Privacy Policy Version 02 | Date: 16/01/2020 | Ref: ICO03-000-120

HalioDx Privacy Policy

HalioDx takes your privacy very seriously. We aim to be as honest and transparent with you on the use of the Personal Data we collect. We respect the privacy of our visitors and customers to build a sustainable relationship with you based on trust. For that purpose, we provide you this Privacy Policy that enables you to understand how we are committed to look after your Personal Data. HalioDx complies with French and European regulations relating to Personal Data protection.

This notice explains how we do this and tells you about your privacy rights and how the law protects you.

THE IDENTITY OF THE DATA CONTROLLER

The Personal Data collected on the website (www.haliodx.com; www.immunoscore-colon.com) are processed by HalioDx SAS at 163 Avenue de Luminy, 13009 Marseille, France, registered under the number 805 269 271 RCS Marseille, duly represented by its President Vincent FERT.

OUR PRIVACY COMMITMENT

In order to preserve the confidentiality and security of your Personal Data, whether you are a patient, a client, a business partner, an employee, a candidate for a post or any other person whose Personal Data are processed, we take the following engagements: 

  • We respect your privacy and your choices;
  • We will send you marketing communications unless you decide to be removed from our database. In this case, we are committed to do so as soon as possible;
  • We will not Process your Personal Data in ways that we have not told you about;
  • We will never sell your Personal Data;
  • Your Personal Data, including your Health Data, will be stored on secured servers and only transferred to authorized persons;
  • We collect Personal Data strictly necessary for the realization of the contracted services or the purposes; 
  • We store your Personal Data which are the subject of a computer processing on a secured and confidential server;
  • We are committed to keep your Personal Data safe and secured with technical and organizational measures in accordance with the Applicable Regulation;
  • We are committed to being transparent about how we collect and use information from you; 
  • We respect your rights and will always try to accommodate your requests as far as possible, in line with our own legal and operational responsibilities;
  • We have appointed two Data Protection Officer responsible for ensuring safety and protection of Personal Data;
  • When collecting your Personal Data (during congresses, webinars, contact forms published on our websites, by an order placed with us, because of marketing subscription or by purchasing contacts from vendors, etc.) we and our trusted third parties (defined below) will use them in line with this Privacy Policy.

Note that all of the information from this Privacy Policy may not be applicable to you. We provide below an overview of all possible situations in which we could interact together. Please read this information carefully. If you need more information about our privacy policy or if you have questions about it, do not hesitate to contact our Data Privacy Officer at privacy(at)haliodx(dot)com.

THE PERSONAL DATA COLLECTED AND PROCESSED, LEGAL BASIS AND WHY WE NEED THEM

The collection and Processing of Personal Data is based on appropriate legal basis:

  • Agreement: the Processing of Personal Data is necessary for the execution of the agreement to which you have agreed;
  • Consent: you agree with the Processing of your Personal Data through an express consent;
  • Legitimate interest: HalioDx has a commercial interest to Process your Personal Data. This interest is balanced and legitimate. Subject to exceptions, you can oppose to the Processing of your Personal Data based on this legal basis by writing to the addresses included in the contact section.
  • Law: the Processing of your Personal Data is required by a law.

Therefore, we collect and Process the Personal Data relating to communication and marketing, as part of our legal and contractual obligations, as part of human resources and as part of our health activities.

SECTION 1: COMMUNICATION AND MARKETING  

We collect business and professional information to be used in our direct marketing, emails, E-newsletters, phone calls in order to market HalioDx’s products and services. Moreover, we use this information internally in HalioDx to improve customer experience, our website, marketing, sales and social media efforts. 

In the paragraphs below, we explain in what context your Personal Data are collected and how we Process them: we explain what activity you are involved in when we Process your Personal Data and what types of Personal Data we may collect when you are involved in this same activity.

Online browsing 

When visiting our website, your Personal Data are collected automatically by cookies (For information about cookies, please read the Cookies paragraph).  
 
Personal Data related to your use of our websites include:  
 
•    where you came from;  
•    pages you looked at: The titles and the URLs of the pages you are viewing;  
•    duration of your visit: Date and time of visit;  
•    your IP address (computer’s address);  
•    device information: Regional and language settings (to determine country origin), operating system
(Windows, OS X, Linus, iOS, Android etc.), Java and JavaScript support; and • visitor ID which is given to each visitor and the expiration date of the ID.

Social media browsing

We collect your Personal Data when you submit content on one of our social media platforms. Moreover, we gather social media statistics from the social media software platforms where HalioDx is present. Currently, this is LinkedIn, Twitter and Vimeo. The information is used for analytics views: numbers of visitor, impressions, visits, mentions, numbers of like and followers.

Web-page contact forms / enquiries

We collect your Personal Data when you ask questions related to our products or activities or when we manage your enquiries from our websites contact forms.  
 
Personal Data related to your enquiries are:  
•    First name and Last Name
•    Email address
•    Company/Institution name
•    Other information you have shared with us about yourself in relation with your enquiry 

Webinars

When you register for live or recorded HalioDx webinars, we ask you to provide your contact information (First Name, Last Name, Email, Country, City, Organization, Job Title, Field of activity and specific questions related to the webinar topic). In addition, we collect and track webinar performance by analyzing the numbers of participants, the length of participation, the numbers of views and the questions that were asked). Your consent is required while registering to webinars.

Events (like symposium)

When you register for our events, like symposium during congress, we collect and store your participation data (e.g. contact and event participation details). Your consent is required while registering to symposiums.

E-newsletters & press releases

When you are registered in our database, you receive news about HalioDx like E-newsletters or Press Releases. This means that you accept to receive information by e-mail. HalioDx sends newsletters and emailing only to people listed in its database.
 
We collect and track newsletter performance by analyzing the opening rates, click rates etc. Your consent is required while registering to our E-newsletters and press releases. If you decide not to receive our emailing anymore, you can at any time opt out with the “unsubscribe” link at the foot of any email from HalioDx.

SECTION 2: OUR LEGAL AND CONTRACTUAL OBLIGATIONS

The collection of your Personal Data may be necessary for the execution of the agreement we have entered into or to respect our legal obligations. Therefore, we collect several Personal Data such as your civil status, your name, gender, postal address, professional email address, phone number, banking and financial information, identification documents.

SECTION 3: HUMAN RESOURCES

HalioDx collects and Processes its employees’ Personal Data, as well as the Personal Data of applicants for a job in the company.  
 
The Personal Data collected under this process are, in particular, the civil status, the surnames and family names, gender, address, banking data, identification document and social security number.

SECTION 4: HEALTH DATA

HalioDx Processes Health Personal Data as part of its activity.
 
We strictly respect the Application Regulation relating to Personal Data and apply all technical and organizational security measures to the protection of your Personal Data.  
 
HalioDx ensures to pseudo anonymize Heath Data while Processing them.
 
We don’t use your Personal Data except if:

  • You have given explicit consent to the Processing of your Personal Data except where the Applicable Regulation to Health Data forbids such Processing;
  • Processing is necessary for the purposes of carrying out the obligations and exercising specific rights of HalioDx in the field of employment law in so far as it is authorized by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards;  
  • Processing is necessary to protect your vital interests where you are incapable of giving consent;
  • You manifestly made public your Personal Data;
  • Processing is necessary for the establishment, exercise or defense of legal claims; and
  • Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to an obligation of professional confidentiality.

WHAT DO WE USE YOUR PERSONNAL DATA FOR?

We collect your Personal Data in order to comply with our legal and regulatory obligations but also for the following purposes:

  • organize our contractual exchange;  
  • security of our exchanges;  
  • the management and the execution of agreements entered into between HalioDx and its clients;
  • personalize your experience by being able to respond to your individual requirements;
  • improve our service by evaluating your feedback and information;  
  • improve our customer service and technical support;  
  • send periodic emails including marketing emails – you can unsubscribe from any emailing through the “unsubscribe” link at the bottom of each email;
  • invite you to an event;  
  • the fight against fraud;  
  • the security of our internet websites.

LENGTH OF CONSERVATION OF YOUR PERSONAL DATA 

As for the Personal Datanecessary for the operational management of the agreement and invoicing of services, the information included in the contractual documentation will be kept for the duration of the agreement and ten years after the termination of this agreement due to our accounting and tax obligations.

As for the Personal Data collected as part of our operations of commercial prospection, they will be kept for a period of three years before being definitely deleted except in the event of a new contact from you.

  • As HalioDx contacts, your Personal Data are stored in our database system as long as your subscription to the newsletter or email services is active. Any recipient may request at any time to be removed from our contact database by writing an email to privacy@haliodx.com with “I wish to be removed from your contact Database” in your subject line and we will comply with that request. 
  • As HalioDx customers, your Personal Data are stored in our database system as long as we need them to provide you with requested products and/or service(s). At the end of the customer relationship, your Personal Data will be kept in our database system as a contact and your subscription to the newsletter or email services will remain active as long as you do not unsubscribe.

 
As for the Personal Data collected on the basis of the legitimate interest, HalioDx has a commercial interest to Process your Personal Data. This conservation of Personal Data will be time limited and not excessive. You can oppose at any moment to the Processing of your Personal Data collected on the basis of the legitimate interest by sending a message to the addresses mentioned in the contact section.
 
As for the Personal Data collected on the basis of a legal obligation or when the Personal Data are necessary for HalioDx to assert or defend his rights, HalioDx will only keep these Personal Data as long as necessary or until the claims and procedures are resolved.
 
As for the Personal Data collected on the basis of a consent, you can remove your consent at any moment by simply sending a message to the company to the addresses mentioned in the contact section.

HOW DO WE PROTECT AND SAFEGUARD YOUR PERSONAL DATA? 

All the information collected on the HalioDx websites are subject to confidential computer Processing and are stored in secure environments.  
 
Health Data collected and Processed by HalioDx are stored on secured servers in accordance with the Personal Data Applicable Regulation.  
 
This information is not public. However, as part of our activity we may share your Personal Data with trusted third parties such as: legal counsel, financial institutions (banks, etc.), experts, suppliers, service providers, medical personnel or technical contractors. We are committed to take all necessary organizational and technical security measures to ensure that our service providers effectively protect your Personal Data.

SHARING OF PERSONAL DATA 

We do not sell your Personal Data to third parties.  
However, your Personal Data may be shared on our behalf with our trusted third parties’ suppliers. Indeed, some business operations like delivering the intended product or service that you have requested from us or communication aspect are performed by our trusted third parties’ suppliers. They will only receive the information needed to perform the service and we require that they are compliant with this privacy policy.

YOUR RIGHT AS A DATA SUBJECT

HalioDx respects your right to privacy and you have the right, at any time: 
To be informed and to request access: You can request to receive information from HalioDx about your Personal Data we have in our database and how we use it. You can also receive a copy of this Personal Data. 
To ask for rectification and / or completion: You have the right to ask for Personal Data rectification if these data are incorrect or completion if they are incomplete. 
To ask for erasure (‘to be forgotten’): In some cases, your Personal Data can be erased or deleted. This might be the case:  

  • If you withdraw your consent.  
  • If you think that your Personal Data are no longer necessary for the purpose for which they have been collected, you can request their deletion.  
  • If your Personal Data were processed unlawfully, contrarily to other legal obligations or for a purpose that differs from what has been initially explained to you
  • If you object to the Processing of your personal data

To require restriction of Processing: You have the right to require the restriction of your Personal Data Processing if one of the following conditions, set out in the General Data Protection Regulation, is met:

  • the accuracy of the Personal Data is contested by you for a period which allows us to verify the accuracy of this information;
  • the Processing is unlawful and you refuse the deletion of the Personal Data and request that we restrict them instead;
  • we no longer need your Personal Data for Processing purposes, but you required them for the establishment, exercise or defense of legal claims. 
  • you object your Personal Data processing being based on our legitimate interests, and it is not yet clear whether our legitimate reasons prevail over yours.  

To object to the Processing: You have the right to object to the Processing of your Personal Data on the ground of compelling legitimate grounds relating to your particular situation. You may also object to our transfer of your Personal Data for direct marketing purposes, including any processing based on our legitimate interests. If your objection is justified, we will stop to Process your Personal Data.
To request data portability: You have the right to move, copy or transfer Personal Data from our database to another or to transmit those data to another person without hindrance. You can also request to receive your Personal Data, which you have provided to us, in a structured, common and machine-readable format. 

To revoke your consent: You have the right to withdraw your consent to our Processing of your Personal Data when such processing is based on consent. The revocation of your consent does not affect the lawfulness of our processing until the consent revocation. 
To lodge a complaint with a supervisory authority: You have the right to complain to a supervisory data protection authority (In France, the Commission Nationale de l’Informatique et des Libertés (CNIL), website: www.cnil.fr) of your country about our data protection and privacy practices.

Please note that there are exceptions to the various rights listed above. For example, we have a legal obligation to keep some of your Personal Data. 

We shall respond to your request within a period of a month. When your request is particularly complex, we have two additional months for a response. 

HalioDx has two Data Protection Officers in charge of the protection of your Personal Data. 

You can contact them at the following address: privacy(at)haliodx(dot)com

THE TRANSFER OF YOUR PERSONNAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA

Your Personal Data may be transferred for various purposes listed above to third countries in the European Economic Area. 
Outside EEA, HalioDx undertakes to only transfer your Personal Data to countries with an adequate security level or to use mechanisms ensuring the protection of your Personal Data (Standard Contractual Clauses, BCR, Privacy Shield, etc.) 
HalioDx will take all technical and organizational measures necessary to secure these transfers of Personal Data. Transfers of Personal Data to third countries (for example, in the United States of America) can be achieved especially when HalioDx, due to its contractual obligations, works with counterparties located outside the European Economic Area. 
The transfer of Personal Data to a subsidiary  

The transfer of your Personal Data to a subsidiary of HalioDx is only allowed if this transfer is made for specific and legitimate purposes, and if the subsidiary that receives the Personal Data complies with the Privacy Policy. The transfers are done using mechanisms recognized as compliant by the European Commission. The subsidiaries must also respect the possibly more restrictive local laws applicable to the transfer of Personal Data. 
Transfers of Personal Data to other Data Controllers, Subcontractors or Sub-processors HalioDx has concluded or will conclude appropriate written agreements with its contractors, to ensure that they Process your Personal Data in accordance with the instructions of HalioDx and they apply and maintain a level of appropriate security to the Personal Data. The transfer is done using mechanisms recognized as compliant by the European Commission. 
Transfers to third parties

HalioDx may need to disclose some Personal Data to third parties. 
These disclosures of Personal Data may intervene to respect the Applicable Regulation to Personal Data. 
HalioDx may also be required to disclose your Personal Data to protect the rights that it is granted by the law.

THE COLLECTION OF CHILDREN'S PERSONAL DATA

Legally in Europe, minors under 13 years cannot, in no case, give themselves their own consent to the processing of their Personal Data. In France, a minor under 15 years may not consent to the treatment of his Personal Data. 
HalioDx is committed to protecting the Personal Data and the privacy of children and does not Process children’s Personal Data. If the parents and/or legal guardians of a minor discover that the latter has provided Personal Data to HalioDx, they are invited to apply for the deletion of the Personal Data collected by sending a mail or an email to the addresses indicated in the present Privacy Policy. 

HalioDx Cookies Policy

HalioDx uses cookies on www.haliodx.com website and https://www.immunoscore-colon.com/.

Our Cookies Policy explains what cookies are, how we use cookies, how third parties we may partner with may use cookies on the Service, your choices regarding cookies and further information about cookies.

WHAT ARE COOKIES?

Cookies are small pieces of text sent by your web browser to a website you visit. A cookie file is stored in your web browser and allows the Service or a third-party to recognize you and make your next visit easier and the Service more useful to you.
Cookies can be "persistent" or "session" cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser.

HOW HALIODX USES COOKIES?

When you use and access the Service, we may place a number of cookies files in your web browser.
We use cookies to enable certain functions of the Service such as session and persistent cookies on the Service and we use different types of cookies to run the Service:

  • Essential cookies: We may use essential cookies to authenticate users and prevent fraudulent use of user accounts.
  • Google analytics cookies: HalioDx likes to understand how visitors use its websites by using web analytics services. They count the number of visitors and tell us things about the visitors’ behavior overall – such as identifying the search engine keywords that lead the user to the site, the typical length of stay on the site or the average number of pages a user views. For this purpose, we use Google Analytics to track web statistics. In this case, Google will place a “3rd party cookie” on your computer. This is also the case when we use Google Maps.

WHAT ARE YOUR CHOICES REGARDING COOKIES?

If you'd like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser.
Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.

WHERE CAN YOU FIND MORE INFORMATION ABOUT COOKIES?

You can learn more about cookies and the following third-party websites:

CONTACT HALIODX

For any question or query about this Privacy Policy or requests relating to your Personal Data, you can write to us at the following addresses:

CHANGES TO OUR PRIVACY POLICY 

This policy will be regularly reviewed and updated. If we decide to change or update our Privacy Policy, we will do so on this page. The last update is made with effect as from 16/01/2020. Please contact us if you have any questions regarding our Privacy Policy.  
 
In case of contradiction between several versions of the Privacy Policy, the latest version will prevail.

DEFINITIONS

"Applicable Regulation" means the GDPR, the law n° 78-17 dated 6 January 1978 relating to “l'informatique, aux fichiers et aux libertés”, as amended by the law n°2018-493 dated 20 June 2018 and the related regulations dated 1 August 2018 and 12 December 2018.
 
"Data Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
 
"Data Processor" means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the controller.
 
"Data Subjects" means persons whose Personal Data are processed.  
 
“European Economic Area” means the European economic area including, on the date of the DPA, the European Union, Norway, Island and the Liechtenstein.  
 
"GDPR" or "General Data Protection Regulation" means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and any related law and regulation.
 
"Heath Data" means the Personal Data relating to the physical or mental health of a natural person, including the service delivery of health care, which reveal information about the health of this natural person under GDPR. The Health Data are Personal Data.  
 
"Personal Data" means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
 
"Process(ing)" means any operation or set of operations which is performed on Personal Data or on sets of personal data, whether or not by automated means.
 
"Subprocessor" means any data processor acting on behalf and for the account of a Data Controller which is used by another Data Processor to process the Personal Data of this Data Controller. It being specified that the Data Processor remains liable toward the Data Controller for the Processing of the Personal Data.