Privacy Policy
The General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) governs the processing of personal data relating to natural persons.
ARTICLE 1 – PURPOSE
The purpose of this Privacy Policy is to inform individuals whose personal data are processed by ODIMMA THERAPEUTICS (the “Data Controller”) about the collection, processing and protection of their personal data.
ARTICLE 2 – SCOPE OF APPLICATION
This Privacy Policy (the “Policy”) applies to all processing of personal data carried out by the Data Controller in connection with its business activities, with the exception of:
- personal data processed in the context of research activities (including clinical trials), which are governed by specific agreements with the data subjects; and
- personal data relating to employees and collaborators of the Data Controller.
The Data Controller may engage external service providers such as accountants, IT consultants or webmasters to process certain personal data on its behalf.
This Policy is independent of any other agreement or contractual document concluded with the Data Controller. In the event of any inconsistency, the provisions of the relevant specific agreement shall prevail.
ARTICLE 3 – COMMITMENT
The Data Controller undertakes to process personal data in strict compliance with the GDPR and to collect only the data necessary for the intended purposes.
The Data Controller shall inform data subjects of any significant modification to the processing activities, their purposes or to this Privacy Policy.
ARTICLE 4 – PERSONAL DATA COLLECTED
4.1 Types of Data
The Data Controller may collect the following categories of personal data:
- Identification data (surname, first name, postal address, email address, telephone numbers, professional activity, position, social media username);
- Website usage data (IP address, browser type, operating system, connection dates and times, browsing duration, session cookies);
- Photographs, where consent has been granted (typically during events);
- Professional information (for example when submitting a CV or job application).
Cookies
The Website uses cookies to improve user experience and website functionality. Some cookies are strictly necessary for the operation of the Website, while others require the Visitor’s consent.
Visitors may refuse or disable cookies through their browser settings; however, certain functionalities of the Website may then become unavailable.
4.2 Data Collection Methods
Personal data may be collected through:
- Business cards voluntarily provided by individuals;
- Contact forms submitted via www.odimma-therapeutics.com;
- Unsolicited job applications and CV submissions;
- Subscription to online services such as newsletters, blogs or other communications.
ARTICLE 5 – PURPOSE OF PROCESSING
Personal data may be processed for the following purposes:
- Managing relationships with individuals interested in ODIMMA Therapeutics and visitors to the Website;
- Sending newsletters and corporate communications;
- Organizing events, workshops and conferences;
- Sending seasonal greetings;
- Fulfilling legal and administrative obligations;
- Recruitment activities;
- Website analytics, audience measurement and continuous improvement of the Website.
ARTICLE 6 – LEGAL BASIS FOR PROCESSING
Personal data are processed on one or more of the following legal bases:
- Legitimate interest;
- Performance of a contract;
- Consent of the data subject.
ARTICLE 7 – DATA RECIPIENTS
Access to personal data is limited to authorized ODIMMA Therapeutics personnel and approved external service providers, including:
- Interns;
- IT service providers;
- Marketing service providers.
Where required by law or regulation, personal data may also be communicated to:
- Public administrations;
- Regulatory and tax authorities;
- Accounting and financial authorities.
ARTICLE 8 – DATA RETENTION
Personal data are retained for the following periods:
- 2 years following the last contact or website interaction for identification data;
- For the duration necessary to perform contractual obligations where applicable;
- 1 year for unsolicited job applications;
- 5 years where required by accounting, tax or regulatory obligations.
ARTICLE 9 – DATA SUBJECT RIGHTS
Individuals have the right to:
- Access their personal data;
- Update or rectify inaccurate data;
- Object to the processing of their personal data;
- Request deletion of their personal data where legally applicable;
- Request portability of their personal data.
Requests may be submitted by email to:
or by post to:
ODIMMA THERAPEUTICS
ISIS, 8 Allée Gaspard Monge
67000 Strasbourg
France
A copy of a valid identity document may be required to process such requests.
ARTICLE 10 – PERSONAL DATA AFTER DEATH
In accordance with French data protection legislation, individuals may provide instructions concerning the retention, deletion or communication of their personal data after their death.
Such instructions may be communicated to the Data Protection Officer by email or post, accompanied by proof of identity.
ARTICLE 11 – DATA PROCESSORS
The Data Controller may appoint third-party service providers, including accountants, webmasters, IT providers, security companies and other contractors.
The Data Controller undertakes to ensure that such processors comply with applicable data protection regulations.
ARTICLE 12 – DATA SECURITY
The Data Controller implements appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.
Any personal data breach shall be notified to the French Data Protection Authority (CNIL) where required by applicable law.
ARTICLE 13 – DATA PROTECTION OFFICER
The Data Protection Officer (DPO) is the contact person for all questions relating to personal data protection.
Email:
ARTICLE 14 – RIGHT TO LODGE A COMPLAINT
Individuals have the right to lodge a complaint regarding the processing of their personal data with the French Data Protection Authority (CNIL):
CNIL – Service des Plaintes
3 Place de Fontenoy
TSA 80715
75334 Paris Cedex 07
France
Telephone: +33 (0)1 53 73 22 22
ARTICLE 15 – MODIFICATIONS
This Privacy Policy may be updated at any time to reflect changes in legislation, case law, guidance issued by the CNIL or any other competent European supervisory authority, or changes in the Company’s data processing activities.
The latest version of this Privacy Policy shall be published on the Website.