General data protection policy

 

Part I – General Provisions

 

1. Information

Ad Scientiam is a simplified joint stock company with a capital of 13,405.00 euros registered with the Paris Registre du Commerce et des Sociétés under number 795 083 336, and whose registered office is located at 38 rue Dunois 75647 Paris CEDEX 13.

The Ad Scientiam website is made up of all the pages attached to the domain names “adscientiam.com” and “adscientiam.fr” (hereinafter “Site”). It is edited and managed by Ad Scientiam, which provides design, production, technical integration and maintenance.

The Ad Scientiam website is hosted on the Microsoft Cloud offer (Azure). It is geographically located in the Microsoft hosting center, located within the European Union.

  • Microsoft France, Approved health data host, Société Anonyme par Actions Simplifiées, with capital of 4,240,000.00 euros, whose registered office is located at 37 QUAI DU PRESIDENT ROOSEVELT 92130 ISSY-LES-MOULINEAUX, and registered in the Trade Register et des Sociétés de Nanterre under number 327 733 184. Microsoft website: https://azure.microsoft.com/fr-fr/. For more information, please refer to: https://www.windowsazure.com/fr-fr/support/trust-center/privacy/. https://azure.microsoft.com/fr-fr/. Pour plus d?informations, veuillez vous référer à : https://www.windowsazure.com/fr-fr/support/trust-center/privacy/

The Ad Scientiam website uses Matomo to manage the Site's audience measurements. The Solution is self-hosted by Ad Scientiam, which has servers certified as health data hosts within the European Union. 

  • Matomo analytics, 7 Waterloo Quay, Wellington 6011, New Zealand. Ad Scientiam self-hosting solution on servers located within the European Union. For any questions relating to the management of audience trackers or the operation of the tool, please refer to : https://fr.matomo.org/ https://fr.matomo.org/

2. Purposes

Ad Scientiam does not collect any personal data from users of the Website (hereinafter referred to as “User(s)”) when they browse the Website. 

However, when a User completes the online contact form, Ad Scientiam may collect personal data in order to respond to his request. 

3. Data collected (online form)*

When the User completes the online contact form, the personal data likely to be collected are as follows: 

  • identification data: surname, first name, email address, telephone*
  • request data: request description, details*

* Ces données sont facultatives, le choix de leur communication est laissé à l?Utilisateur.

* These data are optional, the choice of their communication is left to the User. The User's personal data is only processed to the extent necessary for the purposes for which it was obtained.

4. The duration of the conversation

The User's personal data is kept only for the purposes of processing online contact forms and for a period in accordance with the applicable legislation in force. 

5. Data sharing

As part of the provision of the service, Ad Scientiam uses a subcontractor for data hosting. The User's personal data that would have been collected with his consent is stored on Microsoft servers, located in the European Union. They are in no way transferred or transmitted to unauthorized third parties outside the European Union. Contractual guarantees of compliance with Data protection legislation have been provided between Ad Scientiam and Microsoft in order to ensure the protection of the User's rights. Ad Scientiam does not transfer any personal data except in the cases provided for by the applicable legislation in force. Apart from the aforementioned cases, Ad Scientiam does not share User data with third parties. 

Contractual guarantees of compliance with data protection legislation have been provided between Ad Scientiam and Microsoft in order to ensure the protection of User rights. Ad Scientiam does not transfer any personal data except in the cases provided for by the applicable legislation in force. 

Apart from the aforementioned cases, Ad Scientiam does not share User data with third parties.

6. Cookies

Ad Scientiam uses the Matomo tool to measure the audience of its website. By default, Matomo collects the following information:

  • User IP address
  • User ID optional
  • Date and time of request
  • Title of the page viewed
  • URL of the page viewed
  • URL of the page that was viewed before the current page
  • Screen resolution used
  • Time in local user's time zone
  • Files clicked on and downloaded
  • Links to an outside domain that have been clicked
  • Page generation time (time it takes for web pages to be generated by the web server and then downloaded by the user: Page Speed)
  • User location: country, region, city, approximate latitude and longitude (Geolocation)
  • Main browser language used
  • Browser user agent used

Matomo also uses cookies and processes the following information: 

  • Visitor random unique ID
  • Time of first visit by this user
  • Previous visit time for this user
  • Number of visits for this user

You can disable tracking cookies in the settings. Cookies are kept for a maximum legal period of 13 months. Cookie information is available here.

7. Contact

For all suggestions, information, reactions concerning this Site, the User may contact Ad Scientiam at the following address:

By mail: 

Ad Scientiam

38 rue Dunois

75647 Paris CEDEX 13 

France

By mail:

info@adscientiam.com

For more information, the User can consult the General Data Protection Policy below.

 

Part II – General Data Protection Policy

1. Objectives and scope

The terms beginning with a capital letter, used in this general policy for the protection of Personal Data (hereinafter the “Policy”) are defined in the Appendix “Definitions”. 

1. Policy Objectives

Ad Scientiam is a company involved in the research, development and operation of innovative health solutions, the purposes of its treatments may be those of monitoring and supporting the patient's pathology through an application, research clinics on a pathology targeting patients, or any other project related to its corporate purpose. 

Ad Scientiam undertakes to ensure the protection of Personal Data obtained in the course of its activity, as well as to comply with applicable laws and regulations regarding the Processing of Personal Data and Sensitive Personal Data.  

 

2. Scope

The Policy is intended to apply to all users of the Ad Scientiam website and products, hereinafter referred to as “the people concerned ». les Personnes Concernées ». 

In the event of conflicts between this policy and the Applicable Legislation, the following rules will apply: 

  • If the Policy is more protective, it is intended to take precedence over the Applicable Legislation.
  • If the applicable Legislation is more protective, it will apply to the points concerned instead of the Policy.

If any doubt remains, Data Subjects seek the advice of the Data Protection Officer (DPO), available by email at privacy@adscientiam.com. privacy@adscientiam.com.

3. Revision 

In the event of significant changes in data protection regulations or exposure to risks, this Policy is updated by Ad Scientiam. 

2. The Data Protection Officer (“DPO”)

Ad Scientiam has appointed a Data Protection Officer (DPO) to ensure Ad Scientiam's compliance with Applicable Legislation and compliance with the commitments made under this Policy. 

3. The principles to be observed in the Processing of Personal Data 

In accordance with applicable Legislation, Ad Scientiam undertakes to respect the principles set out below when collecting and Processing Personal Data.

1. The categories and descriptions of data collected

As part of its activity, Ad Scientiam undertakes to collect only the Data necessary for Data Processing such as: identification data (surname, first name, email), sensitive data (state of health, history, diagnosis, etc.) , personal life data (professional, personal situation, etc.).

The Data collected differs according to the quality of the Person Concerned: user of the website, of an application and/or participant in a study.

For your information, the categories and descriptions of data collected will always be indicated to you exhaustively in our consent forms relating to a study, an application or a named project. 

2. Legality, fairness and transparency 

Personal Data must be collected and processed in a manner lawful, fair and transparent. lawful, fair and transparent manner. 

As such, Ad Scientiam guarantees that any Processing is based onrecognized legal basis by the applicable Legislation such as:

  • The Data Subject has given Consent to the Processing of their Personal Data for one or more specific purposes (subject to compliance with the additional requirements detailed in the “Consent” section); this Consent is required for any collection of non-anonymized and direct Data from Data Subjects. Consent is required by a Consent Form or a checkbox on an app or website. 
  • The Processing is necessary for the performance of a contract to which the Data Subject is a party or to take appropriate measures at the Data Subject's request before entering into a contract;
  • The Processing is necessary to comply with the legal obligations to which Ad Scientiam is subject;
  • The Processing is necessary for the purposes of the legitimate interests pursued by Ad Scientiam;
  • The Processing is necessary to protect the vital interests of the Data Subject;
  • The Processing is necessary for the performance of a task in the public interest. 

When Processing is based on legitimate interest, Ad Scientiam carries out an analysis to determine whether or not this legitimate interest takes precedence over the interests or fundamental rights and freedoms of the Data Subjects. This assessment and its results must be documented and recorded for evidential purposes. 

In addition, Ad Scientiam ensures that Personal Data Processing activities are carried out in a mannervisible and transparent. To this end, Ad Scientiam provides accessible and intelligible information to Data Subjects on how their Personal Data is used, in accordance with the terms and requirements of the procedure for managing the rights of persons. apparent and transparent manner.. À cette fin, Ad Scientiam fournit des informations accessibles et intelligibles aux Personnes Concernées sur la façon dont leurs Données personnelles sont utilisées, conformément aux termes et exigences de la procédure de gestion des droits des personnes.

3. Consent

When the Processing is based on the Consent of the Person concerned, Ad Scientiam ensures that this Consent has been obtained and is correctly managed throughout the duration of the Processing.

    1. The conditions of validity of the Consent (characteristics and methods of collection)

Ad Scientiam ensures that the Consent obtained from the Data Subject meets the following criteria: 

  • Free real freedom of choice without negative consequences in case of refusal
  • Enlightened informed consent
  • Specific consent given for a particular purpose/processing
  • Unique no doubt about the intention to give consent
  • Specific additional condition for high-risk treatments 

In addition, Ad Scientiam must, where applicable, ensure compliance with local laws on the conditions of validity of the Consent. 

This Consent must be obtained before the collection of the Data and, at least, concomitantly with the collection of the Data. The Consent request must be distinguished from any other request/subject, in an intelligible and easily accessible form, in clear and simple language.

2. Consent management (duration, proof)  

Ad Scientiam ensures the Consent validity period : when the terms of Processing change or evolve, the original Consent is no longer valid. A new Consent must then be obtained.

3. Withdrawal of Consent 

The Data Subject must be able to withdraw Consent at any time (Article 7 GDPR). Ad Scientiam provides the Data Subject with the means to withdraw Consent as easily as it was given, whenever possible by a method equivalent to that used to obtain Consent.

4. Purpose limitation

Ad Scientiam is a company involved in the research, development and operation of innovative health solutions, the purposes of its treatments may be those of monitoring and supporting the patient's pathology through an application, research clinics on a pathology targeting patients, or any other project related to its corporate purpose. 

Before any collection of Personal Data, Ad Scientiam clearly defines the purpose(s) pursued by the collection, which must be determined, explicit and legitimate. Ad Scientiam also ensures that the purpose(s) thus defined are compatible with its activities. déterminées, explicites et légitimes. Ad Scientiam s?assure également que la ou les finalités ainsi définies sont compatibles avec ses activités.

5. Minimization and Accuracy  

The Personal Data collected must be adequate, relevant and not excessive in relation to the purpose pursued by the Processing. In other words, Ad Scientiam ensures that the collection relates only to the Data strictly necessary to achieve the purpose.

6. Limited retention 

Ad Scientiam ensures that the Personal Data processed is only not kept longer than necessary with regard to the purposes for which they are collected. The retention periods for personal data are specific to each Ad Scientiam project, application or study.

To find out how long your data will be kept, please refer to the processing policy of the project or study concerned. 

7. Personal Data Security

Give to science technical and organizational measures with the aim of ensuring security, confidentiality and integrity Personal Data for the duration of the Processing.

They vary depending on the project, application or study. 

You will find attached the most used technical security measures:

Type of securityTechnical security measures
Access to premises and equipment
  • Badge
  • Securing by key
  • SSO
  • Active Directory
  • Double authentification
  • Logical access control
  • Saving data
  • Securing the computer system
Access to data carrier
  • Collection of computerized patient consent (check box)
  • Strong password
  • Double authentification 
  • Intrusion Protection Policy 
  • Securing IT channels
Transmission of data and identification of recipients
  • Encryption of network exchanges using an https protocol
  • Special feeds 
  • Secure identification protocol 
  • Nominative accounts
  • Encryption of communication by electronic certificate
  • Securing IT channels
  • IT backup
Access rights management
  • Access control
  • Procedure for activating/deactivating accounts
  • Request for access by managers, granted according to the business profile
Connection logging
  • Log management
  • Securing IT channels
  • IT backup
  • Saving data
Continuity management
  • Redundant servers located in EU territory
Contract clauses
  • Annual audit on data security
  • Data Privacy Agreement
  • Data processing policy
  • Consent Forms

8. Transfer of Personal Data outside the European Union

The Transfer of Personal Data requires additional care and safeguards. Ad Scientiam ensures that any Transfer of Personal Data is adequately secured andlegally framed in accordance with the requirements of the Applicable Legislation.

4. Documentation and risk management 

All evidence of regulatory compliance must be retained in order to be able to demonstrate Ad Scientiam's compliance to the Supervisory Authority.

1. Data protection by design and by default (“Privacy by Design/by default”) Privacy by Design/by default?)

For any new project involving the Processing of Personal Data, Ad Scientiam implements measures to protect Personal Data from the design of the Processing, but also throughout the project and the life cycle of the Personal Data (from collection to destruction).

2. Data Protection Impact Assessment (DPIA/PIA)

When Processing is likely to create a high risk for the rights and freedoms of Data Subjects, Ad Scientiam performs a Data Protection Impact Assessment (DPIA/PIA) on the Processing, prior to the implementation of the Treatment. 

3. The processing register  

As Data Controller, Ad Scientiam keeps an up-to-date record of Processing in accordance with the requirements of the Applicable Legislation.

Staff training and awareness

Ad Scientiam ensures that all of its employees are made aware of the issue of the protection of Personal Data and understand the intent and scope of the Applicable Legislation as well as the risks in the event of non-compliance. 

All new employees undergo appropriate awareness/training with regard to their missions and their level of knowledge. 

6. Exercise of rights

Ad Scientiam undertakes to guarantee the exercise of the rights of Data Subjects granted to them by the applicable Legislation. The Applicable Legislation grants Data Subjects the following rights: 

  • Right to information : the right to have clear, precise and complete information on the use of Personal Data by Ad Scientiam. 
  • Permission to access : the right to obtain a copy of the Personal Data that the Data Controller holds on the applicant. (Article 15 GDPR). 
  • Right to rectification: : the right to have the Personal Data rectified if they are inaccurate or obsolete and/or to complete them if they are incomplete. (Article 16 GDPR).
  • Right to erasure / right to be forgotten : the right, under certain conditions, to have the Data erased or deleted, unless Ad Scientiam has a legitimate interest in keeping it. (Article 17 GDPR).
  • Right of opposition : the right to object to the Processing of Personal Data by Ad Scientiam for reasons relating to the particular situation of the applicant (under conditions). (Article 21 of the GDPR). 
  • Right to withdraw Consent: the right at any time to withdraw Consent when the Processing is based on Consent. (Article 7 GDPR).
  • Right to restriction of processing : the right, under certain conditions, to request that the Processing of Personal Data be temporarily suspended. (Article 18 GDPR).
  • Right to Data Portability : the right to request that the Personal Data be transmitted in a reusable format allowing them to be used in another Database.
  • Right not to be subject to an automated decision : the right for the applicant to refuse the fully authorized decision-making and/or to exercise the additional guarantees offered in this regard. 
  • Right to set post-mortem guidelines : the right for the applicant to define directives relating to the fate of Personal Data after his death.

For any information or for any exercise of the rights granted to you by the applicable Legislation, you can contact the DPO of Ad Scientiam at the email address:privacy@adscientiam.com privacy@adscientiam.com

If, despite everything, you believe that Ad Scientiam has not satisfied your request to exercise your rights, you can contact the competent data protection authorities (for the CNIL: www.cnil.fr).

Personal Data Breach Management

In accordance with its security obligation, Ad Scientiam defines, documents and implements a process to detect, qualify and respond to Personal Data Breaches.  

In the event of a data breach, and where possible, Ad Scientiam notifies Data Subjects of any breach of their personal data. 

8. Cookies

Information about cookies is available here

9. Management of third parties 

In accordance with the applicable Legislation, Ad Scientiam undertakes to choose Service Providers who offer sufficient guarantees as to the implementation of appropriate technical and organizational measures. 

10. Commitments of Ad Scientiam as Processor 

In accordance with the applicable Legislation, Ad Scientiam undertakes to keep an up-to-date register of Processing activities implemented on behalf of third-party Processing Managers.

 

Annexe 1 – Définitions

Data Protection Impact Assessment (DPIA/PIA) : analysis to be carried out by Ad Scientiam for Processing likely to create a high risk for the rights and freedoms of natural persons. 

Control authority : independent public authority set up by a Member State under Article 51 of the GDPR, responsible for monitoring the application of the GDPR, in order to protect the fundamental rights and freedoms of natural persons with regard to Processing and to facilitate the free flow of European Union Personal Data.

Consent : any expression of will, free, specific, informed and unequivocal by which the Person concerned accepts, by a declaration or by a clear positive act, that Personal Data concerning him be the subject of Processing.

Data Protection Officer (or “DPO”):the person designated by Ad Scientiam in charge of the protection of Personal Data within Ad Scientiam and of Ad Scientiam's compliance with the Applicable Legislation.

Recipient : natural or legal person, public authority, service or any other body that receives communication of Personal Data, whether or not it is a Third Party. In principle, data collection takes place directly with the Recipient.

Personal data / Personal data : any information relating to a Data Subject, in particular by reference to an identifier such as a name, an identification number, an identity card number, a salary, health records, bank account information, driving or consumption habits, Location Data, an online identifier, etc. The term “Personal Data” includes Sensitive Personal Data.

Applicable legislation : set of regulations relating to the protection of Personal Data and applicable to the Processing of Personal Data carried out by Ad Scientiam, namely European Regulation No. 2016/679 relating to the protection of Personal Data (RGPD), the amended Data Protection Act , and any other related regulations applicable to Ad Scientiam.

Concerned person : individual to whom the Personal Data relates and who can be identified or identifiable, directly or indirectly, thanks to this Personal Data. This includes former and current customers, prospects, and collaborators.

Data Controller: natural or legal person who, individually or jointly, decides what Personal Data is collected, why and how it is collected and processed.

GDPR: abbreviation of European Regulation No. 2016/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

Subcontracting : any natural or legal person, public authority, service or other body which processes Personal Data on behalf of the Data Controller and according to his instructions (for example service providers or suppliers).

Tiers : any natural or legal person, public authority, agency or any other body other than the Data Subject, the Controller, the Processor and the persons who, under the direct authority of the Controller or the Processor, are empowered or authorized to process the Data.

Treatment : any operation or set of operations carried out or not using automated processes and applied to Personal Data such as collection, access, recording, copying, transfer, conservation, storage, crossing, modification, structuring, provision, communication, recording, destruction, whether automatically, semi-automatically or otherwise. This list is not exhaustive.

Data transfer : any communication, any copy or movement of Data via a network, or any communication, any copy or movement of this Data from one medium to another, whatever this medium, of Personal Data to a country third party to the European Union or to an international organization which are or are intended to be the subject of Processing after this transfer.

Personal Data Breach: breach of security resulting, accidentally or unlawfully, in the destruction, loss, alteration, unauthorized disclosure of Personal Data transmitted, stored or otherwise processed, or unauthorized access to such Data.

Ad Scientiam is proud to announce its collaboration with Abata Therapeutics Read the article
en_USEnglish