Privacy policy
Applicable regulations & personal data protection

Privacy policy

Ceva Santé Animale is committed to respecting all applicable regulations regarding personal data protection.

Ceva Santé Animale and its subsidiaries and affiliated companies (collectively Ceva) are committed to ensuring that they comply with all laws and regulations applicable to the privacy of personal data that Ceva collects and processes.

As part of this, Ceva implements procedures to guarantee adherence to these provisions within its organisation, in particular by its employees, partners, and suppliers that process personal data, namely:

►  Processing personal data in a lawful, faithful, and transparent manner;

► Collecting personal data for specific, explicit, and legitimate purposes, and not collecting or processing data in a way that is incompatible with these purposes;

► Preserving and securing personal data in an adequate, relevant, and limited manner with regard to the purposes for which it is collected and processed;

► Ensuring the accuracy of personal data and implementing procedures to correct or delete incorrect data.*

FAQ- Frequently Asked Questions

What is the GDPR or RGPD?

GDPR “General Data Protection Regulation”.
RGPD « Règlement Général sur la Protection des Données Personnelles »
It is a European reference legislation relating to personal data protection.
It provides a single and standardised legal framework applicable to all member states, intended to guarantee the protection of privacy and personal data.

Who is concerned by the GDPR?

The GDPR applies not only to organisations located in the EU, but also organisations located outside the EU if they offer goods or services within the EU.

When does the GDPR enter into force?

The Regulation has been applicable for the entire European Union since 25 May 2018.

What is personal data processing?

Data processing is defined as any operation or set of operations carried out with or without the use of automated processes and applied to sets of personal data, such as recording, organisation, structuring, storage, adaptation or alteration, extraction, consultation, use, disclosure by transmission, dissemination or any other form of circulation, alignment or consolidation, limitation, deletion or destruction.

Which data is concerned by the GDPR?

The GDPR only regulates personal data, which is defined as any information relating to an identified or an identifiable natural person.

Which personal data is considered sensitive?

Information concerning racial and ethnic origin, political, philosophical, or religious opinions, trade union affiliation, health or sexuality.

How is sensitive data collected and processed?

Sensitive data is data which, by nature, involves risks to the rights and freedoms of individuals, and which is therefore subject to a strengthened protection regime.

The GDPR imposes the principle of a ban on processing personal data; this ban is combined with certain exemptions.

Several exceptions, alternatives, and processing bans are provided for.

What is a data controller?

A legal or natural person, public authority, agency or other body which, alone or in in conjunction with others, determines the purposes and methods of the processing of personal data.

What is a processor?

The processor is defined as the legal or natural person, public authority, service, or other body that processes personal data on behalf of the data controller.

Is non-digital processing concerned?

The GDPR applies to all processing of personal data, whether this is fully or partially automated, as well as the non-automated processing of the data contained or which may be featured in a file.

A file is not only a database or an Excel table. It may be a paper document, a video-surveillance installation that gathers information on an individual, etc.

What are the objectives of the GDPR?

– To create a standard framework applicable throughout the European Union, and strengthened cooperation between the supervisory authorities.

– To change the approach, with accountability of data controllers

Pursuant to the principle of accountability, a register of processing activities is implemented. It provides an exhaustive list of the different data processing

– Strengthen individual rights

► Right to information and consent: increased transparency
► Right to access and rectify
► Right to erasure via the right to be forgotten
► Right of opposition and to request a restriction
► Right to data portability
► Right to claim compensation

– Respect privacy and personal data by design for new projects and by default for current projects

Data protection by design

Data protection by design involves the implementation of technical and organisational measures intended to implement the principles relating to the protection of the data of the person concerned, in advance and during the selection of processing methods, namely with regard to the risks raised by the processing for the rights and liberties of natural persons.

Data protection by default

By default, only the data necessary for the specific purpose of the processing operation is processed. These principles apply to the quantity of data, the scope of the processing, the retention period and the accessibility.

Analysis of the impact relating to data protection

The regulation provides for the obligation for data controllers and processors to carry out an impact analysis regarding data protection prior to processing operations which are liable to carry a significant risk to the rights and liberties of natural persons

Collaboration in 47 countries.
You are leaving the country website to access another site in the group. Regulatory constraints and medical practices vary from country to country. Consequently, the information provided on the site in which you enter may not be suitable for use in your country.