Bimeda Holdings France SAS: Our registered address and our business address are at 2C Allée Jacques Frimot, Zone Atalante Champeaux, 35000, Rennes, France; You can contact us by post at the above address, by email at email@example.com or by telephone on +33 (0)2.30.06.06.60.
Bimeda France SAS: Our registered address and our business address are at 2C Allée Jacques Frimot, Zone Atalante Champeaux, 35000, Rennes, France; You can contact us by post at the above address, by email at firstname.lastname@example.org or by telephone on +33 (0)2.30.06.06.60.
NBVC Finance SAS: Our registered and business address is at 12 Chemin des Gorges Bat B, 69570 Dardilly, France. You can contact us by post at the above address, by email at email@example.com or by telephone on +33 (0)4.78.47.08.26.
NBVC SA: Our registered and business address is at 12 Chemin des Gorges Bat B, 69570 Dardilly, France. You can contact us by post at the above address, by email at firstname.lastname@example.org or by telephone on +33 (0)18.104.22.168.90.
Octavet SAS: Our registered and business address is at 12 Chemin des Gorges Bat B, 69570 Dardilly, France. You can contact us by post at the above address, by email at email@example.com or by telephone on +33 (0)4.78.47.08.26.
Iodolab SA: Our registered and business address is at 1 Avenue Bourgelat, 69280 Marcy L’Etoile, France. You can contact us by post at the above address, by email at firstname.lastname@example.org or by telephone on +33 (0)22.214.171.124.09.
(together “Bimeda France” each of the above is together referred to as “Bimeda”, “we”, “us” and “our”).
We are not required by law to have a data protection officer, so any enquiries about our use of your personal data should be addressed to the contact details of the relevant company above.
WHAT Personal data DO we collect and process?
In operating its business Bimeda will collect and gather the following categories of personal data:
- Identity Data such as first name, surname, gender, date of birth.
- Contact Data such as address, e-mail address, telephone number.
- Financial Data: such as your payment card details, bank details, VAT number, information about payments to and from you and other details of goods/ products you have purchased from us.
- Profile and Technical Data, in cases only where a Bimeda group website (bimeda.fr, www.octavet.fr, www.octavet.com, www.nbvc.fr , www.iodolab.com, www.iodolab.fr ) is used, such as your username and password, as internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology.
Bimeda undertakes to collect personal data only to the extent that it is necessary in relation to the purposes for which it is processed.
WHAT PRINCIPLES WE APPLY TO THE COLLECTION AND PROCESSING OF PERSONAL DATA
In relation to personal data, we are committed to:
- Processing personal data fairly and lawfully in line with individuals’ rights;
- Keeping all personal data confidential, safe and secure;
- Making sure the data is accurate and kept up to date;
- Making sure that any personal data processed for a specific purpose are adequate, relevant and not excessive for that purpose;
- Removing irrelevant information as necessary.
HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Those legitimate interests are detailed in this Section 4.
- Where we need to comply with a legal or regulatory obligation.
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email or otherwise. In such cases, you have the right to withdraw your consent at any time by contacting us.
We do not request from you and we request you do not provide any special categories/sensitive personal data (e.g. personal data relating to racial or ethnic origin, political or religious opinions, membership of a trade union, physical or mental health or condition or sexual life or orientation). This type of personal data is subject to special protections under EU law.
We will collect your personal data for specific, explicit and legitimate purposes which are detailed here below:
- We will collect and use your Identity; Contact; Profile and Financial Data to perform our contract with you (e.g. purchase of goods/services) and/or to comply with any legal or regulatory obligation.
- Only where our website(s) have been used, we will collect and use Profile and Technical for data analytics purposes to improve the Website, products/services, marketing, user/Customer relationships and experience. This is necessary for our legitimate interest to ensure any website content is presented in an effective manner for you and for your computer/device.
- We will collect and use Identity; Contact and Technical Data to administer and protect our business and our websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) which is necessary (i) for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise) and (ii) to comply with a legal obligation.
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you. However, you will receive marketing communications from us only if you have requested information from us or purchased services from us or if you provided us with your details when purchasing a product/service or for any reason, and, in each case, you have not opted out of receiving that marketing.
You can opt out of any marketing communications from us at any time by notifying us on the details above.
You may also withdraw your consent in case you don’t want anymore to receive news from our partners, including any member company of our group, at any time by notifying us as described above.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to restrict, block or delete cookies. Each browser is different, so check the ‘Help’ menu of your particular browser (or your mobile phone’s handset manual) to learn how to change your cookie preferences.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
DISCLOSURE OF PERSONAL DATA TO OTHERS
- any third party that is necessary in the performance of our contract with you i.e. delivery companies, couriers, parties to whom you have expressly consented the information to be provided to for the performance of the contract;
- any member of our group of companies, which means our subsidiaries, our ultimate holding company and its subsidiaries, where it is necessary to do so for the provision of goods/services to and administration of the contract/operation of our business;
- we contract with other entities that perform certain tasks on our behalf and who are under our control (“Service Providers”). This is required in order to operate our business and provide and manage our websites. Such Service Providers include IT systems suppliers and support, data storage, IT developers, insurance, credit card companies, payment processors, and other service providers necessary for the performance of our contract with you;
- professional advisors such as accountants, auditors, lawyers, bankers, insurers, and other outside professional advisors;
- entities that regulate or have jurisdiction over our business. We will disclose your personal data in order to comply with any legal obligation, if we are ordered to do so by a court of competent jurisdiction, law enforcement, regulatory or administrative authorities or in order to enforce or apply our contract with you or to protect the rights, property, or safety of Bimeda, our Customers, Suppliers, Distributors, Consultants, Agents or others. This includes exchanging personal data with third parties for the purposes of fraud protection and credit risk reduction.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our Service Providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. The Service Providers are bound by obligations of confidentiality.
INTERNATIONAL DATA TRANSFERS
- Where the country has been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- We may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Where service providers are based in the US, we may transfer data to them if they are part of the EU-U.S. Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
We will provide you on request a list of the countries located outside the EEA to which personal data may be transferred, and an indication of whether they have been determined by the European Commission to grant adequate protection to personal data. Where applicable, you are entitled, upon request to receive a copy of the relevant safeguard (for example, EC model contractual clauses) that has been taken to protect personal data during such transfer.
We are committed to protecting the personal data you provide us. To prevent unauthorised access or disclosure of personal data under our control, Bimeda has appropriate security systems in place to safeguard the personal data we collect. Encryption is also used on where security is particularly important.
It is Bimeda’s policy to be fair and proportionate when considering the actions to be taken to inform affected parties regarding breaches of personal data. In line with the GDPR, where a breach is known to have occurred which is likely to result in a risk to the rights and freedoms of individuals, the relevant supervisory authority will be informed within 72 hours. This will be managed in accordance with our Data Breach policy which sets out the overall process of handling information security incidents.
UPDATING YOUR PERSONAL DATA
It is important that the personal data we hold is accurate and current. Please keep us informed, using the relevant contact details if any of your personal data changes during your relationship with us. It is your responsibility to keep your personal data up to date at all times.
We retain personal data for no longer than is allowed under data protection law, the statute of limitations and any other relevant laws in place at the relevant time. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
At the end of the retention period for personal data, the relevant personal data will be deleted or rendered anonymous in such a manner that the data subject is not or no longer identifiable.
YOUR LEGAL RIGHTS
You have rights under applicable data protection law in relation to personal data, namely:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
- Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time if and to the extent we are relying on consent as the legal basis to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
- Give directives about the future of your personal data after your death. This enables you to ask us to retain, erase or communicate your personal data after your death. This requires your written directives.
- You will not have to pay a fee to access your personal data (or to exercise any of the other rights) except in cases where in cases where it is determined by Bimeda that the request is “manifestly unfounded or excessive”, then Bimeda is entitled to charge a fee for this information.
In order to exercise one or more of your rights in respect of your personal data, please contact us on the relevant company details above. We will respond to your request(s) as soon as reasonably practicable, but in any case within the legally required period of time.
You have the right to make a complaint at any time to the Commission Nationale de l’Informatique et des Libertés (“CNIL”) the French supervisory authority for data protection issues. (www.cnil.fr/en/contact-cnil). We would, however, appreciate the chance to deal with your concerns before you approach the CNIL so please contact us in the first instance on the contact details above.