Personal data protection policy

PERSONAL DATA PROTECTION POLICY

PREAMBLE

The purpose of this Personal Data Protection Policy is to inform you about how we Stallergenes Greer International AG and our affiliates use and manage your personal data for all data processing carried out in connection with our business relationships and activities. This policy includes in particular the collection and processing of your data via the site https://www.stallergenesgreer-foundation.org/.

Stallergenes Greer International AG is fully aware of the importance of privacy and of protecting personal data in the digital age and undertakes to ensure adequate protection of personal data with regard to all persons with whom it has a relationship in strict compliance with the Federal Act on Data Protection and the (EU) General Data Protection Regulation of 27 April 2016 (hereinafter “GDPR”).

This includes all processing activities performed with respect to individuals with whom we have relationships in the course of our business and business relationships, namely:

  • Users of our products and services, including users of our websites and applications;
  • Representatives of our contractual partners and business partners;
  • Candidates for our recruitment operations

The purpose of this policy is to help you understand:

  • The purposes: the reasons and objectives for which we process your personal data.
  • The basis: what legal basis justify the processing of your personal data
  • From where and from which sources we collect your personal data
  • The authorised parties to whom we may disclose your personal data
  • Where we and authorised parties may process your personal data
  • What security measures the group has put in place to protect your personal data
  • For how long we keep your personal data and what is our approach to defining its retention period
  • What are your rights and how you can exercise them
  • How to contact us.

This policy may be modified by us over time, in particular to adapt it to changes in applicable law or our internal practices. These changes will appear on this page. We recommend that you consult this policy regularly.

In any event, we undertake to comply with the following two (2) key principles:

  • You remain in control of your personal data;
  • Your data is processed transparently, confidentially and securely.

ARTICLE 1. IDENTITY & CONTACT DETAILS OF THE DATA CONTROLLER

The data controller is Stallergenes Greer International AG  (hereinafter STALLERGENES) with its head office located at  Zugerstrasse 76B, 6340 Baar, Zug/ Switzerland.

Your data may be shared between STALLERGENES GREER and its affiliate.

If you have any questions about the handling and use of your personal data, please contact us via:

ARTICLE 2. DETAILS OF OUR DATA PROTECTION OFFICER

Our Data Protection Officer is here to respond to all your requests relating to your personal data, including the exercise of rights.

You can contact them via this contact form , by sending an email to dpo.gdpr@stallergenesgreer.com, or by sending a letter to Stallergenes S.A.S, 6 rue Alexis de Tocqueville 92 160 ANTONY – FRANCE

ARTICLE 3. DATA COLLECTION & ORIGIN

All data concerning you is collected:

  • Directly from you: with regards to the data that you send us via different media, including surveys, during registration or the use of an application, and any other direct or indirect interaction with our group. For example, this may be data you provide to us when you register for events we support, when you submit an application online or when you send us a request for information, etc.
  • Indirectly, in accordance with the (EU) General Data Protection Regulation of 27 April 2016 and with the Federal Data Protection Act
    • Data that we automatically collect, for example, when we monitor your interactions with our websites, platforms, applications and services, particularly via cookies.
    • Data we collect in accordance with applicable law from public sources, including data published by you on various media.
    • Data that we lawfully obtain from third parties, for example when we need to confirm your contact details. In such cases, we generally receive such personal data from third parties authorised to do so within the framework of their own privacy and personal data protection policy or in accordance with the law. If necessary, we will inform you of the identity of these third parties under the applicable Information Notice and we recommend that you refer to their own privacy and personal data protection policies to learn more about the origin of this data and the conditions under which it is collected.

In all cases, you are informed of the purposes for which your data is collected by us via the various online data collection forms, your customer account or via our Cookie Management Policy.

ARTICLE 4. PURPOSES & LEGAL BASIS OF PROCESSING

Your data is collected and processed for:

Managing our websites and applications

  • Legal basis:
    • Our legitimate interest in ensuring the best performance and quality of our site and applications;
    • Your consent when you register;
  • This processing covers:
    • Provision of secure access to our online services, platforms and applications;
    • Management of your online accounts to provide you with or verify your access rights, in particular through passwords, password recovery hints, security questions and information, identity documents provided by the State, health professional numbers, data related to driving licences and passports;
    • Presentation of our products and offers that are tailored;

Responding to requests from authorities

  • Legal basis:
    • Execution of requests from relevant official authorities in accordance with applicable law
  • Processing for responding to requests from the authorities covers:
    • Responses to requests from administrative or judicial authorities in accordance with applicable law;
    • Responses to court orders, injunctions or any other decision of a judicial or administrative authority.

ARTICLE 5. TYPES OF DATA PROCESSED

The mandatory or optional nature of the personal data requested and the possible consequences of a failure to reply to you are specified during its collection.

For managing our websites and applications

Identity and contact details 
Connection data 
Allergy status data 
location data 
Data on the impact of allergies on working life

For responding to requests from authorities

All data making it possible to respond to a court order, injunction or any other decision of a judicial or administrative authority

ARTICLE 6. RECIPIENTS OF YOUR DATA

Within the limits of their respective powers and for the purposes set out in Article 4, the main people who may have access to your data are as follows:

  • Our authorised staff and the authorised staff of our affiliated companies: the authorised staff of our marketing, production, sales, administrative, logistics and IT departments responsible for managing potential and existing customer relationships and those responsible for monitoring.
  • The authorised personnel of our sub-contractors:
    • Hosting providers
    • Analytics and database solution providers
    • Email solution providers
    • Electronic messaging service providers
    • CRM solution providers
    • Archiving providers
    • Telephone solution companies and service providers
    • Database companies

Please note that your data is not sold to third parties.

ARTICLE 7. TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION

We are a multinational organisation with subsidiaries, partners and contractors in many countries around the world. For this reason, we may have to transfer your personal data (including by providing access, visibility, or storage) to other jurisdictions, including from and outside the European Union, to countries that may not be considered as offering a level of protection equivalent to that of the country in which you reside.

In the event that we need to transfer personal data outside the European Union, we ensure that adequate safeguards such as those prescribed by the applicable data protection legislation are implemented (such as, in particular, the Contractual Clauses of the European Commission, where applicable).

ARTICLE 8. DATA RETENTION PERIOD

The retention period is defined according to the purposes of the processing and particularly takes into account the applicable legal provisions requiring a precise retention period for certain categories of data, any applicable limitation periods. 

ARTICLE 9. YOUR RIGHTS

You are able to exercise the rights that will be granted under the applicable data protection legislation.

To this end, we hereby inform you that you are entitled to:

  1. access your personal data upon a simple request, in which case you will receive a copy, unless this data is made available directly to you (Article 15 GDPR),
  2. obtain a rectification of your personal data in the event that it is inaccurate, incomplete or obsolete (Article 16 GDPR),
  3. secure the deletion of your personal data in the situations provided for by the applicable data protection legislation (“the right to be forgotten”) (Article 17 GDPR) where such data is inaccurate, incomplete, ambiguous, obsolete, or whose collection, use, communication or retention is prohibited
  4. withdraw your consent to the processing of your personal data, without this affecting the lawfulness of the processing, when your personal data has been processed and collected on the basis of your consent (Article 13-2c GDPR)
  5. object to the processing of your personal data, when it has been collected and processed on the basis of our legitimate interests, in which case it will be your responsibility to justify your request by explaining your particular situation to us (Article 21 GDPR)
  6. request a restriction of processing in the situations covered by applicable law (Article 18 GDPR),
  7. receive your personal data for transmission to the third party of your choice, or receive direct transmission of your data to this third party via us where technically feasible (this law is applicable only when the processing is based on your consent) (Article 20 GDPR).

If you wish to exercise any of these rights, please contact us via this contact form, by sending an email addressed to dpo.gdpr@stallergenesgreer.com, or by sending a letter to STALLERGENES addressed to Stallergenes S.A.S, 6 rue Alexis de Tocqueville, 92160 Antony – FRANCE, with proof of identity.

We will take the necessary steps to respond as quickly as possible.

You may also submit a complaint to the relevant personal data protection authority regarding the processing of your personal data. Although we recommend that you contact us first, if you wish to exercise this right, you must contact the relevant personal data protection authority directly.

ARTICLE 10. CONNECTION DATA AND COOKIES

On our website and on our mobile application, we use login data (date, time, web address, visitor's Internet Protocol (IP) addresses, page viewed) and cookies (small files saved on your computer) to identify you, remember your visits, in particular relating to the pages consulted, to analyse the audiences of our website and our mobile application and offer you promotional offers and advertisements targeted according to your browsing habits, your needs and your relevant centres.

You may consent, refuse or choose the type of cookies that you agree to store on your devices by visiting our Cookie Policy.