Confidentiality policy & cookies



Objective and sphere of application of the Policy

Bioprojet places the greatest importance and care on protecting private life and personal Data, as well as respect for the provisions of applicable Legislation.

EU Regulation 2016/679 of 27 April 2016 regarding the protection of natural persons with regard to the Processing of personal Data and the free circulation of such Data (hereinafter “GDPR”) states that personal Data must be processed in a manner that is lawful, fair and transparent. Thus, this confidentiality policy (hereinafter the “Policy”) aims to provide simple and clear information on the personal Data Processing that concerns you, in the context of your browsing of our website and the operations realised there.


Data Controller

In the context of your activity on the site, we collect and use personal Data connected to you as natural persons (hereinafter “persons concerned”).

For all such Processing, Bioprojet, a simplified joint-stock company with a capital of €301,155.00 with registered address at 9 rue Rameau 75002 Paris, appearing on the Paris Companies’ Register under number 385 194 980, determines the means and purposes of the Processing. This, we act as Data Controller, in the sense used by Regulations on personal Data, and particularly EU Regulation 2016/679 regarding the protection of natural persons with regard to personal Data Processing and the free circulation of such Data.


Which personal Data do we collect and how?

By using our website, you send us a certain quantity of information regarding you, some of which have the capacity to identify you (“personal Data”). This is the case when you fill in our contact form when browsing our Site.

The nature and quality of the personal Data collected regarding you vary in line with your relationship with Bioprojet, the main elements of which are:

  • Identification Data: this includes all information that would allow us to identify you, such as your surname, first name, telephone number and e-mail address.


Why do we collect your personal Data and how?

We collect your personal Data for specific purposes based on different legal bases.

In the context of contract execution and precontractual measures, your Data are processed for the following purposes:

  • Management of quality complaints
  • Complaint management regarding medical visits
  • Management of pharmacovigilance cases
  • Medical information management
  • For healthcare professionals only: data collection for the purposes of getting in touch or sending news by our Marketing department
  • Management of spontaneous applications
  • Product supply and shortage management


Do we share your personal Data?

Your Data are intended for qualified Bioprojet staff responsible for contract management and execution and legal obligations, in line with the purposes of the collection and within the limitations of their respective roles.

For healthcare professionals only, the Data may be transmitted for certain tasks associated with the following purposes and recipients, within the limitations of their respective assignments and qualifications:

  • Entities of the Bioprojet Group in the context of externalisation of an activity to another entity of the Group;
  • Service providers and subcontractors whom we call upon to carry out a set of operations and tasks on our behalf, specifically:
    • Commercial market research
    • Mailshots

When your Data are sent to our service providers and subcontractors, they are also requested not to use the Data for purposes other than those initially envisaged. We do everything possible to ensure that these Third Parties maintain the confidentiality and security of your Data.

Under all circumstances, only the necessary Data are provided. We do everything possible to guarantee secure communication or transmission of your Data.

We do not sell your Data.


Are your personal Data sent to Third Party countries?

Bioprojet endeavours to maintain personal Data in France, or at least in the European Economic Area (EEA).

However, it is possible that the Data we collect when you use our platform or in the context of our services are transmitted to other countries. This is, for example, the case if certain of our service providers are located outside the European Economic Area.

In the event of Transfers of this kind, we guarantee that they are carried out:

  • Towards a country guaranteeing an adequate protection level, that is, a protection level equivalent to that required by European Regulations;
  • In the context of set contractual clauses;

In the context of internal company regulations


How long do we keep your personal Data?

We only keep your personal Data for the time necessary for the realisation of the purpose for which we hold the Data, in view of meeting your needs or fulfilling our legal obligations.

The storage durations vary in line with several factors, such as:

  • The needs of Bioprojet activities;
  • Contractual requirements;
  • Legal obligations;
  • Recommendations of monitoring bodies.


How do we guarantee the security of your personal Data?

Bioprojet undertakes to protect the personal Data we collect, or process, against loss, destruction, deterioration, access or unauthorised disclosure.

We thus implement all appropriate technical and organisational measures, in line with the nature of the Data and the risks involved with their Processing. These measures must allow for preservation of the security and confidentiality of your personal Data. They may include practices such as limitation of access to personal Data to qualified individuals, in line with their company functions, with pseudonymisation or encryption.

In addition, our practices and policies and/or physical and/or digital security measures (secure access, authentication procedure, backups, software, etc.) are regularly checked and updated if necessary.


What are your rights?

The GDPR provides Persons concerned with rights that they can exercise. The following are provided:

  • Right to information: the right to clear, accurate and complete information on the use of personal Data by Bioprojet.
  • Right of access: the right to obtain a copy of the personal Data that the Data Controller has regarding the requester.
  • Right of correction: the right to have personal Data corrected if they are inaccurate or obsolete and/or to complete them if they are incomplete.
  • Right of deletion/right to be forgotten: the right, in certain situations, to have Data deleted, unless Bioprojet has a legitimate interest in maintaining them.
  • Right of opposition: the right to oppose the Processing of personal Data by Bioprojet for reasons depending on the requester’s unique situation (subject to conditions).
  • Right to withdraw Consent: the right, at any time, to withdraw Consent when Processing is dependent on Consent.
  • Right to limitation of Processing: the right, in certain situations, to request that personal Data Processing be temporarily suspended.
  • Right to Data portability: the right to request that personal Data be transmitted in a reusable format allowing them to be used in another Database.
  • Right to not be subject to an automated decision: the requester’s right to refuse entirely authorised decision-making and/or to exercise relevant additional safeguards.
  • Right to define post-mortem directives: the requester’s right to define directives regarding the fate of their personal Data after their death.


Additional rights may be granted by local Regulations to Persons concerned.

To this end, Bioprojet has implemented a procedure for the management of the rights of Persons in compliance with the requirements of applicable Legislation. This procedure establishes:

  • The standards to be respected to ensure transparent information of the Persons concerned;
  • The legal requirements that must be satisfied;
  • The authorised means for submitting a request for each right, according to the category of Persons concerned;
  • The operational processes to process these requests in compliance with the aforementioned requirements;
  • The parties involved in these processes, their roles and responsibilities.

To exercise your rights, you can contact the Data Protection Officer (DPO):

When you submit a request to exercise a Right to us, you are asked to specify the scope of your request as far as possible, the type of right exercised, the personal Data Processing concerned, and any other useful information, so as to facilitate the assessment of your request. Furthermore, where there is reasonable doubt, you may be asked to prove your identity.

You also have the right to contact the National Commission for Information and Liberties (CNIL), 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07, with any complaints regarding the manner in which Bioprojet collects and processes your Data.


Updates to this Policy

This Policy may be regularly updated in order to take into account developments in Regulations regarding personal Data.

Date of last update 06/10/2022