PRIVACY POLICY

A. DEFINITIONS

 In order to better understand the concepts used in this HELIOSCIENCE Confidentiality Policy, words or expressions beginning with a capital letter, whether used in the singular or plural, shall have the following meaning:

  • The « Laboratory »: the company HELIOSCIENCE SARL.
  • The « Recipient »: any natural or legal person who receives communication and who may access your Personal Data.
  • « Personal Data »: means any information relating to you and enabling you to be identified directly or indirectly.
  • The « Privacy policy » or « Policy »: refers to this very Policy, that describes the measures taken for the Processing, use and management of your Personal Data and your rights as a person involved in the Processing.
  • The « Data Controller »: refers to the natural or legal person who decides on the purpose and means of Processing Personal Data.
  • The « Processing »: any operation or set of operations applied to the Personal Data of Volunteers.
  • The « Violation of Personal Data »: a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data.

B. PERSONAL DATA PRIVACY POLICY

B.1 GENERAL DISPOSITIONS

This document explains the principles and commitments of HELIOSCIENCE for the protection of your Personal Data and aims to inform you about:

  • The Personal Data that the Laboratory collects and the reasons for this collection,
  • How this Personal Data will be used,
  • Your rights as a person involved in this data processing.

This Policy applies to all HELIOSCIENCE services, no matter their nature (site, applications, services, etc.), except for the processing of the Personal Data of individuals participating in clinical studies set up by the Laboratory, which is covered by the volunteer personal data protection policy available at the following address: https://www.helioscience.org/en/privacy-policy/.

Concerned by the protection of your privacy, HELIOSCIENCE is committed to ensuring the highest level of protection for your Personal Data. To this end, the Laboratory has appointed a Data Protection Officer (DPO).

Our services are not intended to be used by minors under the age of fifteen, but if minors under the age of fifteen use them, they must obtain the consent of their parents or legal representatives.

B.2 WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA?

The company that collects and processes your Personal Data is:

HELIOSCIENCE, a limited liability company with capital of €10,000, registered with the Marseille Trade and Companies Register under number 533 538 211, whose headquarters is located at Cité de la Cosmétique, 2 rue Odette Jasse, 13015 Marseille, France.

As the Data Controller, HELIOSCIENCE undertakes to comply with the provisions of Regulation (EU) n°2016/679 of 27 April 2016 on the protection of Personal Data, known as the RGPD in French.

B.3 WHAT PERSONAL DATA IS COLLECTED?

HELIOSCIENCE collects the following categories of data about you:

  • Data concerning your identity such as your form of greeting, your first and last name;
  • Data concerning your profession, such as the name of your company and the title of your job;
  • Information about how to contact you, such as your business e-mail address, your business telephone number and your business postal address;
  • Information about your business interests.

If you are an employee of HELIOSCIENCE, other data may be collected such as:

  • Your personal postal address, your personal e-mail address and your personal telephone number;
  • Your date and place of birth;
  • Your nationality;
  • Your national insurance number;
  • Your family situation and the number of children in your care;
  • Emergency contact details;
  • Your areas of interest;
  • Your diplomas or other training certificates;
  • Your withholding tax rate;
  • Your bank details (RIB);
  • Photos or videos of yourself. 

HELIOSCIENCE commits only to collect data that is strictly necessary for the performance of its activities. If optional data is requested, the Laboratory will clearly inform you of the type of Personal Data required for the processing concerned.

Personal Data collected directly from you is only used for the purposes for which you have been informed. When it does not come directly from you, HELIOSCIENCE will inform you as soon as possible of the processing for which it has been collected and its purposes.

Your Personal Data will be used to offer you other services, only if you have agreed to benefit from the service or to receive additional communications.

B.4 WHAT IS THE BASIS FOR THE LEGITIMACY OF OUR PROCESSING?

You will find below the main purposes of processing carried out by HELIOSCIENCE classified according to the corresponding legal basis:

  • LEGAL OBLIGATION :
    • To supply the single staff register;
    • To make nominative social declarations;
    • To provide health insurance for employees;
    • Carry out administrative follow-up of medical examinations;
    • Carry out professional interviews;
    • Manage training requests and the skills development plan;
    • Identify and store Wi-Fi connections to the guest portal.
  • LEGITIMATE INTEREST:
    • To manage the company’s contact database;
    • To send advertisements for products or services that are similar and/or related to one of your previous purchases;
    • Evaluate the satisfaction of stakeholders (customers, employees, suppliers, etc.);
    • Build up a CV database;
    • Manage internal directories and organization charts;
    • Organize in-house training sessions and evaluate knowledge and training;
    • Manage the quality action plan;
    • Manage IT directories to define access authorizations for applications.
  • CONSENT :
    • Send a newsletter.
  • PERFORMANCE OF THE CONTRACT:
    • Carry out our commercial management;
    • Organise events, webinars and other functions;
    • Manage employees’ professional files;
    • Establish remuneration and provide pay slips;
    • Conduct annual interviews;
    • Manage employees’ professional e-mail.

 

  • PRE-CONTRACTUAL MEASURES:
    • Process applications and manage interviews in connection with the recruitment of new employees.

B.5 HOW DOES THE LABORATORY COLLECT YOUR PERSONAL DATA?

HELIOSCIENCE collects your Personal Data on the Site when:

  • You fill in the contact form or you click on the “I apply” button. An e-mail is then generated so that our team can process your request.
  • You complete the registration form for our newsletter. Your Personal Data will then be stored in a database. You may unsubscribe from our mailing list at any time when you receive a newsletter from us by clicking on the “Unsubscribe” button.

In certain cases, the Laboratory may collect your Personal Data directly from you (meeting, telephone conversation, etc.) or using specific forms online or in paper format.

All other data collection will be carried out via documents, such as contracts, which will stipulate the necessary information.

B.6 WHO HAS ACCESS TO YOUR PERSONAL DATA?

Your Personal Data may be transmitted to:

  • HELIOSCIENCE’s internal departments: your Personal Data will be accessible by the Laboratory’s staff but only when it is necessary for the performance of their duties (Sales Department, Analytical Department, Quality Department, Human Resources Department, etc.).
  • Service providers external to the Laboratory: technical service providers such as data collection and storage providers, hosts, maintenance service providers and subcontractors such as the accounting firm may have knowledge of your Personal Data as part of the service they provide to the Laboratory. As part of the contracts governing this subcontracting, they must ensure the protection of your Personal Data and are not authorized to use it for their own purposes.
  • HELIOSCIENCE’s commercial partners, after informing you in advance and allowing you to express your choices by ticking a box.
  • Institutions and other organizations such as URSSAF, occupational medicine, etc.

B.7 HOW IS YOUR PERSONAL DATA PROTECTED?

HELIOSCIENCE commits to protecting your Personal Data and your private life right from the design stage of the services offered to you (Privacy by design). To ensure security and guarantee that your rights are respected and properly exercised, measures to ensure the protection of your Personal Data are implemented (Privacy by default).

HELIOSCIENCE has implemented appropriate security measures to prevent your Personal Data from being accidentally lost or used, accessed, modified or disclosed without authorisation. You will find below the main security measures implemented by the Laboratory:

  • Hosting of your data in France or Switzerland with ISO 27001 certified hosts.
  • Encryption of transfers (TLS 256 bits) of your data in the software solutions used by HELIOSCIENCE.
  • User rights management: the Laboratory limits access to your Personal Data to its employees. Only those people who have a legitimate need to know them by virtue of their work have access to them. These persons will process your Personal Data only in accordance with the Laboratory’s instructions and will be required to maintain their confidentiality.

HELIOSCIENCE has implemented procedures to act in the event of suspected violations of your Personal Data. Should this occur, the Laboratory will inform you and the relevant regulatory authorities in accordance with applicable legal requirements.

B.8 CAN THE LABORATORY TRANSFER YOUR DATA OUTSIDE THE EUROPEAN UNION?

HELIOSCIENCE processes all your Personal Data within the European Union (EU).

However, for certain specific services, HELIOSCIENCE may use subcontractors established outside the EU. Certain Personal Data may then be communicated to them for the strict needs of their missions. In this case, in accordance with the regulations in force, HELIOSCIENCE requires its sub-contractors to provide the necessary guarantees to supervise and secure these transfers, by signing the European Commission’s standard contractual clauses.

B.9 WHAT ARE YOUR RIGHTS?

At any time, you can exercise your rights provided by the regulations in force with HELIOSCIENCE that apply to Personal Data, as long as the following conditions are fulfilled:

  • Access rights:

This allows you to receive a copy of the Personal Data that the Laboratory holds about you and to check that it is processing them legally.

  • Right of rectification:

This allows you to rectify incomplete or inaccurate Personal Data concerning you that is in the possession of the Laboratory.

  • Right to object:

This allows you to withdraw your consent to the processing of your Personal Data by HELIOSCIENCE. In this case, the Laboratory will no longer be able to process your Personal Data and perform the contract or provide the service requested.

  • Right to erasure:

This allows you to request the deletion of the Personal Data that HELIOSCIENCE holds about you. In this case, the Laboratory will no longer be able to process your Personal Data and perform the contract or provide the requested service.

  • Right to limitation:

This allows the processing of your Personal Data to be suspended in certain circumstances, for example if you wish your data to be rectified and during the time that the Laboratory is carrying out the necessary checks.

  • Right to portability:

You may retrieve your Personal Data from HELIOSCIENCE in order to dispose of it. This allows to receive the Personal Data that you have provided to the Laboratory concerning yourself in order to obtain them in a structured, commonly used and readable format and to transmit them to another Data Controller if you wish so.

You may exercise your rights at any time by contacting HELIOSCIENCE’s Data Protection Officer using the contact details provided in Article B.10 of this Policy. The Laboratory will implement the necessary measures to respond favourably to your request when you wish to exercise your rights. HELIOSCIENCE commits to respond to your requests to exercise your rights as soon as possible and in any event within the legal time limits.

For any request to exercise your rights, you must, whenever necessary, prove your identity to the Laboratory.

B.10 WHO TO CONTACT?

The Data Protection Officer (DPO) is responsible for ensuring compliance with the regulations and rules described in this Policy. The designation of a Data Protection Officer demonstrates HELIOSCIENCE’s commitment to the protection, security and confidentiality of your Personal Data.

If you have any questions or wish to exercise any of your rights, you can contact the Data Protection Officer at the following address: dpo@helioscience.fr.

You also have the right to complain to the Commission Nationale de l’Informatique et des Libertés (CNIL), 3 Place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07 (https://cnil.fr/) about the way HELIOSCIENCE processes your Personal Data.

C. COOKIE MANAGEMENT POLICY

This Cookie Management Policy describes the collection of technical information or information relating to your browsing via cookies on the Helioscience Site.

C.1 WHAT IS A COOKIE?

A cookie is a data file in text format sent to your browser by a web server and stored on the hard disk of your terminal (computer, tablet, smartphone, etc.) when you visit a website.

A cookie is associated with a web domain. Depending on the domain from which it originates, the cookie may be described as:

  • “Owner” cookie: cookie installed by the Site when you are consulting it.
  • “Third-party” cookie: cookie installed by another entity (another domain) via the Site when you are consulting it.

A cookie is not stored indefinitely and therefore has a storage period. A distinction must therefore be made between:

  • Temporary or “session” cookies: these allow us to track your actions for the duration of a browsing session. The browsing session begins as soon as you open your browser window and ends when you close it. Session cookies are temporary. Once the browser is closed, all session cookies are automatically deleted.
  • Persistent cookies: these remain on your terminal after you close your browser session, for the length of time specific to each cookie. They are activated each time you visit the Site.

In general, a cookie contains the name of the domain from which it originates, the length of time it is stored and a value corresponding to a unique number created at random.

C.2 PURPOSE

Temporary cookies are used to enable you to :

  • Transfer information from one page of the Site to another without having to re-enter it;
  • Access stored registration information.

Persistent cookies are used to :

  • Help us identify you as a visitor (using a number and not personally) when you return to the Site;
  • Allow us to tailor content or advertisements to your interests or to avoid showing you the same advertisements repeatedly;
  • Compile anonymous aggregate statistics that enable us to understand how visitors use the Site and help us improve its structure.

Depending on the purpose, there are different types of cookies:

  • Strictly necessary functional cookies:

Functional cookies help to make the Site usable by activating basic functions. They enable you to browse the Site optimally and use its features. Without these cookies, you cannot use the Site normally. These cookies are therefore permanently activated and do not require your consent. They allow to remember the choices you make regarding cookies in order to improve your experience on the Site.

  • Statistical cookies: 

Statistical cookies are used for statistical processing of general site traffic (number of visitors, length of visit, pages consulted, etc.).

C.3 WHAT ARE THE COOKIES EMITTED BY THE WEBSITE?

OWNER COOKIES:

Name of the cookie Description of its purpose Type Storage duration
aviaCookieConsent Registers your preferences regarding cookies Functional 1 year
aviaPrivacyEssentialCookiesEnabled Registers your preferences in terms of cookies Functional 1 year
aviaPrivacyRefuseCookiesHideBar Registers your preferences regarding the display of the cookies bar Functional 1 year
aviaPrivacyMustOptInSetting Registers your preferences regarding cookies Functional 1 year
aviaPrivacyGoogleTrackingDisabled Deletes the cookie _gat Functional 1 year
aviaPrivacyReCaptchaDisabled Managing your consent to Google reCaptcha Functional 1 year
aviaPrivacyGoogleMapsDisabled Managing your consent to the display of Google Maps Functional 1 year
aviaPrivacyGoogleWebfontsDisabled Managing your consent to the fonts of Google Fonts Functional 1 year
aviaPrivacyVideoEmbedsDisabled Managing your consent to the display of a third-party video player like Dailymotion / Youtube / viméo Functional 1 year
wp-settings-{user} Save an account’s wp-admin settings Functional 1 year
wp-settings-time-{user} Record the time at which wp-settings-{user} was set Functional 1 year
wp-wpml_current_admin_language Store the language of the Site administration area Functional 1 year
wordpress_test_cookie Test whether the cookie can be configured Functional Session
wp-wpml_current_language Direct the user directly to the appropriate multilingual content adapted to their browser’s language Functional 1 year
_ga Distinguishing between users Statistical 2 years
_gat_gtag_UA Storing and following connections Statistical 1 minute
_gid Distinguishing between users Statistical 1 day

THIRD-PARTY COOKIES:

Name of the cookie Supplier Description of its purpose Type Storage duration
_GRECAPTCHA google.com Provide protection against spam Functional Session

Third-party cookies depend on external Data Processors who may, if you accept these cookies, process Personal Data about you. The issue and use of these cookies by third parties are subject to their own personal data protection policies, which are available below:

  • Google ReCaptcha: available here.
  • Google Analytics: available here.
  • YouTube: available here.

C.5 HOW TO MANAGE YOUR CONSENT?

MANAGING COOKIES DIRECTLY ON THE SITE:

When you visit the Site for the first time, an information banner appears at the bottom left of the page so that you can manage your consent concerning cookies.

You can also configure the cookie management module to choose which cookies you wish to accept or reject on the Site. The cookie management module is available at https://www.helioscience.org/en/manage-cookies/.

COOKIES MANAGEMENT VIA YOUR BROWSER SETTINGS:

You can accept or reject cookies by modifying your browser settings. However, you may lose some of the interactive functions of the service if cookies are deactivated.

You can configure your web browser so that cookies are stored or rejected on your terminal. Cookie settings are specific to each web browser. It is generally described in your browser’s help menu, which will tell you how to modify your choices regarding cookies. Below you will find information to help you adjust your cookie settings for the following browsers:

If you use another browser, you will find information on cookie management on the website of that browser.

To find out more about cookies and how to manage them, please consult the website of the Commission Nationale de l’Informatique et des Libertés (CNIL), and in particular the page entitled “CNIL tips for managing your browser” available at: https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser.

C.6. LINKS TO OTHER WEBSITES

We provide links to other websites for your convenience and information. If you follow such links, this Policy will no longer apply. These websites may have their own privacy policies in place, which we recommend you consult before visiting linked websites. We are not responsible for the content of linked websites or their use.

D. CHANGES TO THIS PRIVACY POLICY

This Policy is codified under reference SI-ENR-Q003 within the HELIOSCIENCE Quality Management System. Any modification of this Policy will result in the updating of the quality documentation. For security reasons, only a simplified version and its updates will be published on the HELIOSCIENCE website at the following address: https://www.helioscience.org/en/privacy-policy/.

Version of the 10/08/2022