Privacy policy

Updated on 22 12 2022

This policy (hereinafter the “Policy”) is intended to apply to Laboratoire GEFA SAS (hereinafter referred to as “GEFA”). The Policy describes the practices implemented by GEFA in the context of the use of personal data and its protection.

The purpose of the Policy is to inform visitors or users (hereinafter the “User”) of the website (hereinafter the “Site”) of the procedures for protecting their personal data.

As GEFA wishes to build with its customers and all its contacts a relationship based on trust and mutual interest, GEFA is committed to protecting their personal data and their privacy.

The methods of collecting and processing the information collected via cookies are set out in the “Legal Notice – General Conditions of Use”.

The publisher of the Site is Laboratoire GEFA, a simplified joint-stock company registered with the Rennes Commercial Registry (RCS) under number 381 666 361, with registered office at 9 Rue du Sieur des Bouillons, 35410 Châteaugiron.

The Policy may be modified at any time by GEFA, in particular to comply with any regulatory, jurisprudential, editorial or technical developments. The User must refer before any browsing to the latest version of the Policy. This Policy is an integral part of the General Terms and Conditions of Use of the Site.


All processing of personal data carried out as part of the accessible services complies with local regulations applicable to the protection of personal data and, in particular the provisions of the French Data-Protection Act of 6 January 1978, as amended, and the General Data Protection Regulation (EU Regulation 2016/679) or “GDPR”.
GEFA, in its capacity as data controller, undertakes to comply with the regulations applicable to all the processing of personal data it carries out. More specifically, GEFA undertakes in particular to respect the following principles:

  • Your personal data is processed in a lawful, fair and transparent manner (lawfulness, fairness, transparency).
  • Your personal data is collected for specified, explicit, legitimate purposes, and is not further processed in a manner incompatible with those purposes (purpose limitation).
  • Your personal data is stored in an appropriate, relevant manner and is limited to what is necessary in relation to the purposes for which it is processed (data minimisation).
  • Your personal data is accurate, kept up to date and all reasonable steps are taken to ensure that inaccurate data, with regard to the purposes for which it is processed, is deleted or rectified without delay (accuracy).
    GEFA implements the appropriate technical and organisational measures to guarantee a level of security adapted to the inherent risk of its processing operations, comply with regulatory requirements and protect the rights and data of the persons concerned when designing its processing operations.

Finally, GEFA undertakes to respect any other principle that is required regarding the regulations applicable to the protection of personal data, and more specifically concerning the rights conferred on the persons concerned, the retention periods for personal data and the obligations relating to cross-border transfers of personal data.

GEFA undertakes to keep your personal data for a period not exceeding that necessary for the purposes for which it is processed. In addition, GEFA retains your personal data in accordance with the retention periods imposed by the applicable laws in force.

These retention periods are defined according to the processing purposes implemented by GEFA and take into account, in particular, the applicable legal provisions imposing a precise retention period for certain categories of data, any applicable limitation periods, and the recommendations of the CNIL concerning certain categories of data processing (for example, Deliberation No 2016-264 of 21 July 2016 amending a simplified standard concerning the automated processing of personal data relating to the management of customers and prospects (NS-048), article L.232-7 of the internal security code relating to the transmission of passenger data to the French administration, conservation of cookies for 13 months according to the CNIL recommendations, etc.).

Ensuring the security and confidentiality of the personal data you entrust to us is a priority for GEFA. We therefore implement all useful technical and organisational measures, with regard to the nature, scope and context of the personal data you communicate to us and the risks presented by its processing, to preserve the security of your personal data and, in particular, prevent any destruction, loss, alteration, disclosure, intrusion or unauthorised access to this data, accidentally or unlawfully.

Within this Policy, the term “personal data” refers to any information allowing an individual to be identified, directly or indirectly, such as their name or information allowing them to be contacted.

For any questions regarding the use of your personal data, please contact us at one of the addresses below or on the Site.


1.2.1 Collection, use, disclosure

The communication of personal data within this context is voluntary. If the user does not provide this personal data, they will not be able to benefit from the corresponding services offered by the Site, such as communication, downloading of documents or recruitment.

When the user provides personal data on the Site, they guarantee that they have received the necessary authorisations and consents from the persons concerned by this personal data if it relates to persons other than themselves and, where applicable, for the uses described in these general terms and conditions of use.
We may collect your personal data when (i) you visit the Site which uses cookies, (ii) you create an account on the Site or subscribe to our newsletter (mail, email or sms), (iii) you fill out an application form.

We process your personal data in order to communicate with you:

  • With regard to marketing/commercial prospecting actions, the legal basis for processing is, depending on the case, your consent or our legitimate interest.
  • If the User is an applicant (or potential applicant), GEFA’s legitimate interest is to respond to the applicant/potential applicant’s request.

You do not need to register to visit our Site. GEFA does not collect any personal data about visitors to the Site, except using cookies. However, in certain circumstances, GEFA may need to collect some of your personal data, in particular when you register for services enabling you to obtain regularly updated information from GEFA.

In this case, GEFA may invite you to events that may be of interest to you or send you information relating to its services, publications and products.

For example, you can contact us or register on the Site to obtain the following services:

1.2.2 Email Alert

GEFA may possibly offer a service consisting of alerting persons who wish to subscribe to an Email Alert in the event of the publication of news on the Site visited, through the delivery of an email. If you decide to register, we will collect personal data allowing us to contact you (for example, your name and email address).

If you wish to unsubscribe from GEFA Email Alerts, the personal data allowing us to contact you will be kept in our unsubscription list for a maximum of 3 years to ensure that you no longer receive these communications.

1.2.3 Desire to join GEFA

You can let us know you want to join us by sending us a letter, an email, or via our Site by filling out a contact form. If the User sends a CV or application online, GEFA will use this personal data for uses relating to recruitment, which may imply that GEFA will contact the User by email, phone, or post. In some cases, the User may be asked to register on the Site. Unless you request otherwise, GEFA may keep this personal data in its files for a maximum of 3 years in order to possibly contact the User in the future for other employment opportunities at GEFA.


Your prior registration may also be necessary to obtain the communication of certain documents such as booklets, newsletters and other publications which are the property of GEFA, it being specified that the content of the registration forms may vary according to the nature of the documents concerned. GEFA reserves the right not to respond to requests from persons who refuse to provide certain information that is identified as mandatory in the registration form.

If you wish to unsubscribe from GEFA letters and publications, the data allowing us to contact you will be kept in our unsubscription list for a maximum of 3 years to ensure that you are no longer the recipient of these communications.
If you do not interact with the Site for more than 3 years, your personal data will be anonymised or deleted from our database.

1.3.1 Sensitive data

GEFA does not collect any sensitive personal data except to the extent required by legal and regulatory provisions (for example, for recruitment purposes). By voluntarily providing GEFA with sensitive personal data without being asked for it (for example, by submitting a CV or application online), the User expressly consents to their personal data being used as described in this Policy. “Sensitive personal data” is qualified as any information relating to an individual showing: racial or ethnic origins, political, philosophical or religious opinions, trade-union membership, genetic or biometric data processed for the purpose of uniquely identifying individuals, information relating to health and/or sex life and/or criminal convictions and, in some cases, their national identification number or financial data.

1.3.2 Security

GEFA has implemented all measures to ensure the protection of the confidentiality and security of personal data collected in the course of its activities. Access to such data is limited and policies and procedures are in place to prevent any loss, misuse or fraudulent use of such data.

We undertake to implement the appropriate technical and organisational measures to guarantee a level of security adapted to the risk incurred for the rights and freedoms of natural persons within the processing operations indicated in this policy. These measures are defined considering the state of knowledge, costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks identified.

However, Users are reminded that, given that the internet is open to everyone and not secure, GEFA cannot be held responsible for the security of the transmission of personal data via the internet. We seek to use reasonable administrative, technical and organisational measures to protect personal information in our organisation. Unfortunately, no data storage or transmission system can be guaranteed to be 100% secure. If you have reason to believe that your interactions with us are no longer secure, please notify us immediately.

1.3.3 Disclosure

Various internal GEFA departments may have access to your personal data.
We do not share your personal data with third parties (outside of GEFA’s internal services in relation to processing), except in the following specific circumstances:
• Whenever it appears necessary to involve an external service provider to respond to your request; or
• When you expressly ask us to communicate your personal data; or
• At the request of a court or in application of a legal or regulatory provision; or
• If such communication is reasonably related to all or part of our commercial activities.
• GEFA may use external service providers for assistance purposes, for example, in terms of IT and administrative support on its Site or software or software package.

1.3.4 Transfers of personal data

GEFA has implemented a comprehensive global programme for the protection of personal data, including corporate rules. GEFA will only disclose your personal data to third parties who have agreed in writing to provide an adequate level of protection for your personal data.
We store your personal data within the European Union.

1.3.5 Your rights over your personal data

GEFA does not collect and/or compile personal data or information obtained via the Site or via other media/means with a view to exploiting it on behalf of third parties for commercial purposes, as part of marketing operations or sending emails.

You have the right to ask us what personal data about you we hold. You can object to the processing of this personal data, or have it rectified or erased. You also have a right to limit the processing of your personal data, a right to portability and the right to withdraw your consent to the processing of your personal data (when the processing is based on your consent).

If you wish to exercise your rights over your personal data, feel free to contact us by email or at the following address: Laboratoire GEFA, A l’attention du Service Informatique, 9 rue du Sieur des Bouillons, 35410 CHATEAUGIRON (France) enclosing a copy of an identity document bearing your signature.

In the event of a request to delete your data, GEFA may nevertheless keep it in the form of intermediate archiving, for the duration necessary to meet its legal, accounting and tax obligations.

1.3.6 Minors

The Policy is not intended for minors. We understand the importance of protecting data relating to minors, in particular in a virtual environment, and as such, our intention is not to collect or store data relating to minors.

1.3.7 Unsubscribing

If you have subscribed to certain updates through the Site and no longer wish to receive emails in the future, see the cancellation page for the subscription you signed up for.

1.3.8 Complaints

If you believe that a breach of the privacy rules has been committed by GEFA, you can contact its IT department in France (whose contact details are indicated in the paragraph “Your rights over your personal data” above).
To exercise your rights, you must send us a letter, accompanied by a photocopy of an identity document bearing your signature.

A member of the GEFA team will be responsible for examining your request and keeping you informed of its processing.
If you are not satisfied with the way in which GEFA has handled your request, you have the right to complain to the data-protection authority in your country. You can also bring your claim before the competent court.

Within the strict limits of what is set out above, the user authorises GEFA to store and process the personal data communicated when accessing and visiting the Site.

1.3.9 Contact us

For any additional questions concerning the application of the Policy, please send your request to our IT department (contact details and email above).