In this Privacy Notice, “Steba”, “We’’, ‘’Us’’ and ‘’Our’’ refers to Steba Biotech S.A., a Luxembourg corporation, together with its subsidiaries.
In the framework of its activities, Steba may need to collect and process personal data (as defined below) of individuals with whom it has interactions with (patients, participants to clinical trials, healthcare professionals, users of products and services, workers, etc.).
Steba is fully committed to the protection of personal data and intends to provide you in this Privacy Notice with all relevant information regarding the way in which Steba collects and processes your personal data.
We may change this Privacy Notice from time to time. When this happens, We will provide an updated version that includes the relevant changes.
Who is responsible for the processing of personal data?
Steba Biotech S.A. and its French subsidiary Steba France S.A.S. are jointly responsible for the processing of personal data and therefore act as Joint Controllers.
Please refer below to Section “Contact Us” for Our Data Protection Officer contact information.
What is personal data? What is the basis for processing personal data?
Personal data is any information relating to an identified or identifiable individual, processed by Us in connection with the objectives and purposes defined herein.
Such personal data can take the form of:
- basic identification information such as your name and contact information;
- email communications between you and Steba;
- connection data: any information regarding your connection to the Steba website;
- your responses to any surveys that you choose to participate in;
- under certain specific situations, Steba may process personal data relating to health: Steba will only process such category of personal data, which qualifies as “sensitive” personal data, if duly permitted under applicable data protection laws. In particular, in accordance with the European General Data Protection Regulation (“GDPR”), Steba will only process such information if it has obtained your prior explicit and specific consent to do so, or otherwise for reasons of public health (i.e. for processing activities related to reliability and safety) or, more generally, of public interest, or for purposes of Our legitimate interests (i.e. for scientific purposes), in the latter case except where Our legitimate interests are overridden by your fundamental rights and interests.
Other than in relation to the processing of personal data relating to health, for which the rules summarized in the preceding paragraph apply, for any other categories, your personal data is only processed on the basis of either your prior consent or any other specific contractual relationship between you and Steba.
What is processing?
Processing designates any action that is undertaken on your personal data, such as, for instance:
We only process your personal data for explicit and legitimate purposes
The collection and processing of personal data by Steba is conducted for the following main purposes:
- to conduct research and development activities, such as perform clinical studies, manage and validate the recruitment and participation of individuals to studies;
- to abide by legal or regulatory obligations such as, without being exhaustive, monitoring safety or pharmacovigilance of Our products, or to respond to governmental authorities requests;
- to provide patient support;
- to improve Our products and services;
- to allow Us to communicate efficiently with you, notably if you are a healthcare professional.
How long will We retain your personal data?
Steba will retain your personal data only for the period provided for by law and to fulfill a legitimate purpose and for no longer than necessary.
Exceptionally, Steba may be required to retain your personal data for longer periods as required or permitted by law, or as necessary to protect its rights and interests. In such a case, We will inform you of the extended retention period by any appropriate ways.
Transfer of your personal data with others and international transfer
Steba entities, Our contractors and the competent governmental authorities to which We might transfer your personal data may be based in different places around the world. Your personal data may be shared among members of Steba, Our contractors and with competent governmental authorities.
Regardless of the country where your personal data is transferred, We will only share your personal data when absolutely necessary and legitimate.
Your personal data may be shared with the following third parties:
- any of Our contractors including those who provide Us with technology services such as data analytics, hosting and technical support; and
- regulators, governments and any relevant duly authorized official agencies and authorities.
Steba and Steba’s contractors or any competent governmental authority may process your personal data inside and outside of the European Union.
Data privacy laws in the countries to which your personal data are transferred may not be as protective as the GDPR. In that case, We implement suitable measures to guarantee that your personal data remains protected and secure when it is transferred outside of the European Union.
These measures include contractual clauses with Our contractors that comply with European Union standards so that the receiving contractor must process and keep your personal data appropriately.
How do We protect your personal data?
We have put in place a variety of security and privacy measures which are intended to ensure, as far as reasonably possible, the security and integrity of all Our information, including your personal data.
When your personal data are shared with external contractors, We put in place a written agreement that commits the contractors to keep your information confidential, and to put in place appropriate security processes to keep your information secure.
Nonetheless, We want to inform you that the transmission to Us of information via the internet or a mobile phone network may not be completely secure and any transmission is at your own risk.
Your rights regarding your personal data
You can exercise your rights as provided by data protection laws and regulations.
To do so, you are entitled:
- to have access upon simple request to your personal data;
- to obtain a rectification of your personal data should your personal data be inaccurate, incomplete or obsolete;
- to obtain the deletion of your personal data in the situations defined by data protection laws inter alia the “right to be forgotten”;
- to withdraw your consent to the data processing without affecting the lawfulness of processing, where your personal data has been collected and processed on the basis of your consent;
- to object to the processing of your personal data, where your personal data has been collected and processed on the basis of a legitimate interests, in which case you will need to justify your request by explaining to Us your particular situation;
- to request a limitation of the data processing in the situations defined by applicable law;
- to receive your personal data for transmission from Steba to the third-party of your choice, where technically feasible. For your information the “data portability right” is permitted only where the processing is based on your consent.
If you would like to exercise any of these rights, please contact Us as described in “Contact Us” below and We will answer you as soon as possible.
You may also file a complaint before a competent data protection authority regarding the processing of your personal data. However, We suggest that you contact Us beforehand.
Cookies and other technologies
This website uses technology called “cookies” which allows this website to recognize and answer you as an individual. You can choose to accept or decline cookies.
If you do choose to decline cookies, some elements of this website may not function as intended.
If you have requests or simply have a question regarding this Privacy Notice, or if you would like to exercise your rights, please contact Our Data Protection Officer using the following contact information:
Att: Data Protection Officer
3 avenue de l’Europe