Privacy policy

What is the purpose of this policy?

NG Biotech SAS, which manages the website ngbiotech.com, attaches great importance to the protection and confidentiality of your personal data, which we consider to be a guarantee of our reliability and trustworthiness.

The data privacy policy clearly demonstrates our commitment to ensuring compliance within NG Biotech SAS with the applicable data protection rules and, more specifically, those of the General Data Protection Regulation (GDPR).

In particular, the privacy policy aims to inform you about how and why we process your data in the context of the services we provide.

Who is this policy for?

The policy applies to you, regardless of your place of residence, if you are a customer or visitor to the ngbiotech.com website.

If you are a candidate for a position at NG Biotech SAS, you can consult the “candidate” policy, which is, where possible, always published on the recruitment websites we use. Alternatively, you can request it from us at any time at rgpd@ngbiotech.com.

Why do we process your data?

As part of the services we offer, we necessarily need to process your personal data in order to:

  • browse our website, benefit from our services and enable us to respond to your requests (e.g. requests for information, complaints, etc.) on the basis of our general terms and conditions of use and our legitimate interest in providing you with the best possible service.
  • stay informed of our latest offers and events by email, telephone and post, based on our legitimate interest in retaining our customers and prospecting for new potential customers.
  • follow us and comment on our social media posts based on our legitimate interest in having a dedicated social media page.
  • receive our newsletter, which informs you about all the latest news concerning our services, based on your consent.
  • play videos on our website based on our legitimate interest in offering you content in video format.
  • allow documents to be downloaded based on our general terms and conditions of use.
  • ensure your safety and that of our teams on our premises by using video surveillance cameras based on our legitimate interest.

Your data is collected directly from you when you use our website, and we undertake to process your data only for the reasons described above.

However, when you voluntarily publish content on the pages we edit on social media, you acknowledge that you are entirely responsible for any personal information you may transmit, regardless of the nature and origin of the information provided.

For cookies, please consult our dedicated Cookie Policy available on our website.

What data do we process and for how long?

We have summarised the categories of personal data we collect and their respective retention periods.

If you would like more details about the retention periods applicable to your data, you can contact us at: rgpd@ngbiotech.com.

  • Professional identification data (e.g. surname, first name, position, company, etc.) and contact details (e.g. email address and work telephone number, etc.) are retained for the entire duration of the service provision, plus the statutory limitation periods, which are generally five years.
  • When there is confusion between the name of your organisation and your personal name (e.g. self-employed, micro-business, etc.), economic and financial data (e.g. bank account number, verification code, etc.) retained for the period necessary for the transaction and for the management of invoicing and payments, plus the legal limitation periods, which are generally 5 to 10 years.
  • Email address for our email marketing campaigns, retained for a maximum of 3 years from the last contact we had with you.
  • Telephone numbers used in our telephone marketing campaigns are kept for a maximum of 3 years from the last contact we had with you.
  • Postal addresses used in our postal marketing campaigns are kept for a maximum of three years from the last contact we had with you.
  • Email address for receiving our newsletter: retained until you unsubscribe from the newsletter.
  • Video surveillance images collected using our video surveillance cameras and kept for a maximum period of one month.
  • Statistical data relating to the viewing of our videos, which is anonymised and stored indefinitely.
  • Connection data (e.g. logs, IP address, etc.) stored for a period of one year.
  • Cookies, which are generally stored for a maximum period of 13 months. For more details on how we use your cookies, you can consult our cookie policy, which is available at any time on our website.

Once the retention periods described above have expired, the deletion of your personal data is irreversible and we will no longer be able to provide it to you after this period. At most, we may only retain anonymous data for statistical purposes.

Please also note that in the event of a dispute, we are obliged to retain all data concerning you for the entire duration of the case, even after the expiry of the retention periods described above.

What rights do you have to control the use of your data?

The applicable data protection regulations grant you specific rights that you can exercise at any time and free of charge in order to control how we use your data.

  • Right to access and copy your personal data, provided that this request does not conflict with business secrecy, confidentiality or the secrecy of correspondence.
  • Right to rectify personal data that is inaccurate, obsolete or incomplete.
  • Right to object to the processing of your personal data for commercial prospecting purposes.
  • Right to request the erasure (“right to be forgotten”) of your personal data that is not essential to the proper functioning of our services.
  • Right to restrict your personal data, which allows you to photograph the use of your data in the event of a dispute over the legitimacy of processing.
  • Right to data portability, which allows you to retrieve some of your personal data in order to store it or easily transfer it from one information system to another.
  • Right to give instructions on the fate of your data in the event of death, either through you, a trusted third party or a beneficiary.

For a request to be considered, it must be made directly by you at rgpd@ngbiotech.com. Any request not made in this manner cannot be processed.

Requests cannot be made by anyone other than yourself. We may therefore ask you to provide proof of identity if we have any doubts about the identity of the person making the request.

We will respond to your request as soon as possible, within one month of receipt, unless the request is complex or repetitive. In this case, the response time may be up to three months.

Please note that we may refuse to respond to any excessive or unfounded requests, particularly if they are repetitive in nature.

Who can access your data?

WE NEVER TRANSFER OR SELL YOUR DATA TO THIRD PARTIES OR BUSINESS PARTNERS. ALL OF YOUR PERSONAL DATA IS USED EXCLUSIVELY BY OUR TEAMS OR BY OUR IT SERVICE PROVIDERS.

More specifically, we only share your data with persons duly authorised to use it to provide you with our service, such as our IT department or our customer relations department.

Your personal data is also transferred to our IT service providers for the sole purpose of ensuring the technical functioning of our service (e.g. data hosting).

We would like to point out that we check all our IT service providers before recruiting them to ensure that they strictly comply with the applicable rules on personal data protection.

How do we protect your data?

We implement all the technical and organisational measures required to guarantee the security of your data on a daily basis and, in particular, to combat any risk of unauthorised destruction, loss, alteration or disclosure of your data (e.g. training, access control, passwords, antivirus software, “https”, etc.).

Can your data be transferred outside the European Union?

Unless it is strictly necessary and in exceptional circumstances, we never transfer your data outside the European Union and your data is always hosted on European soil. In addition, we do our utmost to only recruit service providers who host your data within the European Union.

In the event that our service providers are nevertheless required to transfer your personal data outside the European Union, we take great care to ensure that they implement the appropriate safeguards to ensure the confidentiality and protection of your data.

Who can you contact for more information?

To best ensure the protection and integrity of your data, we have officially appointed an independent Data Protection Officer (“DPO”) with our supervisory authority.

You can contact our DPO at any time, free of charge, at rgpd@ngbiotech.com to obtain more information or details about how we process your data.

How can you contact the CNIL?

You can contact the “Commission nationale de l’informatique et des libertés” or “CNIL” at any time at the following address: CNIL Complaints Department, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07 or by telephone on 01.53.73.22.22.

Can the policy be changed?

We may change our privacy policy at any time to adapt it to new legal requirements and to new processing methods that we may implement in the future.

Certified compliant by Dipeeo ®

Last revision: 30/09/2025

Text Widget
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus quis neque vel quam fringilla feugiat. Suspendisse potenti. Proin eget ex nibh. Nullam convallis tristique pellentesque.