This Personal Data Protection Policy gives you information about how the processing of your data is handled by Virbac
This Personal Data Protection Policy, accessible in particular on this website, is updated regularly to take into account the legislative and regulatory changes, and any changes in the organization of Virbac or in the processing we carry out. Our website may contain links to third party websites/content/services that are not owned or controlled by Virbac. Virbac is not responsible for how these properties operate or treat your personal data so we recommend that you read the privacy policies and terms associated with these third party properties carefully.
This Personal Data Protection Policy is completed with:
Virbac, when acting as data controller, is responsible for the personal data you provide us with.
Virbac, comprises Virbac S.A. (French company registered number 417350311) and its subsidiaries/affiliates undertakings (referred collectively as “Virbac” or “we” or “our”).
Information on our subsidiaries can be found here.
For the purpose of applicable data protection law (in particular, the General Data Protection Regulation (EU) 2016/679 (the “GDPR”), your data will be processed by Virbac affiliate or subsidiary undertaking that you have instructed or that is providing services to you or communicating to you and each such entity is regarded as an independent data controller of your personal data. This Personal Data Protection Policy applies to all such entities.
We are committed to ensuring the highest possible level of protection for the personal data of the person whom we process the personal data (the “data subject”), as well as of any other personal data we process.
We undertake to comply with the regulations applicable to all processing of personal data that we carry out. As such, we undertake to respect the following principles:
This commitment is reflected in the following:
Please note that a personal data is any information relating to an identified or identifiable natural person (“data subject”), such as an email address, your name and surname, your IP address, etc.
We collect your personal data via this website as well as via other means. In some cases, we collect your personal data directly from you. In other cases, your personal data are forwarded to us by a third party.
Virbac ensures that it only collects and processes personal data that are strictly necessary for the purpose for which they are processed. You will be informed, as soon as possible, about the categories of personal data we process, for each processing we carry out on your personal data.
The personal data we collect are, for instance:
If you submit any personal data relating to other people to us, you represent that you have the authority to do so and to permit us to use the information in accordance with this Personal Data Protection Policy.
The data processing operations carried out by Virbac fulfil an explicit, legitimate and determined purpose.
Your data are processed to serve you. We use your personal data for the following purposes for instance:
Information about other people: If you provide information to us about any person other than yourself, for instance your employees, counterparties, your advisers or your suppliers, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.
The purpose of the processing will be communicated to you on a case-by-case basis, for each processing we carry out on your data.
We always ensure, when processing your personal data, that the processing is based on a “lawful basis” (i.e. the processing takes place for the performance of a contract, or we have your consent, etc.). Having a lawful basis means that the processing remains within the strict requirements of the GDPR, and is therefore deemed lawful.
We always process your personal data in accordance with the following lawful basis.
The lawful basis will be communicated to you on a case-by-case basis, for each processing we carry out on your data.
Virbac will keep your personal data only for the duration necessary for the purposes for which they are processed, and in compliance with the applicable legislation. Therefore, the personal data retention period depends on the purpose of each processing.
To determine the retention period of your data, we also use the following criteria:
We will make the retention period available to you on a case-by-case basis.
The authorized persons working for Virbac and, in some case, its subsidiaries, can access your personal data. We make our best effort to ensure that these groups of people remain as small as possible, and maintain the confidentiality and security of your data.
Other third party recipients, such as our trusted service providers, who support our business, may also receive the data, depending on the processing. We use trusted service providers to carry out a set of operations on our behalf.
In that regard, we only provide our trusted service providers with the information they need to perform the service and ask them not to use your personal data for any other purpose. We always do our best to ensure that all these trusted service providers with whom we work maintain the confidentiality and security of your data. We also make sure that, when our relationship with a trusted service provider comes to an end, this service provider deletes your data without delay.
We select our trusted service providers with great care, making sure that they provide sufficient guarantees, in particular in terms of expert knowledge, reliability and resources, to implement technical and organizational measures which will meet the requirements of the applicable legislation, including for the security of processing. On that regard, we make sure that our trusted service providers only process the personal data on our documented instructions. We also make sure that their staff have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
We may ask our trusted service providers to provide services needing the processing of your personal data, for instance for the following purposes:
For each processing we carry out on your personal data, we will inform you about the identity or the role of our trusted service providers.
For instance, we also can share your information as with others as follows
Your data is stored in the European Economic Area (EEA) by Virbac, its subsidiaries and its trusted service providers. However, depending on the processing, your data may also be transferred in a country outside the EEA, to our trusted service providers and/or subsidiaries.
When transferring data outside the EEA, we ensure that the data are transferred in a secured manner and with respect to the applicable legislation. When the country where the data are transferred does not have a protection comparable to that of the EU, we use “appropriate or suitable safeguards”.
Those appropriate or suitable safeguards are a way to compensate for the lack of data protection. Such appropriate safeguards may consist of making use of binding corporate rules, standard data protection clauses adopted by the Commission, standard data protection clauses adopted by a supervisory authority or contractual clauses authorized by a supervisory authority.
In all cases, it is a matter of concluding a contract with the entity receiving your personal data, in order to ensure compliance with data protection requirements and your rights as data subjects appropriate to processing within the Union, including the availability of enforceable data subject rights and of effective legal remedies, including to obtain effective administrative or judicial redress and to claim compensation, in the Union or in a third country. They relate in particular to compliance with the general principles relating to personal data processing, the principles of data protection by design and by default.
When transferring your personal data to entities located in the United States of America, we may also use the “Privacy Shield”, which is a self-certification mechanism for companies established in the United States that has been recognized by the European Commission as providing an adequate level of protection for personal data transferred by a European entity to companies established in the United States. This mechanism is therefore considered to offer legal guarantees for such data transfers.
Where applicable and on a case-by-case basis, we will inform you about our intent to transfer personal data to a third country, the existence or absence of adequacy decision of the Commission and, where applicable, the reference to the appropriate safeguards and the means by which to obtain a copy of them or where they have been made available.
Where the data protection legislation or regulation provides for it, for instance when your personal data are processed by one of our EU affiliates or affiliates located in other jurisdictions where similar rules apply, you have certain rights in relation to your information. The availability of these rights and the ways in which you can use them are set out below in more detail. Some of these rights will only apply in certain circumstances.
Depending on the processing, you have:
About Direct Marketing: as indicated above, you have the right to object and you can opt-out of receiving direct marketing from us at any time. Based on your consent (“opt-in”) or legitimate interest or contractual basis, we may use the information you give us on our website or other means for direct marketing purposes to provide emails, newsletters and other messages to keep you informed of business developments, market insights and of our services including events that we think may interest you. To exercise your right to opt-out of receiving direct marketing, you can change your marketing preferences on your online accounts settings page, click on the "unsubscribe" link included at the end of any marketing email we send to you, or get in touch with us via our contact form.
If you would like to exercise, or discuss, any of these rights, please contact the relevant Entity contact address as listed in this Personal Data Protection Policy.
In order for us to process your request satisfactorily, you will have to justify your identity, by any means. In case of doubt on our part, we may request additional information, in particular the transmission of a copy of your identity card, signed by you.
We will do our best to respond satisfactorily to your requests. In any case, we will answer you within one month, although our response time may be extended by two further months depending on the complexity and number of requests.
If, for any reason whatsoever, you consider that our response is not satisfactory, we inform you that you may file a complaint with a data protection supervisory authority, in particular in the Member State of the European Union where you are habitually resident, where we are based, or where an alleged infringement of Data Protection law has taken place. In France you can file a complaint with the CNIL (Commission Nationale de l’informatique et des Libertés).
Each time Virbac carries out a processing regarding your personal data, it will inform you about such processing, by providing you:
This information will be made available to you as soon as possible, and, in the case of direct collection of your data, at the time of collection.
Virbac attaches great importance to the protection of your personal data, and takes all reasonable precautions to this end. We require our partners who manage your data on our behalf to do the same.
We constantly make our best efforts to protect your personal data. Upon receipt of your data, we apply strict procedures and security measures (both technical and organizational) to prevent unauthorized access. As the transmission of data via the Internet is not totally secure, we cannot guarantee the security of your data that is transmitted to our site. Therefore, any transmission is at your own risk.
The personal data we collect through these technologies will also be used to manage your session.
As stated in Section V of this Personal Data Protection Policy, we determine the lifespan of the cookies according to the limits set by the national competent supervisory authority (for instance, in France, 13 months).
Our website, newsletters, email updates and other communications may, from time to time, contain links to and from the websites of third parties. The personal data that you provide through these websites is not subject to this Personal Data Protection Policy and the processing of your personal data by such websites is not our responsibility.
If you follow a link to any other websites, please note that these websites have their own privacy notices which will set out how your information is collected and processed when visiting those sites.
We do not knowingly collect information from children or other persons who are under 16 years old. If you are under 16 years old, you may not submit any personal data to us except for special training or for security access with the specific written parental authorization.
This Personal Data Protection Policy may be changed from time to time.
If we change anything important about this Personal Data Protection Policy (the information we collect, how we use it or why) we will highlight those changes at the top of the notice and provide a prominent link to it for a reasonable length of time following the change.
Last updated: 27/01/2019