Last update: June 21, 2021
1. About this policy
Biomendex uses Article 6 of the EU General Data Protection Regulation (GDPR) as the legal basis, with the exception of cases in which prior consent cannot be obtained for practical reasons and processing of the data is permitted by law. Biomendex is committed to protecting the privacy of the contacts, whose personal data it holds in its registers.
2. Contact information
3. Lawfulness and Purposes of Personal Data Processing
The data subject may be either Biomendex’s customer, a representative of Biomendex’s customer or a user of Biomendex’s online shop or webpages. The data subject may also be a part of Biomendex’s other interest groups or stakeholders. The grounds for processing of the personal data are either fulfilment of an agreement concluded between Biomendex and the data subject or the legitimate interest of Biomendex. In order to fulfil an agreement between Biomendex and the data subject, Biomendex may e.g. process personal data for delivering and billing orders.
Biomendex’s legitimate interests consist of receiving and managing orders, as well as managing and developing Biomendex’s customer relationships, business functions and communications as well as fulfilling reporting or legal obligations towards authorities or stakeholders. In some cases, Biomendex may process personal data on the basis of the data subject’s consent for e.g. conducting direct marketing relating to its webpages and online shop.
Maintaining the customer register is necessary for Biomendex to enable efficient and customer-oriented marketing, sales activities and delivery management as well as to establish and maintain good customer relationships. The customer register is also used for more general communications purposes that do not directly relate to sales promotion.
Biomendex may use customer related personal data also for improving customer experience by developing the services and analyzing the customer’s interests.
4. Content of the Register
Biomendex’s customer base consists of healthcare and veterinary professionals as well as legal entities and authorities. In order to establish and maintain a customer relationship, Biomendex may process personal data of natural persons, who are acting as either sole traders or representing and/or working for the customer companies and other legal entities. Biomendex may also collect personal data of a prospective customer’s representatives.
The personal data Biomendex may collect and process includes the following personal data:
- phone number
- e-mail address
- trade name and business ID
- information on online shop purchases
- cookie data
Our websites may also collect various general data and information whenever they are accessed by users or automated system. Those general data and information are stored in the log files of the server. The following data may be collected:
- browser types and versions used,
- the operating system used,
- the website from which a system accesses our website,
- the subpages that the system accessing our website navigates to,
- the date and time of access to the website,
- the IP address,
- the internet service provider of the system accessing the website, and
- other similar data and information that serve to protect our information technology systems in the case of attacks.
The collection and use of the general data and information do not allow any conclusions to be drawn about the data subject. Instead, they only serve the following purposes:
- correct provision and display of the content of our website
- optimization of the website content and advertising the website
- ensuring the long-term functionality of our website
- possible provision of the necessary information to assist law enforcement authorities in the event of a cyber-attack. The anonymous data stored in the log files are stored separately from any personal data.
Our website and services are not directed to individuals under the age of 18, and we request that these individuals do not provide personal information through the website. If your child has submitted Personal Information and you would like to request that such Personal Information be removed, please contact us as explained at section 2. Contact Information.
5. Regular Sources of Information
Personal data in Biomendex’s customer register is mainly collected from the data subject himself/herself or from the company which he/she represents. In the context of Biomendex’s online shop, information about the data subject may either be actively submitted by the data subject or otherwise collected during the usage of the online shop. Information may also be collected from the authorities or publicly available sources within the limits of the applicable laws and regulations.
6. Data Sharing
Biomendex does not share personal data with third parties outside of its organization unless one of the following circumstances applies:
For legal reasons:
Biomendex may share personal data with third parties outside Biomendex’s organization if the use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests or safety of Biomendex or data subject in accordance with the law. Where possible, Biomendex will inform data subject about such transfer and processing.
To authorized service providers:
7. Data Transfers
8. Data Retention
Biomendex manages the personal data within the customer register during the customer relationship and regularly deletes and corrects unnecessary and outdated data. When the relationship between the data subject and Biomendex becomes passive, Biomendex retains the personal data only for as long as the personal data is necessary for Biomendex’s genuine needs and the regulatory requirements Biomendex is subject to. Personal data is deleted gradually in accordance with these data retention guidelines.
9. Data Security
Biomendex uses administrative, organizational, technical, and physical safeguards to protect the personal data it collects and processes. Measures may include, for example, where appropriate, encryption, pseudonymization and access right systems.
Should despite of the security measures, a security breach occur that is likely to have negative effects to data subject’s privacy, Biomendex will inform the data subject and relevant authorities as required by applicable data protection laws as soon as possible.
10. Data Subject’s Rights
Right to object to Direct Marketing
The data subject has the right to object to direct marketing at any time. The data subject may use the right by contacting Biomendex.
Access to Information
The data subject has the right to obtain information of the personal data concerning him/her, which Biomendex is processing, and obtain a copy of such personal data by contacting Biomendex.
Right to Rectification, Erasure and Restriction
The data subject is entitled to have any personal data that is inaccurate, outdated, unnecessary or contrary to the purposes of data processing corrected or erased. Where the data subject has access to Biomendex’s digital service platforms, he/she may correct or erase any inaccurate, outdated, unnecessary data in the service himself/herself.
The data subject is also entitled to request Biomendex to restrict processing of the data subject’s personal data for example when the data subject is waiting for Biomendex’s response to his/hers access or erasure request.
Right to Object Personal Data Processing
On grounds relating to his/her particular situation, the data subject is entitled to object processing of personal data concerning him/her, provided that the processing is based on the data controller’s legitimate interest.
Data subject may send his/her request to Biomendex to restrict the processing. In this request, the data subject shall define the particular situation based on which data subject is objecting the data processing. Biomendex has the right to decline the request on statutory grounds.
Right to Withdraw Consent
Where the processing of personal data is based on the data subject’s consent (e.g. electronic direct marketing), the data subject has the right to withdraw this consent by notifying Biomendex.
Right of Data Portability
To the extent that the data subject has by him-/herself submitted data to the register, which are processed in order to execute the agreement between Biomendex and the data subject or are processed under his/her consent, the data subject has the right to obtain a copy of such data in a commonly used and machine-readable format and transmit such data to another data controller (if technically possible).
Right to Lodge a Complaint
If the data controller does not follow the applicable data protection regulation, a data subject is entitled to lodge a complaint with a competent data protection authority.