Privacy policy

Privacy policy

Updated on 16 November 2021 

EBMA (European Bio Immune(G)ene Medicine Association), association governed by local law with headquarters at 29, rue Charles Sandherr 68000 Colmar (hereafter “the Association”) attaches great importance to protection of the personal data that it has to collect and process in the context of its activities, both with regard to the users of its services and the platform it operates.

Thus, the collection and processing of personal data done by the Association in the context of operation of its activities and use of the products and services, including the website that the Association operates at the address (the “Site”) are governed by this privacy policy (hereafter the “Policy”).

The purpose of this Policy is to present to data subjects:

  • How the Association processes the Personal Data, as defined below, that it collects and that Data Subjects, as defined below, provide with their consent to notably permit provision of the products and services of the Association;
  • The rights of Data Subjects, as defined below;
  • The name of the Data Controller, as defined below;
  • The possible beneficiaries of a data transfer.

Data subjects are therefore invited to read this document carefully to know and understand the Association’s practices regarding the processing of Personal Data that the Association implements.


Terms used with a capital letter take the definition given to them below. The terms have the same definition whether they are used in singular or plural form.

  • Personal data” means any information relating to an identified or identifiable natural person (hereafter a “Data subject”).
  • Data Controller” refers to the natural person or legal entity, public authority, service or other body which, alone or jointly with others, determines the purposes and resources for processing; when the purposes and resources for this processing are determined by the law of the Union or the law of a Member State, the data controller may be designated or the specific criteria applicable to its designation may be specified by the law of the Union or by the law of a member State. In this case, the Association is the Data Controller.
  • “Processing” refers to any operation or set of operations performed or not using automated processes and applied to data or sets of personal data, such as collection, saving, organizing, structuring, retaining, adaptation, extraction, modification, viewing, use, transmission through communication, distribution, or otherwise making available, reconciliation or interconnection, limitation, deletion or destruction.

2. General rules applicable to the collection and processing of personal data 

In accordance with Article 5 of the General Data Protection Regulation No. 2016/679 (GDPR), Personal Data must be:

  • Processed in a lawful, loyal and transparent manner with regard to the Data subject;
  • Collected for specific, explicit and legitimate purposes;
  • Adequate, relevant and limited to what is necessary;
  • Kept for a period not exceeding that necessary for the purposes for which they are processed;
  • Protected in their integrity and kept confidential.

In accordance with Article 6 of the GDPR, Personal Data is lawfully processed if this processing meets at least one of the characteristics below:

  • The Data Subject has given his consent;
  • The processing is necessary for performance of a contract; 
  • The processing is necessary for compliance with a legal obligation; 
  • The processing is necessary to protect the vital interests of the Data Subject; 
  • The processing is necessary for performance of a task in the public interest; 
  • The processing responds to the pursuit of legitimate interests of the Data Controller.

3. Nature of collection of Personal data

Data Subjects may be required to provide the Association, in its capacity as Data Controller as intended under the GDPR, with personal information and data:

  • identification data: last name, first names, date and place of birth, copy of your identification documents;
  • data relating to your contact details: postal address, e-mail address, phone number;
  • data relating to your economic and socio-professional situation;
  • connection data;
  • details of your correspondence with us and, in particular, in case of assistance;
  • cookies;
  • banking and financial data;
  • transaction data;
  • authentication data.

For all practical purposes, it is recalled that the Data Controller is, in accordance with applicable legislation, the entity that defines and limits the data to be collected as well as the purposes for processing.

Some personal data is mandatory and some is optional, in order to access or benefit from certain products and services of the Association.

In any case, this data is collected and processed on the basis of a legal obligation, a legitimate interest of the Association and/or the consent of the Data Subject.

In the absence of communication of personal data of a mandatory nature, the Association will not be able to respond to your requests, if applicable.

4. Purpose for collection of Personal data

The Association, as Data Controller, requests and collects Personal Data concerning the Data Subject when the latter wishes to acquire products and/or services offered by the Association.

This information is necessary for the Association for proper performance of the services and to allow it to comply with its legal obligations.

Without it, the Association may not be able to provide all the products and/or services requested and ordered by the Data Subject.

The main purposes of collecting, storing and processing this information and Personal Data are:

  • to provide the products ordered by the Data Subject;
  • to provide the service (s) to which you have subscribed (performance of operations, accessing and managing your account);
  • to allow the Association to respond to your requests;
  • to facilitate the assistance services provided by the customer relations department;
  • to allow the Association to send publications, press releases and information to users at their request;
  • to provide information to potential future buyers / merger partners, as the case may be, in connection with the outsourcing, sale or consolidation (including acquisition) of part or all of the Association;
  • to allow the Association to manage its commercial relationships, where applicable with its service providers and partners;
  • to improve the Association’s products and services;
  • to allow the Association to perform statistical analyses. 

5. Recipient(s) of collection of Personal data

The Personal Data collected by the Association may be communicated and/or sent, for a fee or free-of-charge, to third parties linked to the Association by contract for performance of the subcontracted tasks necessary for supplying the products or for execution of the services, without users having to give their authorization.

In the event of a proven violation of legal or regulatory provisions, this information may be the subject of communication at the express and justified request of the judicial authorities.

6. Duration of retention of Personal data

Personal data and/or information will only be kept to allow the execution of order contracts established between Data Subjects and the Association.

7. Exercise of the rights of Data subjects

In accordance with regulations on the protection of personal data and, in particular, the General Data Protection Regulation No. 2016/679 (RGPD), everyone has the right to access, rectify, limit and delete his data, as well as the right of portability of his data and the right to oppose the processing of his data and information for legitimate and compelling reasons, which may be exercised at any time by using the data modification request form:

Lastly, each Data Subject has the right to file a complaint with a competent supervisory authority.

8. Transfer of Personal Data outside the European Union

In general, the Association keeps the Personal Data of Data Subjects in the territory of the European Union.

9. Links to other websites and social networks

The Site may occasionally contain links to the websites of our partners or third-party companies.

Please note that these websites have their own privacy policies and that the Association is not responsible for the use made by these sites of the information collected when you click on these links. The Association invites you to read the privacy policies of these sites before providing them with your personal data.

10. Modifications of the Policy on protection of Personal data 

The Association reserves the right to make any modification to this Personal Data Policy at any time, in accordance with this clause.

If the Association makes a change to this Personal Data Protection Policy, it will publish the new version on its Site and update the “Last Updated” date at the top of this Personal Data Protection Policy.

Therefore, the Association invites you to consult this page regularly.