BIOMENDEX OY PRIVACY POLICY

Last update: June 21, 2021

1. About this policy

Your privacy and keeping you informed on processing your personal data is important to us. This

Privacy Policy provides information on how Biomendex collects and processes personal data of our customers, potential future customers and our business contacts.

Biomendex uses Article 6 of the EU General Data Protection Regulation (GDPR) as the legal basis, with the exception of cases in which prior consent cannot be obtained for practical reasons and processing of the data is permitted by law.  Biomendex is committed to protecting the privacy of the contacts, whose personal data it holds in its registers.

This Privacy Policy may be updated from time to time. You can determine when this Privacy Policy was last revised by referring to the “LAST UPDATE” date at the top of this page.

2. Contact information

Biomendex Oy

Business ID: 2946392-2

Address: Korkeakoulunkatu 1, 33720 Tampere

E-mail address: info@biomendex.com  

Website: https://www.biomendex.com

3. Lawfulness and Purposes of Personal Data Processing

The data subject may be either Biomendex’s customer, a representative of Biomendex’s customer or a user of Biomendex’s online shop or webpages. The data subject may also be a part of Biomendex’s other interest groups or stakeholders. The grounds for processing of the personal data are either fulfilment of an agreement concluded between Biomendex and the data subject or the legitimate interest of Biomendex. In order to fulfil an agreement between Biomendex and the data subject, Biomendex may e.g. process personal data for delivering and billing orders.

Biomendex’s legitimate interests consist of receiving and managing orders, as well as managing and developing Biomendex’s customer relationships, business functions and communications as well as fulfilling reporting or legal obligations towards authorities or stakeholders. In some cases, Biomendex may process personal data on the basis of the data subject’s consent for e.g. conducting direct marketing relating to its webpages and online shop.

Maintaining the customer register is necessary for Biomendex to enable efficient and customer-oriented marketing, sales activities and delivery management as well as to establish and maintain good customer relationships. The customer register is also used for more general communications purposes that do not directly relate to sales promotion.

Biomendex may use customer related personal data also for improving customer experience by developing the services and analyzing the customer’s interests.

4. Content of the Register

Biomendex’s customer base consists of healthcare and veterinary professionals as well as legal entities and authorities. In order to establish and maintain a customer relationship, Biomendex may process personal data of natural persons, who are acting as either sole traders or representing and/or working for the customer companies and other legal entities. Biomendex may also collect personal data of a prospective customer’s representatives.

The personal data Biomendex may collect and process includes the following personal data:

  • name
  • address
  • phone number
  • e-mail address
  • trade name and business ID
  • information on online shop purchases
  • cookie data

Our websites may also collect various general data and information whenever they are accessed by users or automated system. Those general data and information are stored in the log files of the server. The following data may be collected:

  • browser types and versions used,
  • the operating system used,
  • the website from which a system accesses our website,
  • the subpages that the system accessing our website navigates to,
  • the date and time of access to the website,
  • the IP address,
  • the internet service provider of the system accessing the website, and
  • other similar data and information that serve to protect our information technology systems in the case of attacks.

The collection and use of the general data and information do not allow any conclusions to be drawn about the data subject. Instead, they only serve the following purposes:

  • correct provision and display of the content of our website
  • optimization of the website content and advertising the website
  • ensuring the long-term functionality of our website
  • possible provision of the necessary information to assist law enforcement authorities in the event of a cyber-attack. The anonymous data stored in the log files are stored separately from any personal data.

Our website and services are not directed to individuals under the age of 18, and we request that these individuals do not provide personal information through the website. If your child has submitted Personal Information and you would like to request that such Personal Information be removed, please contact us as explained at section 2. Contact Information.

5. Regular Sources of Information

Personal data in Biomendex’s customer register is mainly collected from the data subject himself/herself or from the company which he/she represents. In the context of Biomendex’s online shop, information about the data subject may either be actively submitted by the data subject or otherwise collected during the usage of the online shop. Information may also be collected from the authorities or publicly available sources within the limits of the applicable laws and regulations. 

6. Data Sharing

Biomendex does not share personal data with third parties outside of its organization unless one of the following circumstances applies:

It is necessary for the purposes set out in this Privacy Policy:

To the extent that third parties need access to personal data to enable the offering of the online store, Biomendex has taken appropriate contractual and organizational measures to ensure that personal data are processed exclusively for the purposes specified in this Privacy Policy and in accordance with all applicable laws and regulations.

For legal reasons:

Biomendex may share personal data with third parties outside Biomendex’s organization if the use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests or safety of Biomendex or data subject in accordance with the law. Where possible, Biomendex will inform data subject about such transfer and processing.

To authorized service providers:

Biomendex may share personal data to authorized service providers who perform services for Biomendex (including data storage, sales, marketing and Customer support). Biomendex’s agreements with its service providers include commitments that the service providers agree to limit their use of personal data and to comply with privacy and security standards at least as stringent as the terms of this Privacy Policy.

7. Data Transfers

Personal data may be transferred outside of the European Union or the European Economic Area if it is necessary to carry out the purposes of the data processing. In such case, appropriate technical and organizational measures, such as the use of EU Commission’s standard contractual clauses, will be carried out to ensure a sufficient level of data protection in accordance with the applicable data protection regulation. Upon the data subject’s request in accordance with section 10 of this Privacy Policy, Biomendex will provide a copy of these measures to the data subject.

8. Data Retention

Biomendex manages the personal data within the customer register during the customer relationship and regularly deletes and corrects unnecessary and outdated data. When the relationship between the data subject and Biomendex becomes passive, Biomendex retains the personal data only for as long as the personal data is necessary for Biomendex’s genuine needs and the regulatory requirements Biomendex is subject to. Personal data is deleted gradually in accordance with these data retention guidelines.

9. Data Security

Biomendex uses administrative, organizational, technical, and physical safeguards to protect the personal data it collects and processes. Measures may include, for example, where appropriate, encryption, pseudonymization and access right systems.

Should despite of the security measures, a security breach occur that is likely to have negative effects to data subject’s privacy, Biomendex will inform the data subject and relevant authorities as required by applicable data protection laws as soon as possible.

10. Data Subject’s Rights

Right to object to Direct Marketing

The data subject has the right to object to direct marketing at any time. The data subject may use the right by contacting Biomendex.

Access to Information

The data subject has the right to obtain information of the personal data concerning him/her, which Biomendex is processing, and obtain a copy of such personal data by contacting Biomendex.

Right to Rectification, Erasure and Restriction

The data subject is entitled to have any personal data that is inaccurate, outdated, unnecessary or contrary to the purposes of data processing corrected or erased. Where the data subject has access to Biomendex’s digital service platforms, he/she may correct or erase any inaccurate, outdated, unnecessary data in the service himself/herself.

The data subject is also entitled to request Biomendex to restrict processing of the data subject’s personal data for example when the data subject is waiting for Biomendex’s response to his/hers access or erasure request.

Right to Object Personal Data Processing

On grounds relating to his/her particular situation, the data subject is entitled to object processing of personal data concerning him/her, provided that the processing is based on the data controller’s legitimate interest.

Data subject may send his/her request to Biomendex to restrict the processing. In this request, the data subject shall define the particular situation based on which data subject is objecting the data processing. Biomendex has the right to decline the request on statutory grounds.

Right to Withdraw Consent

Where the processing of personal data is based on the data subject’s consent (e.g. electronic direct marketing), the data subject has the right to withdraw this consent by notifying Biomendex.

Right of Data Portability

To the extent that the data subject has by him-/herself submitted data to the register, which are processed in order to execute the agreement between Biomendex and the data subject or are processed under his/her consent, the data subject has the right to obtain a copy of such data in a commonly used and machine-readable format and transmit such data to another data controller (if technically possible).

Right to Lodge a Complaint

If the data controller does not follow the applicable data protection regulation, a data subject is entitled to lodge a complaint with a competent data protection authority.