Personal Data Protection Policy

Introduction

Virbac may, during the course of its activities and in full compliance with the applicable legislation, process your personal data. Virbac is committed to protecting your personal data. This Personal Data Protection Policy, together with our website terms of use and any other documents referred to in it, sets out the types of personal information we collect, how we collect and process that information, who we share it with in relation to the services we provide and certain rights and options that you have in this respect.

This Personal Data Protection Policy gives you information about how the processing of your data is handled by Virbac

This Personal Data Protection Policy, accessible in particular on this website, is updated regularly to take into account the legislative and regulatory changes, and any changes in the organization of Virbac or in the processing we carry out. Our website may contain links to third party websites/content/services that are not owned or controlled by Virbac. Virbac is not responsible for how these properties operate or treat your personal data so we recommend that you read the privacy policies and terms associated with these third party properties carefully.

This Personal Data Protection Policy is completed with:

  • a specific information for each processing we carry out on your personal data, which will be made available to you as soon as possible, and, in the case of direct collection of your data, at the time of collection ;
  • a cookie policy, which is also accessible on this website.

This Personal Data Protection Policy was last updated on November 06, 2018.

I – Who are we?

Virbac, when acting as data controller, is responsible for the personal data you provide us with.

Virbac, comprises Virbac S.A. (French company registered number 417350311) and its subsidiaries/affiliates undertakings (referred collectively as “Virbac” or “we” or “our”).

Information on our subsidiaries can be found here.

For the purpose of applicable data protection law (in particular, the General Data Protection Regulation (EU) 2016/679 (the “GDPR”), your data will be processed by Virbac affiliate or subsidiary undertaking that you have instructed or that is providing services to you or communicating to you and each such entity is regarded as an independent data controller of your personal data. This Personal Data Protection Policy applies to all such entities.

II – What are our commitments?

We are committed to ensuring the highest possible level of protection for the personal data of the person whom we process the personal data (the “data subject”), as well as of any other personal data we process.

We undertake to comply with the regulations applicable to all processing of personal data that we carry out. As such, we undertake to respect the following principles:

  • we process your personal data lawfully, fairly, and in a transparent manner;
  • we collect your personal data for specified, explicit and legitimate purposes and won’t process them in a manner that is incompatible with those purposes;
  • we ensure that the personal data processed are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • we do our best efforts to ensure that the personal data processed are accurate and, if necessary, kept up to date. We shall take all reasonable steps to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  • we keep personal your data in a form which permits your identification for no longer than is necessary for the purposes for which they are processed;
  • we process personal data in a manner that ensures appropriate security of the personal data.

This commitment is reflected in the following:

  • we respect your privacy and your rights;
  • we ensure that the protection and security of personal data is at the heart of our concerns;
  • we consider each new processing operation taking into account data-protection principles, in order to achieve privacy by design;
  • we won’t use your personal data for purposes that we would not have brought to your attention;
  • we do not consider that your data should be stored in a durable manner;
  • we will not share or sell your data beyond what is described in this Data Protection Policy;
  • we are committed to securing and protecting your personal data. To this end, we only work with trusted partners;
  • we respect your rights as a data subject and as a person, and will make our best efforts to satisfy your request, where this is possible;
  • we will only send you commercial communications if you have requested it, or for the offering of similar products or services, if we have obtained your electronic contact details in accordance with Directive 95/46/EC. You can change your mind and object to these commercial communications at any time, using a very simple process.

III – What are the personal data we collect?

Please note that a personal data is any information relating to an identified or identifiable natural person (“data subject”), such as an email address, your name and surname, your IP address, etc.

We collect your personal data via this website as well as via other means. In some cases, we collect your personal data directly from you. In other cases, your personal data are forwarded to us by a third party.

Virbac ensures that it only collects and processes personal data that are strictly necessary for the purpose for which they are processed. You will be informed, as soon as possible, about the categories of personal data we process, for each processing we carry out on your personal data.

The personal data we collect are, for instance:

  • Identify and contact data, such as your name and surname, address, phone number, civil status, IP address, etc.
  • application data, such as your resume, diplomas, work experiences and skills, for example when you apply for a job in Virbac or one of its subsidiaries;
  • your image, when you are filmed by one of our security cameras installed near our buildings, for security purposes ;
  • your vehicle registration plate for security reasons and for the purposes of managing and controlling access to the Virbac sites and to improve traffic flow;
  • information regarding your pet, such as its medical history and ownership, and information about its lifestyle, mainly when we carry out processing in connection with scientific researches;
  • business Information, including information provided in the course of the contractual or client relationship between you or your organization and Virbac, or otherwise voluntarily provided by you or your organization;
  • professional data, such as your title and skills, for the management of our suppliers and service providers;
  • financial and payment data, including your bank account and other data necessary for processing payments and fraud fighting, including credit/debit card numbers, security code numbers and other related billing information.

If you submit any personal data relating to other people to us, you represent that you have the authority to do so and to permit us to use the information in accordance with this Personal Data Protection Policy.

IV – For which purposes are your personal data processed?

The data processing operations carried out by Virbac fulfil an explicit, legitimate and determined purpose.

Your data are processed to serve you. We use your personal data for the following purposes for instance:

  • to operate our business;
  • to manage scientific studies in which you decide to involve your animal;
  • in case you would submit a job application, we may process your personal data in order to handle your job application;
  • to deliver our products and services you purchase and to process, complete and fulfill your requested transactions;
  • to provide customer services and answer to your requests or inquiries and to communicate with you;
  • to organize games contests, in which case we will have to process your personal data, for the purpose of managing your participation to such games;
  • to tailor our marketing and loyalty programs and campaigns;
  • to provide you with newsletters, articles, alerts, announcements, invitations, and other information about products, brands, animal health topics;
  • if you are one of our supplier or service providers or an employee of the same, we may process your personal data, for the management of our suppliers and service providers in compliance with laws and regulations;
  • for the purpose of managing our relationship with you, for instance, when you are a prospect or a user of our website, or we may also process profile and usage data, including passwords to Virbac websites or password protected platforms or services, your preferences in receiving marketing information from us, your communication preferences and information about how you use our websites(s), including the services you viewed or searched for, page response times, download errors, length of visits and page interaction information (such as scrolling, clicks, and mouse-overs). To learn more about our use of cookies or similar technology please check our Cookie Policy.

Information about other people: If you provide information to us about any person other than yourself, for instance your employees, counterparties, your advisers or your suppliers, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.

The purpose of the processing will be communicated to you on a case-by-case basis, for each processing we carry out on your data.

V – How do we ensure that the processing operations we carry out are lawful?

We always ensure, when processing your personal data, that the processing is based on a “lawful basis” (i.e. the processing takes place for the performance of a contract, or we have your consent, etc.). Having a lawful basis means that the processing remains within the strict requirements of the GDPR, and is therefore deemed lawful.

We always process your personal data in accordance with the following lawful basis.

  • When you enter into a contract with us, and the performance of this contract requires us to process your personal data, our lawful basis is the performance of this contract. For instance, this may be the case if you buy one of our product and we need to process your personal data for purpose of managing the reservation, delivery and/or payment.
  • When a processing is necessary in order to take steps, at your request, prior to entering into a contract, our lawful basis for this processing it the taking of the said steps. For instance, this is the case when you submit a job application, which requires us to study your résumé in order to make a decision regarding your application.
  • When you have given your consent to the processing of your personal data, for one or more specific purposes, our processing is justified by your consent. This may be the case when we process your personal data for the conduct of scientific researches. When we use the consent as a lawful basis for our processing, you are free to withdraw your consent at any time.
  • When the processing is necessary for the purposes of the legitimate interests pursued by us or a third party (except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of your personal data, in particular if you are a child), our lawful basis are these legitimate interests. For instance, the processing of your personal data for direct marketing purposes may be regarded as carried out for a legitimate interest, although regarding direct marketing, asking for your consent may also be needed, depending on the circumstances.
  • We may also process your personal data in accordance with any other legal basis listed in the applicable legislation or regulation. For more information on this topic, we invite you to consult Article 6.1 of the GDPR, which lists all the possible lawful basis.

The lawful basis will be communicated to you on a case-by-case basis, for each processing we carry out on your data.

VI – How long do we keep your data?

Virbac will keep your personal data only for the duration necessary for the purposes for which they are processed, and in compliance with the applicable legislation. Therefore, the personal data retention period depends on the purpose of each processing.

To determine the retention period of your data, we also use the following criteria:

  • if cookies are used, we determine the lifetime of the cookies according to the limits set by the national competent supervisory authority (for instance, in France, 13 months) ;
  • when we retain certain personal data in order to fulfil our legal or regulatory obligations, and to enable us to exercise our rights, we retain your data for the period of time specified, if any, in the legal reference text (for example: statute of limitation period or legal data retention period).

We will make the retention period available to you on a case-by-case basis.

VII – Who can access your personal data?

The authorized persons working for Virbac and, in some case, its subsidiaries, can access your personal data. We make our best effort to ensure that these groups of people remain as small as possible, and maintain the confidentiality and security of your data.

Other third party recipients, such as our trusted service providers, who support our business, may also receive the data, depending on the processing. We use trusted service providers to carry out a set of operations on our behalf.

In that regard, we only provide our trusted service providers with the information they need to perform the service and ask them not to use your personal data for any other purpose. We always do our best to ensure that all these trusted service providers with whom we work maintain the confidentiality and security of your data. We also make sure that, when our relationship with a trusted service provider comes to an end, this service provider deletes your data without delay.

We select our trusted service providers with great care, making sure that they provide sufficient guarantees, in particular in terms of expert knowledge, reliability and resources, to implement technical and organizational measures which will meet the requirements of the applicable legislation, including for the security of processing. On that regard, we make sure that our trusted service providers only process the personal data on our documented instructions. We also make sure that their staff have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

We may ask our trusted service providers to provide services needing the processing of your personal data, for instance for the following purposes:

  • the hosting of our website;
  • the storage of our data;
  • the maintenance of our devices/softwares;
  • the use of applications and collaborative tools made available to our employees

For each processing we carry out on your personal data, we will inform you about the identity or the role of our trusted service providers.

We may also be required to disclose or share your personal data to comply with a legal obligation, or to enforce or apply our terms of use/sale or any other conditions you have accepted; or to protect the rights, safety or property of Virbac, its customers or employees.

For instance, we also can share your information as with others as follows

  • Law enforcement bodies and our regulators or other competent authorities in accordance with legal requirements or good practice;
  • Appropriate parties in the event of emergencies: in particular to protect health and safety of our clients, staff and organizations;
  • Your company or organization into a business relationship to us ;
  • Screening service providers: so that we can comply with legal obligations in relation to the prevention or protection of crime (including without limitation corruption and the like),
    anti-money laundering, sanctions screening and other required checks including those relating to whistle blower alerts pursuant to article 17 of the French law n° 2016-1691 of December 9, 2016 known as the “Sapin 2 law”;
  • Advertising networks and analytics service providers to support and display ads on our website, apps and other social media tools;
  • third parties in the context of the acquisition or transfer of any part of our business or in connection with the business reorganization;
  • Other delegates: where your name will appear on the attendee list for events where you have told us you plan to attend.

VIII –Where do we keep your data?

Your data are stored in the European Economic Area (EEA) by Virbac, its subsidiaries and its trusted service providers. However, depending on the processing, your data may also be transferred in a country outside the EEA, to our trusted service providers and/or subsidiaries.

When transferring data outside the EEA, we ensure that the data are transferred in a secured manner and with respect to the applicable legislation. When the country where the data are transferred does not have a protection comparable to that of the EU, we use “appropriate or suitable safeguards”.

Those appropriate or suitable safeguards are a way to compensate for the lack of data protection. Such appropriate safeguards may consist of making use of binding corporate rules, standard data protection clauses adopted by the Commission, standard data protection clauses adopted by a supervisory authority or contractual clauses authorized by a supervisory authority.

In all cases, it is a matter of concluding a contract with the entity receiving your personal data, in order to ensure compliance with data protection requirements and your rights as data subjects appropriate to processing within the Union, including the availability of enforceable data subject rights and of effective legal remedies, including to obtain effective administrative or judicial redress and to claim compensation, in the Union or in a third country. They relate in particular to compliance with the general principles relating to personal data processing, the principles of data protection by design and by default.

When transferring your personal data to entities located in the United States of America, we may also use the “Privacy Shield”, which is a self-certification mechanism for companies established in the United States that has been recognized by the European Commission as providing an adequate level of protection for personal data transferred by a European entity to companies established in the United States.  This mechanism is therefore considered to offer legal guarantees for such data transfers.

Where applicable and on a case-by-case basis, we will inform you about our intent to transfer personal data to a third country, the existence or absence of adequacy decision of the Commission and, where applicable, the reference to the appropriate safeguards and the means by which to obtain a copy of them or where they have been made available.

IX – What are your rights as a data subject and how can you exercise them?
Where the data protection legislation or regulation provides for it, for instance when your personal data are processed by one of our EU affiliates or affiliates located in other jurisdictions where similar rules apply, you have certain rights in relation to your information. The availability of these rights and the ways in which you can use them are set out below in more detail. Some of these rights will only apply in certain circumstances.

Depending on the processing, you have:

  • the right to obtain confirmation from us as to whether or not personal data concerning you are being processed (right of access). If that is the case, you can access the personal data and get information such as the purpose of the processing, the categories of personal data concerned, etc.;
  • the right to obtain from us the rectification of inaccurate personal data concerning you (right to rectification);
  • the right to obtain the erasure of your personal data, provided that one of the grounds justifying this right applies (right to erasure);
  • the right to obtain the restriction of processing, where one of the grounds justifying this right applies (right to restriction of processing);
  • the right to receive your personal data, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us (right to data portability);
  • the right to object, meaning that you can, for instance, forbid us from using your personal data for direct marketing purpose ;
  • the right to define the guidelines for the processing of your personal data after your death.

About Direct Marketing: as indicated above, you have the right to object and you can opt-out of receiving direct marketing from us at any time. Based on your consent (“opt-in”) or legitimate interest or contractual basis, we may use the information you give us on our website or other means for direct marketing purposes to provide emails, newsletters and other messages to keep you informed of business developments, market insights and of our services including events that we think may interest you. To exercise your right to opt-out of receiving direct marketing, you can change your marketing preferences on your online accounts settings page, click on the "unsubscribe" link included at the end of any marketing email we send to you, or contact marketing@virbac.co.za.

If you would like to exercise, or discuss, any of these rights, please contact the relevant Entity contact address as listed in this Personal Data Protection Policy.

In order for us to process your request satisfactorily, you will have to justify your identity, by any means. In case of doubt on our part, we may request additional information, in particular the transmission of a copy of your identity card, signed by you.

We will do our best to respond satisfactorily to your requests. In any case, we will answer you within one month, although our response time may be extended by two further months depending on the complexity and number of requests.

If, for any reason whatsoever, you consider that our response is not satisfactory, we inform you that you may file a complaint with a data protection supervisory authority, in particular in the Member State of the European Union where you are habitually resident, where we are based, or where an alleged infringement of Data Protection law has taken place. In the France you can file a complaint with the CNIL (Commission Nationale de l’informatique et des Libertés).

X – What information will we provide you with?

Each time Virbac carries out a processing regarding your personal data, it will inform you about such processing, by providing you:

  • the identity and the contact details of the controller (i.e. the entity that determines the purposes and means of the processing of your personal data) and, where applicable, of the controller's representative;
  • the contact details of our data protection officer;
  • the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
  • where applicable, the legitimate interests pursued by Virbac or by a third party;
  • the recipients or categories of recipients of the personal data, if any;
  • where applicable, the fact that Virbac intends to transfer personal data to a third country or international organization and the existence or absence of an adequacy decision by the Commission, or, where applicable, reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available.
  • the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
  • the existence of the right to request from Virbac access to and rectification or erasure of personal data or restriction of processing concerning you or to object to processing as well as the right to data portability;
  • where applicable, the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
  • the right to lodge a complaint with a supervisory authority;
  • whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and of the possible consequences of failure to provide such data;
  • the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you;
  • if the data were not obtained directly from you, the category of personal data concerned, the source from which the personal data originate, and if applicable, whether it came from publicly accessible sources.

This information will be made available to you as soon as possible, and, in the case of direct collection of your data, at the time of collection.

XI – How is security handled?

Virbac attaches great importance to the protection of your personal data, and takes all reasonable precautions to this end. We require our partners who manage your data on our behalf to do the same.

We constantly make our best efforts to protect your personal data. Upon receipt of your data, we apply strict procedures and security measures (both technical and organizational) to prevent unauthorized access. As the transmission of data via the Internet is not totally secure, we cannot guarantee the security of your data that is transmitted to our site. Therefore, any transmission is at your own risk.

XII – Cookies

We use cookies that identify your browser. They collect and store information when you visit our website about how you use it through which it is possible to record your use of the website, as well as provide you with a better service and experience when browsing and for analytics.

The personal data we collect through these technologies will also be used to manage your session.

As stated in Section V of this Personal Data Protection Policy, we determine the lifespan of the cookies according to the limits set by the national competent supervisory authority (for instance, in France, 13 months).

For more information about cookies and how we use them, please see our: Cookie Policy

XIII – Links to third party websites

Our website, newsletters, email updates and other communications may, from time to time, contain links to and from the websites of third parties. The personal data that you provide through these websites is not subject to this Personal Data Protection Policy and the processing of your personal data by such websites is not our responsibility. 

If you follow a link to any other websites, please note that these websites have their own privacy notices which will set out how your information is collected and processed when visiting those sites.

XIV – Children

We do not knowingly collect information from children or other persons who are under 16 years old. If you are under 16 years old, you may not submit any personal data to us except for special training or for security access with the specific written parental authorization. 

XV – Changes to this Personal Data Protection Policy

This Personal Data Protection Policy may be changed from time to time. 

If we change anything important about this Personal Data Protection Policy (the information we collect, how we use it or why) we will highlight those changes at the top of the notice and provide a prominent link to it for a reasonable length of time following the change.

Last updated: 2019.01.27