Since the European« General Data Protection Regulation» entry into force, ERMIUM
THERAPEUTICS informs in a transparent way about processing of handled personal data in accordance with Articles 12, 13 and 14 of the GDPR legislation.
Secure Information Architecture
Our data are hosted in European Union inside ours outsourced datacenters based in France, e.g. OVH® which is ISO27001 certified.
Prospects data and requests for information
Data processing controller :
Ermium Therapeutics
Processing purpose :
- Potential clients’ relationship management
- Precontractual relationship management
Processed data :
Identities, contact details, professional function and relationship history
Recipients and possible source personal data :
Only R&D division and company management may access
communicated or stored data.
We point out that we could possibly feed our prospects database from
public information or partners or social networks or partnering platforms.
Data retention and erasure
The maximum period for which the personal data will be stored is settled to 3 years.
Processing legal basis
The legal basis for data handling and processing is based on the consent
of the persons concerned or precontractual measures in absence of or
our legitimate interests in absence of.
Clients data and sale associated interlocutors data
Data processing controller :
Ermium Therapeutics
Processing purposes
• Client relationship management and monitoring/report of activities
within the contract(s)
• Invoicing management
• Accounting management
• Customer service management
Processed data :
Identities, contact details, professional function, relationship history
Recipients and possible source personal data originate :
Only business development division or R&D division or support division
or accounting/finance division and company management may access communicated or stored data.
We point out that we could possibly transfer data to involved ERMIUM
THERAPEUTICS providers e.g. intellectual property firm or marketing
support.
Data retention and erasure :
The maximum period for which the personal data will be stored is settled to
5 years after the end of the client relationship. Data retention is settled to 10
years after publication concerning nominative accounting documents.
Processing legal basis :
The legal basis for data handling and processing is based on the contractual
relationship performance or our legitimate interests in absence of or French
legal obligations in absence of.
Potential investors data
Data processing controller :
Ermium Therapeutics
Processing purposes
• Potential investors relationship management
• Precontractual relationship management
Processed data :
Identities, contact details, professional function; relationship history
Recipients and possible source personal data originate :
Only company management, the chief scientific officer and chief
financial officer may access communicated or stored data.
We point out that some of those above functions may be operated by
external consultants.
Data retention and erasure :
The maximum period for which the personal data will be stored is
settled to 10 years after inactivity of the relationship.
Processing legal basis :
The legal basis for data handling and processing is based on the consent
of the persons concerned or precontractual measures in absence of or
our legitimate interests in absence of.
Board of directors and management committee Members data
Data processing controller :
Ermium Therapeutics
Processing purposes
• Relationship management
• Administration and management of the company
Processed data :
Identities, contact details, professional function, mandatory regularity data
including when needed e.g. ID card copies and necessary according K.Y.C.
guideline.
Recipients and possible source personal data originate :
Only company management and chief financial officer and legal officer
may access communicated or stored data.
Data retention and erasure :
Mandatory regularity data including when needed e.g. ID card copies and
necessary according to K.Y.C. guideline is only stored during the funding
operation duration. Others data are stored during the legal period of
retention.
Processing legal basis :
The legal basis for data handling and processing is based on our legitimate
interests in absence of or French legal obligations in absence of.
Potential or current supplier data
Data processing controller
Ermium Therapeutics
Processing purposes
• Supplier relationship management
• Accountancy management
Processed data
Identities, contact details, professional function, invoicing data
Recipients and possible source personal data originate
Only personnel in charge of company management or supplier relationship
– including accounting staff and purchasing division – may access
communicated or stored data.
We point out that we could possibly feed our potential or current suppliers
database from public information.
Data retention and erasure
The maximum period for which the personal data will be stored is settled
to 5 years after the end of the relationship. Data retention is settled to 10
years after publication concerning nominative accounting documents.
Processing legal basis
The legal basis for data handling and processing is based on the supplier
relationship performance or precontractual measures in absence of or our
legitimate interests in absence of.
Applying for unsolicited application or job offers data
Data processing controller
Ermium Therapeutics
Processing purposes
• Application management
• Job interviews management
• CV database feeding
Processed data
CV and possible cover letters and all other documents or data
provided for recruitment process
Recipients and possible source personal data originate
Only company management and involved personnel and personnel
in charge of recruitment may access communicated data.
We point out that we could possibly transfer data to partners, especially search firms or some company committee members.
We also point out that we could possibly feed our CV database from
public information, jobboards or partners
Data retention and erasure
The maximum period for which the personal data will be stored is
settled to 2 years after relationship inactivity.
Processing legal basis
The legal basis for data handling and processing is based on the
consent of the persons concerned or precontractual measures in
absence of or our legitimate interests.
Your rights
According to the European GDPR legislation, you have at any time the right of access to, rectification, erasure, restriction, portability, consents changes for your personal data. You may also oppose, for legitimate grounds, the processing of your personal data.If you wish to exercise these rights, please write to accounting@ermium.com or by letter mail to :
ERMIUM THERAPEUTICS DPO DIVISION,
16 BD SAINT GERMAIN
75005 PARIS.
You may also initiate a claim to the concerned EU-GDPR supervisory authority – especially the CNIL for France.
ERMIUM THERAPEUTICS DPO DIVISION,
16 BD SAINT GERMAIN
75005 PARIS.
You may also initiate a claim to the concerned EU-GDPR supervisory authority – especially the CNIL for France.
