Privacy Policy Biomunex

Last Updated: 09/16/2022

Preamble

Thank you for visiting our website and for your interest in our company and the services we offer.

For Biomunex, in their capacity as Data Controllers, the protection of your Data is a priority. We respect your privacy and ensure the protection of your personal data by processing your personal data in accordance with the data protection regulations, in particular Regulation 2016/679 of the European Parliament and Council dated 27 April 2016 concerning the protection of physical persons with regard to the processing of personal data and the free circulation of this data (“GDPR”), and any national legislation applicable to the protection of the Personal Data.

For the sake of transparency, Biomunex established this Privacy Policy that aims to:

• explain to you why your Personal Data is collected and processed by Biomunex,
• describe what types of Personal Data related to you Biomunex may collect and how they are retained,
• inform you about what the rights that you have over your data and how you can exercise them.

This Privacy Policy excludes those websites and online services that have separate privacy policies and do not incorporate this Privacy Policy by reference or otherwise.

Our privacy practices may be more or less limited in certain countries in which we operate to reflect local practices and legal requirements. We will specifically inform you, if this is the case.

Biomunex reserves the right to modify this Privacy Policy at any time. Any modification will take effect immediately.

Consequently, we invite you to regularly consult our Privacy Policy, available from all pages of our website, in order to keep you informed of the latest applicable online version. For the changes that we consider the most significant, a notification will be made on the website. We also expect you to check the date indicated on this Privacy Policy in order to know the date of the last update.

This Privacy Policy is written in English and may be translated into other languages. In the event of any inconsistency, the English version shall prevail.

Summary

1. Definitions
2. Why does Biomunex need to collect your Data?
3. What Data does Biomunex collect?
   3.1. Personal data that you communicate to us directly:
   3.2. Personal data that we collect automatically:
4. What is the legal basis for the processing of your Data?
   4.1. Execution of contractual relations with Biomunex
   4.2. Compliance with a legal obligation to which Biomunex is subject
   4.3. The legitimate interests of Biomunex
5. How long do we retain your Personal Data?
6. What are your rights and how to exercise your rights?
   6.1. Your rights
   6.2. Exercise of your rights
7. When and with whom does Biomunex share your Data?
8. Are your data transferred outside the EU and EEA?
9. How does Biomunex secure the processing of your Data?
10. Social Media
11. Privacy by Design/by Default
12. Accountability

1. Definitions

For your information, a Personal Data corresponds to any information relating to an identified natural person (Data Subject) or who can be identified, directly or indirectly, by reference to an identification number or to one or more elements which are specific to him (name, first name, address, email, telephone, etc.).

Personal data processing means any operation which is performed on Personal Data (collection, storage, transmission, deletion, etc.), whether on paper or computer.

The Controller is the person who determines the purposes of each processing and the means to achieve these purposes.

2. Why does Biomunex need to collect your Data?

The data that Biomunex collects is necessary to enable it to fulfill the following purposes:

• to answers any question you may ask us through the contact form;
• to provide, update, maintain and improve the Website;
• Management of the recruitment in order to answer to the candidate’s applications for a job at Biomunex
• Management of requests to exercise the rights guaranteed to Data Subjects under the legislation applicable to the protection of the Personal Data.

In general, Biomunex does not process any of your data for purposes incompatible with those for which it was collected, except with your prior consent.

3. What Data does Biomunex collect?

Biomunex collects different types of personal data about you:

3.1. Personal data that you communicate to us directly:

Identity: name, email

Professional life: CV, graduation, job title, qualifications

Communication details and related: the correspondence exchanged, date and time of the messages

Other Data: Other types of information that you voluntarily choose to provide to us.

The communication of your personal data is voluntary. However, certain information is mandatory and essential for Biomunex to process your request, as indicated in our forms. Without this information, Biomunex will not be able to process your request.

3.2. Personal data that we collect automatically:

Technically required data when using our website: We automatically collect certain information about you when you access the Biomunex website, in particular, information about your device, your browsing (browser type and the version used, the operating system, the Internet access provider, the IP address of their device, the date and time of access to the website from which users visit this website and the pages they visit on the website).

4. What is the legal basis for the processing of your Data?

Biomunex collects your Personal Data for the purposes described in point 2 of this Policy. In any case, Biomunex collects your data, only when their collection and processing are based on a legal basis.

4.1. Execution of contractual relations with Biomunex

Your Data is necessary in order to take steps at the request of the candidate prior to entering into a contract (labor contract).

4.2. Compliance with a legal obligation to which Biomunex is subject

Some of your Data is processed by Biomunex to comply with its legal obligations, in particular complying with legal processes, responding to requests from public and government authorities around the world, or public-sector bodies/bodies with a public-service mission, in line with applicable legislation, and pursuing available remedies or limit damage we or other third parties may sustain. Also, your Data is processed to manage your request to exercise the rights guaranteed to Data Subjects under the legislation applicable to the protection of the Personal Data.

4.3. The legitimate interests of Biomunex

We may process your Personal Data for the purposes of pursuing our legitimate business reasons, in particular, to provide you with information that you have requested and responding to your inquiries. Subject to applicable law and regulations, it is our legitimate interest to adopt processes for the establishment, exercise, or defense of legal claims against the us, or in the event of a corporate event such as a sale, merger or change in control.

5. How long do we retain your Personal Data?

Your Data is kept by Biomunex for the time necessary to achieve the purposes referred to in point 2 hereof, plus the statutory limitation periods.

For example (this information may be different regarding national laws and regulations):

Regarding inquiries:

• The data will be kept for a period of one (1) year from the processing of your request for information.

Regarding the recruitment:

• The data will be kept for a period of two (2) years from the reception of the application.

In terms of management of requests to exercise the rights granted to data subjects under the regulations applicable to the processing of personal data:

• The processed data is kept while your request is being investigated, then archived in accordance with the limitation periods in force (example: 5 years);
• Data relating to identity documents will be kept for a period of one (1) year in compliance with the applicable legal deadlines;
• In the event of opposition, the data will be kept for a minimum period of three (3) years for the sole purpose of guaranteeing the effectiveness of your right of opposition.

For more information on the retention periods of your data, you can contact Biomunex (see Section 6.2 of this Policy).

6. What are your rights and how to exercise your rights?

6.1. Your rights

Right of access: You can obtain confirmation from Biomunex that your Personal Data is or is not being processed and, when it is the case, access to all Personal Data and information held by Biomunex.

Right to rectification: You can obtain from Biomunex, as soon as possible, the rectification of any data concerning you which may be inaccurate or erroneous. You can also request that your data be completed, if necessary.

Right to erasure: Subject to legal exceptions, you can ask Biomunex to erase your Personal Data as soon as possible, if in particular you consider that the processing carried out by Biomunex on your data is no longer necessary with regard to the purposes for which they are were collected.

Right to data portability: You have the option of recovering part of your Personal Data in an open and machine-readable format or of requesting Biomunex to transmit it to another organization. The only data affected by this right are data that you have actively and consciously provided to the Biomunex (for example, data that you have entered in an online form) or data generated when using a service or a device as part of the conclusion or management of your contract, and which are processed automatically, on the basis of consent or the execution of a contract.

Right to object: You can object to your data being used by an organization for a specific purpose. You must then put forward reasons relating to your particular situation, except in the case of commercial prospecting, to which you can object without reason. If your data is processed for commercial prospecting purposes, you can oppose it at any time (See point 6.2 of this Policy), just as you can oppose the deposit of cookies at any time (see Article 10 of this Policy).

Right to restriction of processing: You can ask Biomunex to keep your data without being able to use it, in any of the following cases: you dispute the accuracy of the data used by Biomunex, you object to your data being processed, in the event of illegal use but you oppose their erasure, you need it for the establishment, exercise or defense of legal claims.

Right to withdraw your consent to the processing of your data: When the processing of your personal data is based on your consent, you have the possibility to withdraw your consent at any time (See point 6.2 of this Policy).

Right to lodge a complaint with the competent supervisory authority: If you consider that your rights have not been respected or that the protection of your data is not ensured in accordance with the legislation applicable to the protection of the Personal Data, you can, at any time, lodge a complaint with a competent supervisory authority (in France, the CNIL : directly on the CNIL website or by post to: CNIL – 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07).

6.2. Exercise of your rights

To exercise any of your rights, send your request:

By E-Mail: privacy@biomunex.com

By letter: DPO – 29 rue du Faubourg Saint Jacques, 75014 Paris, FRANCE

Any request must specify, in subject, the reason of the request (exercise of the right of access, the right to object, etc.), the address to which the response must be sent, and the company concerned by the request (Biomunex).

To exercise your rights, you must prove your identity by any means. When Biomunex has reasonable doubts about your identity, you may be asked to provide additional information necessary to confirm your identity.

Biomunex will send you its response within a maximum of one (1) month from the date of receipt of your request. This period may however be extended by two (2) months due to the complexity and number of requests.

If you believe, after contacting Biomunex, that your rights are not respected, you can lodge a complaint with the competent supervisory authority.

7. When and with whom does Biomunex share your Data?

Access to your Personal Data is strictly limited to entities and their members staff authorized to process it by virtue of their duties.

Biomunex does not sell, rent or share your Personal Data without your consent except in accordance with this Privacy Policy or for the purposes disclosed on any online form or location on the Services where you provide Personal Data to us. Biomunex also does not engage in the sale of your Personal Data.

8. Are your data transferred outside the EU and EEA?

Your Personal Data is hosted on secure servers and located within the European Union and the Economic European Area.

However, your Data may be transferred outside the EU and EEA, in particular when your Data will be processed by staff operating outside the EEA who work for us, through our data processors processing data on our behalf.

As such, we would pay particular attention to ensuring that they process your Personal Data in strict compliance with the regulations in force on the Protection of Personal Data. If the latter are located in a country not subject to an adequacy decision by the European Commission, recognizing a level of protection equivalent to that provided by the European Union, a standard contract will be drawn up in order to comply with the model established by the European Commission.

9. How does Biomunex secure the processing of your Data?

Biomunex implements all technical, physical and organizational measures to ensure the security and confidentiality of your Personal Data during the collection, processing and transfer of your Data.

The infrastructures of Biomunex are protected against malicious software (viruses, spyware, etc.). Physical and remote access to the servers hosting the Data is controlled. Penetration tests are performed, as well as regular backups with restore tests. The security of your terminal, from which you connect to our website, is your responsibility.

In the event that Biomunex is likely to call on service providers to process part of your Personal Data, it undertakes to verify that they present sufficient guarantees to ensure the protection of the Personal Data entrusted to them and to make them sign confidentiality clauses in accordance with the legislation applicable to the Protection of the Personal Data.

In case of a Personal Data Breach, that is to say in the event of a security incident, whether malicious or not and occurring intentionally or not, resulting in compromising the integrity, the confidentiality, or the availability of your Personal Data, we undertake to comply with the obligations with the legislation applicable to the Protection of the Personal Data.

10. Social Media

Biomunex is present on social media, in particular via LinkedIn.

Access to these social media implies your prior acceptance of their contractual conditions, including their commitments under the legislation applicable to the protection of the Personal Data for the processing carried out by them, regardless of our pages on said social media. To find out more about the Protection of your Personal Data when browsing these social media, Biomunex invites you to consult their respective Privacy Policies.

Biomunex is able to collect some of your personal information when you browse the pages of our social media, when you “like” our pages, share content or follow us on social media.

Also, if you choose to log-in, connect with or link to Services using your social media account some of your Personal Data is shared with us consistent with your settings within the social media service, such as location, check-ins, activities, interests, photos, status updates, as well as Personal Data that may be a part of your profile or friend’s profile.

Biomunex may be required, within the framework of the organization of contests, to collect your name, first name, date of birth, il necessary profile photograph, gender, networks, social media user ID, and any information made public and more generally Personal Data.

11. Privacy by Design/by Default

Biomunex undertakes to integrate the protection of Personal Data by Design and by Default of a project, a service or any other tool related to the handling of Personal Data, in particular the minimization of Personal Data, limitation of the purposes of data collection, respect for the integrity and confidentiality of data, limitation of retention periods.

12. Accountability

In order to respect the principle of Accountability, Biomunex:

• adopts internal procedures in order to ensure compliance with the legislation applicable to the protection of the Personal Data (IT charter, Personal Data protection charter, etc.);
• keeps a documentary record of any processing carried out under its responsibility or that of the processor (keeping of the processing register, confidentiality agreements for employees and service providers, company security policy, procedures for managing requests for access, rectification, opposition, etc.);
• carries out Privacy Impact Assessments for processing operations presenting particular risks with regard to rights and freedoms.

The aim is to provide rich documentation to demonstrate compliance with Data Protection rules at all times.