Date of last update: 23/01/2026
VITADX, as data controller, attaches particular importance to the confidentiality of the personal information it collects and undertakes to comply with the applicable regulations on the processing of personal data, in particular Regulation (EU) No. 2016/679 on the protection of personal data (the “GDPR”).
This policy aims to inform you of our practices regarding the collection, use and sharing of personal information that we collect through our website (hereinafter referred to as the “Site”) and in the context of managing our relationships with our prospects, partners and customers. We recommend that you read it carefully before using our services.
Your personal data are collected and processed for the following purposes and on the following legal bases:
Managing requests received via the contact form: This processing is based on our legitimate interest in responding to users’ requests.
Ensuring the basic functionalities of the website: We use cookies to record your preferences regarding the use of cookies on the website and to ensure its proper functioning. This processing is based on our legitimate interest in providing a satisfactory and secure browsing experience.
Promoting our products and services: With your consent, we process the data collected when you submit a contact request in order to inform you about our products and services.
Measuring website audience: We use the Matomo solution to establish statistical measurements of website traffic and usage for service improvement purposes. This processing is based on our legitimate interest. You can change your preferences by accessing the cookie management module located in the footer.
Distributing video content: We offer video content that requires cookies to function. This processing is based on your consent. You may withdraw your consent at any time by accessing the cookie management module located in the footer.
Providing personalized advertisements and improving Google products and services: Data collected via YouTube and Google cookies may be used by Google to offer you personalized content, analyze advertising performance and improve its services. This processing is based on your consent, which you may withdraw at any time via the cookie management module located in the footer.
Managing recruitment: You may provide us with personal data when responding to an internship, job or work-study offer, or when submitting an unsolicited application. This processing is based on the implementation of pre-contractual measures taken at your request. With your consent, we retain your data after the recruitment process in order to contact you again for new professional opportunities.
Managing relationships and communicating with our prospects, customers and business partners: In the context of our relationships with prospects, customers and partners, we may process personal data relating directly to them (when they are natural persons) and/or to their employees. These data are used for the purposes of our professional relations with you or your entity, in particular for pre-contractual discussions, for promoting our products, and for setting up, managing and performing contractual relationships (e.g. invoicing, product delivery, etc.). They may also be used for partner management and to comply with our accounting and tax obligations. Consequently, failure to provide personal data may prevent us from establishing or continuing our professional relationship. These processing activities are necessary for our legitimate interests in ensuring the proper management and organization of our relationships with partners, customers and prospects, for the performance of pre-contractual measures or contracts, and for compliance with accounting and tax obligations.
Managing requests to exercise data subject rights: This processing is based on our legal obligations under applicable data protection regulations.
Establishing, exercising or defending our legal rights: We may retain and use data for this purpose if necessary, based on our legitimate interest in protecting our interests in the event of litigation.
Mandatory data provided when submitting a contact request or exercising your rights: last name, first name, phone number, email address, subject of the request, proof of identity in case of doubt as to the requester’s identity (only for rights requests).
Data relating to website use: IP address, connection data, unique identifiers (cookies), device identification, number of pages viewed, internet service provider, browser type, URL of the page visited, device type.
Data collected as part of an application: last name, first name, phone number, email address, subject of the application, CV and cover letter.
Data collected in the context of relationships with customers, prospects and partners: depending on the nature of our relationship, we process your name, first name, phone number, email address, postal address, information relating to your professional activity (sector, role, affiliated organization, source of contact, level of relationship with VitaDx, information about your participation in clinical trials, etc.), and billing data. These data are collected directly from you or obtained from third parties and/or from publicly available sources, in particular professional social networks such as LinkedIn.
Purpose — Retention period
Management of requests via the contact form: up to 3 years after the last contact
Basic website operation: up to 1 year
Audience measurement: up to 25 months
Management of rights requests: current calendar year + 5 years after the request
Recruitment management: for the duration of the recruitment process + until December 31 of the second year following the end of the process if the candidate has consented
Management of relationships with customers, partners and prospects: up to 3 years after the end of the relationship and 10 years for accounting documents
The personal data we collect are intended for VITADX internal departments, each department processing only the data necessary to perform its missions.
Main departments concerned:
Sales, marketing and communication
Administration, HR and finance
IT
Quality
Your personal information may also be made accessible to our processors, who are bound by contractual obligations of confidentiality and security, including:
Website hosting provider
Website security providers
Website audience analysis services
Video content display service
CRM software provider
Mailing software provider
Messaging provider
When you accept cookies, your data are also shared with third-party companies responsible for these cookies, some of which are located outside the European Union. Where data are transferred outside the EU to countries without an adequacy decision from the European Commission, VITADX undertakes to secure such transfers through appropriate safeguards, such as standard contractual clauses approved by the European Commission.
Non-EU processors and partners currently linked to VITADX:
| Company | Headquarters | Safeguards |
|---|---|---|
| CloudFlare Inc | United States | Adequate country (Data Privacy Framework) |
| Microsoft | United States | Adequate country (Data Privacy Framework) |
| Elementor Ltd | Israel | Adequate country |
| Innocraft (Matomo) | New Zealand | Adequate country |
| Monday | Israel | Adequate country |
| United States | Adequate country (Data Privacy Framework) |
Under the GDPR and the French Data Protection Act, you have the right to:
Access your personal data;
Rectify inaccurate, outdated and/or incomplete data;
Obtain erasure of your data;
Obtain data portability, where technically feasible;
Request restriction of processing;
Object at any time, on grounds relating to your particular situation, to the processing of your data;
Withdraw your consent for specific processing where such processing is based on consent;
Define advance directives regarding the fate of your data after your death.
To enable you to exercise these rights, we may ask you to provide proof of identity where there is reasonable doubt as to your identity. In such cases, the copy of the ID document is not kept beyond the time necessary for verification.
To exercise your rights, or for any question relating to the processing of your data by VITADX, you may contact our Data Protection Officer at: [email protected].
If you are not satisfied with the response given to your request, you have the right to lodge a complaint with the French Data Protection Authority (CNIL), via its website or by post.
We are committed to ensuring the security of the data you entrust to us. To prevent any unauthorized access, use, alteration, destruction, loss, damage or disclosure, appropriate technical and organizational measures are implemented. Personal data are stored in a secure environment and data flow encryption measures are applied.
Our employees are subject to contractual confidentiality obligations and must comply with an internal IT usage policy.
We also ensure that our processors provide sufficient guarantees in terms of security and confidentiality.
The Site and our activities may evolve, for example due to changes in business policy or new technological choices. As a result, we may update and amend this Data Protection Policy at any time and without notice.
We invite you to consult this policy regularly, and in particular before providing any personal data. The latest update of this Data Protection Policy was made on the date indicated above.
Continued use of the Site after the implementation of changes to this Data Protection Policy constitutes acceptance of the revised policy as it then applies.
