GPDR conditions

 

ARTICLE 1: PREAMBLE

This privacy policy aims to inform users of the site:

• How their personal data are collected. Personal data are any information allowing a user to be identified. This may include: surnames and first names, age, postal or email address, location or IP address (non-exhaustive list);

• The rights they have concerning this data;

• The person responsible for processing the personal data collected and processed;

• The recipients of these personal data;

• The site’s cookie policy.

This policy supplements the legal notice and the General Terms of Use that users may consult at the following address:

Enterosys Legal notice and Privacy policy

ARTICLE 2: PRINCIPLES RELATING TO THE COLLECTION AND PROCESSING OF PERSONAL DATA

In accordance with Article 5 of European Regulation 2016/679, personal data are:

• Processed lawfully, fairly and transparently with regard to the data subject;

• Collected for specified purposes (see Article 3.1 hereof), explicit and legitimate, and not further processed in a manner incompatible with those purposes;

• Adequate, relevant and limited to what is necessary for the purposes for which they are processed;

• Accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

• Kept in a form permitting identification of data subjects for no longer than is necessary for the purposes for which the data are processed;

• Processed in a manner that ensures appropriate security of the collected data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Processing is lawful only if, and to the extent that, at least one of the following conditions is met:

• The data subject has consented to the processing of his or her personal data for one or more specific purposes;

• Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the data subject’s request prior to entering into a contract;

• Processing is necessary for compliance with a legal obligation to which the controller is subject;

• Processing is necessary to protect the vital interests of the data subject or of another natural person;

• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

• Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring personal-data protection, particularly where the data subject is a child.

ARTICLE 3: PERSONAL DATA COLLECTED AND PROCESSED DURING SITE NAVIGATION

Article 3.1: Data collected

The personal data collected in the context of our activity are:

  • Last name,

  • First name,

  • Email address,

  • Company,

  • Sector: nutraceuticals, pharmaceuticals, dermocosmetics, functional food.

The collection and processing of these data pursue the following purposes:

  • Contact initiation

  • Service-quality monitoring

  • Sending of associated documentation

Article 3.2: Data collection method

When you use our site, the following data are automatically collected:

  • Technical data: IP address, Browser type and version, Operating system and device used, Screen resolution, language preference, time zone

 

  • Traffic data: Date/time of visit, URLs of pages viewed (referrer, previous/next pages) Time spent on each page, clicks, internal navigation (navigation flow)

 

  • Cookies and similar technologies: Session or persistent cookies to manage sessions, preferences or statistics, Web beacons, tags or scripts for audience measurement or analytics

 

 

They are stored under reasonable security conditions for a maximum period of 13 months.

The company may retain certain personal data beyond the periods mentioned above in order to fulfil its legal or regulatory obligations.

Article 3.3: Data hosting

The site www.enterosys.com is hosted by:

OVHcloud – SAS with share capital of €10 174 560

2 rue Kellermann, 59100 Roubaix, France

ISO 27001 and HDS (Health Data Hosting) certified hosting

Support: +33 9 72 10 10 07 – support@ovhcloud.com

Marketing databases (Notion CRM) are located on servers in the EU-West region (Ireland). Pre-clinical study scientific data are stored exclusively on OVHcloud’s HDS France infrastructure (Gravelines/Toulouse datacentre). No health data are transferred outside the European Economic Area.

Article 3.4: Data transmission to third parties

Enterosys never sells or transfers your data. We share them only with certified providers for the purposes described in this policy:

data-collection

These processors act only on Enterosys’s instructions and may not use your data for other purposes.

Article 3.5: Cookie policy

During your first visit, a banner offers “Reject all”, “Customise” or “Accept all”.

• Strictly necessary cookies (language, session): set by default.

• Analytics cookies: Google Analytics 4 in anonymised-IP mode; Matomo on-prem for UX tracking; lifetime limited to 13 months.

• Marketing cookies: LinkedIn Insight Tag to measure conversions for our B2B micro-ads.

 No cookie is read or placed before explicit consent.

ARTICLE 4: DATA CONTROLLER AND DATA PROTECTION OFFICER

Article 4.1: Data controller

Personal data are collected by Enterosys SAS, a simplified joint-stock company with share capital of €10 000, registered with the Toulouse Trade and Companies Register under number 819 697 191.

The data controller can be contacted as follows:

By post: 57 rue de l’innovation, 31670 Labège;

By phone: +33 (0)6 50 64 63 93;

By email: contact@enterosys.com

Article 4.2: Data Protection Officer

The company’s Data Protection Officer is:

Anne Abot, 57 rue de l’innovation, 31670 Labège

anne.abot@enterosys.com

If, after contacting us, you believe your data-protection rights are not being respected, you may contact the CNIL.

ARTICLE 5: USER RIGHTS REGARDING DATA COLLECTION AND PROCESSING

Any user concerned by the processing of his or her personal data may invoke the following rights, under European Regulation 2016/679 and the French Data-Protection Act (Law 78-17 of 6 January 1978):

• Right of access, rectification and erasure of data (Articles 15, 16 and 17 GDPR);

• Right to data portability (Article 20 GDPR);

• Right to restriction (Article 18 GDPR) and to object to processing (Article 21 GDPR);

• Right not to be subject to a decision based solely on automated processing;

• Right to determine the fate of data after death;

• Right to lodge a complaint with the competent supervisory authority (Article 77 GDPR).

To exercise your rights, please write to Enterosys, 57 rue de l’innovation, 31670 Labège or email contact@enterosys.com

In order for the data controller to comply with your request, you may be asked to provide certain information such as your surname, first name and email address.

See www.cnil.fr for more information on your rights.

ARTICLE 6: CONDITIONS FOR MODIFYING THE PRIVACY POLICY

The publisher of the site, ENTEROSYS, reserves the right to modify this Policy at any time to ensure that it complies with applicable law.

Any modifications shall not affect previous interactions on the site, which remain subject to the Policy in force at the time of the interaction and as accepted by the user when confirming the purchase.

Users are invited to read this Policy each time they use our services, without any formal notification being required.

This policy, published on 18/07/2025, was updated on 18/07/2025.