Privacy statement

1. Introduction

This statement regarding privacy is provided to you by Genzyme Europe B.V., Paasheuvelweg 25, 1105 BP Amsterdam, subsidiary of the French parent company Sanofi SA.

The purpose of this privacy statement is to inform you of what personal data (as defined below) is processed, how this data is collected, what the legal basis for the processing is, and to whom this data has been or may be disclosed.  You can also find information about how to exercise your rights and what to do if you have queries about the processing of your data.

Genzyme Europe B.V. is responsible for guaranteeing the processing of personal data in accordance with legislation on the protection of privacy.

We use the following definitions in this privacy statement:

« Sanofi », « us » means « Genzyme Europe B.V. ».

By « personal data », we mean all information relating to an identified or identifiable natural person, as defined in greater detail in the General Data Protection Regulation (EU) 2016/679.

By « data controller », we mean the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of personal data processing, as defined in more detail in the General Data Protection Regulation (EU) 2016/679.

Please read this privacy statement carefully before sharing your personal data.

2. About this processing of personal data

Sanofi wishes to process the data from cookies only if you give your consent.

The legal basis for the processing of your personal data is your consent if you choose to accept cookies other than those that are strictly essential cookies.

3. What types of personal data are processed?

Sanofi will only process the cookie data for this purpose.

4. Who will have access to your personal data?

Sanofi uses the services of:

• Sanofi Belgium N.V. acting as data processor for cookies (https://www.sanofi.be/nl/cookies-privacy-policy,
• Agency ensuring the development and updating of the site: Synetic B.V., Kennemerplein 2 2011 MJ Haarlem, the Netherlands (https://synetic.nl/privacy-cookies-disclaimer)
• Hosting company: PlusServer GmbH, Hohenzollernring 72, 50672 Köln, Germany (https://www.plusserver.com/en/company-information)
• Google to place certain cookies (https://policies.google.com/privacy,
• Cookie banner services: OneTrust (https://www.onetrust.com/privacy/)

The personal information that we collect from you:

• can be stored in a destination outside the EEA and/or
• may be shared and/or processed by persons working for our affiliated companies or service providers located outside the EEA.

When your personal information is transferred outside the EEA, we will ensure that it is protected in a manner compatible with the way in which personal information is protected in the EEA. This is done in one of the following ways:

• the country to which we send personal data has been approved by the European Commission with regard to providing an adequate level of protection;
• the beneficiary has signed a contract based on « standard contractual clauses » approved by the European Commission.

Your information will not be shared with other parties unless we believe in good faith that it is necessary to protect our rights, protect your safety or that of others, respond to a government request or otherwise defend our legal rights or against legal claims.

5. Storage of personal data

We strive to keep personal data for as short a period as possible.
Our cookie statement specifies in detail how long the data will be processed for.

6. Safety

We are careful to protect your personal information from all unauthorised access, use and loss. We have taken the appropriate administrative, technical and physical measures to protect your personal data.

7. Your rights

In accordance with the General Data Protection Regulation, you have:

-    Right of access.
You can contact us to confirm whether or not we process your personal data. If we process your personal data, we will inform you of the categories of personal data that we process, the purposes of the processing, the categories of recipients (to which the personal data has been or will be disclosed) and the storage period considered or the criteria to determine this period.

-    Right of rectification.
You have the right to have any inaccurate or incomplete personal data that we store about you corrected or completed.

-    Right of objection.
If our processing is based on a legitimate interest of Sanofi, you have the right to object to this processing at any time. We will then no longer process your personal data unless we can demonstrate compelling reasons for the processing that outweigh your rights and entitlements.

-    Right to restriction of processing.
You have the right to obtain from us a limitation on the processing of your personal data in specific situations as provided for by applicable law.

-    Right to erasure.
You have the right to request that we delete your personal data from our systems if your personal data is no longer necessary in relation to the purposes for which it was collected or processed in another way. In addition, you have the right to delete if you exercise your right of opposition as indicated above, unless we have compelling reasons not to delete the relevant data. We may not be able to immediately delete all remaining copies on our servers and backup systems once the active data has been deleted. These copies will be deleted as soon as reasonably possible.

-    Right to data portability. 
You have the right to obtain your personal data in a structured and machine-readable format and/or to request that these data be transferred to a third party if technically possible.
This right is limited to the personal data that you have provided to us in the context of the consent or performance of the contract.

-    Right to withdraw your consent.
You have the right to withdraw your consent to the collection and processing of data that you have provided to Sanofi at any time. Please note that withdrawal of your consent does not affect the legality of the processing of your personal data based on your consent before withdrawal.

To exercise the above rights or if you have queries regarding your privacy, please contact our local data protection officer.

For Belgium, you can do so by sending an email to privacy.nl@sanofi.com or by sending a letter to Sanofi, for the attention of the Data Protection Officer, Paasheuvelweg 25, 1105 BP Amsterdam.

You also have the right to submit a query or complaint to the Data Protection Authority if you think that Sanofi is not respecting your privacy.

The competent authority is the Data Protection Authority (https://www.dataprotectionauthority.be). You can contact them by sending an email to contact@apd-gba.be or by sending a letter to the Data Protection Authority, Drukpersstraat 35, 1000 Brussels.

8. Updates to this privacy statement 

Sanofi may modify or update this privacy statement in full or partially at any time. As we update this privacy statement, we will provide the updated version.

Privacy statement – version 1 – 11 February 2021.