The protection of individuals with regards to the processing of their Personal Data (as defined below) is a fundamental right that Owkin group, which includes without limitation Owkin Inc., Owkin France and Owkin UK Ltd (together, “Owkin”, “we”, or “us”) takes very seriously.
We process Personal Data as part of its relations with the visitors, prospects, partners and – more generally – any users of the website www.owkin.com (the “Website”).
We are committed to carrying out our business in accordance with the applicable data protection regulations and, in particular, the General Data Protection Regulation (EU) 2016/679 of April 27th, 2016 (“GDPR”), which aims to protect individuals’ rights with regards to the collection, use, retention, transfer, disclosure and destruction of their Personal Data.
Please read the following carefully and do not hesitate to contact our Data Protection Officer, Maître Eric Barbry, if you need further information or assistance: email@example.com.
– “Controller”: refers to Owkin Inc., Owkin France or Owkin UK Ltd
– “Data Subject”: refers to any individual who can be identified, directly or indirectly from their Personal Data (as defined below);
– “Personal Data”: refers to any information or pieces of information that can directly or indirectly identify a Data Subject, such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual;
– “Processor”: refers to any individual or entity who processes Personal Data on behalf of Owkin;
– “Recipient”: refers to any individual or entity who receives Personal Data from Owkin, including but not limited to: Owkin’s employees, subcontractors, agents, partners or others.
WHAT DATA DO WE COLLECT?
We collect various types of Personal Data from our online contact forms (case studies, newsletter) and website cookies. This may include, without limitation: your personal information such as your first name, last name, email address, phone number, job title and company; These Personal Data are necessary to process your request. Each contact form limits the collection of Personal Data to what is necessary and indicates the required information to provide. your Internet browsing history and activity data (access times, page views, forms completed on the website, URLs clicked on, IP address, etc.); and technical information such as the type of browser and operating system you use or your device information (unique device identifier, hardware model, operating system and version, mobile network information).
You are under no obligation to provide Personal Data, but if you elect not to provide it, you may be unable to use certain features of the Website or to communicate with us via the Website.
WHAT IS THE PURPOSE OF DATA PROCESSING?
We may collect and process some or all of the following types of Personal Data as they relate to our services:
Purpose Type of data Management of contractual relationships, business development Data related to the performance of an agreement with an hospital, an university, a research center, a partner, a pharma company or a corporate client; data related to our efforts to establish new partners and clients, data related to the use and the deployment of the newsletter, data related to the organization of events Securiy Data collected and processed to ensure security. Statistics Data collected during surveys and statistics Cookies Data related to the management of cookies used on the Website Accounting and tax Data related to the processing for invoicing and accounting purposes Website Data related to the proper execution of our website (case studies, contact forms, etc.).
WHO MAY ACCESS YOUR PERSONAL DATA?
We always ensure that your Personal Data is transferred to legitimate internal or external Recipients only.
Internally, the individuals with access to your Personal Data are authorized employees within the competent departments of Owkin.
We also rely on trusted third parties to perform a range of business operations on our behalf and we may transfer your Personal Data to such providers that may also process them: IT providers, such as platform providers, hosting services, third parties that perform on our behalf maintenance and support on our databases and softwares; third parties that perform on our behalf our satisfaction surveys or statistical analyses associated with the use of our website.
In any case, we only provide them with the information they need to perform the service, and we require that they keep your Personal Data confidential and secure.
We will never sell your Personal Data to any third parties.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
Your Personal Data will never be retained longer than the time necessary to perform the purpose for which it is processed. Type of data Retention period Partners / Clients Duration of the contractual relationship plus an additional 3 years for purposes of promotion and prospecting, without prejudice to conservation obligations or limitation periods. Prospects 3 years from the time of data collection or from the time of last contact with the prospect, without prejudice to conservation obligations or limitation periods. Technical Data collected during connection to the website 1 year Cookies 13 months
Upon reaching the set deadlines, data is either anonymized and stored or deleted. Anonymized data is often used for statistical litigation purposes.
Deletion and anonymization are irreversible operations. We cannot restore data after performing these operations.
WHAT ARE YOUR RIGHTS TO ACCESS YOUR DATA?
6.1 Right to Access
You have the right to ask for confirmation that your data is or is not being processed. You also have the right to request a copy of your Personal Data that has been processed by Owkin. However, you must bear the costs associated with such a request.
Your right to access your data does not apply to confidential data or information, or to data for which communication is not authorized by law. The right to access your data shall not be overused (i.e., carried out regularly for the sole purpose of destabilizing the service).
6.2 Right to Rectification
Upon written request accompanied by proof of identity, we will update online fields that we are able to change (both technically and legally).
6.3 Right to be Forgotten
You have the right to request the erasure of your Personal Data where: your Personal Data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent on which the processing is based, and there were no other legal grounds for the processing; you object to the processing, and there are no overriding legitimate grounds for the processing; your Personal Data has been subject to unlawful processing; or your Personal Data has to be erased for compliance with an applicable legal obligation.
For legal and security purposes, we shall verify your identity before erasing your Personal Data.
6.4 Right to Object to Processing
The right to object to processing is not intended to apply insofar as the processing operated by Owkin is lawful and all the Personal Data collected is necessary for the performance of its services.
6.5 Right to Rectification
You have the right : to ask Owkin to rectify any inaccuracies in your Personal Data; and to have incomplete Personal Data completed, taking into account the purposes of the processing.
6.6 Right to Data Portability
You have the right to receive your Personal Data from us in a commonly used, structured and machine-readable format, only when we process your data on the basis of your consent, by automated means.
6.7 Post-Mortem Right
You have the right to provide guidelines regarding the retention, deletion, and communication of your post-mortem data.
6.8 Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority, namely the CNIL in France, if you consider that the processing of your Personal Data does not comply with the GDPR to the following address: CNIL – Service des plaintes 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07 – (+33)1 53 73 22 22
6.9 How to Exercise Your Rights?
Only Data Subjects are entitled to exercise their rights regarding their Personal Data. Such a request can be submitted in writing, along with a copy of an up-to-date identity document to the following address: e-mail address.
HOW DO WE USE YOUR PERSONAL DATA?
You authorize Owkin to use and process your Personal Data for the purposes set out in section 2. However, enriched data remains our exclusive property.
We may define and implement technical security measures against the destruction, loss, alteration or unauthorized disclosure of data in an accidental or unlawful manner, including: internal safeguards, identification processes, conducting security audits, adopting an Information System Security Policy; adopting a continuity / business recovery plans; or using a protocol or security solution.
In the case of a Personal Data breach, we will notify the French National Commission for Data Protection and Liberties (“CNIL”) following the conditions provided by the GDPR. If this breach constitutes a high-risk, we shall notify and communicate the necessary information to you.
DATA PROTECTION OFFICER
If you have any issue regarding your Personal Data or if you need further information, please contact our Data Protection Officer: Maître Eric Barbry, firstname.lastname@example.org, Tel: (+33)1 44 82 43 00.
RECORD OF PROCESSING ACTIVITIES
As a Controller, we keep a record of all data processing activities. We ensure that this process complies with the data protection laws in force.