OUR PRIVACY STATEMENT AND HANDLING OF PERSONAL DATA
GENFIT would like to provide you with information on how we handle your personal data, that we receive not only when you browse our websites (www.genfit.com and www.the-nash-education-program.com), but also how we handle certain personal data that we collect and process in the practice of our business, including the sensitive data we are responsible for as Sponsor of clinical trials.
Handling of data received during navigation on GENFIT’s websites
The websites www.genfit.com and www.the-nash-education-program.com (hereinafter the “Websites”) are provided by GENFIT SA. For further information regarding the provider of the Websites, please refer to the Legal Notice.
Unless otherwise indicated in the following chapters, the legal basis for the handling of your personal data results from the fact that such handling is required to make available the functionalities of the Websites requested by you (Art. 6(1)(b) General Data Protection Regulation).
Access to the website
When you visit the Websites, your browser transfers certain data to our web server. This is done for technical reasons and required to make the requested information available to you. To facilitate your access to the Websites, the following data are collected, used and stored for 13 months:
- IP address
- Date and time of access
- Time zone difference to Greenwich Mean Time (GMT)
- Content of request
Use of forms on our Websites
Our websites contain general contact forms that allow you to contact us directly, as well as other more specific forms, including applications forms for our job offers and preliminary forms to download our content.
In the event that you would like to contact us through these forms, you may provide us with the following information: First name, last name, occupation (and, for healthcare providers, specialty and license number), company, location, contact details (e.g. email address, phone number), general subject of your request from a list pre-established by our services, content of your request, and if necessary, your curriculum vitae and cover letter when these data are needed to evaluate your application.
We will collect, process and use the information provided by you via all our forms exclusively for the processing of your specific request.
Subscription to our mailing lists and receipt of information about the company
You can subscribe to our mailing lists and receive GENFIT’s public information by completing dedicated sign-up forms on our websites. Based on your prior consent, we will collect via these forms the following information: First name, last name, occupation (and, for healthcare providers, specialty and license number), company, location, and email address. We will use the indicated email address to provide you with our newsletters and public information. Nevertheless, you may after subscribing, and at any time, unsubscribe freely by clicking on the dedicated link at the end of our emails, or by writing us to contact@genfit.com.
External services or content on our websites
We include third-party services and/or content on our Websites. When you use such third-party services or when third-party content is displayed, communication data are exchanged between you and the respective provider for technical reasons.
The respective provider of the services or content may also process your data for own additional purposes. To the best of our knowledge, we have configured the services and content of providers known to process data for own purposes in such a way that either any communication for other purposes than to present their services or content on our Website is blocked, or communication only takes place once you have actively opted to use the respective service. However, since we have no control over data collected and processed by third parties, we are not in a position to provide binding information regarding the scope and purpose of such processing of your data.
For further information regarding the scope and purpose of such collection and processing of your data, please consult the privacy statements of the providers whose services and/or content we include and who are responsible for the protection of your data in this context:
- X
- You Tube
Use of cookies on our Websites
A cookie is a data file that is stored on your computer or mobile device by a website’s server; only that server will be able to retrieve or read the contents of that cookie.
Each cookie is unique and contains some anonymous information (e.g. a unique identifier, the site name, some digits and numbers).
Most browsers allow cookies. However, users can block the use of cookies or remove cookies that are already installed on their browser, if they wish. Disabling cookies may prevent you from accessing certain features on our Websites.
GENFIT Websites use:
- Essential cookies that are required to provide certain basic features. You cannot disable these essential cookies.
- Functionality cookies that record information about choices you’ve made and allow us to tailor the website to you – e.g. choice of language.
- Performance cookies that help us improve our websites and provide you with a better user experience, by tracking your use.
- Social media pixels that are used to advertise and re-target content on social media.
For more information about cookies, please visit www.allaboutcookies.org.
Treatment of data received in clinical trials
“Clinical Trial Health Data” means the physiological and biological data of patients and volunteers (or obtained from the examination of biological samples taken from such patients) necessary for the conduct of clinical trials, in accordance with the patient’s or volunteer’s wishes and in strict compliance with the informed consent letter signed by the patient or volunteer (Regulation N°536/2014 of the European Parliament). These Data include personal data within the meaning of Law No. 78-17 of 6 January 1978 relating to data, files and freedoms, as amended, and / or European Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data – that is to say any information relating to an identified natural person or who may be identified, directly or indirectly, by reference to an identification number or to one or more elements of its own.
“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person (Article 4 (5) of the GDPR).
“Pseudonymized data” means data from clinical trials to which a de-identification technique has been applied which minimizes the risk of re-identification by replacing one attribute with another in a record. Pseudonymization does not exclude the possibility of indirectly identifying a person and does not correspond to anonymization, but reduces the risk of correlating a set of data with the original identity of a person concerned.
Only the Pseudonymized Data are transmitted to GENFIT and can be transferred between the different GENFIT entities and between GENFIT and its subcontractors. These data benefit from reinforced security measures, applied by both GENFIT and its subcontractors.
GENFIT undertakes that this data being used in accordance with the will of the donor / patient and that it is not used for the purpose of identifying the volunteer / patient or in such a way as to compromise or violate the confidentiality of the information of the volunteer / patient, or his / her private life.
“Other clinical trial data” means the data collect from healthcare professionals or subcontractor working with GENFIT in clinical trials, such as CV, name of institution, background or diploma. The collection of these data are under the European Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and to be compliant with ICH-GCP E6 (R2) guidelines.
Transfer of data for commissioned processing
For the processing of your data we may use specialized service contractors. Such service contractors are carefully selected by GENFIT and meet strict requirements, formalized in executed contracts. They will only process your personal data upon our instructions and strictly in accordance with our directives and in accordance with the General Data Protection Regulation EU/2016/679 of 27 April 2016 (“GDPR”).
Processing data outside the UE / the EEA
Your data may also be processed in countries outside the European Union (“EU”) or the European Economic Area (“EEA”), which may have a lower data protection level than European countries. In such cases, GENFIT will ensure that a sufficient level of protection is provided for your data, e.g. by concluding specific agreements with our contractual partners, or we will ask for your explicit consent to such processing.
Information regarding your rights
In accordance with the applicable regulations to the protection of personal data and the provisions of the GDPR, you have the following rights on your data:
- Right of information about your personal data we store;
- Right to request the correction, deletion or restricted processing of your personal data;
- Right to object to a processing for reasons of our own legitimate interest, public interest, or profiling, unless we are able to proof that compelling, warranted reasons superseding your interests, rights and freedom exist, or that such processing is done for purposes of the assertion, exercise or defense of legal claims;
- Right to data portability;
- Right to file a complaint with a data protection authority;
- You may at any time with future effect revoke your consent to the collection, processing and use of your personal data.
If you wish to exercise your rights, please address your request by mail to our company data protection officer indicated below:
GENFIT
Data Privacy Officer – DPO
Parc Eurasanté – 885 Avenue Eugène Avinée
59120 LOOS – FRANCE
Or by e-mail to dataprivacy@genfit.com
Amendment of our privacy statement and processing personal data
We are committed to a policy of continuous improvement of our privacy policy and the processing of personal data, especially since the entry into force of the General Data Protection Regulation EU/2016/679 of 27 April 2016 (“GDPR”). Thus, during this process of continuous improvement, we will be able to update this policy. Any amendments become effective upon publication on our website. We therefore recommend that you regularly visit the site to keep yourself informed on possible updates.
Version of June 05, 2020