BioRey BV collects, uses, shares and holds certain Personal Data about current, past and prospective, employees, customers, suppliers, business contacts and other people in course of its business activities. Personal Data must be Processed in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679) and other applicable national and European privacy legislation and regulations (together the “Data Protection Law”).
BioRey BV recognises the need to treat Personal Data in an appropriate and lawful manner and is committed to complying with its obligations in this regard.
We use the words Personal Data to describe information that is about you or others, and from which you or they are identifiable.
- telephone calls, emails and other communications;
- service providers and other third parties;
- our websites (the “Site”); and
- social media applications.
Personal Data may be provided to us by you directly or by a third party.
- Personal Data we Process
The Personal Data we hold about you and other individuals may differ depending on our relationship, including the type of communications between us and the services we provide.
The Personal Data we collect generally falls within one of following categories – Personal Data about
- Business Contacts
We endeavour to keep the Personal Data we Process accurate and up to date. Furthermore Personal Data is stored in as few places, with as few copies, as is reasonably possible. Our staff are trained not to create any unnecessary additional copies of Personal Data.
- How we use Personal Data
We use Personal Data to carry out our business activities. The purposes for which we use your Personal Data may differ based on our relationship, including the type of communications between us and the services we provide.
The main purposes include using Personal Data to:
- facilitate general business purposes, such as payroll activities, performance management, making business travel arrangements;
- facilitate communication with you and your nominated contacts in an emergency and protecting the health and safety of staff and others;
- provide our products and services;
- communicate with you and other individuals;
- improve the quality of our products and services, provide training and maintain information security (for example, for this purpose we may record or monitor phone calls);
- carry out research and analysis, including analysis of our customer base and other individuals whose Personal Data we collect;
- provide marketing information in accordance with preferences you have told us about (marketing information may be about products and services offered by our third party partners subject to your preferences);
- personalise your experience when you use Online Tools or visit third party websites by presenting information and advertisements tailored to you, and facilitate sharing on social media;
- manage our business operations and IT infrastructure, in line with our internal policies and procedures, including those relating to finance and accounting, billing and collections, IT systems operation, data and website hosting, data analytics, business continuity, records management, document and print management, and auditing;
- manage complaints, feedback and queries, and handle requests for data access or correction, or the exercise of other rights relating to Personal Data;
- comply with applicable laws and regulatory obligations (including laws and regulations outside your country of residence), for example, laws and regulations relating to anti-money laundering, sanctions and anti-terrorism; comply with legal process and court orders; and respond to requests from public and government authorities (including those outside your country of residence); and
- establish and defend legal rights to protect our business operations, and those of our business partners.
- Responsibility for Personal Data
When we provide Personal Data to third parties, the third parties will be selected carefully and required to use appropriate measures to protect the confidentiality and security of the Personal Data. Those third parties will assume certain responsibilities under data protection law for looking after the Personal Data that they receive from us.
- Sharing of Personal Data
In connection with the purposes described above, we may need to share your Personal Data with third parties (this may involve third parties disclosing Personal Data to us and us disclosing Personal Data to them).
In certain circumstances, Data Protection Law allows Personal Data to be disclosed to law enforcement agencies without the consent of the Data Subject. In such circumstances, we will disclose requested Personal Data to the extent permitted by, and in accordance with, applicable Data Protection Law. Prior to any such disclosure of Personal Data we will ensure the request is legitimate and in accordance with Data Protection Law, seeking assistance from the Groups Legal Advisors where necessary.
- International Transfers of Personal Data
We may transfer information internationally to our service providers, business partners, and government or public authorities.
When making these transfers, we will take steps to ensure that your Personal Data is adequately protected and transferred in accordance with the requirements of Data Protection Law.
This may involve the use of data transfer agreements in the form approved by the European Commission or another mechanism recognised by data protection law as ensuring an adequate level of protection for Personal Data transferred outside the EEA (for example, the standard contractual clauses).
For further information about these transfers and to request details of the safeguards in place, please contact us using the details in section 12 of this document.
- Security of Personal Data
BioRey BV uses appropriate technical, physical, legal and organisational measures, which comply with data protection laws to keep Personal Data secure.
As some of the Personal Data we hold is stored electronically we have implemented appropriate IT security measures to ensure this Personal Data is kept secure. For example, we may use anti-virus protection systems, firewalls, and data encryption technologies. We have procedures in place at our premises to keep any hard copy records physically secure. We also train our staff regularly on data protection and information security.
When BioRey BV provides Personal Data to a third party (including our service providers) or engages a third party to collect Personal Data on our behalf, the third party will be selected carefully and required to use appropriate security measures to protect the confidentiality and security of Personal Data. For example Personal Data is encrypted / password protected where appropriate.
Unfortunately, no data transmission over the Internet or electronic data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any Personal Data you might have sent to us has been compromised), please immediately notify us using the contact details in section 12 of this document.
The manner in which your Personal Data is kept secure is further described in our security policy available in each local jurisdiction.
- Legal Justifications for our Processing of Personal Data
To comply with Data Protection Law, we need to tell you the legal justification we rely on for using your Personal Data for our purposes.
In order to obtain Personal Data from you to comply with applicable legal requirements, and certain Personal Data may be needed to enable us to fulfil the terms of our contract with you (or someone else), or in preparation of entering into a contract with you (or someone else). We may inform you of this at the time that we are obtaining the Personal Data from you. In these circumstances, if you do not provide the relevant Personal Data to us, we may not be able to provide our products or services to you. If you would like further information, please contact us using the details in section 12 of this document.
Where we rely on our legitimate business interests or the legitimate interests of a third party to justify the purposes for using your Personal Data, our legitimate interests will usually be:
- protection of our business, shareholders, employees and customers, or those of a third party (for example, ensuring IT network and information security, enforcing claims, including debt collection);
- pursuit of our commercial activities and objectives, or those of a third party (for example, by carrying out direct marketing);
- compliance with applicable legal and regulatory obligations, and any guidelines, standards and codes of conduct (for example, by carrying out background checks or otherwise preventing, detecting or investigating fraud or money laundering);
- improvement and development of our business operations and service offering, or those of a third party; and
- analysing competition in the market for our services (for example, by carrying out research, including market research).
We may need to collect, use and disclose Personal Data in connection with matters of important public interest, for instance when complying with our obligations under anti-money laundering and terrorist financing laws and regulations, and other laws and regulations aimed at preventing financial crime. In these cases, the legal justification for our use of Personal Data is that the use is necessary for matters of public interest. Additional justifications may also apply depending on the circumstances.
For Processing of more Sensitive Personal Data we will rely on either:
- your consent; or
- that use of your Sensitive Personal Data is necessary for the establishment, exercise or defence of legal claims, or whenever courts are acting in their judicial capacity (for example, when a court issues a court order requiring the Processing of Personal Data).
Processing of Personal Data relating to criminal convictions and offences is subject to the requirements of applicable law.
We may record telephone calls with you so that we can:
- improve the standard of service that we provide by providing our employees with feedback and training;
- address queries, concerns or complaints;
- prevent, detect and investigate crime, including fraud and money laundering, and analyse and manage other commercial risks; and
- comply with our legal and regulatory obligations.
In addition, we may monitor electronic communications between us (for example, emails) to protect you, our business and IT infrastructure, and third parties including by:
- identifying and dealing with inappropriate communications; and
- looking for and removing any viruses, or other malware, and resolving any other information security issues.
- Retention of Personal Data
We will keep Personal Data for as long as is necessary for the purposes for which we collect it.
Where we hold Personal Data to comply with a legal or regulatory obligation, we will keep the information for at least as long as is required to comply with that obligation. In some cases a retention period will apply once the initial purpose has ceased e.g. payroll files are required to be kept for current year plus 6 years.
Where we hold Personal Data in order to provide a product or service, we will keep the information for at least as long as we provide the product or service, and for a number of years thereafter. The number of years varies depending on the nature of the product or service provided.
BioRey BV endeavour to ensure that Personal Data will only be kept which is relevant and not excessive to achieve the purposes for which it is being held. Personal Data will be deleted once that purpose is achieved or it is no longer required as set out.
For further information about the period of time for which we retain your Personal Data, please contact us using the details in section 12 of this document.
- Personal Data Rights
If you wish to exercise your rights, please contact us using the details in section 12 of this document.
- Who to contact about your Personal Data
If you have any questions or concerns about the way your Personal Data is used by us, you can contact us by email at: firstname.lastname@example.org
- Review and Revision