Privacy policy  

This policy entered into force on 10th January 2024 and was last updated in October 2024.

Your privacy is important to us. Please read the following notice which explains how we store and use data received via this Site.

Introduction
Orekan Partners (hereinafter the “Company”) is a Société par actions simplifiés (simplified joint-stock company), registered with the Paris Trade and Companies Register under number 977 690 726. Its head office is located at Orekan Partners, 14 avenue de l’Opéra, 75001 PARIS, France.

Its main activity is the development of consulting services for the health and life sciences industries.

The Company is the publisher of the website at https://www.orekan-partners.com/ (hereinafter the “Site”), which allow any individual accessing the Site (hereinafter the “Users”) to learn about the services it offers and to contact the Company via an online contact form.

This Privacy Policy (hereinafter the “Policy”) aims to define the terms and conditions for the collection, use, and sharing of personal data (hereinafter the “Data”) that the Company collects as part of the publication and operation of the Site.

The Company's processing of personal data collected on the Site complies with Law No. 78-17 of January 6, 1978, on Information Technology, Data Files, and Civil Liberties, amended by Law No. 2004-801 of August 6, 2004, and by Law No. 2018-493 of June 20, 2018 (the “Data Protection Act”), and Directive of July 12, 2002, as amended by Directive 2009/136/EC (the “ePrivacy Directive”), and Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and the free movement of such data (the “GDPR”), and any national transposition text or any subsequent text that would succeed them.

Definitions

Cookie: A set of information sent by an HTTP server to an HTTP client, which the latter returns under certain conditions when querying the same HTTP server. The cookie is equivalent to a small text file stored on the User's device. A cookie is sent as an HTTP header by the web server to the web browser, which returns it unchanged each time it accesses the server. A cookie can be used for authentication, session (state maintenance), and to store specific information about the User.

Three types of cookies can be distinguished, which do not have the same purposes: technical cookies, social network cookies, and advertising cookies:

  • Technical cookies are used throughout the navigation on the Site to facilitate it and to perform certain functions. For example, a technical cookie can be used to remember the answers filled in a form or the User's preferences regarding the language or presentation of a website when such options are available.

  • Social network cookies can be created by social platforms to allow website designers to share the content of their site on those platforms. These cookies can also be used by social platforms to track the browsing of internet users on the concerned website, whether they use those cookies or not.

  • Advertising cookies can be created not only by the website on which the User is browsing but also by other websites displaying advertisements, announcements, widgets, or other elements on the displayed page. These cookies can be used for targeted advertising, i.e., advertising determined based on the User's navigation.

Personal Data or Personal Data: Any information relating to an identified or identifiable natural person, directly or indirectly, by reference to an identification number or one or more elements specific to them (including their name, phone number, email address, customer number, without this list being exhaustive), as defined by the General Data Protection Regulation (hereinafter the “GDPR”), No. 2016/679.

Site: Refers to the website at www.orekan-partners.com

Company: Refers to Orekan Partners.

Processing of Personal Data: Refers to any operation or set of operations performed on Data, regardless of the means used (consultation, collection, recording, organization, storage, adaptation, modification, extraction, consultation, use, communication by transmission, dissemination, or any other form of making available, comparison, interconnection, blocking, erasure, or destruction, etc.) as defined by the GDPR.

User: Refers to any natural person accessing the Site.

Data Controller
The Data Controller of personal data is the one who determines the purposes and means of such processing, i.e., the objective and how to achieve it.

The Company is the Data Controller for the personal data processed on the Site.

Collection of User Data
A simple visit to the Site will not require the provision of personal data.

However, a User may be required to provide personal data if they choose to use the contact form available on the Site to get in touch with the Company. When using the contact form, the User is informed if certain personal data must be provided.

The personal data that may be collected by the Company in this context are:

  • The User's email address,

  • Possibly their name and surname,

  • Their IP address (see "Cookies" section below),

  • Their country,

  • Any other information constituting Personal Data under this Policy and voluntarily provided in the contact form on the Site by a User.

As part of pre-contractual obligations or the execution of a contract, the Company may process the User's personal data to:

  • Respond to online comments and requests,

  • Improve the Site and ensure its IT security,

  • Evaluate the impact of the Site and customer satisfaction of the Company, particularly through the use of aggregate statistics on the use of the Site.

These processing purposes are based on the User's consent at the time of personal data collection and, more generally, the Company's legitimate interest as the publisher of the Site.

Recipients of Personal Data
The Company strives to apply the principle of minimization in the processing of personal data. Therefore, the personal data collected by the Company during Users' access to the Site is strictly accessible only to the Company's personnel whose function requires it and to its indispensable service providers whose technical and organizational measures for the protection of personal data are established.

Personal data may also be transmitted to competent authorities only upon request, exclusively to comply with legal obligations.

Orekan Partners is a global group, and we share data among different parts of the group where necessary and appropriate. This may occasionally mean that your data is transferred outside of the European Economic Area (EEA), including to the United Kingdom, and in certain cases to the United States, but only at the request of our clients. We ensure that all such transfers are carried out in compliance with applicable data protection laws, including the use of standard contractual clauses or other appropriate safeguards where required. We also have an extensive IT security policy, which all individuals employed or otherwise engaged by Orekan Partners must adhere to. 

Data Retention Period
The personal data of Users who are already customers of the Company is retained by the Company for the entire duration of the contractual relationship and five years after its termination.

The personal data of prospect Users or Users who have used the contact form on the Site to get in touch with the Company is retained by the Company for three years from their last contact with the Company or the Site.

Personal data collected to manage opposition requests to processing is stored for five years from the closure of the opposition request.

Data Security and Integrity
The Company uses various security measures, both technical and organizational, physical and logical, to protect the personal data it collects. However, the Company is not responsible for the security of data transmission over the Internet, which is accessible to all and not inherently secure.

It remains the responsibility of Users to ensure that their devices are adequately secured and protected against malicious software such as Trojans, malware, and computer viruses.

Third-Party Websites
The Site may contain hyperlinks to websites owned and operated by third parties. These third-party websites have their own privacy policies, and are also likely to use cookies, and we therefore encourage you to review them. They will govern the use of personal information you submit when visiting these websites, which may also be collected by cookies. 

The Company is not responsible for the websites whose links appear on the Site, and in particular, cannot guarantee the integrity and security of Users' personal data if they browse these third-party sites.

The User acknowledges that this Policy applies only to the use of the Site and does not cover information collected and/or processed on external sites or sources, the links to which may appear on the Site. Consequently, the Company cannot be held responsible for the practices of these external sites or sources concerning the collection and processing of personal data, which are governed, if applicable, by their respective personal data policies.

Users' Rights to Their Personal Data
In accordance with Law No. 78-17 of January 6, 1978, on Information Technology, Data Files, and Civil Liberties, and the provisions of Article 15 of the GDPR, the User has the right to access their personal data to obtain its communication and, if necessary, its rectification or erasure (in accordance with the provisions of Articles 16 and 17 of the GDPR). The User can also contact:

Email address: DPO@orekan-partners.com

Postal address: OREKAN PARTNERS, 14 avenue de l’Opéra, 75001 PARIS, France

It is reminded that any person can, for legitimate reasons, request the limitation of the processing of data concerning them (in accordance with Article 18 of the GDPR) or object to such processing (in accordance with the provisions of Articles 21 and 22 of the GDPR).

In the event of rectification or erasure of personal data, as well as the limitation of processing carried out following a request from the User, the Company notifies these modifications to the persons to whom these data have been communicated unless such communication proves impossible (in accordance with Article 19 of the GDPR).

Data Portability
The User has the right to the portability of personal data they have provided to the Company, understood as the data actively and consciously declared within the framework of accessing and using the services, as well as data generated by their activity in using the services (in accordance with Article 20 of the GDPR).

This right does not apply to data collected and processed on another legal basis than consent or the performance of the contract linking the User to the Company.

This right can be exercised by the User free of charge at any time to recover and retain their personal data.

If applicable, the Company sends the User their personal data by any means it deems useful, in a commonly used and machine-readable standard open format, in accordance with the state of the art.

Contact and Complaints to a Supervisory Authority
For any request related to this Policy or in case of a dispute between the Company and a User regarding the processing of their personal data, the latter can contact the Company at the contact details mentioned above.

The User also has the right to lodge a complaint with a competent supervisory authority (the National Commission for Information Technology and Civil Liberties for France) in the Member State where their habitual residence, workplace, or the place where the alleged violation of their rights occurred, if they consider that the processing of their personal data under this Policy constitutes a violation of applicable texts.

This remedy can be exercised without prejudice to any other remedy before an administrative or judicial court.

Communication Regarding a Personal Data Breach
If the Company identifies a security breach in the processing of personal data that could result in a high risk to the rights and freedoms of the User, the Company will inform the User as soon as possible (in accordance with the provisions of Article 34 of the GDPR), detailing the nature of the encountered breach and the measures taken to address it.

Cookies
Our Site uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse the Site and also allows us to improve the Site.

We will ask you for your consent to our use of cookies when you first access our Site. If you do not consent then this will mean you are treated as though you have blocked the use of cookies. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site and our site may not function properly.

You may withdraw your consent at any time by declining to accept the cookie policy when you visit our Site.

The Company uses technical or navigation cookies, including session cookies that are active only for the duration of navigation on the Site and deleted when the browser used on the User’s device is closed, and permanent cookies that remain on the hard drive of the said device (see table below for further details).

The Company also uses statistical or analytical performance cookies. The information provided by these cookies allows analysing User behaviour types and is used to optimize the User experience or identify parts of the Site that may require maintenance or optimization. The information is anonymous and used solely for statistical purposes.

The Site is hosted on Squarespace, which has the following Cookies policy.

Necessary and required cookies: Squarespace uses some necessary cookies that vary from site to site depending on the features it uses. For example, the following cookies may be used:

  • _dd_cookie_test to tests if cookies are supported; expires instantly.

  • _dd_s to track browser errors; expires after four hours.

  • _dd_site_test to test if cookies are supported; expires instantly.

  • _grecaptcha to help reduce spam in Acuity Scheduling; no expiry.

  • _ssid to rememember devices for anti-fraud purposes; expires after four years.

  • Crumb to prevent cross-site request forgery (CSRF); expire at the end of the session.

  • RecentRedirect to prevent redirect loops if a site has custom URL redirects; expires after 30 minutes.

  • ss_cookieAllowed to remembers if a visitor agreed to placing analytics cookies on their browser if a site is restricting the placement of cookies; expires after 30 days.

  • Test to investigate if the browser supports cookies and prevents errors; expires after the session.

Squarespace also uses analytics and performance cookies to collect information on the Company’s behalf about how visitors interact with our Site. The following cookies allow to identify unique visitors and tracks a visitor’s sessions on a site:

  • ss_cid; last two years.

  • ss_cpvisit to identify ; last two years.

  • ss_cvisit; last 30 minutes.

  • ss_cvr; last two years.

  • ss_cvt; last 30 minutes.

The Company also uses Google Analytics, a statistical audience analysis tool that generates cookies to measure the number of visits to the Site, the number of pages viewed, and visitor activity. The User’s IP address is also collected to determine the city from which they connect, as well as the dates, connection and disconnection times, and cache data. The User can oppose the deposit of technical cookies and cookies generated by Google Analytics by configuring their browser. Such refusal could, however, prevent the proper functioning of the Site.

The Company also uses social network cookies (LinkedIn). LinkedIn implements cookies necessary for sharing the site's content on its platform or for creating access statistics. The Company does not control the use of these features by Users, nor their implementation by LinkedIn. Therefore, Users are invited to review LinkedIn’s cookie management policy.

Modifications
The Company reserves the right, at its sole discretion, to modify this Policy at any time, in whole or in part, to comply with any legislative, regulatory, jurisprudential, editorial, or technical developments.

These modifications will take effect upon publication of the new Policy. Users are therefore invited to refer to the latest version of the Policy before any navigation.