BioMar's Newsletter Privacy Policy

BioMar Personal Data Policy (GDPR)

BioMar is committed to respecting the privacy of its employees and business partners. We adhere to strict standards when processing personal information. All data collected and held by BioMar will be processed fairly, transparently, carefully and in compliance with the applicable data privacy laws. BioMar Group takes the obligation to process personal data in accordance with all applicable legislation as well as high ethical standards. The protection of personal data and the rights and integrity of individuals is of vital importance to BioMar Group. This Data Privacy Policy sets out how BioMar Group processes and protects personal data in order to safeguard our ethical principles and comply with applicable data protection legislation at all times.

­


­

General Principles

To ensure a high standard for processing personal data, BioMar Group adheres to the following general principles in relation to the processing of personal data:

Lawfulness and fairness

Personal data is processed in a lawful and fair manner and in accordance with the Data Subjects’ rights as defined in legislation applying to entire BioMar Group as well as to the local company. The EU/EAA data protection rules apply to the companies within BioMar Group as minimum requirements.

If local legislation and EU/EEA data protection rules are conflicting, the local legislation will apply.

Purpose limitation

Personal data is only collected for specified, explicit and legitimate business purposes. Further, personal data will solely be used for the purposes for which the data was originally collected for and which the data subject has accepted.

Transparency

When collecting personal data from Data Subjects or via third parties, it is ensured that the Data Subject(s) in question will be provided with the information required by applicable law. Furthermore, Data Subjects are at all times entitled to request information on which personal data is collected about them.

Data minimisation

In BioMar, we only process personal data strictly required to operate the business. We do not process any data related to data subject(s) which is not strictly related to business transactions. Any personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

Accuracy

Any personal data processed is being kept accurate and, where necessary, up-to-date.

Storage limitation and retention

Personal data is only processed in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data is collected and processed. BioMar Group has in place retention procedures and policies to ensure personal data is deleted in a correct manner.

Any data subject can request personal data to be deleted and the company is obliged to follow the request unless the data is required for legal or justified business purposes. In case of any dispute regarding handling of personal data the data in question must be kept unaltered.

Confidentiality

Any personal data that is processed is regarded as confidential information. BioMar Group guarantees confidentiality by ensuring its employees are aware of the confidential nature of personal data and by educating its employees on how and by whom defined categories of personal data may be processed.

Personal data are never transferred to non-authorized employees or external cooperation partners unless active and specific consent has been given.

Security Standards

BioMar Group has in place technical and organisational security measures to protect personal data against accidental or unlawful destruction, loss or alteration and against unauthorised disclosure, abuse or other processing in violation of applicable law.

To safeguard high standards in terms of data security BioMar Group complies with a comprehensive information policy/IT security policy.

­


­

Transfer of Data and Use of Data Processors

BioMar Group sets a high standard for the processing obligations of suppliers. Therefore, we ensure that all data processing agreements complying with the requirements in our global processor agreements standards are in place with any processors and/or sub-processors used for personal data.

BioMar Group only transfer personal data to a country not governed by the EU/EEA data protection rules to the extent the Data Subject has consented to such transfer or if other legal means for transferring data can be identified.

Personal Data Breach

In the event BioMar identifies or is informed that the security of the processing of personal data has been compromised or is likely to be compromised, or there in any other way has been an unauthorised or accidental disclosure of or access to personal data, we will immediately inform the relevant Data Subjects whose data has or may have been compromised as well as relevant authorities. Any personal data breach is handled in accordance with a data breach procedure.

Data Protection Manager

To ensure compliance with data protection regulation BioMar Group has appointed a Data Protection Manager. The Data Protection Manager oversees compliance with data protection rules, safeguard training of relevant BioMar Group employees, initiate audits and handle all questions with respect to personal data.

Audits

The global data policy is integrated in the management systems and audited by external auditors. BioMar Group runs data audits with the view of managing and mitigating risks in all companies belonging to BioMar Group. The audits will be conducted by the Data Protection Manager.


Brevo Privacy Policy

Privacy Policy Personal Data Protection

This is the Privacy Notice for Sendinblue SAS (collectively referred to asBrevo,” “us,” “our,” or “we”).

In the course of its activity and for the purposes of providing the Services (as defined in our General Terms of Use), Brevo is required to collect and process the personal data of its users (hereafter referred to as the “Users”).

This privacy policy, implemented by Brevo, is intended to provide the Users with a summary and overview of the processing of personal data carried out by Brevo.

Brevo attaches particular importance to the respect for the privacy of the Users and of the confidentiality of their personal data, and is thus committed to processing the data in compliance with the applicable laws and regulations, and in particular Law No. 78-17 of 6 January 1978 relating to Information Technology, Data Files and Civil Liberties (hereafter referred to as the “Data Protection Act”), and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereafter referred to as the “GDPR”).

Definitions

Personal data: any information relating to an identified or identifiable natural person, that is, a person who can be identified, directly or indirectly, by reference to an identification number or to one or more elements specific to that person.

Processing of personal data: any operation or any set of operations relating to personal data, whatever the process used, and in particular the collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, as well as locking, erasure, or destruction.

Cookie : a cookie is a piece of information placed on the hard drive of Internet users by the server of the site they visit. It contains several pieces of data: the name of the server which installed it, an identifier in the form of a unique number, and possibly an expiry date. This information is sometimes stored on the computer in a simple text file that a server accesses to read and save pieces of information.

Data Controller – DPO

The data controller for the processing of the personal data referred to herein is Brevo, a simplified joint stock company with a share capital of 387,722 Euros, registered with the Paris Trade and Companies Register under number 498 019 298 and whose registered office is located at 106 boulevard Haussmann, 75008 Paris, France.

Brevo has appointed a Data Protection Officer who can be contacted at the following address: dpo@brevo.com.

Data collected

Brevo collects data from Users in order to make the Services for which they have subscribed to the platform available to them.

The mandatory or optional nature of the data provided (in order to complete the Users’ registration and to render the Services) is indicated at the time of collection by an asterisk.

In addition, certain data is collected automatically as a result of the User’s actions on the site (see the paragraph on cookies).

Purposes

The personal data collected by Brevo during the provision of the Services is necessary for the performance of the contracts concluded with the Users, or to allow Brevo to pursue its legitimate interests while respecting the rights of the Users. Certain data may also be processed based on the Users’ consent.

The purposes for which Brevo processes data are the following:

  • commercial and accounting management of the contract;

  • management of customer acquisition and marketing activities;

  • detection of malicious behaviour (fraud, phishing, spam, etc.);

  • the improvement of the Users path on the site;

  • more generally, any purpose referred to in Article 2 of Deliberation No. 2012-209 of 21 June 2012 creating a simplified standard for the automated processing of personal data relating to the management of users and prospects.

Recipients of the data

The personal data collected is intended for Brevo’s commercial and accounting departments. It may be transmitted to Brevo’s subsidiaries, or to third-party data processors which Brevo is authorized to use within the context of the performance of its Services.

In this context, personal data may be transferred to an EU or non-EU country. Brevo implements guarantees ensuring the protection and security of this data, in compliance with applicable rules and regulations.

Brevo does not transfer or rent personal data to third parties for marketing purposes without the express consent of the Users of Brevo.

In addition, personal data may only be disclosed to third parties for purposes other than marketing in the following cases:

  • with their authorisation;

  • at the request of the competent legal authorities, upon judicial request, or in the context of a legal dispute.

Services

In this context, personal data may be transferred to an EU or non-EU country. Brevo implements guarantees ensuring the protection and security of this data, in compliance with applicable rules and regulations.

Brevo does not transfer or rent personal data to third parties for marketing purposes without the express consent of the Users of Brevo.

In addition, personal data may only be disclosed to third parties for purposes other than marketing in the following cases:

  • with their authorisation;

  • at the request of the competent legal authorities, upon judicial request, or in the context of a legal dispute.

Data retention period

To satisfy its legal obligations or in order to have the necessary elements to assert its rights, Brevo will be able to retain the data under the conditions established by applicable rules and regulations.

Thus, personal data collected by Brevo relating to the identity and contact details of its Users is retained for a maximum period of two years after the termination of the contractual relationship for Users that are customers, or from their collection by the data controller or the last contact from the Users that are prospects, for the data relating to the latter.

The termination of the contractual relationship is understood as the express termination of the contract by the User, or the non-use of Brevo Services for a period of five years.

Rights of Users

In accordance with applicable rules, the Users have the right to access and rectify their personal data, which enables them to rectify, complete, update, or delete data that is inaccurate, incomplete, ambiguous, or outdated, or whose collection, use, communication, or storage is prohibited.

The Users also have the right to request the limitation of the processing, and to oppose on legitimate grounds the processing of their personal data. The User may also communicate instructions on the fate of their personal data in the event of their death.

Where applicable, the User may request the portability of their personal data or, where the legal basis for the processing is consent, withdraw their consent at any time.

The Users may exercise their rights by sending an email to dpo@brevo.com or a letter to: Sendinblue SAS  — DPO Team
106 boulevard Haussmann, 75008 Paris, France

These requests shall be processed within a maximum period of 30 days.

The Users may also at any time modify the data pertaining to them by logging on to https://www.brevo.com and clicking on “edit my profile” or by contacting the customer relations department at support@brevo.com

The Users may unsubscribe from the Brevo newsletter or marketing emails by following the unsubscribe links in each of these emails.

In the event of a dispute, the Users may file a complaint with the CNIL, for which contact details may be found at https://www.cnil.fr.

The Users may access detailed information on the use of their personal data, in particular concerning the purposes of the processing, the legal bases enabling Brevo to process the data, its storage period, its recipients, and, where applicable, its transfer to a country outside the European Union as well as the related compliance guarantees put in place for such transfers. To do so, the User can send their request by email to dpo@brevo.com.

Additional terms regarding the use of the Inbox Feature

Brevo’s platform complies with the Google API Services user Data Policy, including the Limited Use requirements. Any use and transfer of information received from Google API’s from Brevo’s platform to any other applications will require to adhere to Google API Services User Data Policy, including the Limited Use requirements.

Notwithstanding anything else in the present Privacy Policy, if the User provides Brevo access to their Gmail user data, Brevo shall:

  • only use access to read, write, modify, or control Gmail message bodies (including attachments), metadata, headers, and settings, allowing Brevo to provide a web email client for the Users to compose, send, read, and process emails;

  • never transfer such data to other parties unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets;

  • in no way use such data for its management of customer acquisition and marketing activities;

  • in no way use such data to serve advertisements;

  • not allow humans to read this data unless Brevo has the User’s affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for Brevo’s internal operations, and even then, only when the data have been aggregated and anonymized.

Cookies

For more information about how Brevo handles cookies, please visit our cookie policy page.

Security

Brevo has taken all necessary precautions to preserve the security of personal data and, in particular, to prevent it from being accessed by unauthorized third parties, distorted, or damaged.

These measures include the following:

  • Multi-level firewall.

  • Proven solutions for anti-virus protection and detection of intrusion attempts.

  • Encrypted data transmission using SSL/https/VPN technology.

  • Tier 3 and PCI DSS certified data centres.

In addition, access to processing data on behalf of Brevo by the receiving third-party services requires authentication of the persons accessing the data, by means of an individual access code and password, that is sufficiently robust and regularly renewed.

Data transmitted over unsecured communication channels is subject to technical measures designed to make such data incomprehensible to any unauthorised person.

Any questions about the security of the Brevo website can be directed to support@brevo.com.

Modification of the Privacy Policy

Brevo reserves the right to change this Privacy Policy to comply with changes in the applicable laws and regulations.

The Users shall be notified of any changes made to this policy via our website or by email at least thirty days prior, when possible, to their entry into force.

Contact

Any questions about Brevo’s Privacy Policy can be directed by email to dpo@brevo.com or by mail to: Sendinblue SAS – DPO Team
106 boulevard Haussmann, 75008 Paris, France