Privacy Policy

Last updated: 07 September 2021

Eurofins Biologie Médicale takes the protection of your personal data very seriously and undertakes to comply with the applicable legislation, in particular the principles derived from the General Data Protection Regulation(EU) 2016-679 of 27 April 2016, which entered into force on 25 May 2018 (hereinafter, "GDPR") and the amended law of 6 January 1978 (hereinafter "French Data Protection Act").

The purpose of this Privacy Policy is to provide you with relevant information on how your personal data is collected and processed and on the security that we provide on the  www.eurofins-biologie-medicale.com website, it being specified that a Cookie Privacy Policy completes this document.

If you have any questions or would like to avail yourself of your rights over your personal data (see paragraph 9 below), you may contact the data protection officer at the following address:  rgpd@eurofins-biologie.com.

1. About us

When you use the features of our   www.eurofins-biologie-medicale.com website, to allow us to provide you with the best possible service, you may be required to enter some personal data. 

Eurofins Biologie Médicale is the data controller of such personal data within the meaning of the GDPR and the amended French law of 6 January 1978 known as "Informatique et libertés".  Eurofins Biologie Médicale  is a simplified joint-stock company (société par actions simplifiée) with share capital of 20,556,745.40 Euros, headquartered at 58 avenue Debourg, 69007 Lyon, France, listed on the Lyon Trade and Companies Register under the number 510 019 037,

The notion of personal data here refers to information personally identifying you, such as your surname, first names, file number, invoice number, email address and the data on connection to our website (IP address, date and time of connection) and browsing data.

2. How do we ensure the security and confidentiality of your data?

Right from the design stage of the Eurofins Biologie Medicale service, we have attached particular importance to the security of the personal data you entrust to us.

We can therefore assure you that we have taken all the appropriate organisational and technical measures, as well as all necessary precautions to preserve the security of the information described above and in particular to prevent it from being distorted or damaged or from being accessed by unauthorised third parties.

When the  site was designed, the processes implemented were carefully crafted to protect against breaches of the confidentiality of the data processed and to secure  exchanges during data transmission, through effective encryption solutions.

3. What kind of personal data do we collect and process?

Eurofins Biologie Medicale may obtain information about you when you use this website.

The information we collect about you includes:

• your identity (such as Internet Protocol address);
• information about device events such as browser type,

the language of the browser, the date and time of your request and the URL of the referral;

• your preferences such as language settings, website notifications, or alerts;
• your location;
• the content you view or the pages you consult;
• the search queries you run using our search tool

4. Who are the recipients of the information that you entrust to us?

Any personal information you provide will be available for consultation by the staff of our company (in particular the staff in the billing, accounting, collection departments and the medical secretariat) and of all of the group's subsidiaries (located at https://www.eurofins.com/) the services in charge of management control (auditor, in particular) and our subcontractors within the strict framework of the purposes we have presented to you.

We do not sell or disclose personal information about visitors to our website to third parties except as described below:

• to companies or trusted persons to process your personal data for us, on the basis of our instructions and in accordance with applicable data privacy regulations;
• to service providers we have selected to provide services on our behalf;
• to companies, organisations or individuals outside Eurofins if we have reasonable grounds to believe that access to, use, preservation or disclosure of the information is reasonably necessary to:
  • execute and enforce the contractual terms;
  • comply with a legal, regulatory or judicial obligation or any applicable government request;
  • detect, prevent or combat fraud, security breaches or any technical problems;
  • protect against infringement of the rights, property or security of Eurofins, our users or the public as required or permitted by law;
• police or regulatory authorities if we believe in good faith that we are required by law to disclose them in connection with the detection of a crime, the collection of taxes or duties, in order to comply with any applicable law or order of a court of competent jurisdiction, or in connection with legal proceedings;
• to third parties in connection with a merger, acquisition or bankruptcy, in the event that we sell or transfer all or part of our business or property (including due to bankruptcy).

In this regard, we would like to inform you that we have signed strict security clauses with our subcontractors, in accordance with Article 28 of the GDPR, specifying in particular the security objectives to be met.

We have rigorously selected our subcontractors according to the security of the hosting they provide (at the level of the most stringent standards) and strengthened both the infrastructures and the contracts concluded with them to allow you to entrust your data to us with complete peace of mind.

5. Services offered via social media

In order to provide you with the most comprehensive services, we have made it easy for you to share the pages you visit on your social networks. Clicking on the social media buttons is likely to lead to the collection and exchange of certain data between social media and the Eurofins Biologie Medicale website.

Our site thus uses "plug-ins" or social modules on its various pages ("share" buttons of third-party social networks such as Facebook, Twitter, LinkedIn).

When you visit certain pages of our site, a connection is automatically established with YouTube servers (Google) which can then be informed that you have accessed the corresponding page of our site.

Eurofins Biologie Medicale shall not be liable for the use of your data by YouTube (Google) on its own behalf.

We inform you that the information transmitted to the various social networks under the conditions we have mentioned may be transmitted and processed by these companies via their servers located in several countries around the world, including the United States, in accordance with their own privacy policies that we invite you to read.

We invite you to read our Cookie Privacy Policy for more details on this issue.

6. Where are your data processed?
   
   

We have chosen a hosting provider (Amazon Web Services EMEA) for our website that is licensed as a health data hosting provider, enabling us to provide very high guarantees in terms of the confidentiality and security of the health data you entrust to us.

We have ensured, in particular through strict contracts with our subcontractors and  with the hosting provider and our payment services provider, that the personal information you entrust to us is processed as close as possible on European soil.

However, your personal data may be transferred outside the EU in the event that one of the recipients mentioned above in paragraph 6 is located outside the EU and only in countries:

• For which the European Commission has issued a conformity decision (which guarantees that an appropriate level of protection of personal data is offered in that country);
• For which you have given your explicit consent;
• Where appropriate protections have been provided such as standard data protection provisions (which you can find at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data reflect-countries_en) or the so-called "Privacy Shield" certification (companies benefiting from this certification can be found at https://www.privacyshield.gov/list).

Furthermore, if you decide to use your social media accounts to share content, this connection may result in the communication of certain data on the servers used by these services located outside the European Union and in particular in the United States (see paragraph 6 above).

7. We only collect the necessary information

When collecting your personal data on Eurofins Biologie Medicale, we will indicate which data must be provided and which remains purely optional. We also inform you of the possible consequences of failure to respond.

With regard to cookies, we provide you with a dedicated screen allowing you to choose the type of cookies used on the website.

8. How long do we keep your data for?

Your login data (IP address, date and time of connection, pages viewed) is stored for a maximum of 12 months.

The retention period of each cookie is specified in our Cookie Privacy Policy.

The other personal data collected will be kept for a period of 3 years from your last payment.

They will then be kept in intermediate archiving in order to meet accounting or tax obligations and in the event of litigation, within the applicable limitation period.

9. We respect your rights

You have the right to:

• access your data
• rectify and update them;
• oppose the processing carried out or request the limitation thereof, within the framework of what is provided for by law;
• erase the data concerning you, within the framework of what the law provides

You may also request the portability of the data concerning you insofar as the reason for the processing  concerns the legal basis of the contract (see Article 3). Finally, you can issue directives on the fate of your data (retention, deletion, communication) after your death.

To exercise these rights, you can:

• Send us a letter to the following address: Data protection officer, Eurofins Biologie Medicale, 17/19 avenue Tony Garnier 69007 Lyon, France
• Send an email to the following address: rgpd@eurofins-biologie.com

If unfortunately you were still not satisfied with our response, you have the right at any time to complain to the CNIL (French Data Protection Authority), for example on its website : cnil.fr.