This policy was last modified on 08 Nov, 2018.
Iteos is a privately-held, biopharmaceutical company with its corporate domicile and principal place of business at Rue des Freres Wright 29, 6041 Gosselies, Belgium and listed in the Commercial Register of the Belgian Chamber of Commerce under number BE 0838 316 659. This policy applies to the personal data for which Iteos acts as data controller; in other words, where we have control over what happens with your data and how this data is handled.
How we use your personal data
Profile data or customer relationship data
We may collect and store the following information on our customers and business partners (or their personnel) to create profiles in order to facilitate the administration of our services and to maintain contact:
- name, surname and job title
- contact information including telephone number or email address
- internet protocol (IP) address
- demographic information such as postcode
- social media tracking pixels that allow platforms such as Facebook and Twitter to interact with this website
- other information relevant to customer and/or job offers
The legal basis for this processing is your consent OR the performance of a contract between you and us and/or taking steps, at you request, to enter into such a contract OR our legitimate interests, namely the proper administration of our website and business, our relationships with customers, communicating with customers and keeping records of those communications.
When you voluntarily provide us this information through our websites or any other information channel, the personal data provided by you will be used only for the purpose of responding to your query or your request for information. The legal basis for such processing is your consent.We will not use this personal data for direct marketing purposes.
Job applicant data
If you post your personal data as a job applicant, the personal data provided by you will be used for recruitment and employment purposes or –if you agree to this- for informing you of future job opportunities. The legal basis for this processing is taking steps, at you request, to enter into a contract between you and us OR your consent.
Clinical trial data
If you are a patient you may participate in clinical trials of Iteos’ products in order to further research and develop these immune therapeutics drugs. By giving consent to participate in such clinical trials, the doctor or investigator conducting the clinical trial will collect personal data of the patient, including data relating to the patient's health and pharmaceutical needs. Iteos receives this information in a pseudonymized form, which means that we do not receive data such as the patient’s name or any other contact information so that we cannot directly identify the patient. On occasions Iteos’ employees or contractors working on behalf of Iteos, may however access the patient’s personal data at the source of collection for the purpose of verifying data. The patient data will only be processed for scientific research purposes with appropriate safeguards in place.
Personal data about the doctors and investigators conducting clinical trials and people who assist them is collected by Iteos as well. In general, the type of this information includes the name, address, telephone details, field of expertise, position, role in study and qualifications and includes information provided on Curricula Vitae and Financial Disclosure Forms. Iteos is required to obtain such data on potential or actual investigators in order to maintain quality clinical trials (legitimate interests and the performance of contracts, or taking steps, at your request, to enter this contract) and consistently meet global regulatory and compliance guidelines (legal obligation).
A cookie is a small file which asks permission to be placed on your computer's hard drive. We are using cookies on our website for statistical purpose.
Providing your personal data to others
Transfers to third parties
We may disclose your personal data to third parties in the following cases:
- insofar as reasonably necessary for our business or administration purposes. Under certain circumstances, these third parties provide technical, organisational or consultancy support services (e.g. IT-support or legal support) and may occasionally have access to your personal data in order to enable them to provide these services. All companies providing such support services are required to apply the same standards of protection as us and cannot use your personal data for their own purposes;
- when disclosure is necessary for compliance with a legal obligation to which we are subject; or
- when we have your consent to disclose your personal data.
Your personal data will not be transferred to third parties without taking appropriate protection (i.e. encryption, such as the Secure Socket Layer (SSL) protocol, password, secured connection…).
We will never sell or rent your personal data to third parties.
We have offices and facilities in Gosselies, Belgium and in Cambridge, MA, US and may collaborate with other partners outside the EU as well. Transfers of your data outside of EU countries will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted and approved by the European Commission, a copy of which can be obtained from our Data Protection Officer. Your personal data are stored on the secure servers of Iteos.
Links to other websites
Retaining and deleting personal data
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
The period of retention of job applicant data will be no longer than two (2) years.
The period of retention of clinical trial data will be at least twenty (20) years after the completion of the trial
In some cases, it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:
- the period of retention of profile data will be determined based on current relationship but will be no longer than two (2) years after our last contact.
- the period of retention of customer relationship data will be determined based on our contractual agreements but will be no longer than 10 years after conclusion of the contract.
Notwithstanding the other provisions of this section, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject.
It is important to know that you can exercise different rights which give you a certain control over your personal data. You can always contact our Data Protection Officer at email@example.com to exercise your rights:
- if you want to know which personal data we have on you and why we have it, who can see this data, etc.
You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data.
- if you want an electronic or paper copy of your personal data processed by us.
Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data, in an understandable form
- if you believe that we have wrong or incomplete personal data concerning you and you want us to correct this.
Please write or email as soon as possible, to our Data Protection Officer. We will promptly correct any information found to be incorrect or erase such incorrect information of your personal data without undue delay.
- if you (temporarily or permanently) no longer want us to process your personal data;
Erasure of your data is possible if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; if you withdraw consent to consent-based processing; or if you object to the processing under certain rules of applicable data protection law and the personal data have been unlawfully processed.
Please note that even then Iteos can sometimes still keep your personal data (for legal obligations or for compelling legitimate interests). Please also note that a decision of Iteos to delete your personal data as a result of your request does not imply any recognition by Iteos that your personal data was processed illegitimately.
Questions and complaints
If you have any questions or complaints on how Iteos processes your personal data, you can always contact our Data Protection Officer: firstname.lastname@example.org.
If you believe that our processing of your personal data infringes data protection laws, you also have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. We however kindly request that you also present your complaints to our Data Protection Officer first, so that we can quickly find a suitable solution to your problem.