Laboratoires BOIRON's external personal data protection policy

1. Introduction

The Boiron company (hereinafter referred to as "Laboratoires BOIRON") processes the personal data of users (hereinafter referred to as "Users"), as data controller, in connection with the use of the website (hereinafter referred to as "the Site") accessible at the following url address: https://boiron.besignal.com/

2. Data controller

Laboratoires BOIRON is responsible for processing personal data.

Address: 2, avenue de l'Ouest lyonnais - 69510 MESSIMY - France

E-mail: dpo@boiron.fr - Telephone : 04 78 45 61 00

3. Object

This Privacy Policy is intended for all Users of the Site.

Its purpose is to inform Users of the Site about the collection and processing of their personal data with regard to the RGPD and Law 78-17 of January 6, 1978 relating to data processing, files and freedoms, as amended, specifying:

• Details of data collected,
• Purposes of processing,
• Recipients of personal data,
• Data retention period,
• All rights exercisable by the persons concerned,
• The site's cookie policy,
• The contact details of the person in charge of personal data protection.

Questions concerning the management of personal data can be addressed to: dpo@boiron.fr. 

4. For what purposes do we collect User data?

Personal data is collected by Laboratoires BOIRON through the https://boiron.besignal.com/ website for specific, explicit and legitimate purposes, in order to :

• to collect and process alerts or warnings aimed at reporting a breach of the regulations relating to the implementation of the professional whistleblowing system as part of the implementation of Article 6 of Regulation (EU) 2016/679;
• carry out the necessary checks, investigations and analyses;
• define the action to be taken on the alert ;
• ensure the protection of the persons concerned;
• exercise or defend legal rights.

5. What categories of data do we collect?

As part of the implementation of the professional alert system, Laboratoires BOIRON processes the following personal data for the purposes listed above: 

• Identity, functions and contact details of the sender of the alert ; 
• Identity, functions and contact details of persons subject to the alert ; 
• Identity, functions and contact details of persons involved in receiving or handling the alert ; 
• Reported events ; 
• Elements gathered as part of the verification of reported facts ; 
• Audit reports ; 
• Follow-up to the alert.



6. On what legal basis(s) are your personal data collected?

Laboratoires BOIRON, as part of the implementation of the professional alert system, complies with the requirements of Article 6 of Regulation (EU) 2016/679. The collection and processing of personal data meets a legal obligation.

7. Who are the data recipients?

Information communicated by the User is intended for authorized Laboratoires BOIRON personnel and/or external service providers, who are bound by an obligation of confidentiality. 

Personal data may be disclosed to a court or government agency pursuant to a valid court order or legal requirement. 

In accordance with its commitments, Laboratoires BOIRON carefully selects its subcontractors and service providers and requires them to provide a level of personal data protection equivalent to its own, and to implement all appropriate measures to ensure the protection of any personal data they may process. Laboratoires BOIRON undertakes to enter into contracts with its subcontractors defining the terms and conditions of personal data processing.

8. How long is the data stored?

Data may be stored for various purposes: 

• In an active base until a final decision is taken by Laboratoires BOIRON, in a separate information system with restricted access. 
• If the alert is unsuccessful, it will be closed, and the data will be stored for a period of two months following closure of the alert, in a separate information system with restricted access, and then deleted;
• In the event of disciplinary or legal proceedings, the data will be kept until the end of the proceedings, or until the exhaustion of all means of appeal, or until the statute of limitations has expired, in a separate information system with restricted access. 

9. Cookies and IP address

The "https://boiron.besignal.com" site uses the minimum number of cookies possible and only to maintain a session in progress without losing the information entered or the interface language selected.

No personal data is collected via service use and browsing cookies.

It is important to note that no IP address is collected from people who browse the platform's reporting pages or who submit a report.

10. What are your rights?

In accordance with the applicable legal provisions, you have the following rights:

You may exercise the rights listed above by contacting:

11. Security of personal data

Laboratoires BOIRON has implemented technical and organizational measures adapted to the degree of sensitivity of personal data, in order to ensure the integrity and confidentiality of data and to protect it against any malicious intrusion, loss, alteration or disclosure to unauthorized third parties.