English
Français

Privacy policy

Français

Introduction

Histalim processes your personal data as part of the management of the website, in accordance with current legislation.

This policy provides you with information on how Histalim processes your personal data.

This policy, which is accessible on our website, is updated regularly to take account of legislative and regulatory developments and any changes in the processing operations carried out by Histalim.

This policy was last updated on 23/05/2024.

What are our commitments?

We undertake to comply with the applicable regulations for all processing of personal data that we carry out. Thus, we undertake to respect the following principles:

  • We process your personal data in a lawful, fair and transparent manner.
  • We collect your personal data for specific, explicit and legitimate purposes and do not process it in a way that is incompatible with those purposes.
  • We ensure that personal data is adequate, relevant and limited to what is necessary for the purposes for which it is processed.
  • We make every effort to ensure that personal data is accurate and, where necessary, kept up to date. We take all reasonable steps to ensure that personal data which is inaccurate, having regard to the purposes for which it is processed, is deleted or rectified without delay.
  • We shall keep your personal data in a form which allows your identification only for as long as is necessary for the purposes of the processing.
  • We guarantee an appropriate level of security for the personal data we process.

These commitments are manifested in the following ways:

  • We respect your privacy.
  • We ensure that the protection and security of your personal data is our primary concern.
  • We do not use your personal data for purposes that have not been brought to your attention.
  • We do not consider that your personal data should be stored indefinitely.
  • We do not sell your personal data to third parties.
  • We work with trusted partners who provide sufficient guarantees that technical and organisational measures are in place to ensure that our processing operations meet the requirements of the applicable regulations.
  • We respect your rights as a data subject, and as a patient, and make every effort to respond to your requests as soon as they are justified.

How do we collect your personal data?

We collect your data directly from you, via our website, or, in the case of biological samples, from our healthcare partners.

What personal data do we process and for how long?

We remind you that personal data is information relating to an identified or identifiable natural person (the “data subject”), such as your first and last names, your postal address or data concerning health.

We undertake to process only personal data that is strictly necessary for the purposes for which it is collected and to keep it only for as long as is necessary for those purposes.

The categories of personal data that we process are as follows:

Processing activitiesLegal basisCategories of personal dataRetention period (active basis)
Management of the biobank and data associated with the samplesLegitimate interest (establishment of a biobank for scientific research and/or quality control purposes)Identification data, health data, data relating to personal life (lifestyle, family situation, etc.)10 years after the human body material was obtained
Management of the websiteLegitimate interest (management of contacts)Identification data, connection data and logs, data relating to the management of contacts and account creation3 years from the last contact
6 months for connection logs
Recruitment managementPerformance of pre-contractual measuresIdentification data and data relating to the professional situation of the applicant2 years from the date of application (unless objected to)
Supplier managementPerformance of the contractIdentification data, professional data3 years from the end of the contractual relationship
10 years for invoices from the date of issue
Customer managementPerformance of the contractIdentification data, business data3 years from the end of the contractual relationship
10 years for invoices from the date of issue

Who can access your personal data?

Your data will be communicated, if necessary, only to the following recipients:

  • Authorized Histalim personnel;
  • Subcontractors and trusted service providers, particularly those responsible for IT.

We make every effort to ensure that the number of such persons remains as limited as possible.

We only provide our trusted service providers with the information they strictly need to provide the service, and they may not use your personal data for any other purpose.

We always make our best efforts to ensure that all our trusted service providers with whom we work maintain the security of your data.

We also ensure that, when our relationship with a trusted service provider comes to an end, they delete your personal data without delay.

We select our trusted service providers with great care, ensuring that they offer sufficient guarantees, particularly in terms of expertise, reliability and resources, to implement technical and organizational measures capable of meeting the requirements of applicable legislation, particularly in terms of security. In this respect, we ensure that our trusted service providers process personal data only on our documented instructions. We also ensure that their staff have undertaken to respect confidentiality or are subject to an appropriate legal obligation of confidentiality.

What are your rights as a data subject?

You have the right to access, rectify, delete and port your personal data, as well as the right to limit the processing of this data.

You may exercise your rights:

  • By e-mail to the following address: rpd.histalim@cerbaresearch.com
  • Or by post to the following address: Histalim – RPD 126 Rue Emile Baudot, 34000 Montpellier