Polyplus-transfection (hereinafter “Polyplus”) fully understands the importance of privacy and the protection of personal data in the digital era and is committed to ensure an adequate level of data protection for all persons with whom Polyplus has dealings, in accordance with applicable laws on data protection and more particularly in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”). This includes:
- users of our products and services, including websites and apps users,
- representatives of our contractors and business partners,
- representatives of the scientific community etc.
What you will find in this document
The objective of this Policy is to help you understand:
- THE DATA CONTROLLER: who is responsible for determining the purposes and means of the processing of your Personal Data;
- THE PROCESSING ACTIVITIES AND THE PURPOSES: for what reasons and purposes Polyplus processes your Personal Data,
- ON WHAT GROUND: on what legal basis does Polyplus process your Personal Data,
- WHERE FROM: from what sources does Polyplus collect your Personal Data,
- WHO: who are the authorized parties that Polyplus may disclose your Personal Data to,
- WHERE: where Polyplus and its authorized parties may process your Personal Data,
- HOW SECURE: what Polyplus does to protect your Personal Data,
- HOW LONG: Polyplus’ approach to defining the term of retention of your Personal Data,
- YOUR RIGHTS: what your rights are and how you can exercise them,
- HOW TO CONTACT US:how you can reach us if you wish to exercise your rights or if you have a question.
I – Data Controller
Your Personal Data collected on the website www.polyplus-sartorius.com are processed by Polyplus-transfection SA. Consequently, the data controller is:
POLYPLUS TRANSFECTION S.A.
75 Rue Marguerite Perey
67400 Illkirch – FRANCE
II – What Personal Data and what processing activities do this policy cover
When visiting the Polyplus’ website, Polyplus will collect from you, through different request forms, the following Personal Data:
- identification data (surname, first name, e-mail address, postal address, telephone number, job title, etc.);
- technical data (IP address, date and time of connection, cookies, etc.)
Your Personal Data are subject to the following processing activities:
- manual processing through all contact forms available on the website;
- manual processing for the creation and access to your Polyplus’ account;
- automatic processing relating to cookies (aggregation of statistics and analysis of browsing, enabling Polyplus to better understand users’ interactions with its website and to improve its quality, as well as paid referencing media campaigns for marketing purposes)
Polyplus processes your Personal Data for the following purposes:
- to carry out our business operations; carry out marketing and sales; respond to your requests; to keep track of our interactions and meetings, such as when you contact us for information and support;
- to comply with legal or regulatory obligations that apply to Polyplus; monitor safety; manage adverse events; carry out prevention and investigatory activities; carry out administrative formalities, registration, declarations or audits.
- to provide you access to online services, application and platforms; manage your online accounts;
- to allow us to identify or authenticate you; provide or verify your credentials including via passwords, password hints, security information and questions, government-issued ID;
- to improve and develop our products and services; identify usage trends and develop new products and services; understand how you and your device interacts with our services; track and respond to safety concerns; determine the effectiveness of our promotional campaigns, conduct surveys;
- to personalize your experience when using our services; ensure that our services are presented in the way that best suits you; understand your professional and personal interests in our content, products and services or other content and adapt our content to your needs and preferences; present you products and offers tailored to you;
- to allow us to communicate with you; respond to your requests or inquiries; reach out to you following your interest, to provide support on our products and services; provide you with important information, administrative information, required notices, and promotional materials; send you news and information about our products, our services, our brands, our operations; organize and manage professional events and congresses, including your participation to such events;
- to respond to legal requests from administrative or judicial authorities, in accordance with applicable laws; comply with a subpoena, required registration, or legal process;
- to protect our rights and interests ; protect the health, safety, and security of Polyplus personnel and premises ; carry out internal audits, asset management, system and other business controls ; manage business administration (finance and accounting, fraud monitoring and prevention) ; maintain the security of our services and operations ; protect our rights, privacy, safety or property, to allow us to pursue available remedies or limit the damages that we may incur as necessary ; to protect ourselves against possible fraudulent actions.
For each of the purposes described above, the processing of your Personal Data is legally established, in accordance with the GDPR.
III – On what legal basis
Polyplus-transfection will always process your Personal Data lawfully.
Depending on the data processing at stake, Polyplus will process your Personal Data on either one of the following legal basis:
- your prior consent: where you have clearly expressed your approval of Polyplus’ processing of your Personal Data. In practice, this will generally mean that Polyplus will ask you to sign a document, or to fill-in an online “opt-in” form or to follow any relevant procedure to allow you to be fully informed and then either clearly accept or refuse the data processing envisaged,
- a contractual relationship between you and Polyplus: in such case, the processing of your Personal Data is generally necessary for the execution or the performance of the contract; this means that if you do not wish Polyplus to process your Personal Data in that context, Polyplus may or will be obliged to refuse to enter into such contract with you or will not be able to provide the products or services covered in this contract,
- legal obligations applicable to Polyplus’ activities; for instance, Polyplus is required to implement pharmacovigilance procedures to monitor adverse effects of marketed products, which generally involves the collection and retention of Personal Data,
- the “legitimate interest” of Polyplus in the sense of applicable data protection law. In such a case, Polyplus shall consider your fundamental rights and interests in determining whether the processing is legitimate and lawful.
Polyplus may, on a case-by-case basis, rely on other legal grounds, such as the protection of your vital interests, in accordance with applicable data protection law.
IV – Where does the Personal Data come from
When navigating on Polyplus’ website, Polyplus may collect your Personal Data from different sources:
- Data that you communicate to us through various media, through registrations, applications surveys or direct and indirect interactions with Polyplus. For example, data you provide to register to scientific events sponsored by Polyplus, to submit an online application, to send us a request for information, to complete one of the contact forms available on the website, to subscribe to our Newsletter, to contact Polyplus’ Data Protection Officer (“DPO”), or when you contact Polyplus via one of our marketing email addresses.
- Data that we collect automatically, for instance when following your interactions with our websites, platforms, applications and services through certain technologies, such as cookies when you have given your consent to the collection of such cookies.
V – Who has access to Personal Data
Polyplus will share your Personal Data only with authorized parties.
For the purposes described above, Polyplus may need to share your Personal Data with the following authorized third-parties:
- Polyplus-transfection SA. and its affiliates
- our partners (distributors, other members of the healthcare and pharmaceutical industry), subject to your prior consent;
- legal or administrative authorities or any other third parties, as required by regulatory authorities or any other administrative authorities authorized by applicable laws including laws outside your country of residence;
- potential acquirers and other stakeholders in the event of a merger, legal restructuring operation such as, acquisition, joint venture, assignment, spin-off or divestitures, subject to your prior consent.
In any case, Polyplus will require that such third-parties:
- undertake to comply with data protection laws and the principles of this Policy;
- will only process the Personal Data for the purposes described in this Policy; and
- implement appropriate technical and organizational security measures designed to protect the integrity and confidentiality of your Personal Data.
VI – Where Personal data may be transferred
Polyplus will ensure that transfers of your Personal Data outside EU are safeguarded and obtain your prior consent.
Polyplus is an organization with affiliates, partners and subcontractors located in many countries around the world. For that reason, Polyplus may need to transfer (via access, visualization, storage.) your Personal Data in other jurisdictions, including from the European Economic Area to outside the European Economic Area, in countries which may not be regarded as providing the same level of protection as the jurisdiction you are based in.
Safeguards for international transfers of Personal Data: In cases where Polyplus needs to transfer Personal Data outside the European Union, it will obtain your prior consent for such transfer, list the countries and entities recipients of the Personal Data and shall ensure that adequate safeguards, as required under applicable data protection legislation, will be implemented.
VII – How secure
Polyplus has implemented strong organizational and operational security measures to guarantee the security of your Personal Data.
Polyplus employees who are likely to process Personal Data in the course of their duties are subject to a strict duty of confidentiality. They only have access to Personal Data that is necessary for their working duties and are regularly made aware of data protection aspects.
Polyplus selects its subcontractors according to a strict process and will not select subcontractors that are not GDPR compliant.
VIII – How long
We will retain your Personal Data for no longer than necessary, and more particularly for the following periods:
- Three (3) years from the end of the commercial relationship or if the prospect didn’t subscribe to the services or didn’t purchase the products of Polyplus (marketing data);
- Ten (10) years from the end of the commercial relationship for contractual aspects (contracts, warranties, complaints, invoices, etc.);
- One (1) month (with a maximum of two (2) months for an extended request, for data sent to Polyplus’ DPO, in the event of a request for rights from the data subject.
As an exception, Polyplus may be required to retain your Personal Data for longer periods as required or permitted by law, or as necessary to protect its rights and interests.
IX – Your rights
You have and may exercise the following rights at any time and within the limits provided by the law:
- to have access upon simple request to your Personal Data so that you can find out whether and which of your Personal Data are processed by Polyplus – in which case you may receive a copy of such data (if requested), unless such data is made directly available to you, for instance within your personal account;
- to obtain a rectification of your Personal Data should your Personal Data be inaccurate, incomplete or obsolete;
- to obtain the deletion of your Personal Data in the situations set forth by applicable data protection law (‘right to be forgotten’);
- to withdraw your consent to the data processing without affecting the lawfulness of processing, where your Personal Data has been collected and processed on the basis of your consent;
- to object to the processing of your Personal Data, where your Personal Data has been collected and processed on the basis of legitimate interests of Polyplus, in which case you will need to justify your request by explaining to us your particular situation;
- to request not to be subject to automated decision-making, including profiling;
- to request a limitation of the data processing in the situations set forth by applicable law;
- to receive your Personal Data for transmission from Polyplus-transfection to a third-party or to have your Personal Data directly transferred by Polyplus-transfection to the third-party of your choice, where technically feasible (data portability right allowed only where the processing is based on your consent).
You may exercise any of these rights free of charge by contacting us:
by e-mail to: firstname.lastname@example.org
or by post to :
Polyplus – Bureau de la protection des données
75 Rue Marguerite Perey
67400 Illkirch – FRANCE
In order for Polyplus to satisfy your request and avoid any misuse of your identity, Polyplus will ask you to provide a copy of both sides of an official identity document if you exercise your right of access and portability of your Personal Data. These documents are used to confirm your identity and are immediately deleted from our system after confirmation.
Polyplus will answer your request within a maximum of one (1) month from the date of receipt of your completed request. This period may be extended to a maximum of two (2) months in the case of numerous or complex requests. In this case, the competent authorities and data subjects will be duly informed in accordance with the requirements of the GDPR.
You can also file a complaint with the Commission Nationale Informatique et Liberté (CNIL), via their website: https://www.cnil.fr
X – Validity and evolution of this policy
This Policy may be modified by Polyplus, from time to time, in particular to adapt its terms to evolutions or changes of applicable legislations and/or to Polyplus’ practices. Changes will be available on this page. We invite you to check this Policy periodically.
XI – How to contact us
You can send any request pertaining to Polyplus’ use of your Personal Data at the following email address: email@example.com.