Privacy policy

Personal data protection policy

At Laboratoires NIGY, we are fully aware of the importance of respecting privacy and are particularly concerned about protecting your personal data.

This is why we have taken all the necessary measures to comply with all the provisions relating to the protection of personal data.

This policy is intended to inform you about the way in which NIGY Laboratories and all its affiliated companies (hereinafter referred to together as "Mayoly Spindler", "we", "us", "our"), in their capacity as data controller, undertake to collect, process and protect your personal data in accordance with the French Data Protection Act of January 6, 1978 as amended, the EU General Data Protection Regulation (RGPD) and, more broadly, all applicable legal and regulatory provisions.

More specifically, the purpose of this policy is to explain to you:

- What categories of personal data are likely to be collected and how are they collected?

- For what purposes is your personal data used, on what legal grounds is it processed and what are your rights?

- To whom may your personal data be transferred?

- How long are your personal data stored?

- How is your personal data protected?

- How to exercise your rights

This policy is subject to change. The most recent version of this policy will be posted on our websites.

1/ What categories of personal data are likely to be collected and how are they collected?

1.1 Categories of personal data collected

The personal data that may be collected when you interact with us are as follows:

- General identification data: surname, first name, bank details;

- Contact details: postal address, e-mail address, telephone number;

- Subject of your request and content of your message;

In any event, any personal data we collect is only that which is strictly necessary for the purposes described in this privacy policy and is adequate, relevant and not excessive in relation to those purposes.

1.2 Sources of personal data collection

We may collect your personal data in various ways:

- Data that you communicate to us through various media;

- Data that we collect automatically (via our website, for example);

- Data we collect from public sources in compliance with applicable legislation;

- Data we lawfully collect from third parties with whom we interact.

2/ For what purposes are your personal data used and on what legal grounds are your personal data processed?

NIGY Laboratories may collect your personal data for the activities and purposes detailed below and in compliance with the legal grounds set out below.

Activité	Finalité	Fondement juridique	Vos droits
Achat et Vente de produits et de services	Gestion des comptes clients/fournisseurs (consommateurs et professionnels)	Intérêt légitime	Accès, rectification, effacement, limitation, opposition, droit de définir des directives relatives sur le sort de vos données personnelles après votre décès
Information promotionnelle	Visite médicale	Intérêt légitime	Accès, rectification, effacement, limitation, opposition, droit de définir des directives relatives sur le sort de vos données personnelles après votre décès
	Visite médicale	Obligation légale (Charte de l’information par démarchage ou prospection visant à la promotion des médicaments)	Accès, rectification, effacement, limitation, droit de définir des directives relatives sur le sort de vos données personnelles après votre décès
	Opérations de communication	Consentement	Accès, rectification, effacement, limitation, retrait du consentement, portabilité, droit de définir des directives relatives sur le sort de vos données personnelles après votre décès
	Opérations de communication	Intérêt légitime	Accès, rectification, effacement, limitation, opposition, droit de définir des directives relatives sur le sort de vos données personnelles après votre décès
Vigilances sanitaires (Pharmacovigilance/ Matériovigilance/ Cosmétovigilance/ Nutrivigilance)	Gestion des notifications (collecte, analyse, soumission aux autorités, etc.) et gestion des contacts avec les notificateurs	Obligation légale (Code de la santé publique)	Accès, rectification, limitation, droit de définir des directives relatives sur le sort de vos données personnelles après votre décès
Information médicale	Réponse aux demandes d’informations médicales et scientifiques sur nos produits	Obligation légale (Code de la santé publique/ Charte de l’information par démarchage ou prospection visant à la promotion des médicaments/Référentiel de certification)	Accès, rectification, limitation, droit de définir des directives relatives sur le sort de vos données personnelles après votre décès
Etudes de marché/Etudes médicales	Réalisation/pilotage des études	Intérêt légitime	Accès, rectification, effacement, limitation, opposition
Etudes de marché/Etudes médicales	Réalisation/pilotage des études	Consentement	Accès, rectification, effacement, limitation, retrait du consentement, portabilité, droit de définir des directives relatives sur le sort de vos données personnelles après votre décès
Réclamations	Gestion des réclamations pharmaceutiques	Obligation légale (Code de la santé publique et Code civil)	Accès, rectification, limitation, droit de définir des directives relatives sur le sort de vos données personnelles après votre décès
	Gestion des réclamations logistiques	Intérêt légitime	Accès, rectification, limitation, opposition, droit de définir des directives relatives sur le sort de vos données personnelles après votre décès
	Gestion des réclamations logistiques	Obligation légale (Code de la santé publique)	Accès, rectification, limitation, droit de définir des directives relatives sur le sort de vos données personnelles après votre décès
Relations avec les professionnels de santé	Gestion du CRM	Intérêt légitime	Accès, rectification, effacement, limitation, opposition, droit de définir des directives relatives au sort de vos données après votre décès
	Hospitalité/Invitations aux évènements scientifiques	Intérêt légitime	Accès, rectification, effacement, opposition, limitation, droit de définir des directives relatives sur le sort de vos données personnelles après votre décès
	Contrats de consultant/expert/participation à une étude	Convention	Accès, rectification, effacement, limitation, portabilité, droit de définir des directives relatives sur le sort de vos données personnelles après votre décès
	DMOS/Dispositif anti-cadeaux	Obligation légale (Code de la santé publique)	Accès, rectification, limitation, droit de définir des directives relatives sur le sort de vos données personnelles après votre décès
	Dispositif de transparence des liens d’intérêts	Obligation légale (Code de la santé publique)	Accès, rectification, limitation, droit de définir des directives relatives sur le sort de vos données personnelles après votre décès

3/ To whom may your personal data be transferred?

In connection with the purposes described above, your personal data may be shared with the following persons:

- Laboratoires NIGY and all its affiliated companies;

- Our partners (e.g. healthcare professionals and institutions, distributors, etc.);

- Our service providers (notably IT);

- Any administrative or judicial authorities

We ensure that all these persons comply with the present policy and, more generally, with all the rules applicable to personal data.

Should your personal data be transferred outside the European Union, we implement all the guarantees prescribed by the applicable regulations (in particular the European Commission's Standard Contractual Clauses).

4/ How long is your personal data kept?

Your personal data is kept for the time strictly necessary to achieve the purposes described above.

Once this period has elapsed, your personal data is deleted or archived in accordance with the legal provisions in force.

5/ How are your personal data protected?

We have a set of organizational and technical procedures and measures in place to ensure the integrity and confidentiality of your personal data.

Your personal data is thus protected against unauthorized access, use or disclosure, as well as accidental or unlawful destruction, loss or alteration.

In certain cases, we may also anonymize your personal data so that it cannot be identified.

All persons to whom your personal data is transferred have security measures in place to ensure that your data remains confidential and intact.

6/ How to exercise your rights

In application of applicable legislation, and depending on the context in which they are exercised, you may exercise the following rights:

- Right of access to your personal data;

- Right of rectification, enabling you to obtain rectification of your personal data in the event that it is inaccurate, incomplete or obsolete;

- Right of deletion in the situations provided for by the rules in force;

- The right to restrict the use of your personal data in accordance with the regulations in force;

- Right to object when your data has been collected and processed on the basis of our legitimate interests, subject to justification;

- Right to withdraw consent when your personal data has been collected and processed on the basis of your consent;

- Right to data portability allowing you to transmit your personal data to any third party of your choice (reserved only for cases where your personal data has been collected and processed on the basis of your consent);

- The right to specify what happens to your personal data after your death.

To exercise these rights, please contact us:

By e-mail at the following address: rgpd@mayoly.com

By post at the following address Laboratoires NIGY (for the attention of the Data Protection Officer) - 3 Place Louis Renault - 92500 Rueil-Malmaison - France.

In the event of a dispute, you may also contact the Commission Nationale de l'Informatique et des Libertés (CNIL) under the conditions indicated on its website www.cnil.fr.