Osivax is a public limited company with its corporate domicile and principal place of business at: 70 Rue Saint Jean Dieu, 69007 Lyon, France.
Osivax acts in conformity with the General Data Protection Regulation (“GDPR”) effective on May 25, 2018.
Personal data we may collect
- Job title (when applying for a vacancy at Osivax)
- Contact information (email address, telephone number)
- Address (including postal code)
- IP address
- Information relating to the vacancy you are applying for (including educational history and job offer)
Or when you voluntarily provide this information, the personal data provided by you will be used only for the purpose of responding to your query or your request for information. We will not use your personal data for direct marketing purposes.
The legal basis for our use of your personal data
- The legal basis for this processing is your consent to allow us to use your personal data; or
- We use our legitimate interests for the proper administration of our website and business; or
- The performance of a contract between yourself and us and/or taking steps, at your request, to enter into such a contract; or
- In other instances, we may need to collect and use your personal data for compliance with a legal obligation that we may be subject to.
Providing your personal data to others
We may disclose your personal data in the following instances:
- If required to do so by law and/or regulations;
- To the third parties stated in the Informed Consent Form you signed, such as to the CRO or medical institutions participating in the clinical trials;
- With service providers that carry out functions or services on our behalf that enable our operations. This includes our IT applications and systems, website analytics and search engine providers. This also includes the protection and securing of our systems and services.
International transfers of your personal data
We may store or transfer some or all of your personal data in countries that are not part of the European Economic Area (the “EEA” consists of all EU Member States, plus Norway, Iceland and Liechtenstein). This includes countries such as the United States of America.
These countries are known as “third countries” and may not have data protection laws that are as strong as those in the EEA. This means that we will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the EEA under the GDPR. Transfers to such countries will be protected by appropriate safeguards, namely the use of standard contractual clauses adopted and approved by the European Commission.
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Your principal rights under data protection law are:
- the right to access information;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to object to processing;
- the right to data portability;
- the right to complain to a supervisory authority; and
- the right to withdraw consent.
You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data, in an understandable form.
You have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent; you object to the processing under certain rules of applicable data protection law and the personal data have been unlawfully processed.
If you believe that any information we are holding on you is incorrect or incomplete or you want to object to our processing of your personal data, please write or email your request to us. We will respond within 30 days of receiving your request.
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a Supervisory Authority responsible for data protection.
Information We Collect
We collect this Information using the following technology:
– “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit https://www.allaboutcookies.org.
– “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
– “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
Links to other websites
How we protect your personal data
Osivax uses appropriate technical and organizational measures to ensure that the personal data we process is protected from unauthorized access, use, alteration, disclosure or destruction of your personal data.
Our contact details are:
Swely Bâtiment C “Slam”
70 Rue Saint Jean Dieu
Data protection officer
If you have any questions or wish to exercise your rights, please contact us. Alternatively, you may contact our Data Protection Officer.
Our Data Protection Officer can be contacted on: firstname.lastname@example.org