We have always been careful to protect personal data that we collect and process. To this end, REVATIS undertakes to fully comply with the regulations in force applicable to the processing of personal data and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (also named General data protection regulation ”) and the Belgian law of 30 July 2018 on the protection of individuals with regard to the processing of personal data.
It is possible to visit our website without providing any personal data. However, when you visit our site, we may automatically collect certain information whether or not you decide to use our services. These information include your IP address and the dates, times and frequency you access our site and how you browse its content.
We also collect data from you when you contact us through the website / blog, for example by using the "chat" function or when you ask us a question. The data we collect, following your request, will mainly be:
The data we collect following the opening of a Pro account are as follows:
When you are a Client of REVATIS for a service or the purchase of a product (ex: purchase of a drug or medical device, Sampling, etc.) we are required to collect personal data.
REVATIS needs the contact details of the people in your company / institution who are in charge of the contract between your company / institution and REVATIS (to ensure the management and monitoring of your file and / or customer data (We will therefore ask mainly the following data:
We may also hold additional information that someone in your company has chosen to communicate to us or that Customer has communicated to us. If for any reason we need additional personal data, we will notify you such request.
When you are a customer of REVATIS for the purchase of supplies (e.g. gel, prostheses, PRP Kit, etc.), we are required to collect personal data to enable us to prepare and send you your order. This is either data relating to the personnel of your company in charge of the order or your personal data when you buy our products as a natural person.
We will therefore mainly request the following data:
If you are a Supplier or Subcontractor of REVATIS, we are required to collect personal data which are however limited. REVATIS does indeed, in principle, only need the contact details of the people in your company who are in charge of the subcontract that binds your company with REVATIS in order to manage and monitor the services requested.
We will therefore request the following data:
In some cases, we may collect your bank data in order to pay you if your bank account is not in the name of your company. We may also hold additional information that someone in your company has chosen to share with us. If for any reason we need additional personal data, we will notify you our request.
If you are a public or private partner of REVATIS, we are required to collect personal data which are however limited. REVATIS does indeed, in principle, only need the contact details of the people with your organization / company who are in charge of the business which links your organization / company with REVATIS in order to ensure the management and monitoring of our collaboration or the file. We therefore collect the following data:
We may also hold additional information that someone in your organization / company has chosen to share with us. If for any reason we need additional personal data, we will notify you.
As candidate of a job offer, intern or temporary or independent collaborators with REVATIS, we may be required to collect the following data:
Please note that the above list of categories of personal data that we may collect is not exhaustive.
These data are necessary to enable us to conclude an employment contract or to meet legal obligations.
In case of research and development activities in the field of cell therapy, we will be required to collect a series of personal data relating to the volunteer candidate for this research. Our researchers will be subject to the rules of professional secrecy and the rules of medical ethics. Your data will, as far as possible, be anonymized or pseudonymized, if anonymization is impossible due to the characteristics or conditions of the research.
In the event of pseudonymization, your personal data is limited to your initials (or another code), your date of birth and your gender. Each patient is thus recorded in a database under a unique and non-informative number, which will be the one used for research purposes. Except the authorized third Party (ex: Hospital where you are treated), no one will be able to identify you as an individual from the stored data.
The personal data that we may collect in the context of our research & development activities are:
If you visit us in our premises and buildings, we will collect the following personal data:
We may collect certain data automatically or data that you voluntarily provide to us so that we can respond to you.
We will receive personal data directly from you as follow:
If applicable and in accordance with applicable laws and regulations, we may obtain further information about you through:
We collect personal data from applicants in three ways:
We collect personal data from candidates, either directly from the candidate in case of research initiated by REVATIS, or indirectly from the research promoter when REVATIS acts as a subcontractor.
We collect your personal data during your visit by registering your data in the visitor book registry.
In general, personal information is only used to allow us to provide the service requested, to respond to an order for products, to manage clinical trials, to communicate with you, to improve or develop our services or products, to offer you targeted advertising and services, to protect us and our customers or partners or to benefit from a service or product that we have purchased from you, to allow us to carry out our research activities & development or training / education.
More specifically, we use your personal data to:
In the event that the legal basis for the processing is our legitimate interest, REVATIS shall ensure that the impact of the processing on the protection of your privacy is as limited as possible and in all cases, the balance between the REVATIS interests and its partners and the possible impact on the protection of your privacy is not disturbed. If you still have objections to this processing, you can exercise your right of opposition explained below.
REVATIS will not sell or rent your personal data to third parties, unless you have authorized it.
You have rights regarding the processing of your personal data. If REVATIS asks you an explicit authorization for a particular processing of your data, you can always thereafter, withdraw your consent at any time.
The main rights you have are the following:
You can consult your personal data at any time. You just need to contact us at the address mentioned below (Data controller). We will then provide you with the fullest possible overview of your data.
The data in our possession may no longer be up to date or correct. You can at any time request that these data be rectified or supplemented.
If it seems to you that your data is not being used in an appropriate manner, you can ask us to have your data deleted from our registers or even limit its use.
Please note that we will not be able to access your objection request if:
You also have the right to request the transfer of your data to yourself or to a third party. GDPR however places some limitations on this right which is therefore not applicable to all data.
You have the right to file a complaint against any violation of your rights before the Data Protection authority if you consider that REVATIS has not acted in accordance with the applicable legislation (see contact of Data Protection authority under the article "Data Controller").
You can exercise your rights, ask us any question or comment about this policy at the address mentioned under the "Data controller" article. We will do our best to process your request as soon as possible, and in any case, within one month (subject to extensions authorized by law).
In accordance with the Belgian law of 8 December 1992 on the protection of privacy with regard to the processing of personal data and its subsequent modifications, as well as with European regulations including Regulation 2016/679, General Regulation on Data Protection also entitled GDPR, the person responsible for your personal data is:
Avenue de l'Hopital 11, B34
VAT / ECB: 0541.682.642
mail: [email protected]
To contact us, you can send your requests directly to the Data Protection Officer (DPO) at the following email address or at the postal address mentioned above:
DPO: Mr Philippe PARTOUNE
email: [email protected]
Please note that this email address can only be used for inquiries relating to the process of personal data.
For any request, we will ask you for proof of your identity by sending a copy of an identity card, as the case may be. We may also request any additional information we deem necessary regarding your request. If we have access to the information we hold about you, we will not charge you for this access unless your request is "manifestly unfounded or excessive". In this case, we may charge you a reasonable administrative fee to the extent permitted by law.
Belgium Data Protection Authority
You can contact the Data Protection Authority in Belgium as follows:
REVATIS has implemented numerous technical, physical and organizational security measures in order to ensure the integrity, confidentiality and availability of the data of any people who are required to interact with REVATIS.
REVATIS has, in particular, implemented security techniques to protect personal data stored in computer servers against unauthorized access, inappropriate use, alteration, illegal or accidental destruction and accidental loss.
REVATIS is engaged in a process of monitoring and continuous improvement of its security procedures in order to take into account new technologies or new risks.
REVATIS has also put in place contracts and imposed specific obligations with its subcontractors, partners or staff so that the manual and electronic processing of any personal data is treated confidentially and in appropriate security measures in order to avoid misuse of this data.
If you suspect improper use, loss or unauthorized access to your personal information, please notify us immediately: [email protected] (DPO)
We can share your personal data with the following categories of people provided that they have an imperative need to know your personal data for the mission which is requested of them either on the basis of a ‘need-to-know’:
In fulfilling its missions, REVATIS works with many international partners, including researchers from scientific, academic or clinical institutions, the European Medicines Agency, the pharmaceutical industry and other institutions and healthcare providers. REVATIS may be required to communicate your personal information to partners, joint ventures, subsidiaries whose headquarters are located outside the European Economic Area. In these cases, standard contractual clauses adopted by the European Commission would be imposed on the recipient if your personal data is not sufficiently protected in the country of destination.
We only keep your personal data for the time necessary for the purposes described above.
In principle, we will delete your personal data from our systems in the absence of contact with you or with the company with which you work and which is in a business relationship with REVATIS or after the end of the contract which binds your company or you with REVATIS after an uninterrupted period of two years.
However, we may keep your personal data for a longer period of time if required by law or regulation.
For the personal data of the collaborators of our partners or our customers, the personal data will be deleted at the end of a period of 2 years after we are informed by our partner or customer that you no longer work for them.
For candidates for employment with REVATIS, personal data will be kept at the end of the candidate selection period for a maximum of 2 years.
For participants in a research, the data will be kept in principle for a period of 30 years or more depending on the characteristics of the research.
We may also keep your data for periods which are imposed on us by any law or regulation in force (ex:billing obligations or contractual obligations).