YOUR PRIVACY MATTERS
This notice is intended for visitors to our website, prognosis-biotech.com.
It is important that you read this Privacy Notice so that you are fully aware of how and why we are using your data.
This Privacy Notice explains:
- What personal information we collect about you;
- How we use your personal information;
- On what basis we use your personal information;
- How long we keep your personal information for;
- When, how and why we may share your personal information with others and/or transfer it internationally;
- How we protect your personal information;
- Your rights regarding your personal information;
- What to do if you do not want to provide us with your personal information; and
This is taken in an effort to comply with the existing legislation regarding personal data protection and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Under the EU’s General Data Protection Regulation (GDPR), Article 4 (1) ‘Personal Data’ is defined as: “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
ProGnosis Biotech, in accordance to the eight privacy principles for GDPR compliance, when collecting, processing and managing personal information, is committed that the data:
- shall be processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
- shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving
- purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
- shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’);
- shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are collected and/or are being processed, are erased or rectified without delay (‘accuracy’);
- shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
- shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).
- maintained by ProGnosis are under their own responsibility and ProGnosis as the controller shall be responsible for and be able to demonstrate compliance with the GDPR (“Accountability”).
LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
ProGnosis gathers and processes your personal data only in accordance and within the lawful basis provided in the GDPR as these are applicable in each case:
Consent: The processing of your personal data is rightful if it follows your unequivocal and express consent and for the purposes for which your data is collected. Your consent can be taken either in writing or electronically.
For the performance of a contract: Data processing is permitted if it is necessary for the performance of a contract to which you, as a data subject, are a party, or for taking steps at your demand, prior to entering into a contract, including but not limited to the case of an electronic employment application.
For compliance with legal obligations of ProGnosis: Personal data can be processed for the purposes of complying with national and/or European and/or international laws and/or Regulations and only to the extent that such processing is necessary and within the restrictions provided in the said norms.
For protection of the vital interests of the Data Subject and/or any affected third parties: As in the course of our business ProGnosis deals with medicinal and/or medical and/or bi-products and/or pharmaceutical products and/or otherwise, processing of your personal data may be necessary for ensuring your health and safety and/or the health and safety of others. Thus, ProGnosis has the right to process your data only to the extent that is indispensable for ensuring the protection of your vital interests.
For the purposes of the legitimate interests pursued: Data processing is justifiable if it is necessary for ProGnosis to pursue a legitimate interest, provided that it will not override the fundamental rights of Data Subject.
HOW WE USE YOUR PERSONAL DATA
We may use your personal information to:
Provide you with information and services including:
Webcast events, or informative videos;
Tips and helpful information and marketing communications about our products and services. Consent should be obtained where required by law.
In the event that you choose to apply for employment, we will ask you to provide us with personal data including, but not limited to, your name, address, telephone number and ID number. Further we will ask you to upload a copy of your CV. This information shall be sent to our host servers and shall then be transmitted to the appropriate Department of ProGnosis, responsible for the processing of the information provided.
The members of our Human Resources Department shall receive and review the information shared by email and shall store all such information locally on their computers which ProGnosis Biotech take all reasonable steps to ensure that are protected. If hard copies of the said information are made, such shall be kept in files located in the Human Resources Department with access only from the members of the Department, the Management of the Company or individuals who may be authorized to have access to such information.
Contact and interact with you, including to:
Provide important updates, such as changes to our terms and policies, administrative messages and notifications; and
Respond to your requests (for instance in case you applied for employment)
Operate our business, including to:
Comply with applicable laws, regulations and guidance;
Comply with demands made by regulators, governments, courts and law enforcement authorities;
Take action against illegal and harmful behavior of users; and
Respond to reports or complains you make associated with one of our products and to monitor the safety of our products at the same time.
Improve our daily operations, including to:
Improve our services, communication methods and products;
Ensure we are always up to date in terms of our contact information;
For management purposes such as, data analysis and research to help us maintain and ameliorate our digital content;
For internal observation, to follow the trends and usage activities in connection to our products in order to understand which of our services and products are of the most interest to you and improve them.
WHY WE WILL USE YOUR PERSONAL DATA
HOW WE STORE AND KEEP YOUR PERSONAL INFORMATION SECURE
- We have put in place appropriate security measures to help protect your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or destructed in line with applicable data protection and privacy laws. For instance, when ProGnosis share your personal data with external suppliers, it may put in place a written agreement which commits the suppliers to keep your information confidential, and to put in place appropriate security measures to keep your information secure.
Please bear in mind that while we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. In the event of a breach we undertake to report it to the appropriate authorities and notify you as soon as possible and/or as further provided in the GDPR.
- All Sensitive information and personal data that ProGnosis obtains, are stored on our local servers/ database and all reasonable steps have been taken by ProGnosis to ensure that such data is kept secured whilst being stored and/or processed. Information shared within the organization shall only be accessible to the Senior Management of ProGnosis and/or to the personnel with whom such information has been shared.
- All hard copy information is maintained in files locally stored by the individual authorized to have access to such information and/or the appropriate manager of ProGnosis Biotech.
- Strict checks and controls are in place to ensure that your personal data shared with us are accessed and shared only with authorized individuals and are processed only for the purposes that such information has been shared.
HOW LONG WE KEEP YOUR PERSONAL INFORMATION
- We will only retain your Personal Data for the period required by law and where we need to do so in order to fulfil the purposes for which initially, we collected the personal data for, including purposes related to legal action or investigations, accounting or reporting requirements.
- To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
- In some circumstances we may anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes
- In relation to employment proceedings, ProGnosis shall internally process the information shared with the company in order to determine each suitability for the position applied. Use of such information will be made in the event that ProGnosis wish to contact each candidate in relation to his/her application. By submitting an application with ProGnosis, you agree to your information being maintained by ProGnosis for a period of six (6) months after the completion of the recruitment process for the position you have applied. Should you wish for ProGnosis to keep your personal information for future openings, you must expressly consent to ProGnosis maintaining your records and/or personal data for a period of thirty (30) months. Upon completion of either one of the two periods set out above, ProGnosis, shall delete all personal information shared by you.
INFORMATION COLLECTED FOR MINORS UNDER THE AGE OF 16
SUBJECTS’ LEGAL RIGHTS
Data Privacy laws provide you with a number of rights over your personal information
You may be entitled to:
- be informed & to access information: ProGnosis Biotech is transparent in how it collects and processes personal information and the purposes that it intends to use it for. We are obliged, should you request us to do so, to provide you with copies of all the information we have in our possession, the origins and the purposes of processing and the recipients without further delay and in a clear and comprehensible manner.
- correct information: If the personal information we hold about you is inaccurate or incomplete, you are entitled to have it corrected.
- “be forgotten”: You can ask us to remove your personal information in some circumstances such as where we no longer need it.
- restrict information: You can ask us to ‘block’ or suppress the processing of your personal information in certain circumstances such as where you contest the accuracy of that personal information or you object to us processing it. It will not however, stop us from storing your personal information. We will inform you before we lift any restriction.
- data portability: With effect from 25 May 2018, you have the right, in certain circumstances, to obtain personal information you have provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
- object: You can ask us to stop processing your personal information, and we will do so, unless we can demonstrate compelling legal grounds for the processing, submit a request for limitation of processing, and know the identity of the controller and his/her representative,
- file a complaint: To your local data protection authority if your privacy rights are violated, or if you have suffered as a result of unlawful processing of your personal information
Dealing with your requests on the basis of exercising the aforementioned rights comes free of charge, provided that your demands are not manifestly unfounded and/or excessive. In the case that your requests are unfounded and/or excessive, ProGnosis has the right to apply a reasonable fee for the cost incurred.
In the unlikely event that there is personal data breach, ProGnosis shall notify the affected Data Subjects and the appropriate Data Protection Authority, of the security breach without undue delay.
In the event of a breach on our part or in the event you are dissatisfied by our handling of your personal data contrary to the provisions of the GDPR, you can discuss it with our appointed DPO, you can submit a complaint about how we process your personal data to the Data Protection Authority or Court.
NOT WANTING TO PROVIDE YOUR PERSONAL DATA
INFORMATION WE SHARE
- Your personal information may be processed by ProGnosis’ outside of your home country.
- Data privacy laws in the countries to which your personal information is transferred may not be equivalent to, or as protective as, the laws in your home country. We will implement appropriate measures to ensure that your personal information remains protected and secure when it is transferred outside of your home country, always in accordance with applicable data protection and privacy laws. These measures include data transfer agreements implementing standard data protection clauses. You may find more information about data transfer agreements at: ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
- We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to Personal Data shared between the Europe and the US.
LINK TO OTHER WEBSITE
- It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if there are any alterations regarding your Personal Data.
- The provisions of this Document are not exhaustive, and ProGnosis shall at all times ensure full compliance with the GDPR. If any provision is or may in the future be conflicting with the provisions of local and European legislations, such provisions shall be disregarded, and the legislation shall prevail.
ProGnosis Biotech S.A.
Effective Date: 20 April 2020
THE CONTROLLER OF YOUR PERSONAL DATA
ProGnosis Biotech S.A. is the controller of the personal data you submit to us and responsible for your personal data under applicable data protection law.
Where ProGnosis Biotech S.A. or its subsidiaries act as a data processor on the instructions of a data controller, a separate Privacy Notice will be published by that data controller, usually on the relevant domain and provided directly to the relevant data subjects.