Skip to main content

DATA PROTECTION

As the data controller, the company Biocodex, whose registered office is established in France at 22 Rue des Aqueducs in Gentilly (94250) (“Biocodex”) or its affiliates, undertakes to comply with the regulatory provisions applicable to the protection of personal data, in particular Regulation (EU) 2016/679 of April 27, 2016 – General Data Protection Regulation (the “GDPR”), on the processing that it implements on the Biocodex Notification Center (the “Website”).

A - Data protection policy

The user of the Website (the “data subject”) may be required to provide data concerning him/herself, since the purpose of the Website is to allow him/her to ask a medical information question, to notify an adverse reaction or a quality complaint concerning the products marketed by Biocodex or its affiliates.

Each processing operation carried out on the Website limits the collection of personal data to what is strictly necessary and is accompanied by information detailing in particular:

  • The purpose of the processing (the purposes) for which the personal data collected is intended;
  • The legal basis of the processing;
  • The source of the data (if not provided by the Data subject);
  • The mandatory or optional nature of the data collection;
  • The categories of data subjects;
  • The recipients of the data;
  • The duration of data retention;
  • The possible existence of data transfers outside the European Union;
  • The rights of the individual with respect to his/her data and how to exercise them.

Biocodex and its affiliates take all necessary precautions to preserve the security of the data subject’s personal data and aims to prevent them from being deformed or damaged, or from being accessed by unauthorized third parties.

In accordance with the GDPR, the data subject has a right of access, rectification, deletion, portability, limitation, opposition, to the data concerning him/her, which he/she may exercise, under the conditions provided by the GDPR, with the Data Protection Officer (DPO) of Biocodex at dpo[at]biocodex.com (replace ‘’[at]’’ by ‘’@’’); he/she also has the right to lodge a complaint with a supervisory authority: www.edpb.europa.eu/about-edpb/about-edpb/members_en

Proof of identity may be requested from the data subject if the information provided in its request does not allow him/her to be identified with certainty.

Insofar as the processing is based on compliance with a legal obligation, the data subject cannot be opposed.

Website management

The purpose of this personal data processing is to manage the Website. It allows Biocodex:

  • Management of contents and online services;
  • Technical administration and security management;
  • Production of anonymous statistics on the use of the Website.

With reference to Article 6(1)(f) of the GDPR, the processing is necessary for the purposes of the legitimate interests pursued by Biocodex (to facilitate and simplify the notification procedures relating to the products it markets).

The categories of data processed are:

  • Data relating to navigation on the Website (e.g. time stamps, IP addresses of users, technical data relating to the equipment and browser used by users, geolocation, cookies, etc.);
  • Data relating to the management of online services;
  • Data related to the management of technical services (e.g.: time-stamping and purpose of requests, follow-up, follow-up data, statistics);
  • Anonymous statistics relating to the use of the Website.

Within the limits of their respective responsibilities and for what concerns them, are recipients of all or part of the data:

  • Biocodex staff in charge of:
    • Management of the Website and online services (Pharmaceutical Affairs);
    • Technical administration of the Website and security (IT);
  • The staff of the service providers concerned.

Data retention:

  • The terms of retention of data relating to online services are detailed in each of the subsequent data processing corresponding to these services;
  • Data relating to exchanges with service providers is kept for 5 years at the end of the contractual relationship;
  • Except for legal obligations or particularly important risks, log data are kept for a maximum of 6 months;
  • The data necessary to produce statistics relating to the use of the Website are kept in a format that does not allow the identification of people by their IP address and include an identifier (relating to the cookie) kept for a maximum of 13 months (unless the person concerned objects).

The data collected during navigation, not necessary for the functioning of the Website (such as certain types of cookies), are optional. Unless otherwise indicated, the other data collected is mandatory.

Depending on the type of request, the data may be further processed for:

  • Medical information;
  • Health vigilance;
  • Quality complaints.

Medical information

The purpose of this personal data processing is to manage medical information requests. It allows Biocodex and its affiliates to ensure the traceability of responses to requests for information of a medical or pharmaceutical nature relating to the products it markets.

In reference to Article 6(1)(c) of the GDPR, the processing is necessary to comply with a legal obligation to which Biocodex and its affiliates are subject.

The categories of data processed are:

  • Data relating to the identity and contact details of the applicant (surname, first name, postal address, email address, telephone/fax numbers) ;
  • Information relating to the product concerned, the request and its processing, as well as any additional information useful for processing the request.

Within the limits of their respective attributions and for what concerns them, are recipients of all or part of the data:

  • Biocodex or its affiliates’ staff in charge of medical information, vigilance or quality complaints (Pharmaceutical Affairs);
  • Where applicable, the legal manufacturer of the products commercialized by Biocodex and its affiliates;
  • Where applicable, the staff of the service providers concerned.

The data is kept for up to 10 years after the withdrawal of the product concerned from the market.

The contact details of the applicant, the name of the product concerned, the capacity of the applicant and the reason for the request must be collected. The absence of contact information does not allow the request to be processed.

The processing may lead to another processing related to vigilance or quality complaints on products.

Health vigilance

The purpose of this personal data processing is to manage health vigilance (pharmacovigilance, materiovigilance, nutrivigilance, cosmetovigilance, etc.). It allows Biocodex and its affiliates to ensure:

  • The collection, recording, analysis, follow-up, documentation, transmission and storage of data relating to all adverse health events;
  • Management of contacts with the person who reported the adverse health event or the health professional who can be asked for details of the reported adverse health event.

In reference to Article 6(1)(c) of the GDPR, the processing is necessary to comply with a legal obligation to which Biocodex or its affiliates are subject.

Concerning the exposed person, the categories of data processed are:

  • Identification number (alphanumeric code);
  • Personal data (age, year/date of birth, sex, weight, height, etc.);
  • Health data (treatments administered, nature of adverse effects, personal or family history, etc.);
  • Data related to the product concerned by the adverse health event;
  • If applicable: professional life, tobacco/alcohol/drug consumption, lifestyle and behavior, ethnic origin;

Concerning the notifier or the health professional concerned, the categories of data processed are:

  • Identity (surname, first name), contact details (postal, telephone and electronic);
  • If applicable: specialty of the health professional.

Within the limits of their respective attributions and for what concerns them, are recipients of all or part of the data:

  • Biocodex or its affiliates’ staff in charge of medical information, vigilance or quality complaints (Pharmaceutical Affairs);
  • Subcontractors working on behalf of and under the responsibility of Biocodex;
  • Third parties whose product could be implicated;
  • Legal manufacturers of the products commercialized by Biocodex or its affiliates;
  • Health professionals concerned;
  • National public bodies (regional health agencies, health agencies, etc.) or foreign bodies responsible for vigilance;
  • Foreign national health authorities or agencies and international health authorities or agencies (European Medicines Agency, etc.).

Data may be transferred outside the European Union, if strictly necessary for the implementation of the vigilance system and in compliance with the provisions of article 6 of the reference framework relating to data recipients:

  • Indirectly identifying data of exposed persons;
  • Indirectly identifying data of notifiers.

The data are kept in the active database for the duration of the current use of the data. They are then kept in intermediate storage for the legal or regulatory period applicable to each health watch, or failing at that, for up to 10 years from the date of withdrawal from the market of the product concerned. At the end of these periods, the data are deleted or archived in an anonymized form.

Concerning the exposed person, identifying information, health data and data relating to the product concerned by the adverse health event are necessary for processing. Data relating to professional life, tobacco/alcohol/drug consumption, lifestyle and behavior, and ethnic origin are only processed if they are strictly necessary for the assessment of the adverse health event.

Concerning the notifier or the health professional interviewed, data relating to the identity and contact details of the person concerned are mandatory to document the case.

Quality complaints

The purpose of this personal data processing is to carry out the necessary actions following a report of a quality defect observed on a health product after it has been placed on the market. It allows Biocodex to:

  • Process complaints:
    • Record the complaint in the quality complaint file;
    • Create a complaint file for quality control;
    • Organize the recall of the products concerned;
    • Carry out the necessary investigations;
    • Respond to the complainant;
  • To carry out statistics on the improvement of the products.

With reference to Article 6(1)(c) of the GDPR, the processing is necessary to comply with a legal obligation to which Biocodex is subject and is in line with pharmaceutical and Good Manufacturing Practices (GMP).

Categories of personal data:

  • Name of the organization (if applicable);
  • Full name of the complainant (or contact person in the organization);
  • Mailing address of organization or complainant;
  • Email address and/or telephone number of the organization or complainant.

Within the limits of their respective responsibilities and for what concerns them, are recipients of all or part of the data:

  • The people in the Pharmaceutical Affairs and Quality departments, authorized to handle quality complaints;
  • The pharmacist in charge or his/her representative;
  • Members of the Management;
  • People from related departments (Shipping, Sales, Marketing, International, etc.);
  • Legal manufacturers of the products commercialized by Biocodex or its affiliates;
  • Health authorities.

The data is kept in an active database for the duration of the current use of the data. They are then kept in intermediate storage for up to 10 years after the quality complaint has been processed. At the end of this period, the data is destroyed except for the database: it is archived in an anonymized form.

The personal data collected is necessary for the processing of complaints.

B - About cookies

Biocodex or its affiliates use various computer "cookies" on the Website to measure the audience and integrate services to improve the interactivity of the Website.

What is a computer "cookie"?

A computer "cookie" is a text file that may be deposited on a user's terminal while browsing on a website. Cookies are an important tool enabling organizations to gain an overview of their users' online activity.

How it works: generally small and identified by a name, it is transmitted to the user's browser by the website visited. The browser stores it for a certain period and sends it back to the website each time it is reconnected. In principle, cookies can be easily viewed and deleted.

In themselves, cookies are harmless, as they contain no executable code. They perform important functions for websites: they can be used to memorize a customer account identifier, browse preferences, enable browsing to be tracked for statistical or advertising purposes, and so on.

However, cookies can store enough data to identify a user without his or her consent and, in some cases, can be used to create profiles of individuals. This is why it is essential that cookie management is controlled within the framework of data protection.

What are the different types of cookies?

In general, cookies can be classified in three different ways: by origin, by lifetime and by purpose.

Origin

First-party cookies - These cookies are placed on the visitor's terminal directly by the website being visited.

Third-party cookies - These cookies are placed on the visitor's terminal by a third-party organization, such as an advertiser.

Lifetime

Session cookies - These cookies are temporary and expire when the browser is closed or at the end of the visit (session).

Persistent cookies - This category includes all cookies that remain on the visitor's terminal until they are deleted. They may be deleted manually or automatically (depending on the expiration date of the cookie, or when the browser is closed if so configured).

Purpose

Strictly necessary cookies - These cookies help to make a website usable by enabling basic functions such as page navigation, access to secure areas of the site, or storing items in an online shopping cart. The website cannot function properly without these cookies.

Preference cookies (functionality cookies) - These cookies enable a website to retain information that modifies the way the site behaves or displays, such as the visitor's preferred language or the region in which he or she is located.

Statistical cookies (performance cookies) - These cookies help the website owner, through the collection and communication of information, to understand how visitors interact with the site, such as which pages are visited, and which links are used. The aim is to subsequently improve the website. Although intended for use by the website owner, these cookies may come from third-party organizations that may track the visitor for marketing purposes.

Marketing cookies - These cookies track the user's online activity to help, for example, advertisers deliver more relevant ads. These cookies may share this information with other organizations or advertisers. These cookies are persistent and almost always come from third parties.

How can I control the deposit of cookies?

In general, website users can prevent cookies from being deposited on their terminal, or delete existing ones, by configuring their web browser accordingly. For instructions on how to manage cookies, please refer to your browser's help section.

➤ Please note, however, that blocking the deposit of cookies in your web browser may lead to malfunctions on the Website, as well as on other websites.

What types of cookies are used on the Website?

The first-party cookies detailed below are strictly necessary for the proper functioning of the Website:

Cookie 1: PHPSESSID
Purpose: Allows to store information for a user as they navigate from one page to another
Retention: User session duration
Cookie 2: Pll_language
Purpose: Allows to save the language preferences
Retention: 1 year

The Website does not use cookies subject to the user's consent (especially those from services offered by third parties).



Update version: 3 April 2025
********