Legal notice and privacy
The website https://www.ittm-solutions.com/ is edited in relation to services by Information Technology for Translational Medicine (ITTM) S.A.
- Registered office: 27 Rue Henri Koch – House of BioHealth, L-4354 Esch-sur-Alzette, Luxembourg
- RCS Luxembourg: B 179.199
- Tel: +352 288 376 272
- Email: info|at|ittm-solutions.com
ITTM takes your privacy and the protection of your personal data seriously. ITTM implements the necessary and adequate measures in compliance with the laws and standards in force, so that you can browse ITTMs website safely according to your preferences.
Data Controller of your personal data
Your personal data collected from www.ittm-solutions.com are processed by ITTM therefore, the Data Controller is:
ITTM S.A., 27 Rue Henri Koch, L-4354 Esch-sur-Alzette.
When are your personal data collected?
During your browsing on ITTMs website, ITTM may collect your personal data when:
- you gave your consent for the collection of optional cookies;
- you get in touch with us by filling in one of our forms:
- if you contact ITTMs Data Protection Officer (DPO);
- if you contact ITTM through the contact form.
ITTM will only collect personal data that are necessary to process your request and to access ITTM’s website. Data are collected and processed in all transparency and in accordance with the General Data Protection Regulation (hereinafter referred to as “GDPR”).
Purposes of personal data collection
Personal data collected by ITTM are subject to manual processing by ITTM teams when a contact form has been filled in. The “contact us” form allows you to contact ITTM for any question and/or request related to ITTM’s services.
Personal data collected by ITTM are also collected automatically when you visit our website by ITTM teams, in accordance with our legitimate interests (to provide and improve this website, to detect and prevent malware, illegal content and behaviour and other types of misuse).
ITTM is compliant with the GDPR regarding your rights as an individual. In case, the ITTM DPO will check your identity and will request you to provide a copy of your ID.
Nature of personal data collected
Your personal data or Personally Identifiable Information is all the data that allows us to directly or indirectly identify you. Personal data that may be collected on www.ittm-solutions.com are standard identification (last name, first name, email address, company, etc.), technical information associated with the device you use (such as your IP address, browser type, geographical location and operating system), and information concerning you browsing behaviour (such as how long you visit, what links you click on, what pages you visit and how many times you visit a page).
Recipients of your personal data
Your personal data collected onwww.ittm-solutions.com are used by ITTM and may be accessible to our information technology service providers located in Luxembourg or otherwise in the European Union (e.g., for hosting, back-up maintenance, IT security and IT support purposes). However, those can be transferred to commercial partners, provided that you have given your prior consent.
ITTM could be obliged to transfer your personal data to a third party on the request of the regulatory authority or any administrative authority authorized by law. Your personal data will not be transferred to any other third party.
Use of third-party services
ITTM may collect the here below Data from your use of the third-party services:
Retention of your personal data
Your personal data are collected and processed for a retention in adequation with the above-mentioned purposes in order to meet the GDPR:
- 3 years, from the end of the commercial relationship or if the prospect did not subscribe to ITTM’s service (marketing data);
- 10 years, from the end of the commercial relationship for contractual issues (contracts, guarantees, claims, invoices, etc.);
Protection of your personal data
ITTM has implemented strong organizational and operational security measures in order to guarantee the security of your personal data. ITTM’s employees who may handle personal data as part of their duties are subject to a strict confidentiality. They only access to personal data that are necessary for their missions and are regularly sensitized about data protection aspects.
ITTM’s subcontractors are selected through a strict process. ITTM will not select subcontractors which are not compliant with the GDPR.
Notifications about incidents related to your personal data
In the event of a security incident involving your personal data (data leak, unwanted modification of your personal data, unavailability of your personal data), ITTM will follow a strict data breach procedure by performing an impact analysis and taking adequate remediation and contacting the CNPD (Commission Nationale pour la Protection des Données) as legally required. In case it requires a notification to affected data subjects, you will be informed without any delay.
You have and can exercise the following GDPR rights at any time and within the limits set by law:
- Access to your personal data (in order for you to know if and what data concerning you is being processed by ITTM and to obtain a copy of it);
- Rectification of your personal data (if data are inaccurate or incomplete);
- Restriction of the processing of your personal data (if the preconditions are met);
- Opposition to the processing of your personal data (for legitimate reasons, in particular for commercial prospecting purpose);
- Deletion of your personal data (right to be forgotten);
- Portability of your personal data (receive a copy of the personal data you have provided to ITTM in a universal readable format);
- Request not to be subject to a decision based on automated processing, including profiling;
- Withdraw your consent (for processing operations based on your consent).
You can exercise any of these rights free of charge by contacting us:
- by email to dpo|at|ittm-solutions.com
- or by postal mail addressed to ITTM S.A. – Data Protection Office, 27 Rue Henri Koch, L-4353 Esch-sur-Alzette.
In order for ITTM to satisfy your request and to avoid identity theft, ITTM may ask you (depending on the situation) to provide a copy of both sides of an official identity document. Such documents are used to confirm your identity and are immediately deleted from our system after confirmation.
ITTM will answer your request in a delay that does not exceed one month as from the reception date of your completed application. This delay can be extended to a maximum of two months in case of numerous or complex requests. In such case you will be duly informed according to GDPR requirements.
You may also lodge a complaint to the CNPD (Commission Nationale pour la Protection des Données), via their website: www.cnpd.lu.
ITTMs Coordinated Vulnerability Disclosure policy
Purpose of this policy:
This policy outlines how ITTM will coordinate the disclosure of information related to vulnerabilities which, if exploited, could lead to confidentiality, integrity or availability of ITTM’s assets being compromised or degraded. ITTM’s assets include (but are not limited to) network, system or data.
At ITTM, we are committed to addressing and reporting security issues through a coordinated workflow. We strongly encourage you to be a major player of this process.
This is why, if you discover a vulnerability in one of our asset, we should be grateful to be informed accordingly so that appropriate actions could be implemented to solve the vulnerability as quickly as possible.
In that way, your actions contribute protecting our services.
We kindly ask you to:
- Contact us by using our contact form,
- Provide enough information regarding your vulnerability and proof-of-concept,
- Don’t hesitate to give us a copy of the code you used to perform your exploit as well as any information you deem useful,
- Not abuse the vulnerability in a way which may harm ITTM or its clients,
- Not access or modify any data in any account or system for which you do not have legal control,
- Not disclose the vulnerability to other people until we inform you about its resolution,
- Not make use of attacks on physical security, social engineering techniques or hacking tools, such as vulnerability scanners or DDOS attack,
- Comply with all applicable laws and regulation.
What we promise:
- We will acknowledge receipt of your findings within the best delay,
- We will handle your report with all due confidentiality and ensure that your personal information is not shared with any third parties without your permission,
- We will carry out a detailed assessment of your potential findings to determine their accuracy,
- We will keep you informed of the progress in the solution resolution.
ITTM greatly appreciates the efforts made by security researchers sharing with us their discovery. This gives ITTM a chance of improving its services and offering better protection to our clients. Thank you for your help and being part of this process. Our team will contact you shortly so you can send them additional information.