YOUR PRIVACY MATTERS
We encourage you to read this Privacy Notice carefully to understand how and why we collect and use your data. This Privacy Notice covers the following areas:
- The types of personal information we collect from you
- How we use your personal information
- The legal basis for our use of your personal information
- How long we keep your personal information
- When, how, and why we may share or transfer your personal information
- How we protect your personal information
- Your rights regarding your personal information
- What to do if you choose not to provide us with your personal information
Under the GDPR, personal data refers to any information relating to an identified or identifiable natural person. ProGnosis Biotech is committed to complying with the GDPR’s eight privacy principles when collecting, processing, and managing personal information. These principles include:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimization
- Storage limitation
- Integrity and confidentiality
- Transfer limitation
LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
Prognosis Biotech processes personal data on the basis of legitimate interests, contractual necessity, and with your explicit consent, as applicable. We may also process personal data if we are required to do so by law, or if it is necessary to protect the vital interests of an individual.
We only collect and use your personal information in a lawful way. The General Data Protection Regulation (GDPR) outlines the lawful basis for processing personal data, and we follow these guidelines to ensure that we are processing your information in a way that is fair and transparent.
Here are the lawful bases we use:
- Consent: We may process your personal data if you have given us clear and specific permission to do so. This consent can be given in writing or electronically, and we will only use your data for the purposes for which you have given us permission.
- Contract: If we need to process your personal data in order to fulfill a contract we have with you, or to take steps at your request before entering into a contract, we will do so.
- Legal obligation: We may process your personal data if we are required to do so by law.
- Vital interests: In some cases, we may need to process your personal data to protect your vital interests or the vital interests of others.
- Legitimate interests: We may process your personal data if we have a legitimate interest in doing so, and this interest does not override your fundamental rights and freedoms.
We take the security of your personal information very seriously and will only collect and use it in a way that is necessary and lawful. If you have any questions about how we collect or use your personal information, please don’t hesitate to contact us.
HOW WE USE YOUR PERSONAL DATA
Prognosis Biotech collects personal data to improve our products and services, and to provide users with a better experience when interacting with our website. The personal data we collect may include your name, email address, and other information you provide when registering for an account, subscribing to our newsletters, or when filling out contact forms.
We may use your personal information to provide you with information and services, such as press releases, webcast events, informative videos, job postings, and marketing communications about our products and services. We will obtain your consent where required by law.
If you apply for employment with us, we will ask for personal information such as your name, address, telephone number, ID number, and a copy of your CV. We will send this information to our host servers and to the appropriate department responsible for processing it. Our Human Resources Department will review the information and store it locally on their computers. Any hard copies will be kept in files located in the Human Resources Department with access limited to authorized personnel.
We may also contact you to provide important updates, respond to your requests, and operate our business in compliance with applicable laws and regulations. Additionally, we use your personal information to improve our services, communication methods, and products. This includes data analysis, research, and internal observations to understand which services and products are of most interest to you and how we can improve them.
In certain situations, we may be required to disclose your personal information to regulators, governments, courts, and law enforcement authorities, or to take action against illegal behavior or complaints related to our products.
If you have any questions or concerns about how we use your personal information, please contact us.
WHY WE WILL USE YOUR PERSONAL DATA
HOW WE STORE AND KEEP YOUR PERSONAL INFORMATION SECURE
We take security seriously and have put measures in place to protect your Personal Data from being lost, used, accessed, altered or destroyed without authorization. For example, we have agreements in place with suppliers who handle your personal data which requires them to keep your information confidential and implement appropriate security measures to keep it safe.
However, it is important to note that we cannot guarantee absolute security, but in the event of a breach, we will report it to the appropriate authorities and notify you as soon as possible in accordance with GDPR regulations.
We store all sensitive and personal data on our local servers/database, and we have taken reasonable steps to ensure that this data is secure. Within our organization, only senior management and authorized personnel have access to this information.
Hard copy information is stored in files that are only accessible by authorized individuals or appropriate managers.
We have strict controls and checks in place to ensure that your personal data is only accessed by authorized personnel and is processed only for the purposes for which it was shared.
HOW LONG WE KEEP YOUR PERSONAL INFORMATION
We will only keep your personal information for as long as we need to. This is usually to make sure we can meet legal requirements, or for the reasons we collected your information in the first place. We consider things like how much information we have about you, how sensitive it is, and the risk of someone using or sharing it without permission. We also look at why we have your information and whether we could keep it in another way.
Sometimes we might need to use your information for research or statistics. If this is the case, we will remove any details that could identify you.
If you apply for a job with us, we will use the information you give us to see if you are suitable for the job. If you are not successful, we will keep your information for 6 months after the recruitment process is finished. After that, we will delete it. If you would like us to keep your information for longer, you need to tell us and give your permission. If you don’t want to give us your information, that’s ok – but we might not be able to consider you for the job.
INFORMATION COLLECTED FOR MINORS UNDER THE AGE OF 16
Prognosis Biotech does not knowingly collect personal data from individuals under the age of 16. If you are under the age of 16 and wish to submit your personal information to Prognosis Biotech, we require the consent of your parent or legal guardian before we can collect and use your information.
SUBJECTS’ LEGAL RIGHTS
As per data privacy laws, you have certain rights over your personal information. These include:
- The right to access information: We will provide you with copies of all your personal information that we hold, its origin, the purpose for processing, and the recipients upon your request.
- The right to correct information: You have the right to ask us to correct any inaccurate or incomplete personal information that we hold about you.
- The right to be forgotten: In certain circumstances, such as when we no longer need your personal information, you can ask us to delete it.
- The right to restrict information: You can ask us to stop processing your personal information in certain circumstances, such as when you contest its accuracy or object to its processing.
- The right to data portability: With effect from 25 May 2018, you have the right to obtain your personal information that you provided us with in a structured, commonly used, and machine-readable format and transfer it to a third party of your choice.
- The right to object: You can ask us to stop processing your personal information, and we will do so, unless we can demonstrate compelling legal grounds for the processing, submit a request for limitation of processing, and know the identity of the controller and his/her representative.
- The right to file a complaint: If your privacy rights are violated or if you have suffered as a result of the unlawful processing of your personal information, you can complain to your local data protection authority. If you exercise any of these rights, we will not charge you unless your requests are manifestly unfounded and/or excessive.
In the unlikely event of a personal data breach, we will notify the affected data subjects and the appropriate data protection authority without delay. If you are dissatisfied with how we handle your personal data, you can discuss it with our appointed DPO, submit a complaint about our processing of your personal data to the Data Protection Authority or Court.
NOT WANTING TO PROVIDE YOUR PERSONAL DATA
If you do not wish to share your personal information with us, you are free to exercise that choice. ProGnosis respects your decision and will comply with applicable legal obligations. Please note that this may affect the use of our products and services. You have the right to choose whether or not to provide us with your personal data. However, if you choose not to provide us with your personal data, we may not be able to provide you with certain products or services.
INFORMATION WE SHARE
YOUR DATA PROTECTION RIGHTS UNDER GENERAL DATA PROTECTION REGULATION (GDPR)
As a resident of the European Union (EU) and European Economic Area (EEA), you are entitled to certain data protection rights under GDPR (https://eur-lex.europa.eu/eli/reg/2016/679/oj). These rights include the ability to correct, amend, delete, or limit the use of your Personal Data. If you would like to know what Personal Data we hold about you and request that it be removed from our systems, please email us.
In addition, you have the following data protection rights:
· The right to access, update, or delete the information we have on you.
· The right to rectification. If your information is inaccurate or incomplete, you have the right to have it corrected.
· The right to object. You have the right to object to our processing of your Personal Data.
· The right to restriction. You have the right to request that we restrict the processing of your personal information.
· The right to data portability. You have the right to receive a copy of your Personal Data in a structured, machine-readable format.
· The right to withdraw consent. You have the right to withdraw your consent at any time where we rely on your consent to process your personal information.
Please note that we may ask you to verify your identity before responding to such requests. We would also like to inform you that we may not be able to provide our service to you without the necessary data.
In case you have concerns about our collection and use of your Personal Data, you have the right to complain to a Data Protection Authority. For more information, please contact your local data protection authority in the European Economic Area (EEA).
YOUR DATA PROTECTION RIGHTS UNDER THE CALIFORNIA PRIVACY PROTECTION ACT (CALOPPA)
At Prognosis Biotech S.A., we adhere to the CalOPPA regulations, which include the following:
- Users are able to visit our site anonymously.
- Users can change their personal information by emailing us.
Our policy is to honor Do Not Track signals and refrain from tracking, planting cookies, or using advertising when a Do Not Track browser mechanism is enabled. Users can enable or disable Do Not Track by visiting the Preferences or Settings page of their web browser.
Your personal information may be processed outside of your home country by ProGnosis.
Data privacy laws in the countries to which your personal information is transferred may not be as protective as the laws in your home country.
We will implement appropriate measures to ensure that your personal information remains protected and secure when it is transferred outside of your home country, always in accordance with applicable data protection and privacy laws. These measures include data transfer agreements implementing standard data protection clauses. You can find more information about data transfer agreements at: ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission.
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protection to Personal Data shared between the Europe and the US.
LINK TO OTHER WEBSITE
Occasionally, our ProGnosis website may contain links to and from other networks, mobile applications, partners, and vendors. We strongly recommend that you review the privacy policies of these websites before submitting any personal data, as we are not responsible for their policies.
THE CONTROLLER OF YOUR PERSONAL DATA
In cases where ProGnosis Biotech S.A. or its subsidiaries act as a data processor on the instructions of a data controller, a separate Privacy Notice will be published by that data controller and provided directly to the relevant data subjects.
The latest version of this policy will always be available on our website. Your use of the website after the latest version is your acknowledgement of the modification and your consent to abide by it.
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed of any changes to your Personal Data.
The provisions of this Document are not exhaustive. We shall always ensure full compliance with the GDPR. If any provision conflicts with the provisions of local and European legislations, such provisions shall be disregarded and the legislation shall prevail.
ProGnosis Biotech S.A.
Effective Date: 22 February 2023