTS

You are able to exercise the rights that will be granted under the applicable data protection legislation.

To this end, we hereby inform you that you are entitled to:

  1. access your personal data upon a simple request, in which case you will receive a copy, unless this data is made available directly to you,
  2. obtain a rectification of your personal data in the event that it is inaccurate, incomplete or obsolete,
  3. secure the deletion of your personal data in the situations provided for by the applicable data protection legislation (“the right to be forgotten”) where such data is inaccurate, incomplete, ambiguous, obsolete, or whose collection, use, communication or retention is prohibited
  4. withdraw your consent to the processing of your personal data, without this affecting the lawfulness of the processing, when your personal data has been processed and collected on the basis of your consent 
  5. object to the processing of your personal data, when it has been collected and processed on the basis of our legitimate interests, in which case it will be your responsibility to justify your request by explaining your particular situation to us
  6. request a restriction of processing in the situations covered by applicable law,
  7. receive your personal data for transmission to the third party of your choice, or receive direct transmission of your data to this third party via us where technically feasible (this law is applicable only when the processing is based on your consent).

If you wish to exercise any of these rights, please contact us via this contact form, by sending an email addressed to dpo.gdpr@stallergenesgreer.com, or by sending a letter to STALLERGENES addressed to Stallergenes S.A.S, 6 rue Alexis de Tocqueville, 92160 Antony – FRANCE, with proof of identity.

We will take the necessary steps to respond as quickly as possible.

You may also submit a complaint to the relevant personal data protection authority regarding the processing of your personal data. Although we recommend that you contact us first, if you wish to exercise this right, you must contact the relevant personal data protection authority directly.

ARTICLE 10. CONNECTION DATA AND COOKIES

On our website and on our mobile application, we use login data (date, time, web address, visitor's Internet Protocol (IP) addresses, page viewed) and cookies (small files saved on your computer) to identify you, remember your visits, in particular relating to the pages consulted, to analyse the audiences of our website and our mobile application and offer you promotional offers and advertisements targeted according to your browsing habits, your needs and your relevant centres.

You may consent, refuse or choose the type of cookies that you agree to store on your devices by visiting our Cookie Policy.

Last updated on: 2024-08-30