Privacy policy

Information Notice About Data Protection.

We care about your privacy and the protection of your rights. The law on data protection in Europe is evolving as the EU General Data Protection Regulation (GDPR) has become effective across the European Union from 25 May 2018. According to the GDPR, we must provide you with the following information.

The conduct of our activities implies the processing of personal data, obtained or not from you, including the personal data of subjects who are in the European Union. Most of the personal data we process are anonymized or pseudonymised.

The new Belgian regulation on data protection in Scientific Research has not yet been adopted. Our privacy policy is therefore in the process of being updated. When the new Belgian regulation will be effective, our privacy policy will be completed and we will bring it to your attention when you next visit in.

According to GDPR, PROMETHERA with headquarters rue Granbonpré, 11 at B-1435 Mont-Saint-Guibert is the controller of the data we process. PROMETHERA ensures fair and transparent processing in respect of the data subject. The data are being processed exclusively for the purpose of Scientific Research.

If you are a patient participating in a clinical trial sponsored by PROMETHERA and you want to know more about your rights and for any request regarding your data privacy rights, feel free to contact us at dpo@promethera.com. If you have any questions or comments about the GDPR compliance of PROMETHERA, you may also contact our Data Protection Officer at dpo@promethera.com.

You also have the right to lodge a complaint before a supervisory authority if you consider that the processing of your personal data by PROMETHERA infringes the regulation.

Thank you.

---

Please read the Privacy Policy carefully.
It contains important information about your rights and obligations.

1. General Warning
2. Data Controller
3. Data Collected
4. Purpose of processing the data
5. Rights of the data subject
6. Periode of storage
7. Complaint with the supervisory authority
8. Security
9. Communication to third parties
10. Transfer to a non-eu contry or company
11. Direct marketing
12. Note concerning minors
13. Updates and changes to the policy
14. Validity of the contractual clauses
15. Applicable law and competent court

1. General Warning

1.1 The S.A. PROMETHERA (hereinafter, « PROMETHERA ») respects the privacy of its data subjects (hereinafter, the “Data Subjects”).

1.2 PROMETHERA processes the personal data transmitted to it in accordance with the legislation in force, and, in particular, Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, applicable from 25 May 2018 (hereinafter the “General Data Protection Regulation”).

1.3 Access to the website www.promethera.com (hereinafter, the “Website”) implies the User’s full and unreserved acceptance of this Privacy Policy (hereinafter the “Policy”), as well as its general terms of use (hereinafter the “Terms”) and the cookie policy (hereinafter, the “Cookie Policy”).

1.4 The data subject acknowledges having read the information below and authorizes PROMETHERA to process, in accordance with the provisions of the Policy, the personal data that he/she communicates on the Website.

1.5 The Policy is valid for all pages hosted on the Website and for the registrations of this Website, as well as all company pages managed by PROMETHERA on social networks, who is jointly responsible with the social network for the processing of data visitors to the page. It is not valid for the pages hosted by third parties to which PROMETHERA may refer and whose privacy policies may differ. PROMETHERA cannot therefore be held responsible for any data processed on these websites or by them.

2. Data Controller 

2.1 Simply visiting the Website shall take place without having to provide any personal data, such as first name, surname, postal address, e-mail address, etc.

2.2 As part of the activities of PROMETHERA, the Data subject may be required to provide certain personal data. In this case, the data controller is:

PROMETHERA S.A. (Head office)
Watson & Crick Hill | Rue Granbonpré, 11,
B-1435 Mont-Saint-Guibert Belgium
Belgian business registry (BCE) number: 0809.788.365
info@promethera.com

2.3 We have appointed a data protection officer as a single point of contact within our company (more commonly known as “DPO”) whose contact details are:

GL EXPERTISE SRL
(represented by Mrs. Gentiane Verstraeten, Managing Director)
Avenue de la Constitution 12,
1083 Brussels
Belgium
Belgian Business registry (BCE) number: 0893.038.715
dpo@promethera.com

The data protection officer appointed by PROMETHERA shall have at least the following tasks:

1. To inform and advice the controller or the processor and the employees who carry out activities processing of their obligations pursuant to the legislation in force in relation to the protection of personal data;
2. To monitor compliance with the legislation in force and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;
3. To provide advice where requested as regards the data protection impact assessment and monitor its performance;
4. To cooperate with the supervisory authority;

To act as the contact point for the supervisory authority on issues relating to processing, including the prior consultation and to consult, where appropriate, with regard to any other matter.

2.4 Any question regarding the processing of this data may be sent to the following address: dpo@promethera.com.

3. Data Collected

3.1 By completing the spaces provided under the tabs “Contact” and “Subscribe to our distribution list” on the Website, the User allows, in particular, PROMETHERA to record and store, for the purposes mentioned in point 4, the following information:

• Identifying data, such as the first name and surname, marital status, e-mail address and the phone number;
• Communications between the User and PROMETHERA;

3.2 The Data Subject also authorizes PROMETHERA to record and store the following data for the purposes mentioned in point 4:

• Information voluntarily provided by the Data Subject for a purpose specified in the Policy, the Terms, the Cookie Policy, on the Website or on any other medium of communication used by PROMETHERA;
• Additional information requested by PROMETHERA to the Data Subject in order to identify him or to prevent him from violating any of the provisions of the Policy;

3.3 In order to facilitate browsing the Website as well as to optimize technical management, the Website may use “cookies”. These “cookies” record, in particular:

• The User’s browsing preferences;
• The date and time of access to the Website and other data related to traffic;
• The pages visited;

All information relating to “cookies” is included in PROMETHERA’s Cookie Policy.

3.4 When the User accesses the Website, the servers consulted automatically record certain data, such as:

• The type of domain with which the User connects to the Internet;
• The IP address assigned to the User (when connected);
• The date and time of access to the Website and other data related to traffic;
• Location data or other data relating to the communication;
• The pages visited;
• The type of browser used;
• The platform and/or operating system used;
• The search engine as well as the keywords used to find the Website.

3.5 No nominative data identifying the Data Subject is collected through the cookies and servers consulted. This information is kept for statistical purposes only and to improve the Website.

3.6 We also collect some of your data through other companies, including from the following sources.

4. Purpose of processing the data

We process your data for various purposes. For each purpose, only the data relevant to the pursuit of the purpose in question are processed. The processing consists of any operation (manual or automated) on a personal data. PROMETHERA collects, stores and uses its Data Subjects’ data mainly for the purpose of Scientific Research, and in particular for the following purposes:

• To inform them by subscribing to PROMETHERA’s “distribution list”;
• To establish, carry out and conduct the contractual relationship with the User;
• To analyse, adapt and improve the content of the Website;
• To allow the User to receive messages;
• To facilitate the availability and use of the Website;
• To personalize the User’s experience on the Website;
• To respond to requests for information;
• For any marketing activities and promotions proposed by PROMETHERA to Users who have given their consent;
• To inform them about any changes on the Website and its features;
• For any other purpose to which the User has expressly consented.

4.2 The legal basis of the processing of your personal data is based on :

• Your consent
• The execution of any request from you;
• We do need to collect some of your data to answer any request from you. If you choose not to share this data with us, it may render the performance of the contract impossible.
• A legal obligation imposed on the controller;
• We do need to collect and store some of your data to meet various legal requirements, including tax and accounting.
• The protection of vital interests;
• For the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or
• Our legitimate interest, provided that it is in accordance with your interests, freedoms and fundamentals rights.

We have legitimate interest in providing you with this information and interacting with you, especially to respond to your requests or improve or services, prevent abuse and fraud, control the regularity of our operations, exercise, defend and preserve our rights, for example in litigation, as well as evidence of a possible violation of our rights, manage and improve our relations with you, continually improve our website and our products/services, unless such interests are supplanted by your interests or your fundamental rights and freedoms requiring the protection of your personal data. We take care in any case to maintain a proportionate balance between our legitimate interest and respect for your privacy.

If the legal basis of your treatment is your consent, you have the right to withdraw it at any time without prejudice to the lawfulness of the processing performed prior the withdrawal.

In the context of direct marketing, this means that you can unsubscribe at any time from newsletter and other commercial communications from us. You will be put in “opt-out”. You can unsubscribe by sending us an email at the following address: info@promethera.com or by clicking on the unsubscribe link at the bottom of each email.

5. Rights of the data subject

5.1 According to the regulations on the processing of personal data, the Data Subject has the following rights:

• Right to be informed about the purposes of the processing (see above) and the identity of the data controller.
• Right of access: The Data Subject may, at any time, have access to the data that PROMETHERA has on him or check if he is included in the database of PROMETHERA.
• Right to rectification: We take all reasonable steps to ensure that the data we hold is up to date. We encourage you from time to time to consult us to check that your data is up to date. If you find that your data is inaccurate or incomplete, you have the right to ask us to correct it.
• Right to object: The Data Subject may, at any time, object to the use of his data by PROMETHERA and by its active partners (…).
• Right to erasure: The Data Subject may, at any time, notify PROMETHERA of corrections to the data concerning him and, where appropriate, request the deletion of his personal data.
• Right of limitation of processing: the Data Subject may, in particular, obtain a limitation of processing when he has objected to the processing, when he disputes the accuracy of the data, or when he considers that the processing is illegal.
• Right of portability: The Data Subject has the right to receive the personal data that he has communicated to PROMETHERA and may also ask said company to send this data to another data controller.

5.2 In order to exercise his rights, the data subject sends a written request, accompanied by a copy of his identity card or his passport, to the data controller:

• by e-mail: dpo@promethera.com
• by writing to the following postal address:

PROMETHERA S.A. (Head office),
To the attention of the DPO or the Global Associate Director Compliance,
Watson & Crick Hill | Rue Granbonpré, 11,
B-1435 Mont-Saint-Guibert Belgium

5.3 PROMETHERA will then take the necessary steps to satisfy this request as soon as possible and in any case within one month of receipt of the application. If necessary, this period can be extended by two months, given the complexity and the number of requests.

6. Periode of storage

6.1 PROMETHERA will keep the personal data of its Data Subjects for the duration necessary to achieve the objectives pursued (see point 4).

6.2 PROMETHERA may also continue to keep personal data concerning the de-registered Data Subject, including all correspondence or request for assistance sent to PROMETHERA in order to be in a position to reply to all questions or complaints that may be sent to it, and in order to comply with all applicable laws, namely in tax matters or as a part of other legal requirements. 

7. Complaint with the supervisory authority

The Data Subject is informed that he has the right to lodge a complaint with the Data Protection Authority : 

Data Protection Authority
Rue de la Presse, 35 – 1000 Brussels
+32 2 274 48 00
contact@apd-gba.be

8. Security

8.1 In addition, PROMETHERA has taken the appropriate organizational and technical measures to ensure a level of security adapted to the risk and that, to the extent possible, the servers hosting the personal data processed prevent:

• Unauthorized access to or modification of this data;
• Improper use or disclosure of such data;
• Unlawful destruction or accidental loss of such data.

8.2 In this respect, employees of PROMETHERA who have access to this data are subject to a strict confidentiality obligation. Nevertheless, PROMETHERA may in no way be held liable in the event that this data is stolen or hijacked by a third party despite the security measures adopted.

8.3 Data Subjects undertake not to commit acts that may be contrary to this Policy, the Terms of Use, the Cookie Policy or, in general, the law. Violations of confidentiality, integrity and availability of information systems and data which are stored, processed or transmitted by these systems, or the attempt to commit one of these violations, shall be punishable by imprisonment of between three months and five years and a fine of between twenty-six euros and two hundred thousand euros, or one of these penalties only.

9. Communication to third parties

9.1 PROMETHERA treats personal data as confidential information. It will not communicate them to third parties under any condition other than those specified in the Policy, such as to achieve the objectives set out and defined in point 4, or under the conditions in which the law requires it to do so.

9.2 PROMETHERA may communicate its Data Subjects’ personal information to third parties to the extent that such information is necessary for the performance of a contract with its Data Subjects. In such case, these third parties will not communicate this information to other third parties, except in one of the two following situations:

• The communication of this information by such third parties to their suppliers or subcontractors to the extent necessary for the performance of the contract;
• Where such third parties are obliged by the regulations in force to communicate certain information or documents to the competent authorities in the field of combating money laundering, as well as, in general, to any competent public authority.

9.3 The communication of this information to the aforementioned persons shall, in all circumstances, be limited to what is strictly necessary or required by the applicable regulations.

10. Transfer to a non-EU contry or company

PROMETHERA transfers data to a non-EU country or company only when that country provides an adequate level of protection within the meaning of the legislation in force, and, in particular, within the meaning of the General Data protection Regulation (for more information on the countries offering an adequate level protection, see : https://goo.gl/1eWt1V), or within the limits permitted by the legislation in force, for example by ensuring the protection of the data by appropriate contractual provisions.

If you wish, you can obtain a copy of the adapted contractual clauses by sending an email to: dpo@promethera.com.

The information processed by PROMETHERA will be transferred or transmitted, or stored and processed, in the United States or other countries other than the country in which you live, for the purposes described in this Policy. These data transfers are necessary to provide the services worldwide. We use standard contractual clauses approved by the European Commission and we rely on the European Commission’s adequacy decisions concerning certain countries, where appropriate, for data transfers from the European Economic Area to the United States and other countries. If you have any questions in this regard, do not hesitate to contact us at the following address: dpo@promethera.com.

11. Direct marketing

11.1 The personal data will not be used for direct marketing purposes for articles or services other than those to which the Data Subject has already subscribed, unless the Data Subject has previously explicitly consented to such use by ticking the boxes provided for this purpose (“opt-in”). 

11.2 When the Data Subject has given his consent to the use of this information for direct marketing purposes, the latter retains the right to object to such use at any time, upon request and free of charge. The Data Subject may simply communicate his request by writing to the following address: dpo@promethera.com.

12. Note concerning minors

Persons under the age of 18 and persons who do not have full legal capacity are not permitted to use the Website. PROMETHERA asks them not to provide their personal data. Any infringement found in this provision must be reported without delay to the following address: dpo@promethera.com.

13. Updates and changes to the policy

By informing Data Subjects through the Website or email, PROMETHERA may modify and adapt the Policy, in particular to comply with any new legislation and/or regulations applicable (such as the General Data Protection Regulation applicable from 25 May 2018), the recommendations of the Data Protection Authority, the guidelines, recommendations and best practices of the European Data Protection Board and the decisions of the courts and tribunals on this issue.

14. Validity of the contractual clauses

14.1 Failure by PROMETHERA to invoke – at any given time – a provision of this Policy, may not be interpreted as a waiver to subsequently make use of its rights under the said provision.

14.2 The invalidity, expiration or the unenforceable nature of all or part of one of the above or below mentioned provisions shall not give rise to the invalidity of all the Policy. Any fully or partially invalid, lapsed or unenforceable provision shall be deemed not to have been written. PROMETHERA undertakes to substitute this provision with another which, to the extent possible, fulfils the same objective.

15. Applicable law and competent court

15.1 The validity, interpretation and/or implementation of the Policy are subject to Belgian law, to the extent permitted by the provisions of applicable private international law.

15.2 In the event of a dispute relating to the validity, interpretation or implementation of the Policy, the courts and tribunals of Brussels have exclusive jurisdiction, to the extent permitted by the provisions of applicable private international law.

15.3 Before taking any step towards the judicial resolution of a dispute, the Data Subject and PROMETHERA undertake to attempt to resolve it amicably. To this end, they shall first contact each other before resorting, where appropriate, to mediation, arbitration, or any other alternative method of dispute resolution.