Data Privacy Policy

DATA PROTECTION

Data Privacy Policy

We at Biotest Facility process personal data, including data about you and your use of our services. According to the EU General Data Protection Regulation (GDPR), we are responsible for how and for what purposes the data processing is carried out.

Contents
1 For what purpose do we collect information?.
2 What information do we collect and process?.
3 How is the information collected?.
4 How do we use the information?.
5 With whom do we share data?.
6 For how long do we store data?.
7 Your rights.
8 How do you withdraw consent?.
9 Processor – Sensitive personal data.

1 For what purpose do we collect information?
Biotest Facility only collects the personal information about you as set out in this privacy policy. We collect the information to ensure you receive the highest level of service from Biotest Facility.

2 What information do we collect and process?
We treat your personal information with confidentiality and process personal information in accordance with the legal basis set out in the General Data Protection Regulation. We collect customer data such as position, professional background, name, address, phone number, email, and details about the services for which you have engaged us. We process personal data related to the samples that we analyse. We cannot in any way link these data to a certain identifiable person.

3 How is the information collected?
Information that you have provided to us in conjunction with a work order with Biotest Facility concerning the delivery of services is collected. Information is collected when you communicate with us, e.g., regarding project support, billing information, or when you sign up to receive information from us. Information from website cookies and social media such as LinkedIn is collected. Information is collected in conjunction with expressions of interest, either as a person interested in our services or as a person interested in employment.

4 How do we use the information?
To process customer data, the processing must have a legal basis in accordance with applicable privacy legislation. This means that the processing must be done based on: a) the processing is necessary to enable us to enter into a contract or to perform a work order with you, b) you have consented to the processing, or c) it is based on a legitimate interest. Examples of purposes for which we process your data and the legal basis for such processing can be found below.

4.1 To provide services and comply with laws
When we provide services in accordance with the conditions of the contract between you and us, we process data to perform our obligations under the contract. We also process data to be able to process invoices and payments, to deal with complaints, for troubleshooting, and for dealing with other incidents. The legal basis is ‘compliance with a legal obligation’.

4.2 To communicate to you about our services
We process data to communicate with you about our services, and we may provide you with recommendations, e.g., about how to use our service and inform you about new services and improvements. The legal basis is ‘a legitimate interest’.

4.3 To develop new services
We conduct analyses of customer data with the aim to improve our activities and our existing services, to develop new services, and to improve our way of working. The legal basis is ‘a legitimate interest’.

4.4 Processing for marketing purposes
We process data to be able to market our services to you. We may send you such marketing by email and letter. The legal basis is ‘a legitimate interest’. If the processing of personal data is based on consent from you, you are entitled to revoke such consent at any time. You will find more information about how to withdraw consent in Section 8.

5 With whom do we share data?
We may share data with subcontractors that perform services on our behalf, to fulfil the purposes above. It may be necessary to engage subcontractors to be able to deliver our services to you. Biotest Facility continues to be responsible for the processing of your data. Subcontractors cannot use data for purposes other than those we specify. We shall only disclose your customer data to other parties, e.g., suppliers of third-party services, after you have provided your consent. Your personal data is not transferred to countries outside the EEA (i.e., a third country). All transfers within the EEA are based on applicable law, and when we engage subcontractors to perform part of our service, we will conclude a contract for the processing of personal data with such parties.

6 For how long do we store data?
We will save your personal data as long as it is necessary considering the purpose of the processing, i.e., different data will be saved for different periods of time. Certain data needs to be saved for a specific period to comply with applicable legislation.

7 Your rights
The purpose of the data protection legislation is, among other things, to strengthen individuals’ rights regarding their data. You are consequently entitled to know what we do with your data, the purposes for which we process it, how long we will retain it, and who will have access to it.

7.1 Data Protection Officer
We have appointed a Data Protection Officer. You are welcome to contact our Data Protection Officer at info@biotestfacility.com if you have any questions about our processing of personal data or if you wish to exercise any of your rights described below.

7.2 Right to know what data we have concerning you
You are entitled to obtain information about what personal data of yours we process. To receive such information, you must clearly state what data you want access to and identify yourself in a secure manner. You are entitled to receive this information free of charge, but no more than once per year.

7.3 Right to rectification
If any of the data we process is inaccurate or if additional information is needed, you are entitled to have the inaccurate data rectified or to supplement it with any additional information required for processing.

7.4 Right to be forgotten
You are entitled to have your personal data erased. In such a case, please contact the Data Protection Officer. Contact details are provided above.

7.5 Right to restriction
You are entitled to have the processing of your data restricted. ‘Restriction’ means that data is marked so that it is only processed for certain specific purposes going forward.

7.6 Right to data portability
You are entitled to data portability for the data you have submitted to us if we process it based on your consent or to communicate with you. The right to portability applies only to data that we process electronically. This means that data processed solely in paper files is not covered by the right to portability.

8 How do you withdraw consent?
You are entitled to withdraw your consent for the processing of your data at any time. However, please note that we may also process data on legal bases other than consent. To withdraw your consent, please contact the Data Protection Officer, as detailed in Section 7.1.

9 Processor – Sensitive personal data
The personal data that we process for you in relation to our analysis services is handled by us in our capacity as a data processor. We are responsible for this processing both according to the law and under a work order with you. This means, among other things, that all sensitive personal data shall undergo pseudonymisation, meaning it cannot be linked to an individual without additional information (e.g., a key) to which we do not have access. Furthermore, we will process only the data necessary for each specific purpose, and data obtained will be used solely for the purpose for which it was collected. Biotest Facility has implemented appropriate technical and organisational measures to ensure data security, including access restrictions and pseudonymisation.