Data protection

Biocodex » Data protection

As the data controller, the company Biocodex, whose registered office is established in France at 22 rue des Aqueducs in Gentilly (94250) (hereinafter, the “Publisher”), undertakes to comply with the regulatory provisions applicable to the protection of personal data, in particular Regulation (EU) 2016/679 of 27 April 2016 – General Data Protection Regulation (hereinafter, the “GDPR”), on the processing that it implements on the website www.biocodex.com (hereinafter, the “Website”). 

Data protection policy

The user can navigate freely on the Website without having to explicitly provide personal information. Nevertheless, he may be asked to provide data concerning him, for example by contacting the Publisher. In addition, the Website uses “cookies”, which can send data concerning the user to third-party companies. 

Each online service implemented on the Website limits the collection of personal data to what is strictly necessary and is accompanied by information detailing in particular: 

  • The purpose of the processing (the aims) for which the personal, data collected are intended, 
  • The legal basis of the processing, 
  • The source of the data (if not provided by the user of the Website), 
  • The mandatory or optional nature of the data collection, 
  • The categories of persons concerned, 
  • The recipients of the data, 
  • The length of time the data is kept, 
  • The possible existence of data transfers outside the European Union, 
  • The rights of the person on his data and how to exercise them. 

The Publisher takes all necessary precautions to preserve the security of the Website user’s personal data and aims in particular to prevent them from being deformed or damaged, or from being accessed by unauthorized third parties. 

In accordance with the GDPR, the user of the Website may exercise, on the data concerning him/her and by proving his/her identity, a right of access, rectification, deletion, portability, limitation, opposition, with the Data Protection Officer (DPO) of Biocodex (in English if French is not possible), by the contact form or by postal mail: DPO BIOCODEX, 22 rue des Aqueducs, 94250 GENTILLY, France; he/she also has the right to lodge a complaint with a supervisory authority (in France: CNIL, Service des Plaintes, 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07 | www.cnil.fr).

Website Management 

The purpose of this processing of personal data is to manage the Website. It allows the Publisher: 

  • The preparation and publication of content, 
  • To put online services offered to users (contact form, newsletter subscription, etc.), 
  • The technical administration, in connection with the providers concerned by the treatment, 
  • The management of security, 
  • The production of audience and usage statistics for the online services offered to users. 

With reference to Article 6(1)(f) of the GDPR, the processing is necessary for the purposes of the legitimate interests pursued by the Publisher (communication and publication on the Internet of information of an institutional, promotional and/or scientific nature). 

The processing concerns: 

  • The Publisher’s staff in charge of publishing content and technical administration of the Website, 
  • The persons identified in the publications, 
  • The users of the Website, 
  • The staff of the service providers concerned. 

The categories of processed data are: 

  • Data relating to the persons who are the subject of publications (identity, functions, contact details, etc.), 
  • Data relating to navigation on the websites (time stamps, IP addresses of users, technical data relating to the equipment and browser used by users, geolocation, cookies) and on digital platforms via sharing buttons and media (cookies and other tracers), 
  • Data relating to the management of services offered to users,  
  • Data related to the management of publications (purpose, deliverable, follow-up, statistics), 
  • Data related to the management of technical services (time-stamping and purpose of requests, follow-up, follow-up data, statistics), 
  • Statistics on the audience of websites and the use of online services offered to users. 

The data can come from: 

  • The Publisher’s staff in charge of the publication of the contents and the technical administration of the Website, 
  • Contributors to the publications, 
  • Website’s users, 
  • The staff of the concerned service providers, 
  • Third party websites (websites, social networks, search engines, etc.). 

The data collected during navigation, not necessary for the functioning of the Website (such as certain types of cookies), are optional. Unless otherwise indicated, the other data collected is mandatory. 

Data retention: 

  • The published data are kept online until the site is closed, then archived for 5 years, 
  • Data relating to exchanges with service providers are kept for 5 years at the end of the contractual relationship, 
  • Except for legal obligations or particularly important risks, log data are kept for 6 months, 
  • The data necessary for the production of statistics on the audience and the use of online services are kept in a format that does not allow the identification of persons by their IP address, and include an identifier (relating to the cookie) kept for a maximum of 13 months (unless the person concerned objects).

Because of their presence on the Internet, the publications may be accessible outside the European Union. 

Online service “Contact form” 

The purpose of this personal data processing is to manage requests made online. It allows the Publisher to: 

  • Receive requests and reports sent to it, 
  • Monitor correspondence with the user of the Website, 
  • Comply with its obligations in terms of health vigilance and data protection, 
  • Draw up statistics relating to the service. 

The legal basis for the processing is the legitimate interests pursued by the Publisher (management of the relationship with the users of its websites). 

The processing concerns any user of the Website who wishes to contact the Publisher electronically. 

The categories of data processed are: 

  • The identity of the requester (name, company)  
  • His/her contact details (e-mail address) 
  • The request (message) 
  • The action taken 
  • The activity statistics 

The contact form provides for a mandatory collection of data for the proper processing of the request. 

The data is kept for 5 years from the time the request is processed. However, if the communication is part of the health vigilance, they may be kept for up to 10 years after the withdrawal of the product concerned from the market. 

The data is intended for the Publisher’s staff: 

  • In charge of processing correspondence related to the Website 
  • In charge of publishing content and technical administration of the Website  
  • Assigned to the management of health vigilance 

The staff of the service providers concerned are also recipients of the data. 

About cookies

The Publisher uses various computer “cookies” on the Website to measure the audience and integrate services to improve the interactivity of the Website. 

What is a computer “cookie”? 

A computer “cookie” is a text file that may be deposited on a user’s terminal during navigation on a website. Cookies are an important tool that allows organizations to gain insight into the online activity of their users. 

How it works: usually small and identified by a name, it is sent to the user’s browser by the website visited. The browser will keep it for a certain period of time, and will send it back to the website each time it is reconnected. In principle, cookies can be easily viewed and deleted. 

In themselves, cookies are harmless because they do not contain executable code. They perform important functions for websites: they can be used to store a customer account ID, browsing preferences, track browsing for statistical or advertising purposes, etc. 

However, cookies can store enough data to identify a user without his or her consent and, in some cases, can be used to create profiles of individuals. This is why it is necessary that the management of cookies be controlled within the framework of data protection. 

Controlling the deposit of cookies 

The user can prevent cookies from being deposited on his or her terminal or delete existing ones by setting his or her web browser accordingly. For instructions on how to manage cookies, the user can refer to the help sections of their browser. 

Please note, however, that deactivating cookies in the web browser may cause malfunctions on the Website and on other websites. 

Two types of cookies are used on the Website

Strictly necessary cookies 

These cookies allow the main services of the Website to function in an optimal way. They do not require the user’s consent. 

Cookie Name Purpose Conservation 
DidomiSaves the user’s choices regarding the consent of cookies 12 months 

Third party cookies 

The Website relies on certain services offered by third parties. These are: 

  • Google Analytics (mesure d’audience) 
  • YouTube (hébergement de vidéos) 
  • Vimeo (hébergement de vidéos) 
  • Facebook (réseau social) 
  • Twitter (réseau social), notamment via l’intégration de tweets (Twitter cards) et des flux d’actualités (Twitter timelines) dans les pages du site 

The purposes proposed by these third parties use cookies directly deposited by these services. Through these cookies, these third parties may collect and use the user’s browsing data on their own behalf in order to offer, for example, targeted advertising and content based on the user’s browsing history. For more information, the user can consult the privacy policy of these third parties via the cookie management module set up on the Website. 

Access the cookie management module 

By default, these third-party cookies are not deposited. The user can consent to their deposit in the cookie management module or directly via a contextual consent request, for example by activating the playback of an external video. The user can indicate his preferences, either globally for the Website, or service by service. They can change their choices at any time by calling up the cookie management module via a permanent link located at the bottom of the page. 

Recruitment

What is its purpose and on what is its legal ground?

The purpose of the recruitment is the management of Jobs and Internships applications. It allows the Recruiter to:

1. Manage the recruitment process:

  • Receive and save candidate applications
  • Track candidates’ applications (candidates’ selection, tests, interviews, etc.)
  • Provide feedbacks to candidates
  • Establish steps prior to entering into a contractual agreement
  • Litigation management (if applicable)

2.  Create and manage a Resume database

Goal 1: managing candidates Jobs and Internships applications allows to establish steps prior to entering into a contractual agreement (6.1.b).

Goal 2: managing candidates Jobs and Internships applications is necessary for the purposes of the legitimate interests (6.1.f):  for human capital management in order to ensure high performance as it relates to the company’s activities.

What data do we keep track of and for how long?

Below are the data tracked:

  • Applicant Identity and contact details (title, surname, first name, postal address, e-mail, phone number)
  • Degree and additional trainings
  • Professional experience
  • Cover letters and key experience
  • Application (resumé, test results, interviews & interviews detailed records, salary, references, contract and length of contract, etc.)
  • Correspondence between the Recruiter and the Applicants

The data may come directly from the Applicant, Management, HR department, or from external sources (websites/social networks, recruitment agencies, schools, employment organizations, etc.).

Providing data by the Applicant, or by a third party, is necessary for the recruitment process as the element provided will be useful to generate Employee contract agreement.

For successful Applicants, the data is maintained for as long as an Employee is within the company, then archived and deleted under the same conditions as the HR files. For unsuccessful applications:

  • The Application is kept for up to 2 years in the active database after the Applicant provided consent.
  • The Application file is archived for 5 years to ensure a possible legal recourse in view of the applicable prescription periods. After this period, the application file with all its documents is deleted.

To whom are the data intended?

The data is intended for:

  • The Applicant
  • The Recruitment team (HR department, managers, etc.)
  • Service providers, organizations and web services specialized in recruitment (recruitment / temporary employment agencies, job search organizations, resumé libraries, schools, forums, etc.)

No data is transferred outside the European Union unless the Open Position is located in a subsidiary (expatriation).