Privacy Policy – REVATIS S.A.

General

We have always been careful to protect personal data that we collect and process. To this end, REVATIS undertakes to fully comply with the regulations in force applicable to the processing of personal data and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (also named General data protection regulation ”) and the Belgian law of 30 July 2018 on the protection of individuals with regard to the processing of personal data.

The purpose of this “Privacy policy” statement is to describe how REVATIS collects, uses and discloses your personal information, whether as part of the assistance we give you for any question you ask us, about your visit on our website or blog, the provision of a service from us or a service we ask to you, your application for a job offer or simply as part of our collaboration.

This Privacy Policy therefore applies to personal data of users of our Website or blog, Candidates for a job offer, employees, Customers, Suppliers, employees from our public or private Partners, and to other people whom we are required to contact within the framework of the development of our activity.

We inform you that we may amend this Privacy Policy at any time. Please visit our site to view any changes we will post there.


 

1. What types of personal data do we collect?

1.1. Internet users of our website / blog

It is possible to visit our website without providing any personal data. However, when you visit our site, we may automatically collect certain information whether or not you decide to use our services. These information include your IP address and the dates, times and frequency you access our site and how you browse its content.

We automatically collect your data using cookies, depending on your browser settings for the use of cookies. To find out more about our cookies policy, including how we use them and the choices you have, please see our “Cookie Policy” notice below.

We also collect data from you when you contact us through the website / blog, for example by using the “chat” function or when you ask us a question. The data we collect, following your request, will mainly be:

  • your first and last name
  • your email
  • your phone number
  • any other personal data that you have voluntarily communicated to us.

1.2. Customers

When you are a Client of REVATIS for a service or the purchase of a product (ex: purchase of a drug or medical device, Sampling, etc.) we are required to collect personal data.

REVATIS needs the contact details of the people in your company / institution who are in charge of the contract between your company / institution and REVATIS (to ensure the management and monitoring of your file and / or customer data (We will therefore ask mainly the following data:

  • Last name and first name
  • E-mail address
  • Telephone number (mobile phone)
  • Data on the holder of the animal to be cured
  • Medical data relating to the animal or the patient (age, characteristics, medical file, history, vaccination, information linked to an electronic identification chip, etc.)
  • Data relating to the veterinarian who monitors the animal (name, first name, mobile phone, email address, address)
  • Mutual insurance, insurance and bank details of Customers

We may also hold additional information that someone in your company has chosen 3 to communicate to us or that Customer has communicated to us. If for any reason we need additional personal data, we will notify you such request.

When you are a customer of REVATIS for the purchase of supplies (e.g. gel, prostheses, PRP Kit, etc.), we are required to collect personal data to enable us to prepare and send you your order. This is either data relating to the personnel of your company in charge of the order or your personal data when you buy our products as a natural person.

We will therefore mainly request the following data:

  • Last name and first name
  • E-mail address
  • Telephone number (mobile phone)
  • VAT number
  • Postal delivery address

1.3. Suppliers / Subcontractors

If you are a Supplier or Subcontractor of REVATIS, we are required to collect personal data which are however limited. REVATIS does indeed, in principle, only need the contact details of the people in your company who are in charge of the subcontract that binds your company with REVATIS in order to manage and monitor the services requested.

We will therefore request the following data:

  • Last name and first name
  • E-mail address
  • Telephone number (mobile phone)

In some cases, we may collect your bank data in order to pay you if your bank account is not in the name of your company. We may also hold additional information that someone in your company has chosen to share with us. If for any reason we need additional personal data, we will notify you our request.

1.4. Public / private partners

If you are a public or private partner of REVATIS, we are required to collect personal data which are however limited. REVATIS does indeed, in principle, only need the contact details of the people with your organization / company who are in charge of the business which links your organization / company with REVATIS in order to ensure the management and monitoring of our collaboration or the file. We therefore collect the following data:

  • Last name and first name
  • E-mail address
  • Telephone number (mobile phone)

We may also hold additional information that someone in your organization / company has chosen to share with us. If for any reason we need additional personal data, we will notify you.

1.5. Applicants for a job offer, trainees, temporary workers, employees, independent contractors

As candidate of a job offer, intern or temporary or independent collaborators with REVATIS, we may be required to collect the following data:

  • Last name ;
  • Age / date of birth;
  • Number assigned at birth;
  • Sex / gender;
  • Marital status ;
  • Contact information ;
  • Training;
  • Professional experience ;
  • Immigration status (whether or not you need a work permit);
  • Nationality / citizenship / place of birth;
  • A copy of your driving license and / or passport / identity card;
  • Social security number and other tax information;
  • Information relating to disability;
  • Information on any criminal conviction if this is required for the position to which you wish to apply;
  • Information on your current compensation, your pension plan and your benefits;
  • Information on your areas of interest and needs regarding your future job;
  • Additional information that you choose to communicate to us;
  • Additional information about you that our Customers / partners can communicate to us, or that we find from third-party sources;
  • IP address ;

Please note that the above list of categories of personal data that we may collect is not exhaustive.

These data are necessary to enable us to conclude an employment contract or to meet legal obligations.

1.6. Participants in research & development projects

In case of research and development activities in the field of cell therapy, we will be required to collect a series of personal data relating to the volunteer candidate for this research. Our researchers will be subject to the rules of professional secrecy and the rules of medical ethics. Your data will, as far as possible, be anonymized or pseudonymized, if anonymization is impossible due to the characteristics or conditions of the research.

In the event of pseudonymization, your personal data is limited to your initials (or another code), your date of birth and your gender. Each patient is thus recorded in a database under a unique and non-informative number, which will be the one used for research purposes. Except the authorized third Party (ex: Hospital where you are treated), no one will be able to identify you as an individual from the stored data.

The personal data that we may collect in the context of our research & development activities are:

  • last name and first name
  • age
  • sex
  • address
  • E-mail adress
  • phone
  • information relating to your medical file
  • medical or family history
  • biological material / blood or tissue samples
  • x-rays
  • insurance number
  • any other data required for research & development activity.

1.7. Visitors to our premises and buildings

If you visit us in our premises and buildings, we will collect the following personal data:

  • last name and first name
  • E-mail
  • phone number
  • any other data required to ensure compliance with the security procedures of our establishments.

2. How personal data is collected?

2.1.Visit of our website / blog

We may collect certain data automatically or data that you voluntarily provide to us so that we can respond to you.

2.2. Customers / Suppliers / Partners

We will receive personal data directly from you in two ways:

  • When you proactively contact us, usually by phone or email;
  • When you access our website
  • When registering, if necessary, for a personal account on our website
  • Through our employees / collaborators within the framework of their missions.

If applicable and in accordance with applicable laws and regulations, we may obtain further information about you through:

  • Third-party market research and online and offline media analytics (which we can do ourselves or through other companies);
  • Public databases;

2.3. Candidates for a job offer, employees, trainees, temporary workers or independent contractors

We collect personal data from applicants in three ways:

  • You communicate your personal data directly to us by post or by any other electronic means;
  • Your data is communicated to us by other sources such as our customers, an employment agency, a third party, a site offering services / jobs.
  • During your visit to our website (see above).

2.4. The candidates for our research & development activities

We collect personal data from candidates, either directly from the candidate in case of research initiated by REVATIS, or indirectly from the research promoter when REVATIS acts as a subcontractor.

2.5. Visitors

We collect your personal data during your visit by registering your data in the visitor book registry.

3. Purposes and legal bases of processing

In general, personal information is only used to allow us to provide the service requested, to respond to an order for products, to manage clinical trials, to communicate with you, to improve or develop our services or products, to offer you targeted advertising and services, to protect us and our customers or partners or to benefit from a service or product that we have purchased from you, to allow us to carry out our research activities & development or training / education.

More specifically, we use your personal data to:

  • allow us to improve the use you make of our site, the legal basis being your consent to the use of our cookies and our legitimate interest in order to be able to offer you an optimal website;
  • assess the adequacy of our job offers in relation to your profile. The legal basis will be your explicit consent and our legitimate interest in order to hire a candidate who meets our requirements;
  • Communicate with you to answer your questions or requests subject to your express consent.
  • Execute our obligations required by contract (sales, subcontracting or collaboration contract) or be able to contact you about our agreements. The legal basis being the contract which binds us and our legitimate interest in order to be able to provide a service perfectly adapted to your request or to obtain from you a service in accordance with our wishes;
  • ensure the administrative management of patients or animals of our partner veterinarian, the legal basis being the contract which binds us;
  • carry out our research & development missions in order to improve people’s health and care techniques as well as for teaching and training purposes. The legal basis being our legitimate interest and the accomplishment of our scientific research mission or the respect of a legal obligation during clinical studies carried out within the framework of a marketing of a drug.
  • meet legal and regulatory obligations;
  • manage clinical trials. The legal basis will be legal and regulatory obligations or our legitimate interest in the fulfillment of our scientific research missions;
  • send you invitations, promotions, offers, for events including networking, visits to companies or fields, training, symposia, seminars or exhibitions, customer events, as well as general information on the sectors of activity relating to your scope of interest or the activities and services of REVATIS. This communication is based on your explicit consent. Likewise, subject to your express prior consent, we may share your personal information with third party partners, who may send you commercial communications related to their products and services. You can however, at any time, refuse these direct marketing communications by means of a notification to our attention or via the unsubscribe link which will be available in our communication. The legal basis for this processing will be your express consent;
  • display extracts of your information for promotional purposes on the REVATIS website or blog in order to present your activities in case REVATIS whishes highlight “success stories” in the frame of the collaboration with you and REVATIS. The legal basis will be your express consent.
  • perform satisfaction studies or surveys in order to adapt and improve our services or products. The legal basis is your express consent;
  • Help us establish, exercise or defend legal rights. These may occurs in situations in which we need to obtain legal advice in relation to legal proceedings or we are required by law to keep or disclose certain information as part of the legal proceedings. The basis of our processing will be our legitimate interest and compliance with legal and regulatory provisions.
  • The security of our services and websites / blog. In this case, we use your personal data to help us verify the activities of users of our services, our website or blog, in order to promote security and prevent any activity that is potentially illegal or in violation of our conditions or policies. This processing will be based on our legitimate interest that we have to contribute to the security of our services and our goods.
  • the security of our premises and buildings. This processing will be based on our legitimate interest that we have in ensuring the security of our establishments, the confidentiality of our business secrets and the security of people within our establishments.

In the event that the legal basis for the processing is our legitimate interest, REVATIS shall ensure that the impact of the processing on the protection of your privacy is as limited as possible and in all cases, the balance between the REVATIS interests and its partners and the possible impact on the protection of your privacy is not disturbed. If you still have objections to this processing, you can exercise your right of opposition explained below.

REVATIS will not sell or rent your personal data to third parties, unless you have authorized it.

4. What are your rights regarding the processing of your personal data by REVATIS, and who can I contact the Data Controller ?

You have rights regarding the processing of your personal data. If REVATIS asks you an explicit authorization for a particular processing of your data, you can always thereafter, withdraw your consent at any time.

The main rights you have are the following:

Right to consult your personal data

You can consult your personal data at any time. You just need to contact us at the address mentioned below (Data controller). We will then provide you with the fullest possible overview of your data.

Right to rectify your data

The data in our possession may no longer be up to date or correct. You can at any time request that these data be rectified or supplemented.

Right to object, to delete your data

If it seems to you that your data is not being used in an appropriate manner, you can ask us to have your data deleted from our registers or even limit its use.

Right to transfer your data

You also have the right to request the transfer of your data to yourself or to a third party. GDPR however places some limitations on this right which is therefore not applicable to all data.

Right to file a complaint

You have the right to file a complaint against any violation of your rights before the Data Protection authority if you consider that REVATIS has not acted in accordance with the applicable legislation (see contact of Data Protection authority under the article “Data Controller”).

You can exercise your rights, ask us any question or comment about this policy at the address mentioned under the “Data controller” article. We will do our best to process your request as soon as possible, and in any case, within one month (subject to extensions authorized by law).

Please note that we will not be able to access your objection request if:

  • we can demonstrate that we have legitimate and compelling reasons to process your data which prevail over your interests or another reason which justifies the continued processing of your personal data (ex: legal obligation); or
  • we process your data for the purpose of establishing, exercising or defending legal claims.

5. Data Controller

In accordance with the Belgian law of 8 December 1992 on the protection of privacy with regard to the processing of personal data and its subsequent modifications, as well as with European regulations including Regulation 2016/679, General Regulation on Data Protection also entitled GDPR, the person responsible for your personal data is:

REVATIS S.A.
Avenue de l’Hopital 11, B34,
4000 Liège
VAT / ECB: 0541.682.642
mail: [email protected]

To contact us, you can send your requests directly to the Data Protection Officer (DPO) at the following email address or at the postal address mentioned above:

DPO: Mr Philippe PARTOUNE
email: [email protected]
phone: +32494766424

Please note that this email address can only be used for inquiries relating to the process of personal data.

For any request, we will ask you for proof of your identity by sending a copy of your front / back identity card. We may also request any additional information we deem necessary regarding your request. If we have access to the information we hold about you, we will not charge you for this access unless your request is “manifestly unfounded or excessive”. In this case, we may charge you a reasonable administrative fee to the extent permitted by law.

Belgium Data Protection Authority

You can contact the Data Protection Authority in Belgium as follows:

  • Phone: +32 (0)2 274 48 00
  • Fax: +32 (0)2 274 48 35
  • E-mail: contact(at)apd-gba.be
  • By mail: Belgium Data Protection Authority, Rue de la Presse 35, 1000 Bruxelles / Brussels, Belgium

8. Security

REVATIS has implemented numerous technical, physical and organizational security measures in order to ensure the integrity, confidentiality and availability of the data of any people who are required to interact with REVATIS.

REVATIS has, in particular, implemented security techniques to protect personal data stored in computer servers against unauthorized access, inappropriate use, alteration, illegal or accidental destruction and accidental loss.

REVATIS is engaged in a process of monitoring and continuous improvement of its security procedures in order to take into account new technologies or new risks.

REVATIS has also put in place contracts and imposed specific obligations with its subcontractors, partners or staff so that the manual and electronic processing of any personal data is treated confidentially and in appropriate security measures in order to avoid misuse of this data.

If you suspect improper use, loss or unauthorized access to your personal information, please notify us immediately: [email protected] (DPO)

9. Who has access to my personal data?

We can share your personal data with the following categories of people provided that they have an imperative need to know your personal data for the mission which is requested of them either on the basis of a ‘need-to-know’:

  • our collaborators who are called upon to process your file (employees, independent contractors, partners), your doctor or veterinarian, the hospitals and care centers where you are followed;
  • collaborators of our subsidiaries or partners in research, or any other ministry or public authority involved in research files;
  • employees of tax, insurance, mutual insurance, bank or any other public body when the law or any other regulation requires that your personal data be communicated to them;
  • third-party service providers who act on our behalf including in particular lawyers, bailiffs, external consultants, auditors, IT providers, communication companies, building cleaning and maintenance staff, staff in charge security of goods and people etc. ;

10. Will my personal data be transmitted outside of Belgium?

In fulfilling its missions, REVATIS works with many international partners, including researchers from scientific, academic or clinical institutions, the European Medicines Agency, the pharmaceutical industry and other institutions and healthcare providers. REVATIS may be required to communicate your personal information to partners, joint ventures, subsidiaries whose headquarters are located outside the European Economic Area. In these cases, standard contractual clauses adopted by the European Commission would be imposed on the recipient if your personal data is not sufficiently protected in the country of destination.

11. How long will my personal data be kept for?

We only keep your personal data for the time necessary for the purposes described above. In principle, we will delete your personal data from our systems in the absence of 12 contact with you or with the company with which you work and which is in a business relationship with REVATIS or after the end of the contract which binds your company or you with REVATIS after an uninterrupted period of two years.

However, we may keep your personal data for a longer period of time if required by law or regulation.

For the personal data of the collaborators of our partners or our customers, the personal data will be deleted at the end of a period of 2 years after we are informed by our partner or customer that you no longer work for them.

For candidates for employment with REVATIS, personal data will be kept at the end of the candidate selection period for a maximum of 2 years.

For participants in a research, the data will be kept in principle for a period of 30 years or more depending on the characteristics of the research.

We may also keep your data for periods which are imposed on us by any law or regulation in force (ex:billing obligations or contractual obligations).

12. Modifications and amendments

We may make changes to this Privacy Policy from time to time in order, primarily, to adapt to new legal and regulatory requirements. Any modification takes effect immediately after the publication of the updated Privacy Policy. In the event of a substantial modification, a notification will be highlighted before their entry into force or it will be sent to you directly. When you continue to use our services after the effective date of the amended Privacy Policy, we will consider that you accept these modifications.