Laboratoire HRA Pharma (hereafter “HRA Pharma”), company registration number RCS Nanterre 420 792 582, having its headquarters located 200 avenue de Paris, F-92 320 Châtillon, France, and its affiliates pay particular attention to the protection of your personal data and to privacy and commits to respect them through the following fundamental values:
• to respect individuals expectations regarding the use of their Personal Data,
• to build and preserve trust of our consumers and other involved people or organizations,
• to prevent any damage with Personal Data and privacy,
• and to be compliant with the letter and the spirit of Laws and Regulations regarding Personal Data protection.
HRA Pharma America, Inc. acts as Controller for the processing activities performed on the site www.mederma.ca (hereafter “Site”). Such Personal Data Processing are performed in accordance with applicable laws and particularly the European General Data Protection Regulation (EU) 2016/679 (hereafter “GDPR”) and so commits to process your Personal Data with many caution, and only for purposes for which Personal Data have been collected).
1. Information collected about you when you access the Site
• Personal Data fulfilled in the Contact Form: Name, e-mail, content of the message to HRA,
• If applicable, Personal Data fulfilled to make a review and ranking for HRA’s product: name and e-mail,
• If applicable, photo of a directly or indirectly identifying information
• If applicable, geolocation to use the “Where to buy” functionality
collected by cookies contains technical data which contains information allowing to target you, such as: domain and server (host) from which you access the Site on the Internet, address of the website from which you access our website, date, time, length of visits of this Site and pages most frequently accessed, your internet protocol (IP) address, operating system of your computer and details of your web browser.
2. What are the purposes for processing and the legal basis?
|Categories of Personal Data||Purpose and Legal Basis|
|Personal Data fulfilled in a Contact Form: identity, email and content of the message to HRA||Managing and responding to your questions, to comply with our legal obligations and with our legitimate interest to answer your questions|
|Personal Data fulfilled in the Contact Form: identity and content of the message to HRA||Managing information received concerning adverse effects or quality claim, to comply with our legal cosmeto-vigilance and quality obligations|
|Email and Name||Review and rating on HRA’s products|
|If applicable, photo provided by a user of the Site||Marketing purpose, legitimate interest of HRA|
|Geolocation data||To provide you with a shop search functionality|
For our commercial needs, notably data analysis, our Site improvement, both our products and services improvement, identifying use of the Site trends, customization of the Site according to your tastes and to determine the efficacy of our promotional campaigns, to address our legitimate interest to develop our relation with you
3. Who are the recipients of your Personal Data?
The access to your Personal Data is strictly limited to authorized people at HRA Pharma. These people are the ones for whom the access to such data is necessary to carry out their missions.
HRA Pharma will also communicate your Personal Data to relevant authorities as required by applicable laws.
In addition to the above recipients, following companies have or may have access to your Personal Data:
HRA Pharma involves the following companies to manage its consumer care service
• consumer care service to address request submitted in France, Italy, United Kingdom and Mexico, is entrusted by HRA to CPM INTERNATIONAL TELEBUSINESS, Carrer Felipe ll, 108, 08027, Barcelona, Spain, which acts on behalf of HRA Pharma and/or HRA’s affiliates.
• consumer care service to address requests submitted in Canada, is entrusted by HRA to ANB CANADA Inc., head office is 25 Millard Avenue West, Unit #1, Newmarket, Ontario | L3Y 7R5, Canada.
YOTPO INC. and its affiliates, 33 West 19th Street New York, NY 10011 United States, providing the solution for customer reviews and visual marketing,
LOOP NEW MEDIA GmbH, Siezenheimer Str. 39, 5020 Salzburg, Austria, which hosts the Site may have access to your Personal Data.
In every case, your Personal Data will be processed according to applicable laws regarding protection of Personal Data and particularly according to the GDPR.
4. How long will your Personal Data be retained?
Personal Data processed for cosmeto-vigilance and quality complaints purposes are stored by HRA Pharma for the period during which the Mederma® product is on the market.
Personal Data processed by HRA for other purposes are stored for a duration which is proportionate to the purpose of concerned processing. To get more detailed information, please contact firstname.lastname@example.org or to Laboratoire HRA Pharma, Data Protection Officer, 200 avenue de Paris, 92320 Châtillon, France
5. Transfers outside of the European Economic Area
Personal Data of European residents are not transferred outside the European Economic Area, or, if so, such transfer is carried out in accordance with the EU General Data Protection Regulation.
HRA Pharma implements appropriate technical and organizational measures to ensure an appropriate level of security regarding the risk incurred and protect your Personal Data against unauthorized access, disclosure, alteration or destruction.
7. What are your rights? How can you exercise them?
Under applicable Personal Data protection laws, notably the GDPR you have a number of rights with regard to your Personal Data. Those rights are as follows:
• Right to Access- You can ask to see the personal information HRA Pharma holds about you. In connection with a request, HRA Pharma may request specific information about you to enable us to confirm your identity and right access, as well as search for and provide you with the personal information HRA Pharma holds about you. In the event we cannot provide you with access to your personal information (for instance, personal information may have been destroyed, erased or made anonymous), we will inform you of the reasons why.
• Correction or Deletion of Personal Information – HRA Pharma works to ensure that personal information in its possession is accurate, current and complete. If you believe that the personal information HRA Pharma holds on you is incorrect, inaccurate, incomplete or outdated, you may request the revision or correction of that information. If it is determined that personal information is inaccurate, incomplete or outdated, we will revise it.
•Withdrawal of Consent –If you have provided consent for the processing of your data, you have the right to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
•Objection to processing –you have the possibility to object to the processing of your personal data including profiling, on grounds relating to your particular situation as provided by Data Protection law. When profiling is related to direct marketing you always have a right to object.
•Limitation to processing –you have the right to obtain from us restriction of processing in certain instances as provided by data protection law.
•Right to data portability –you have the right to receive the personal data, which you have provided to us, in a structured, commonly used and machine-readable format when the processing is based on your consent or on a contract. You also have the right to ask us to transmit it to another data controller of your choice.
•Complaints –You have the right to lodge a complaint to the Data Protection Authority, if you believe that HRA Pharma has not complied with the requirements of the GDPR with regard to your personal data.
If you wish to exercise one of these rights, please send a request in this regard to email@example.com or to Laboratoire HRA Pharma, Data Protection Officer, 200 avenue de Paris, 92320 Châtillon, France, stating both your name and your surname, with a copy of your identity card.
If you have unresolved concerns you also have the right to complain to the Data Protection Authority in the country where either you live or either you work or either the country of the place of the alleged infringement.
Last update: June 2021