Data Privacy Policy

Our

Data Privacy Policy

Data Privacy Policy

We at BioXpedia process personal data, including data about you and your use of our services. According to the EU General Data Protection Regulation (GDPR), we are responsible for how and for what purposes the data processing is carried out.

Contents
1 For what purpose do we collect information?
2 What information do we collect and process?
3 How is the information collected?
4 How do we use the information?
5 With whom do we share data?
6 For how long do we store data?
7 Your rights
8 How do you withdraw consent?
9 Processor – Sensitive personal data

1 For what purpose do we collect information?
BioXpedia only collects the personal information about you as set out in this privacy policy. We collect the information to ensure you the highest level of service from BioXpedia.

2 What information do we collect and process?
We treat your personal information with confidentiality and process personal information in accordance with the legal basis set out in the General Data Protection Regulation. We collect customer data such as position, professional background, name, address, phone number, email and details about the services for which you have engaged us. We process personal data related to the samples that we analyze. We cannot in any way link these data to a certain identifiable person.

3 How is the information collected?
Information that you have provided to us in conjunction with a work order with BioXpedia concerning the delivery of services is collected. Information is collected when you communicate with us, e.g., regarding project support, billing information, or when you sign up to receive information from us. Information from website cookies and social media such as LinkedIn is collected. Information is collected in conjunction with expressions of interest either as a person interested in our services or as a person interested in employment.

4 How do we use the information?
To process customer data, the processing must have a legal basis in accordance with applicable privacy legislation. This means that the processing must be done based on: a) the processing is necessary to enable us to enter into a contract or to perform a work order with you, b) you have consented to the processing, or c) based on a legitimate interest. Examples of purposes for which we process your data and the legal basis for such processing can be found below.

4.1 To provide services and comply with laws
When we provide services in accordance with the conditions of the contract between you and us, we process data to perform our obligations under the contract. We also process data to be able to process invoices and payments, to deal with complaints, for troubleshooting and for dealing with other incidents. The legal basis is ‘compliance with a legal obligation’.

4.2 To communicate to you about our services
We process data to communicate with you about our services, and we may provide you with
recommendations e.g., about how to use our service and inform you about new services and improvements. The legal basis is ‘a legitimate interest’.

4.3 To develop new services
We conduct analyses of customer data with the aim to improve our activities and our existing services, to develop new services, and improve our way of working. The legal basis is ‘a legitimate interest’.

4.4 Processing for marketing purposes
We process data to be able to market our services to you. We may send you such marketing by email and letter. The legal basis is ‘a legitimate interest’. If the processing of personal data is based on consent from you, you are entitled to revoke such consent at any time. You will find more information about how to withdraw consent in section 8.

5 With whom do we share data?
We may share data with sub-contractors that perform services on our behalf, to fulfil the purposes above. It may be necessary to engage sub-contractors to be able to deliver our services to you. BioXpedia continue to be responsible for the processing of your data. Sub-contractors cannot use data for purposes other than those we specify. We shall only disclose your customer data to other parties, e.g., suppliers of third-party services, after you have provided your consent. Your personal data is not transferred to countries outside the EEA (i.e., a third country). All transfers within EEA are based on applicable law, and when we engage sub-contractors to perform part of our service, we will conclude a contract for the processing of personal data with such parties.

6 For how long do we store data?
We will save your personal data as long it is necessary considering the purpose of the processing, i.e., different data will be saved for different periods of time. Certain data needs to be saved for a certain period to comply with applicable legislation.

7 Your rights
The purpose of the data protection legislation is, among other things, to strengthen the rights of individuals to their data. You are consequently entitled to know what we do with your data, the purposes for which we process your data, for how long we will save it and who will have access to the data.

7.1 Data Protection Officer
We have appointed a Data Protection Officer. You are welcome to contact our Data Protection Officer at [email protected] if you have questions about our processing of personal data or if you wish to exercise any of your rights described below.

7.2 Right to know what data we have concerning you
You shall be able to get information about what personal data of yours we process. To receive such information, you must clearly state what information you want access to and identify yourself in a secure way. You are entitled to have this information free of charge, though no more than once per year.

7.3 Right to rectification
If any of the data we process is inaccurate or if additional information is needed, you are entitled to have inaccurate data rectified or to supplement it with additional data that may be needed for processing.

7.4 Right to be forgotten
You are entitled to have your personal data erased. Contact the Data Protection Officer in such a case. Contact details are provided above.

7.5 Right to restriction
You are entitled to have the data processing that we carry out restricted. ‘Restriction’ means that data is marked so that it is only processed for certain limited purposes going forward.

7.6 Right to data portability
You are entitled to data portability for the data you have submitted to us if we carry out processing based on your consent or when we process data to communicate with you. The right to portability only applies to data that we process electronic. This means that data only processed in paper files is not covered by the right to portability.

8 How do you withdraw consent?
You are entitled at any time to withdraw the consent you have given to us for processing of your data. However, note that we may also perform processing on legal bases other than consent. Contact Data Protection Officer to withdraw consent, see section 7.1.

9 Processor – Sensitive personal data
The personal data that we process for you, in relation to our analysis services, we process in our capacity as processor. We are responsible for this processing according to law and according to a work order with you. This means, among other things, that all sensitive personal data shall undergo pseudonymisation, i.e. it shall not be possible to link it to an individual person without further information (e.g. a key) to which we shall not have access. Furthermore, it means that we process no more data than what is necessary for each individual purpose and that data obtained shall be used only for the purpose for which we have obtained it. BioXpedia have taken appropriate technical and organisational measures to ensure data security in the form of access restrictions and pseudonymisation