1. Introduction
GenSensor SAS (hereinafter « GenSensor », « we », « our ») is committed to protecting the privacy and personal data of its users, customers, prospects, and website visitors (hereinafter « you », « your »).
The purpose of this privacy policy is to inform you about how we collect, use, store, and protect your personal data, in accordance with the General Data Protection Regulation (EU) 2016/679 (« GDPR ») and French Law No. 78-17 of January 6, 1978, on Information Technology, Data Files and Civil Liberties (« Loi Informatique et Libertés »).
2. Identity of the Data Controller
GenSensor SAS
Registered office: 22 boulevard Benoni Goullin, 44200 Nantes, France
Data protection contact email: dpo@gensensor.com
Website: www.gensensor.com
3. Personal Data Collected
Depending on the nature of your interaction with our website and services, we may collect the following categories of data:
Identification and contact data: last name, first name, professional email address, phone number, company name, job title, professional postal address.
Browsing and technical data: IP address (anonymized), browser type and version, operating system, pages visited, visit duration, referral pages, actions performed on the website. This data is collected through our analytics tool Matomo.
Marketing interaction data: history of communications received and opened, forms submitted, content downloaded, participation in events or webinars, communication preferences. This data is managed through our CRM platform HubSpot.
Voluntarily provided data: any information you provide through our contact forms, demo requests, newsletter subscriptions, or email exchanges.
4. Legal Bases and Purposes of Processing
PurposeLegal basis (Art. 6 GDPR)Responding to your contact or information requestsPerformance of pre-contractual measures (Art. 6.1.b)Management of the business relationship and contract performancePerformance of a contract (Art. 6.1.b)Sending marketing communications and newslettersConsent (Art. 6.1.a)Website traffic analysis and improvementLegitimate interest (Art. 6.1.f)Marketing campaign performance measurementLegitimate interest (Art. 6.1.f)Compliance with our legal and regulatory obligationsLegal obligation (Art. 6.1.c)
5. Tools and Processors
5.1. Matomo — Website Analytics
We use Matomo to analyze traffic on our website. Matomo is a privacy-friendly web analytics solution.
IP address anonymization: IP addresses are anonymized before any analytical processing. Hosting: we use the Matomo cloud service, with data hosted within the European Union. Compliance with the ePrivacy Directive: in accordance with the guidelines of the French Data Protection Authority (CNIL), our Matomo instance is configured to benefit from the consent exemption provided for audience measurement tools. The following conditions are met: purpose strictly limited to audience measurement, no cross-referencing of data with other processing operations, tracker lifespan limited to 13 months, and traffic data retention limited to 25 months. Accordingly, Matomo cookies are set without prior collection of your consent. Opt-out: you can refuse Matomo tracking at any time through our cookie management banner or by enabling the « Do Not Track » feature in your browser, which Matomo respects.
5.2. HubSpot — CRM and Marketing Actions We use HubSpot as our customer relationship management (CRM) and marketing automation platform.
Data processed: identification data, contact data, marketing interaction history, submitted forms, emails opened and clicked. HubSpot cookies: HubSpot sets tracking cookies on your browser only after obtaining your explicit consent through our cookie management banner. Data transfers: HubSpot, Inc. is a US-based company. Data transfers to the United States are governed by Standard Contractual Clauses (SCCs) approved by the European Commission and, where applicable, the EU-U.S. Data Privacy Framework. We have verified that HubSpot implements additional protective measures in compliance with the requirements of the Schrems II ruling. Unsubscribe: each marketing communication contains an unsubscribe link allowing you to withdraw your consent at any time.
- Right of access (Art. 15 GDPR): obtain confirmation that your data is being processed and receive a copy thereof.
- Right to rectification (Art. 16 GDPR): have inaccurate data corrected or incomplete data completed.
- Right to erasure (Art. 17 GDPR): request the deletion of your data, subject to our legal retention obligations.
- Right to restriction of processing (Art. 18 GDPR): request the suspension of processing under certain circumstances.
- Right to data portability (Art. 20 GDPR): receive your data in a structured, commonly used, and machine-readable format.
- Right to object (Art. 21 GDPR): object to processing based on legitimate interest, including profiling. For direct marketing purposes, this right is absolute.
- Right to withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to the withdrawal.
- Right to set directives regarding the fate of your data after your death (Art. 85 Loi Informatique et Libertés).
5.3. Other Processors
We may engage other processors for website hosting, transactional email delivery, or service management. Each of these processors is bound by a data processing agreement in compliance with Article 28 of the GDPR, ensuring an adequate level of protection for your data.
6. Cookies and Trackers
6.1. Strictly Necessary Cookies
These cookies are essential for the website to function and cannot be disabled. They do not store any personally identifiable data. They do not require your consent.
6.2. Analytics Cookies (Matomo)
These cookies benefit from the consent exemption in accordance with CNIL guidelines, as our Matomo configuration meets all required conditions. You may nevertheless refuse them through our cookie management banner or by enabling the « Do Not Track » feature in your browser.
6.3. Marketing Cookies (HubSpot)
These cookies are set only after obtaining your consent. They allow us to track your browsing journey on our website in order to offer you relevant content and communications.
6.4. Managing Your Preferences
You can modify your cookie preferences at any time through our cookie management banner, accessible via the « Manage cookies » link in the footer of our website.
7. Data Retention Periods
Data categoryRetention periodProspect data (no contractual relationship)3 years from the last active contactCustomer dataDuration of the contractual relationship + 5 years (civil statute of limitations)Billing data10 years (accounting obligation)Browsing data (Matomo)25 months maximumCookies13 months maximum from the time of placementConsent records (proof)3 years from the withdrawal or expiration of consent
Upon expiration of these periods, data is deleted or irreversibly anonymized.
8. Your Rights
In accordance with the GDPR and the Loi Informatique et Libertés, you have the following rights:
Exercising Your Rights You can exercise your rights in two ways:
Via our online form: you can directly submit a request for data export or deletion at the following address: Data Rights Request Form By email: by contacting us at dpo@gensensor.com
We are committed to responding to your request within one month of receipt. This period may be extended by two months depending on the complexity or number of requests, in which case we will inform you accordingly. Complaint to the CNIL If you believe that the processing of your data does not comply with applicable regulations, you may file a complaint with the French Data Protection Authority (Commission Nationale de l’Informatique et des Libertés — CNIL):
Online: www.cnil.fr By mail: CNIL, 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
9. Data Security GenSensor implements appropriate technical and organizational measures to ensure a level of security adapted to the risk, in accordance with Article 32 of the GDPR. These measures include, but are not limited to:
Encryption of data in transit (HTTPS/TLS) and at rest. Strict access controls for personal data. Staff awareness training on data protection issues. Implementation of data breach management procedures in accordance with Articles 33 and 34 of the GDPR.
10. Data Transfers Outside the European Union In principle, your data is processed and stored within the European Union. When a transfer to a third country is necessary (in particular to the United States in connection with the use of HubSpot), we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR, such as Standard Contractual Clauses approved by the European Commission or an adequacy decision. 11. Minors Our website and services are intended for professionals in the biotechnology and life sciences sectors. We do not knowingly collect personal data from minors under the age of 16. If we discover that a minor has provided us with personal data without the required parental consent, we will take the necessary steps to delete such data. 12. Policy Changes We reserve the right to modify this privacy policy at any time. Any substantial modification will be brought to your attention through a notice visible on our website. The last updated date shown at the top of this document shall prevail. 13. Contact For any questions regarding this policy or the processing of your personal data, you can contact us: GenSensor SAS Email: dpo@gensensor.com Address: 22 boulevard Benoni Goullin, 44200 Nantes, France
