Last updated: May 24, 2018
Advanced Accelerator Applications S.A.
This Policy is applicable only for AAA websites and does not apply to other websites that may be consulted by the user through links to articles and / or pages of the site and links.
With this document (“Policy”), the Data Controller, as defined below, aims to inform you about the purposes and methods of processing your personal data and the rights that are recognized by the Regulation (EU) 2016/679 on protection of natural persons, about the processing of personal data and their free circulation (“GDPR”). This Policy may be supplemented by the Data Controller if any additional services requested by you may result in further processing.
1) Who Is the Data Controller?
The Data Controller is Advanced Accelerator Applications based in Saint-Genis-Pouilly, 20 Rue Diesel 01630 France; phone +33 (0)450993070.
The Controller (AAA) has appointed a Data Protection Manager (Data Protection Officer – DPO), that you can contact for the exercise of your rights, as well as to receive any information relating to them and / or this information, writing to the account of Data Protection Officer by sending an e-mail to: DPO@adacap.com
The Controller and the DPO, through the designated structures, will take care of your request and provide you, without undue delay and in any case, no later than one month after receipt of the same, information relating to the action taken regarding your request.
We inform you that if the Controller has doubts about the identity of the individual submitting the request, he / she may request further information necessary to confirm the identity of the person concerned.
2) Interested Categories:
Following the consultation of this site, data related to persons identified or voluntarily identified through the contact forms on the site can be processed. This Policy addresses physical persons, legal persons, and public and private organizations.
3) What Data Are Collected by AAA?
You can visit our site anonymously. If you choose to register on the site, different categories of data will be processed:
When opening an account on our site or to report a secondary effect occurring as a result of using one of our products; for any questions regarding the availability, purchase, handling, or reimbursement of any of the products marketed by us; for the execution of an order; for the conclusion of a contract; for the refinement and execution of a contract; for any medical information including safety, efficacy and dosage of one of our products; to report a quality defect or send us a claim in connection with one of our products or services; for sending newsletters or completing a possible survey, we collect contact details, such as e-mail, address and name and surname of the contact person, company name, address, telephone numbers, VAT number, language, order number, e-mail address of the recipient of the invoice, also sensitive addresses, directly supplied by you and collected by sending an e-mail.
It should be noted that the optional, explicit and voluntary sending of e-mail address or other data included in the contact form to the official addresses (Information and Contacts) indicated on this website entails the subsequent acquisition of the sender address necessary to respond to requests and any other personal data included in the message. Specific summary information could be progressively reported or displayed on the pages of the site prepared for services on request.
By sending and / or requesting contact via e-mail or form, you are also consenting to receive non-commercial newsletters and information relating to AAA.
The web navigation data, the computer systems and the software procedures used to operate this website acquire, during their normal operation, some personal data (IP address) and technical data (technical cookies), whose transmission is implicit in the use of internet communication protocols (technical and / or persistent cookies).
This is information that is not collected to be associated with identified or identifiable interested parties, but which by their very nature could, through processing and association with data held by third parties, allow the user to be identified.
This category of data could also include IP addresses or domain names of the computers used by users connecting to the site, the addresses in Uniform Resource Identifier (URI) of the requested resources, the time of the request, the method used in submitting the request to the server, the file size obtained in response, the numerical code indicating the status of the response given by the server (success, error) and other parameters related to the operating system and the user’s computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use and access of the site to check its correct functioning, and are cancelled in any case after their expiration dates.
The data could be used and held also for the ascertainment of responsibility in case of computer crimes against the site according to the GDPR 679/2016.
“End User Data”
The visitors to the website are the so called “End Users”.
User data are generated by End Users who browse the website or customer sites. When an End User sends a consent from the customer’s site, the following data will be automatically registered by AAA or by other subjects to whom data such as group companies are transferred.
User data includes:
- The IP address of the final user in anonymous form
- The date and time of consent
- The End User’s browser user agent
- The URL from which consent was sent
- An anonymous, random and encrypted key value
- The state of consent of the final user, which constitutes proof of consent.
The key and the status of the consent are also saved on the End User’s browser with a first-party cookie, so that the site can read and automatically respect the consent of the final user on subsequent requests of the page and future sessions of the End User for the time strictly necessary to achieve the purposes for which they were collected, and in any case, will not be stored for longer than the current legislation.
The key is used as evidence of consent and to verify that the status of consent saved in the browser of the End User is unchanged from the original consent sent to AAA.
Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
The processing of your personal data by the Data Controller may also be connected to the fulfilment of obligations required by laws, regulations and / or Community regulations, or by supervisory and control bodies or other legitimate authorities.
Your personal data will be processed by the Controller, by the Managers and by the Assignees of AAA, or by third parties who carry out instrumental activities for the pursuit of the purposes, including abroad, including non-EU countries, in compliance with current legislation.
In this case the third parties are identified among those who, by experience, ability and reliability provide a suitable guarantee of full compliance with the current provisions on treatment, including the security profile. In this case, these subjects are designated as data processors and their updated list is available at any time by contacting the owner.
4) Purpose of Processing
Every single data collected is processed with automated systems and can be used for one or more of the following purposes:
- to customize the customer experience (the data provided helps AAA to better meet the individual needs of each user);
- for the completion and execution of the contract which provides the provision of selected services;
- for the supply of a product;
- for sending your professional / job application
- to report a secondary effect that occurred following the use of one of our products;
- for any question concerning availability, purchase or handling of a product;
- for the reimbursement of one of the products sold by us;
- for the execution of an order;
- for any medical information including safety, efficacy and dosage of one of our products;
- to report a defect in the quality of a product;
- to send us a complaint in relation to one of our products or services;
- for sending newsletters and e-mails or for completing a survey;
- to improve our website;
- to identify the customer as a contracting party;
- to establish a primary communication channel with the customer;
- to allow AAA to issue invoices with valid VAT and to process the transactions (the customer’s information will not be sold, exchanged, transferred or provided to other companies for any reason without the consent of the customer, except for the provision of the requested service);
- to produce and view the cookie declarations to End Users, as well as to save and view the scan report to the customer;
- to provide aggregated information on the choices of End Users in relation to the types of cookies accepted and to generate a graphic representation in the management system of the service;
- to send e-mails on a regular basis (the e-mail address provided for the processing of orders can be used to send information and updates related to the same, as well as occasional news about the company (if the user gives consent), as well as updates or information regarding products or services, conferences, etc.)
5) Type of Consent
Consequences of the refusal to provide mandatory consent:
The missing provisioning of consent will make it impossible for the company to give answer to your requests pre- and post-contract, to provide the service and / or to perform the contract.
Consequences of the refusal to grant optional consent:
Failure to provide consent, although it will allow the Data Controller to perform the activity requested by you in the same way will prevent the data processing for identified services that conform to personal attributes.
6) Personal Data Protection Measures
The server operating system, in which the web application and database are allocated, can guarantee elevated levels of integrity, availability and confidentiality of information.
7) Personal Data Retention Period
Your personal data will be processed actively for the time necessary to manage the existing relationship and / or the execution of service or contract. In any case, the data are processed for the time strictly necessary to achieve the purposes for which they were collected, and in any case, they will not be stored for longer than required by current legislation.
8) Legal Basis of Processing: General Data Protection Regulation (GDPR) in the EU 679/2016
The processing of customer data is based on the consent given or on the fact that processing is necessary for the execution of a contract in which the customer is a contracting party, or to take the necessary measures before the conclusion of the contract on customer request (ref. see Article 6 (1) (a) – (b) of the GDPR) or anything else indicated in the paragraph “purposes of processing”.
AAA in its capacity as Data Controller, intends to process your personal data to send commercial communications of products and services, invitations to conferences, including direct marketing conducted using the results of the analysis, as well as proceeding with direct sales and carrying out surveys or market research. In this case the nature of the consent is: optional.
Consequences of the refusal to provide consent: Failure to provide data related to the provision of consent to marketing will not affect the satisfaction of its requests and the execution of contracts but will make it impossible for AAA to send marketing communications.
10) Personal Data Retention Period Referred to Marketing Operations
Your personal data, treated as described, will be deleted within 30 days from the termination of the last contractual agreement with the Data Controller. In any case, if you decide to withdraw your consent or to oppose the processing, your personal data will be deleted within 30 days of the request.
11) What Rights Do You Have as an Interested Party?
In relation to the processing described in this Policy, as an interested party you can, under the conditions established by the GDPR, exercise the rights established by articles 15 to 21 of the GDPR and, in particular, the following rights:
Right of access: Article 15 GDPR: the right to obtain confirmation that a personal data processing is in progress for you and, in this case, obtain access to your personal data, including a copy thereof.
- right of rectification – article 16 GDPR: right to obtain, without undue delay, the correction of inaccurate personal data concerning you and / or the integration of incomplete personal data;
- right to cancel (right to be forgotten) – article 17 GDPR: right to obtain, without undue delay, the deletion of personal data concerning you;
- right to limitation of processing – article 18 GDPR: right to obtain limitation of treatment, when:
- the interested party disputes the accuracy of personal data, for the period necessary for the holder to verify the accuracy of such data;
- the processing is illegal and the interested party opposes the cancellation of personal data and asks instead that its use is limited;
- personal data are necessary for the interested party to ascertain, exercise or defend a right in court;
- the interested party opposed the treatment pursuant to art. 21 GDPR, during the waiting period for verification of the possible prevalence of legitimate reasons of the data controller with respect to those of the interested party;
- right to data portability – article 20 GDPR: right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning you provided to the Controller and the right to transmit them to another Controller without impediments, if the processing is based on consent and is done by automated means. Furthermore, the right to obtain that your personal data is transmitted directly to another Controller if this is technically feasible;
- right to object – article 21 GDPR: right to object, at any time for reasons connected with your particular situation, to the processing of personal data concerning you based on the lawfulness of legitimate interest or the performance of a task in the public interest or exercise of public powers, including profiling, unless there are legitimate reasons for the Data Controller to continue processing that prevail over the interests, rights and freedoms of the data subject or for the assessment, exercise or defence of a right in court. Furthermore, the right to oppose the processing at any time if personal data are processed for direct marketing purposes, including profiling, to the extent that it is related to such direct marketing.
The above rights may be exercised against the Owner, by contacting the references described above.
The exercise of your rights as an interested party is free under Article 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, also due to their repetitiveness, the Controller may charge a reasonable fee, in light of the administrative costs incurred to manage your request, or deny the satisfaction of your request;
- right to revoke:
The interested party has the right to withdraw his consent at any time. The withdrawal of consent does not affect the lawfulness of the treatment based on consent before revocation.
The exercise of the aforementioned rights may take place by sending a communication written to the data controller.
- right to lodge a complaint:
The interested party has the right to lodge a complaint with the French Data Protection Authority.
12) Communication to third parties and / or sharing of data
For the purposes of this statement we inform you that your data may be disclosed to third parties, designated in written form, if this is necessary to fulfil an obligation under the law, to perform obligations arising from a contract of which you are or you will be part, and to fulfil, before the conclusion of the contract, specific requests.
The recipients of the personal data communications of the data subject are also identifiable in the following categories of recipients, by way of example but not limited to: supervisory bodies, judicial authorities, bodies, professionals, companies, public administrations or other structures designated for the execution of processing related to the fulfilment of administrative, accounting and management obligations related to the ordinary performance of the Controller’s economic activity (legal obligations); and banks, financial institutions, professionals, professional firms and consultants to whom the communication of the aforesaid data is necessary for the performance of the activity of the Controller and, in particular, in relation to the fulfilment of the contractual obligations assumed towards the data subject (contractual obligations).
- What are Cookies?
Cookies are text files containing small amounts of information which are downloaded to your computer or mobile device when you visit a website or mobile application. Cookies are then sent back to the originating site on each subsequent visit, or to another site that recognizes the cookies. You can find out more information about cookies at www.allaboutcookies.org.
- Types of Cookies
There are two broad categories of cookies:
First Party Cookies are served directly by AAA to your computer or mobile device. They are used only by AAA to recognize your computer or mobile device when it revisits our site.
Third Party Cookies are served by a service provider on our website, and can be used by the service provider to recognize your computer or mobile device when it visits other sites. Third party cookies are most commonly used on our site for conducting platform analytics.
Cookies can remain on your computer or mobile device for different periods of time. Some cookies are “session cookies”, meaning that they exist only while your browser is open. These are deleted automatically once you close your browser. Other cookies are “permanent cookies,” meaning that they survive after your browser is closed. They can be used by our website to recognize your computer or mobile device when you open your browser again.
- What Cookies Do We Use?
Our website uses the following types of cookies:
|Type of cookie||Purpose|
|Essential Cookies||These cookies are essential to provide visitors with the services available through our site and to use some of its features, such as access to secure areas. Without these cookies, some of the services that visitors expect would not be possible.|
|Analytics Cookies||These cookies are used to collect information about how visitors use our site. The information is aggregated and cannot be used to identify individuals. Such information includes the number of visitors to our site, the sites that referred them to our site, the search terms that led them to our site and the pages that they visited on our site. We use this information to monitor the level of activity on our site, assess our marketing activities, and help make our site more efficient.|
|Performance Cookies (e.g. Google Analytics, Crazy Egg)||These cookies collect information about how visitors use our site so that we can track website statistics. We use Google Analytics for this purpose, and more specifically: (1) to optimize traffic to and between our websites, and (2) to integrate and optimize web pages where appropriate. Google Analytics uses its own cookies. These cookies don’t collect information to identify a visitor. They collect anonymous information about website visitors to improve how our site works. More information about Google Analytics can be viewed or accessed here: https://developers.google.com/analytics/resources/concepts/gaConceptsCookies. The use of Google Analytics on our site can be avoided by installing the browser plugin available here: http://tools.google.com/dlpage/gaoptout?hl=en-GB. Google will use the information generated by the cookies to evaluate the use of our website, compile reports on website activity, and provide us with reports for analytical purposes. Google may transfer this information to third parties when it is legally required to do so or where it has engaged a third party to process data. Google will not combine or associate visitors’ IP address with other data stored by Google. By using our website, you consent to the processing of your Personal Information or other information by Google for the purposes described here. We also use Crazy Egg, a heat mapping software, for this the following purposes: (1) to identify and authenticate users, (2) to store user preferences, (3) to test site performance, and (4) to assess usage patterns and analyze site traffic. Crazy Egg uses its own cookies. These cookies don’t collect information to identify a visitor. Crazy Egg does not link cookies to any personally identifiable information in our servers or databases. By using our website, you consent to the processing of your Personal Information or other information by Crazy Egg for the purposes described here.|
|Functionality Cookies||These cookies allow our site to remember choices visitors make (such as their region or language) to provide enhanced features. These cookies can also be used to remember changes visitors have made to text size, fonts and other parts of web pages that can be customized. They may also be used to provide services that visitors have asked for, such as watching a video or commenting on a blog. For example, if a visitor has installed Adobe Flash and views a video on our site, we store a “flash cookie” on the visitor’s computer. These cookies are used to play back video or audio content with the visitor’s preferences. The information these cookies collect cannot track visitors’ browsing activity on other websites.|
|Social Media Cookies||These cookies are used when visitors share information using a social media sharing button or “like” button on our sites, or engage with our content on or through a social networking site such as Facebook, Twitter or Google+. The social network will record that visitors have done this. This information may be linked to targeting or advertising activities.|
- How to Control or Delete Cookies
You have the right to choose whether to accept cookies and we explain how you can exercise this right below. However, please note that if you do not accept cookies on our site, you may experience some inconvenience when using our site.
You can set your cookie preferences by changing your browser settings so that cookies from this site cannot be placed on your computer or mobile device. To do so, follow the instructions provided by your browser (usually located within the “help”, “tools” or “edit” facility).
For further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org or www.youronlinechoices.eu.
- Pixel Tags
We may also use pixel tags (which are also known as web beacons and clear GIFs) on our site to track the actions of visitors to our site. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on web pages. Pixel tags measure the success of our marketing campaigns and compile statistics about usage of our site, so that we can manage our content more effectively. The information we collect using pixel tags is not linked to our users’ personal data and may be used for internal, marketing purposes only.
- IP Addresses
We may collect information about your computer or mobile device, including your IP address, operating system, log in times and browser type. We use this information to better understand how visitors use our site and for internal reporting purposes. We may anonymize and share this anonymized information with advertisers, sponsors and/or other businesses.
14) International Transfer of Personal Information
15) Retention Period
We will retain your Personal Information and other information for the period necessary to fulfil the purposes outlined in this Policy, unless a longer retention period is required or permitted by law.
16) Links to Other Sites
This Policy applies only to AAA websites and not to websites owned by third parties. We may provide links to other websites that may be of interest to you. However, we cannot guarantee the privacy standards of linked websites, and this Policy is not intended to be applicable to any such websites.
This site is not directed at anyone who we know to be under the age of 18, nor do we collect any personal information from anyone who we know to be under the age of 18. If you are under the age of 18, you should not use our website and should not submit any Personal Information or other information to us.
18) Changes to this Policy
From time to time we may change this Policy. If we make any changes, we will change the Last Updated date above. If you do not agree to these changes, please do not continue to use our site. If material changes are made to this Policy, we will notify you by e-mail or by placing a prominent notice on the site.