UPSA SAS and its affiliated companies (collectively referred to as “the Company” or “We”) strive to comply appropriately with the applicable requirements regarding the protection of personal data.
OBJECTIVES of the Privacy Policy
This privacy policy (“Privacy Policy“) aims to provide individuals accessing the site with important information about how the Company handles your personal data in its capacity as data controller.
The processing of personal data via the medical information form is governed primarily by the notices provided on that form. In case of any conflict between this Privacy Policy and the form’s terms, the latter shall prevail.
This Privacy Policy describes:
- The categories of personal data you may provide to us through this site, its subdomains and/or directories, its applications and features, as well as all related information or communications, including emails;
- How we may use this data and with whom we may share it;
- The measures we implement to protect the security of your personal data; and
- How you can contact us to ask questions or exercise your rights.
You must read this Privacy Policy carefully. If you do not accept any of these terms, please do not access this site and/or do not provide us with any personal data.
By accessing and browsing this website, you fully understand, accept, and consent, without limitation or qualification, to this Privacy Policy.
PERSONAL DATA
The term “personal data,” as used in this Privacy Policy, refers to any information or set of information that identifies or is used by or on behalf of UPSA SAS to identify, directly or indirectly, a natural person.
We will use your personal data in accordance with this Privacy Policy or, if otherwise, we will inform you or request your consent in accordance with applicable laws.
CATEGORIES OF DATA PROCESSED
The personal data processed may include the following categories:
- Identification data: title, last name, first name;
- Contact data: email address, phone number (landline and/or mobile);
- Site usage data: IP address, connection data (logs, trackers, cookies, etc.);
- Additional data you may choose to provide via the contact form (see cookie policy);
- Additional data you may choose to provide when applying for a job at UPSA: date of birth, address, CV, professional experience, education, references, gender, nationality, place of birth, etc.
It is specified that for certain specific jobs, regulations require us to request a criminal record extract during the interview process to ensure the position is not incompatible with the candidate’s background. This extract will not be retained by UPSA after the interview.
PURPOSES OF DATA PROCESSING, LEGAL BASES, AND DATA DISCLOSURE
The Company may use or otherwise process your personal data:
- To improve our services, including by enriching the website with content from other sites (e.g., YouTube);
- For marketing and communication purposes;
- To respond to your requests;
- For recruitment purposes.
The legal bases on which the Company processes your personal data are, depending on the case:
- Your consent (Article 6.1a of the GDPR): e.g., when you provide personal data through the contact form or explicitly give consent;
- The performance of pre-contractual measures (Article 6.1b of the GDPR): e.g., for processing job applications;
- Compliance with a legal obligation (Article 6.1c of the GDPR);
- The legitimate interest of the Company (Article 6.1f): e.g., to improve the quality of the products and services we offer.
You may choose not to provide the information we request, in which case you may not be able to participate in the specific activity for which the information is requested or access the related content, area, or feature.
When the legal basis is consent, you have the right to withdraw it at any time by contacting us via the contact form in the “CONTACT” section or by email at EUDPO@upsa-ph.com.
Withdrawing consent does not affect the legality of processing carried out prior to the withdrawal.
If you provide the Company with data concerning third parties (e.g., email addresses), it is your responsibility to ensure that such communication and subsequent processing are lawful (e.g., that you have obtained the prior consent of the individual concerned).
The recipients of your personal data are solely the Company, its employees, consultants, and service providers who legitimately need access to it for the purposes outlined above.
Some of these employees, consultants, and service providers are located outside the European Economic Area, including in countries where the level of personal data protection may not be equivalent to that in the European Union. The Company takes appropriate measures to ensure that these employees, consultants, and service providers are bound by confidentiality obligations and that data processing is carried out under conditions that ensure their security and confidentiality, in particular through the signing of standard contractual clauses for data protection.
Retention Period for Personal Data
The Company will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, in accordance with applicable laws.
Regarding data processed in the context of job applications, your data will be retained for up to two years from the last contact with UPSA, unless you object to the retention of your application.
Data Security and Integrity
As the data controller, we implement appropriate technical and organizational measures, in accordance with applicable legal provisions, to protect your personal data against alteration, accidental or unlawful loss, unauthorized use, disclosure, or access.
Data Used for Our Newsletters Intended for Healthcare Professionals
In connection with newsletters sent by the Company to healthcare professionals, the Company may process the following data:
- Identity (name, surname, RPPS number, etc.);
- Contact information (email address, etc.);
- Professional information (specialty, etc.);
- Data related to the consent of healthcare professionals to receive all or part of our newsletters;
- Data on openings and clicks related to our newsletters; and/or
- If applicable, usage and connection data.
This data is collected to allow us to send newsletters and/or event invitations (webinars) organized by UPSA that are relevant to your interests, and, where applicable, for your participation in these events.
Please note that webinars organized by UPSA may be recorded, including any questions you may ask.
The legal basis for this processing is your consent (Article 6.1a of the GDPR).
You have the right to withdraw or modify your consent at any time by clicking the unsubscribe link at the bottom of each newsletter. Withdrawal or modification of your consent does not affect the lawfulness of processing based on your prior consent.
We retain your data for sending communications as long as you consent and do not object to the processing. When you withdraw consent, we retain consent-related data on the basis of UPSA’s legitimate interest (Article 6.1f of the GDPR) for the duration of the legal statute of limitations.
Personal data is shared exclusively with UPSA SAS employees and service providers who have a legitimate need to access it in relation to the purposes described above. Where these providers or their subcontractors are located in countries that do not ensure a sufficient level of data protection, UPSA SAS has implemented appropriate measures to ensure adequate protection of such data, such as the use of the European Commission’s standard contractual clauses.
Your Rights
Under applicable regulations, you have the right to:
- Access your personal data;
- Request that your data be corrected, completed, or updated;
- Request the deletion of your data or object to its processing on legitimate grounds;
- Withdraw your consent;
- Exercise your right to data portability;
- Issue instructions regarding the retention, deletion, and communication of your personal data after your death.
To do so, please contact us via email at: EUDPO@upsa-ph.com
If, after contacting us, you believe your rights have not been respected, you may file a complaint with the CNIL (Commission nationale de l’informatique et des libertés) via: https://www.cnil.fr/fr/plaintes
Disclosures Required or Permitted by Law
Regardless of any other provision in this Privacy Policy, the Company may disclose and, if necessary, process personal data in the context of any sale or transaction involving all or part of the business, or as required or permitted by law, or for the purposes of any audit the Company may be subject to.
Links to Other Websites
Occasionally, we provide links to other websites for your convenience. These websites are operated independently of ours and are beyond our control. They may have their own privacy policies and terms of use, which we strongly recommend you read carefully before accessing.
We disclaim any responsibility for the content, products, services, or use of those external websites.
Modifications to the Privacy Policy
In accordance with applicable laws, UPSA SAS may revise this Privacy Policy governing the use of this website at any time. If any condition in this Privacy Policy is amended, the updated version will be published on this website. You are subject to these revisions and should therefore review these terms regularly.
Contact
You may raise any questions regarding the processing of your personal data by contacting our Data Protection Officer at any time:
- By email at: EUDPO@upsa-ph.com
- By post: UPSA SAS, Attn: Data Protection Officer, 3 rue Joseph Monier – 92500 Rueil-Malmaison, France
Personal Information Collected Automatically
Cookies are files containing small amounts of information that are stored on your computer or mobile device when you visit a website. This text file may be saved—subject to your preferences—in a dedicated space on your device’s hard drive when viewing a website via your browser.
A cookie file allows its issuer to recognize the device in which it is stored during its validity period. Cookies are therefore considered personal data.
The cookies used on our website are mainly intended to enhance the quality of your browsing experience or to allow us to gather aggregated statistical information about users of this site.
| Name | Type | Purpose | Reason for use | Installation time |
|---|---|---|---|---|
| has_js | Owner | functional | used by the CMS to determine whether javascript is enabled on the client browser. | Session |
| tarteaucitron | Owner | functional | used by the cookie manager banner to store user preferences. | 12 months |
| _pk_ses.* | Owner | audience measurement | used by Matomo to store a unique session identifier for anonymised statistics. | Session |
| _pk_id.* | Owner | audience measurement | used by Matomo to store a unique user identifier for anonymised statistics. | 13 months |
| _pk_ref.* | Owner | audience measurement | used by Matomo to store the identifier of the referring site for anonymised statistics. | 6 months |
| _GRECAPTCHA | Third party (google.com) | functional | used by Google ReCAPTCHA on the contact page to protect forms against spa | 6 months |
| test_cookie | Third party (doubleclick.net) | advertising | Google Ads page to determine whether the user’s browser accepts cookies. | 15 months |
| _gcl_au | Owner | advertising | used by Google Ads to store and track conversions. | 90 months |
| IDE | Third party (doubleclick.net) | advertising | used by Google Ads to store information about how users use the website in order to present them with relevant ads based on their profile. | 13 months |
| AEC | Third party (google.com) | functional | used by Google to prevent spam, fraud and abuse if the user consents. | 6 months |
| CONSENT | Third party (google.com) | functional | used by Google to record preferences in terms of cookies in the event that the user consents. | 2 months |
| SOCS | Third party (google.com) | functional | used by Google to record the user’s choice of cookies in the event of consent. | 13 months |
| __Secure-ENID | Third party (google.com) | advertising | used to secure the digitally signed and encrypted data of Google’s unique identifier in the event of consent by the Internet user. | 1 year |
In accordance with applicable regulations, UPSA SAS collects your consent—particularly via a “cookie banner”—before allowing any cookies to be stored on your device. You can modify your consent at any time using the cookie banner available at the bottom of each page of the Site.
You may browse the site without accepting the storage of cookies on your device, with the exception of cookies that are necessary for the functioning of the Site (a list of which is provided above).
INFORMATION WE SHARE
We do not sell, rent, or trade your personal data through our website.
This site is hosted and maintained by Hubincom, a company based in France. As such, the information collected through the site is accessible to them.
Additionally, we may disclose information about you:
- If we are legally or judicially required to do so;
- In response to a request from law enforcement or other governmental authorities; or
- If we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in the context of an investigation into suspected or confirmed illegal activity.
We reserve the right to transfer any information we hold about you in the event that we sell or transfer all or part of our business or assets, in accordance with applicable legal requirements.
| Nom | Type | Objectif | raison d’utilisation | durée d’installation |
|---|---|---|---|---|
| has_js | Propriétaire | fonctionnel | utilisé par le CMS pour déterminer si javascript est activé sur le navigateur client. | Session |
| tarteaucitron | Propriétaire | fonctionnel | utilisé par la bannière gestionnaire de cookies pour stocker les préférences utilisateur. | 12 mois |
| _pk_ses.* | Propriétaire | mesure d’audience | utilisé par Matomo pour stocker un identifiant unique de session en vue de statistiques anonymisées. | Session |
| _pk_id.* | Propriétaire | mesure d’audience | utilisé par Matomo pour stocker un identifiant unique d’utilisateur en vue de statistiques anonymisées. | 13 mois |
| _pk_ref.* | Propriétaire | mesure d’audience | utilisé par Matomo pour stocker l’identifiant du site référent en vue de statistiques anonymisées. | 6 mois |
| _GRECAPTCHA | Tiers (google.com) | fonctionnel | utilisé par Google ReCAPTCHA sur la page contact pour protéger les formulaires contre les spams. | 6 mois |
| test_cookie | Tiers (doubleclick.net) | publicitaire | utilisé page Google Ads pour déterminer si le navigateur de l’utilisateur accepte les cookies. | 15 minutes |
| _gcl_au | Propriétaire | publicitaire | utilisé par Google Ads pour stocker et suivre les conversions. | 90 jours |
| IDE | Tiers (doubleclick.net) | publicitaire | utilisé par Google Ads pour stocker des informations sur la façon dont l’utilisateur utilise le site Internet afin de lui présenter des annonces pertinentes en fonction de son profil. | 13 mois |
| AEC | Tiers (google.com) | fonctionnel | utilisé par Google pour empêcher le spam, les fraudes et les abus en cas de consentement de l’internaute. | 6 mois |
| CONSENT | Tiers (google.com) | fonctionnel | utilisé par Google pour enregistrer les préférences en termes de cookies en cas de consentement de l’internaute. | 2 ans |
| SOCS | Tiers (google.com) | fonctionnel | utilisé par Google pour enregistrer les choix de cookies en cas de consentement de l’internaute. | 13 mois |
| __Secure-ENID | Tiers (google.com) | publicitaire | utilisé pour sécuriser les données signées numériquement et cryptées de l’identifiant unique de Google en cas de consentement de l’internaute. | 1 an |