Personal data protection policy

NAOS - Medical Communication Team

When you browse our Site, your personal data may be shared with us directly or indirectly. Your personal data is precious, and it is your business. That’s why we’re committed to collecting and processing your personal data in a transparent, fair and lawful way.

We recommend that you read this Personal Data Protection Policy (hereinafter referred to as “the Policy”) carefully. It includes all the relevant information about the data we collect, the way in which we use it, how long we store it for, what we do to ensure your data is protected, your rights, etc.

Our Personal Data Protection Policy may be updated or changed as our tools or the relevant regulations develop. Any changes will take effect immediately, and as such we recommend that you consult it regularly.

I. What data does the Policy cover?

This Personal Data Protection Policy applies to all personal data that you share with us or that we collect, directly or indirectly, when you browse our site (hereinafter referred to as “the Site”), or as part of our various services (eg Pack Live Info, conferences, etc.).

“Personal data” refers to information that directly or indirectly identifies an individual. This includes, for example, your name, email address and telephone number, as well as information on your buying habits, your skin type, etc.

II. Who is the data controller?

The law defines the data controller as the company that determines the purposes for and conditions of collecting and using your data.

This is the company NAOS, SAS with capital of 43,474,650 euros, registered in the Register of Commerce and Companies of Aix-en-Provence under number 535 236 418, whose registered office is located 355 rue Pierre Simon Laplace – 13290 Aix-en-Provence.

III. Why do we collect your personal data?

We collect your personal data only when it is necessary for explicit, legitimate and pre-determined purposes.

The purposes for which we collect and process your personal data include:
• to improve the operation and contents of our Website and our services, in order to better meet your needs and requests;
• to answer your questions, especially through the contact form of our site, social networks, etc. ;
• to conduct analyzes of audiences and statistical studies, for example in order to know and measure the number of visits to our Site, the activity and the course of the Net surfers on our Site, the rate of subscription to our services, etc. ;
• to manage the organization of seminars and symposia;
• to manage your Dermato Net Expert membership and make you benefit from its services;
• to send you communications about our services and activities, by e-mail and/or SMS/MMS;
• to manage and animate our Prescribers (B2B) databases and journalists, in particular by offering you personalized information;
• to detect fraudulent behavior and manage litigation;
• to ensure the security of our site and our services.

V. What data is collected, when is it collected, and how long is it stored for?

We collect and process your personal data in a fair and lawful way.
We respect the principle of data minimisation. This means that we collect only what data is strictly necessary to achieve our purposes.

We also strive to ensure that this data is updated if necessary so it does not become obsolete.

Data can be collected:
• either directly from you, for example when you fill in our data collection forms on our Site (e.g. Dermato Net Expert membership);
• or indirectly or automatically

We determine the length of time your data is stored based on the time required by the purpose for which it was collected. When our goals are achieved, we delete your data, except in certain cases where the law requires us to keep it. In this case, your data is archived in accordance with the conditions set out in law.

The table below shows when your data is collected, what data is collected, and how long it is stored for.

When the data is collected Categories of data collected Retention period Legal basis
You browse our Site

We collect:

  • your technical connection and browsing data (e.g. your IP address, information about your browser, information about your device, the pages you visit, the length of your visit, etc.)

For more information, consult our Cookie policy.

  • For cookies requiring consent: 13 months from the date of your consent.
  • Legitimate interest: For cookies strictly necessary for the operation of our site.
  • Consent: For other cookies.
  • You contact us Depending on your request and the channel, we collect:

    • your identity data (e.g. name, surname, postal address, email address, etc.),
    • the reason for and content of these exchanges, as well as our responses to your requests.
  • 3 years from the time of collection or from the last contact you make with us.
  • Legitimate interest: Answer your demand
  • You create your private area (DermatoNet Expert) We collect:

    • your identify data (e.g. surname, first name, email address, country, etc.),
    • data relating to your professional life (e.g. your profession, your specialty, etc.).
  • 3 years from the time of collection or from the last contact you make with us.
  • Executing a contract: Provide you with the requested service
  • Legitimate interest: Create your profile
  • You receive communications from us by email or mail (e.g. Pack Info Live, Pau’se coffee, etc.). We collect:

    • your identify data (e.g. surname, first name, email address, postal address, etc.).
  • 3 years from the time of collection or from the last contact you make with us.
  • You receive communications from us as part of our professional relationship. You can unsubscribe at any time by using the unsubscribe form at the bottom of the mails, or by writing to us by return mail.
  • Legitimate interest: To send you communications as part of our professional relationship
  • You attend conventions, etc. We collect:

    • your identify data (surname, first name, address, etc.),
    • the data of your passport/identity card (in order to make transport and/or accommodation reservations),
    • your bank details for example, to refund your expense reports.
  • 1 year from collection
  • Executing a contract: To provide you with the requested service
  • During each collection, certain data (indicated by asterisks) must be provided in order to benefit from the services offered. The others are purely optional and allow us to know you better.

    IV. Third-party sites

    On our website you have the possibility to click on links to our social networking pages. Social networks (Facebook, Instagram, Twitter, Youtube, etc.) are likely to collect personal data about you. These social networks have their own privacy policies.
    To ensure the security of your data, we invite you to consult the data protection policies of these sites.

    You also have the option to publish content on our pages. We remind you that any content transmitted via our pages is accessible to the public. Concerned about the protection of your privacy, we invite you to be vigilant when you communicate your personal data on social networks. We are not responsible for the use that may be made by third parties, data that you have communicated publicly.

    V. Cookie management

    We and our service providers may be required to deposit and use cookies when browsing our Website, in particular to improve our content and the operation of our services.

    As part of the protection of your privacy, we invite you to consult our Cookies policy to obtain information on these cookies and set their operation.

    VI. Who are the recipients of your data?

    We may transmit your data to companies, structures and/or persons involved in the achievement of the purposes described above. Only the data they need to carry out the service(s) entrusted to them are communicated to them.

    Are likely to have access to your data:
    • Employees of NAOS Group companies who need to process the personal data collected for the purposes explained above,
    • Our subcontractors and service providers,
    • Our travel booking agency for the booking of your flights and/or hotels,
    • Google, to measure the audience on our Site.

    We choose sub-contractors, service providers and suppliers that offer sufficient guarantees to ensure the protection, security and confidentiality of your personal data, in particular by putting in place appropriate technical and organisational measures and complying with legal requirements. They are authorised to process your data only in strict compliance with our instructions.

    Your personal data may also be communicated to the administrative or judicial authorities at their request, as well as to third parties or authorized recipients to comply with a legal obligation or for the exercise of legitimate interests.

    VII. How do we ensure that your data is secure?

    We undertake to take reasonable measures to ensure that your personal data is given sufficient protection, taking into account the sensitive nature of some of the information collected. We use a range of technologies and procedures to guarantee that your data is processed in such a way as to ensure it is protected against unlawful or accidental loss, destruction, alteration, disclosure or unauthorised access.

    As such, from the design stage and by default, we implement measures that respect the principle of protecting the personal data we process. As such, we are able to use data anonymization techniques whenever possible and/or necessary.

    We require our sub-contractors to offer an equivalent level of security.

    For example, we and our sub-contractors store your data on computer servers located in controlled areas to which access is limited.

    VIII. Where do we store your data?

    Our company and our sub-contractors process and store your data exclusively in member states of the European Union.

    IX. How can you exercise your rights?

    In accordance with current legislation, you have:
    • the right to information,
    • the right to access data about you,
    • the right to correct your data,
    • the right to have your data deleted for valid reasons,
    • the right to object to the processing of your data for valid reasons,
    • the right to withdraw your consent to your data being processed,
    • the right to restrict its processing,
    • the right to data portability,
    • the right not to be subject to a decision based solely on automatic processing that produces legal effects concerning you or that significantly affect you,
    • the right to object to marketing,
    • the right to issue instructions regarding the storage, deletion and communication of your personal data after your death.

    You can exercise these rights at any time by email by writing to:, via the contact form available on our site, or by writing to the following address: NAOS – BIODERMA Medical Communication Department – 75 cours Albert Thomas – 69003 LYON – France.

    A reply will be sent within one month of receiving your request.

    We reserve the right not to reply to manifestly unfounded requests, in accordance with European regulations. In such cases, the person who submitted the request will be informed of any refusal formulated by us.

    If you wish to do so, you may also make a complaint to the French data protection authority (the Commission Nationale de l’Informatique et des Libertés; CNIL). Further information is available on its website:

    X. How can you contact the DPO?

    We have appointed a Data Protection Officer (DPO), who can be contacted at, or by post at the following address: NAOS – Legal Department – DPO, 355 rue Pierre Simon Laplace, 13290 Aix-en-Provence, France.

    The Data Protection Officer is at your disposal should you require any further information about the Personal Data Protection Policy.

    Updated: 06/2019