This notice explains how we do this and tells you about your privacy rights and how the law protects you.
The Personal Data collected on the website (www.haliodx.com; www.immunoscore-colon.com) are processed by HalioDx SAS at 163 Avenue de Luminy, 13009 Marseille, France, registered under the number 805 269 271 RCS Marseille, duly represented by its President Vincent FERT.
In order to preserve the confidentiality and security of your Personal Data, whether you are a patient, a client, a business partner, an employee, a candidate for a post or any other person whose Personal Data are processed, we take the following engagements:
The collection and Processing of Personal Data is based on appropriate legal basis:
Therefore, we collect and Process the Personal Data relating to communication and marketing, as part of our legal and contractual obligations, as part of human resources and as part of our health activities.
We collect business and professional information to be used in our direct marketing, emails, E-newsletters, phone calls in order to market HalioDx’s products and services. Moreover, we use this information internally in HalioDx to improve customer experience, our website, marketing, sales and social media efforts.
In the paragraphs below, we explain in what context your Personal Data are collected and how we Process them: we explain what activity you are involved in when we Process your Personal Data and what types of Personal Data we may collect when you are involved in this same activity.
When visiting our website, your Personal Data are collected automatically by cookies (For information about cookies, please read the Cookies paragraph).
Personal Data related to your use of our websites include:
• where you came from;
• pages you looked at: The titles and the URLs of the pages you are viewing;
• duration of your visit: Date and time of visit;
• your IP address (computer’s address);
• device information: Regional and language settings (to determine country origin), operating system
We collect your Personal Data when you submit content on one of our social media platforms. Moreover, we gather social media statistics from the social media software platforms where HalioDx is present. Currently, this is LinkedIn, Twitter and Vimeo. The information is used for analytics views: numbers of visitor, impressions, visits, mentions, numbers of like and followers.
We collect your Personal Data when you ask questions related to our products or activities or when we manage your enquiries from our websites contact forms.
Personal Data related to your enquiries are:
• First name and Last Name
• Email address
• Company/Institution name
• Other information you have shared with us about yourself in relation with your enquiry
When you register for live or recorded HalioDx webinars, we ask you to provide your contact information (First Name, Last Name, Email, Country, City, Organization, Job Title, Field of activity and specific questions related to the webinar topic). In addition, we collect and track webinar performance by analyzing the numbers of participants, the length of participation, the numbers of views and the questions that were asked). Your consent is required while registering to webinars.
When you register for our events, like symposium during congress, we collect and store your participation data (e.g. contact and event participation details). Your consent is required while registering to symposiums.
When you are registered in our database, you receive news about HalioDx like E-newsletters or Press Releases. This means that you accept to receive information by e-mail. HalioDx sends newsletters and emailing only to people listed in its database.
We collect and track newsletter performance by analyzing the opening rates, click rates etc. Your consent is required while registering to our E-newsletters and press releases. If you decide not to receive our emailing anymore, you can at any time opt out with the “unsubscribe” link at the foot of any email from HalioDx.
The collection of your Personal Data may be necessary for the execution of the agreement we have entered into or to respect our legal obligations. Therefore, we collect several Personal Data such as your civil status, your name, gender, postal address, professional email address, phone number, banking and financial information, identification documents.
HalioDx collects and Processes its employees’ Personal Data, as well as the Personal Data of applicants for a job in the company.
The Personal Data collected under this process are, in particular, the civil status, the surnames and family names, gender, address, banking data, identification document and social security number.
HalioDx Processes Health Personal Data as part of its activity.
We strictly respect the Application Regulation relating to Personal Data and apply all technical and organizational security measures to the protection of your Personal Data.
HalioDx ensures to pseudo anonymize Heath Data while Processing them.
We don’t use your Personal Data except if:
We collect your Personal Data in order to comply with our legal and regulatory obligations but also for the following purposes:
As for the Personal Datanecessary for the operational management of the agreement and invoicing of services, the information included in the contractual documentation will be kept for the duration of the agreement and ten years after the termination of this agreement due to our accounting and tax obligations.
As for the Personal Data collected as part of our operations of commercial prospection, they will be kept for a period of three years before being definitely deleted except in the event of a new contact from you.
As for the Personal Data collected on the basis of the legitimate interest, HalioDx has a commercial interest to Process your Personal Data. This conservation of Personal Data will be time limited and not excessive. You can oppose at any moment to the Processing of your Personal Data collected on the basis of the legitimate interest by sending a message to the addresses mentioned in the contact section.
As for the Personal Data collected on the basis of a legal obligation or when the Personal Data are necessary for HalioDx to assert or defend his rights, HalioDx will only keep these Personal Data as long as necessary or until the claims and procedures are resolved.
As for the Personal Data collected on the basis of a consent, you can remove your consent at any moment by simply sending a message to the company to the addresses mentioned in the contact section.
All the information collected on the HalioDx websites are subject to confidential computer Processing and are stored in secure environments.
Health Data collected and Processed by HalioDx are stored on secured servers in accordance with the Personal Data Applicable Regulation.
This information is not public. However, as part of our activity we may share your Personal Data with trusted third parties such as: legal counsel, financial institutions (banks, etc.), experts, suppliers, service providers, medical personnel or technical contractors. We are committed to take all necessary organizational and technical security measures to ensure that our service providers effectively protect your Personal Data.
We do not sell your Personal Data to third parties.
HalioDx respects your right to privacy and you have the right, at any time:
To be informed and to request access: You can request to receive information from HalioDx about your Personal Data we have in our database and how we use it. You can also receive a copy of this Personal Data.
To ask for rectification and / or completion: You have the right to ask for Personal Data rectification if these data are incorrect or completion if they are incomplete.
To ask for erasure (‘to be forgotten’): In some cases, your Personal Data can be erased or deleted. This might be the case:
To require restriction of Processing: You have the right to require the restriction of your Personal Data Processing if one of the following conditions, set out in the General Data Protection Regulation, is met:
To object to the Processing: You have the right to object to the Processing of your Personal Data on the ground of compelling legitimate grounds relating to your particular situation. You may also object to our transfer of your Personal Data for direct marketing purposes, including any processing based on our legitimate interests. If your objection is justified, we will stop to Process your Personal Data.
To request data portability: You have the right to move, copy or transfer Personal Data from our database to another or to transmit those data to another person without hindrance. You can also request to receive your Personal Data, which you have provided to us, in a structured, common and machine-readable format.
To revoke your consent: You have the right to withdraw your consent to our Processing of your Personal Data when such processing is based on consent. The revocation of your consent does not affect the lawfulness of our processing until the consent revocation.
To lodge a complaint with a supervisory authority: You have the right to complain to a supervisory data protection authority (In France, the Commission Nationale de l’Informatique et des Libertés (CNIL), website: www.cnil.fr) of your country about our data protection and privacy practices.
Please note that there are exceptions to the various rights listed above. For example, we have a legal obligation to keep some of your Personal Data.
We shall respond to your request within a period of a month. When your request is particularly complex, we have two additional months for a response.
HalioDx has two Data Protection Officers in charge of the protection of your Personal Data.
You can contact them at the following address: privacy(at)haliodx(dot)com
Your Personal Data may be transferred for various purposes listed above to third countries in the European Economic Area.
Outside EEA, HalioDx undertakes to only transfer your Personal Data to countries with an adequate security level or to use mechanisms ensuring the protection of your Personal Data (Standard Contractual Clauses, BCR, Privacy Shield, etc.)
HalioDx will take all technical and organizational measures necessary to secure these transfers of Personal Data. Transfers of Personal Data to third countries (for example, in the United States of America) can be achieved especially when HalioDx, due to its contractual obligations, works with counterparties located outside the European Economic Area.
The transfer of Personal Data to a subsidiary
Transfers of Personal Data to other Data Controllers, Subcontractors or Sub-processors HalioDx has concluded or will conclude appropriate written agreements with its contractors, to ensure that they Process your Personal Data in accordance with the instructions of HalioDx and they apply and maintain a level of appropriate security to the Personal Data. The transfer is done using mechanisms recognized as compliant by the European Commission.
Transfers to third parties
HalioDx may need to disclose some Personal Data to third parties.
These disclosures of Personal Data may intervene to respect the Applicable Regulation to Personal Data.
HalioDx may also be required to disclose your Personal Data to protect the rights that it is granted by the law.
Legally in Europe, minors under 13 years cannot, in no case, give themselves their own consent to the processing of their Personal Data. In France, a minor under 15 years may not consent to the treatment of his Personal Data.
Cookies are small pieces of text sent by your web browser to a website you visit. A cookie file is stored in your web browser and allows the Service or a third-party to recognize you and make your next visit easier and the Service more useful to you.
Cookies can be "persistent" or "session" cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser.
When you use and access the Service, we may place a number of cookies files in your web browser.
Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.
You can learn more about cookies and the following third-party websites:
"Applicable Regulation" means the GDPR, the law n° 78-17 dated 6 January 1978 relating to “l'informatique, aux fichiers et aux libertés”, as amended by the law n°2018-493 dated 20 June 2018 and the related regulations dated 1 August 2018 and 12 December 2018.
"Data Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
"Data Processor" means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the controller.
"Data Subjects" means persons whose Personal Data are processed.
“European Economic Area” means the European economic area including, on the date of the DPA, the European Union, Norway, Island and the Liechtenstein.
"GDPR" or "General Data Protection Regulation" means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and any related law and regulation.
"Heath Data" means the Personal Data relating to the physical or mental health of a natural person, including the service delivery of health care, which reveal information about the health of this natural person under GDPR. The Health Data are Personal Data.
"Personal Data" means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Process(ing)" means any operation or set of operations which is performed on Personal Data or on sets of personal data, whether or not by automated means.
"Subprocessor" means any data processor acting on behalf and for the account of a Data Controller which is used by another Data Processor to process the Personal Data of this Data Controller. It being specified that the Data Processor remains liable toward the Data Controller for the Processing of the Personal Data.