ABOUT US OUR PRODUCTS HEALTH BENEFITS CONTACT

As the data controller, the company FERLUX (hereinafter, “Ferlux”), whose registered office is established in France at 24 avenue d’Aubière in Cournon d’Auvergne (63800), undertakes to comply with the regulatory provisions applicable to the protection of personal data, in particular Regulation (EU) 2016/679 of 27 April 2016 – General Data Protection Regulation (hereinafter, the “GDPR”), on the processing that it implements on the website www. ferlux.com (hereinafter, the “Website”).

Data protection policy

Each online service implemented on the Website limits the collection of personal data to what is strictly necessary and is accompanied by information detailing in particular:

• The purpose of the processing (the aims) for which the personal data collected are intended
• The legal basis of the processing
• The mandatory or optional nature of the data collection
• The source of the data (if not provided by the user of the Website)
• The categories of persons concerned
• The recipients of the data
• The length of time the data is kept
• The possible existence of data transfers outside the European Union
• The rights of the person on his data and how to exercise them

Ferlux takes all necessary precautions to preserve the security of the Website user’s personal data and aims in particular to prevent them from being deformed or damaged, or from being accessed by unauthorized third parties.

Online service “Contact form”

The purpose of this personal data processing is to manage requests made online. It allows Ferlux to:

• Receive requests and reports sent to it
• Monitor correspondence with the user of the Website
• Comply with its obligations in terms of health vigilance and data protection
• Draw up statistics relating to the service

The legal basis for the processing is the legitimate interests pursued by Ferlux (management of the relationship with the users of its websites).

The processing concerns any user of the Website who wishes to contact Ferlux electronically.

The categories of data processed are:

• The identity of the requester (name, company)
• His/her contact details (e-mail address)
• The request (message)
• The action taken
• The activity statistics

The contact form provides for a mandatory collection of data for the proper processing of the request.

The data is kept for 5 years from the time the request is processed. However, if the communication is part of the health vigilance, they may be kept for up to 10 years after the withdrawal of the product concerned from the market.

The data is intended for Ferlux staff:

• In charge of processing correspondence related to the Website
• In charge of publishing content and technical administration of the Website
• Assigned to the management of health vigilance

The staff of the service providers concerned are also recipients of the data.

In accordance with the GDPR, the user of the Website may exercise, on the data concerning him/her and by proving his/her identity, a right of access, rectification, deletion, limitation, opposition, with the Data Protection Officer (DPO) of BIOCODEX (in French or in English), by electronic means (dpo@biocodex.com) or by post: DPO BIOCODEX, 7 avenue Gallieni, 94250 GENTILLY, France; he/she also has the right to lodge a complaint with a supervisory authority (the CNIL for France – www. cnil.fr | +33 (0)1 53 73 22 22).

About cookies

Ferlux uses various computer “cookies” on the Website to measure the audience and integrate services to improve the interactivity of the Website.

What is a computer “cookie”?

A computer “cookie” is a text file that may be deposited on a user’s terminal during navigation on a website. Cookies are an important tool that allows organizations to gain insight into the online activity of their users.

How it works: usually small and identified by a name, it is sent to the user’s browser by the website visited. The browser will keep it for a certain period of time, and will send it back to the website each time it is reconnected. In principle, cookies can be easily viewed and deleted.

In themselves, cookies are harmless because they do not contain executable code. They perform important functions for websites: they can be used to store a customer account ID, browsing preferences, track browsing for statistical or advertising purposes, etc.

However, cookies can store enough data to identify a user without his or her consent and, in some cases, can be used to create profiles of individuals. This is why it is necessary that the management of cookies be controlled within the framework of data protection.

Controlling the deposit of cookies

The user can prevent cookies from being deposited on his or her terminal or delete existing ones by setting his or her web browser accordingly. For instructions on how to manage cookies, the user can refer to the help sections of their browser.

Please note, however, that deactivating cookies in the web browser may cause malfunctions on the Website and on other websites.

Two types of cookies are used on the Website:

Strictly necessary cookies

These cookies allow the main services of the Website to function in an optimal way. They do not require the user’s consent.

Cookie Name	Purpose	Conservation
Didomi	Saves the user’s choices regarding the consent of cookies	12 months

Third party cookies

The Website relies on certain services offered by third parties. These are:

• Google Analytics (audience measurement)

The purposes proposed by these third parties use cookies directly deposited by these services. Through these cookies, these third parties may collect and use the user’s browsing data on their own behalf in order to offer, for example, targeted advertising and content based on the user’s browsing history. For more information, the user can consult the privacy policy of these third parties via the cookie management module set up on the Website.

Access the cookie management module

By default, these third-party cookies are not deposited. The user can consent to their deposit in the cookie management module or directly via a contextual consent request, for example by activating the playback of an external video. The user can indicate his preferences, either globally for the Website, or service by service. They can change their choices at any time by calling up the cookie management module via a permanent link located at the bottom of the page