Data Privacy Policy

Our

Data Privacy Policy

Data Privacy Policy
We at BioXpedia process personal data, including data about you and your use of our services. According to
the EU General Data Protection Regulation (GDPR), we are responsible for how and for what purposes the
data processing is carried out.
Contents
1 For what purpose do we collect information? ………………………………………………………………………….. 1
2 What information do we collect and process? ………………………………………………………………………….. 1
3 How is the information collected? ………………………………………………………………………………………….. 1
4 How do we use the information? …………………………………………………………………………………………… 2
5 With whom do we share data? ………………………………………………………………………………………………. 2
6 For how long do we store data? …………………………………………………………………………………………….. 3
7 Your rights …………………………………………………………………………………………………………………………. 3
8 How do you withdraw consent? …………………………………………………………………………………………….. 3
9 Processor – Sensitive personal data ……………………………………………………………………………………….. 4
1 For what purpose do we collect information?
BioXpedia only collects the personal information about you as set out in this privacy policy. We collect the
information to ensure you the highest level of service from BioXpedia.
2 What information do we collect and process?
We treat your personal information with confidentiality and process personal information in accordance
with the legal basis set out in the General Data Protection Regulation.
We collect customer data such as position, professional background, name, address, phone number, email
and details about the services for which you have engaged us.
We process personal data related to the samples that we analyse. We cannot in any way link these data to
a certain identifiable person.
3 How is the information collected?
Information that you have provided to us in conjunction with a work order with BioXpedia concerning the
delivery of services is collected.
Page 2 of 4
BioXpedia A/S – Data Privacy Policy v1.0
Information is collected when you communicate with us, e.g. regarding project support, billing information,
or when you sign up to receive information from us.
Information from website cookies and social media such as LinkedIn is collected.
Information is collected in conjunction with expressions of interest either as a person interested in our
services or as a person interested in employment.
4 How do we use the information?
To process customer data, the processing must have a legal basis in accordance with applicable privacy
legislation.
This means that the processing must be done based on: a) the processing is necessary to enable us to enter
into a contract or to perform a work order with you, b) you have consented to the processing, or c) based
on a legitimate interest. Examples of purposes for which we process your data and the legal basis for such
processing can be found below.
4.1 To provide services and comply with laws
When we provide services in accordance with the conditions of the contract between you and us, we
process data to perform our obligations under the contract. We also process data to be able to process
invoices and payments, to deal with complaints, for troubleshooting and for dealing with other incidents.
The legal basis is ‘compliance with a legal obligation’.
4.2 To communicate to you about our services
We process data to communicate with you about our services, and we may provide you with
recommendations e.g. about how to use our service and inform you about new services and improvements.
The legal basis is ‘a legitimate interest’.
4.3 To develop new services
We conduct analyses of customer data with the aim to improve our activities and our existing services, to
develop new services, and improve our way of working. The legal basis is ‘a legitimate interest’.
4.4 Processing for marketing purposes
We process data to be able to market our services to you. We may send you such marketing by email and
letter. The legal basis is ‘a legitimate interest’.
If the processing of personal data is based on consent from you, you are entitled to revoke such consent at
any time. You will find more information about how to withdraw consent in section 8.
5 With whom do we share data?
We may share data with sub-contractors that perform services on our behalf, to fulfil the purposes above.
It may be necessary to engage sub-contractors to be able to deliver our services to you. BioXpedia continue
to be responsible for the processing of your data. Sub-contractors cannot use data for purposes other than
those we specify.
We shall only disclose your customer data to other parties, e.g. suppliers of third-party services, after you
have provided your consent.
Page 3 of 4
BioXpedia A/S – Data Privacy Policy v1.0
Your personal data is not transferred to countries outside the EEA (i.e. a third country). All transfers within
EEA are based on applicable law, and when we engage sub-contractors to perform part of our service, we
will conclude a contract for the processing of personal data with such parties.
6 For how long do we store data?
We will save your personal data as long it is necessary considering the purpose of the processing, i.e.
different data will be saved for different periods of time. Certain data needs to be saved for a certain period
to comply with applicable legislation.
7 Your rights
The purpose of the data protection legislation is, among other things, to strengthen the rights of individuals
to their data. You are consequently entitled to know what we do with your data, the purposes for which we
process your data, for how long we will save it and who will have access to the data.
7.1 Data Protection Officer
We have appointed a Data Protection Officer. You are welcome to contact our Data Protection Officer at
[email protected] if you have questions about our processing of personal data or if you wish to exercise
any of your rights described below.
7.2 Right to know what data we have concerning you
You shall be able to get information about what personal data of yours we process. To receive such
information, you must clearly state what information you want access to and identify yourself in a secure
way. You are entitled to have this information free of charge, though no more than once per year.
7.3 Right to rectification
If any of the data we process is inaccurate or if additional information is needed, you are entitled to have
inaccurate data rectified or to supplement it with additional data that may be needed for processing.
7.4 Right to be forgotten
You are entitled to have your personal data erased. Contact the Data Protection Officer in such a case.
Contact details are provided above.
7.5 Right to restriction
You are entitled to have the data processing that we carry out restricted. ‘Restriction’ means that data is
marked so that it is only processed for certain limited purposes going forward.
7.6 Right to data portability
You are entitled to data portability for the data you have submitted to us if we carry out processing based
on your consent or when we process data to communicate with you. The right to portability only applies to
data that we process electronic. This means that data only processed in paper files is not covered by the
right to portability.
8 How do you withdraw consent?
You are entitled at any time to withdraw the consent you have given to us for processing of your data.
However, note that we may also perform processing on legal bases other than consent. Contact Data
Protection Officer to withdraw consent, see section 7.1.
Page 4 of 4
BioXpedia A/S – Data Privacy Policy v1.0
9 Processor – Sensitive personal data
The personal data that we process for you, in relation to our analysis services, we process in our capacity as
processor. We are responsible for this processing according to law and according to a work order with you.
This means, among other things, that all sensitive personal data shall undergo pseudonymisation, i.e. it
shall not be possible to link it to an individual person without further information (e.g. a key) to which we
shall not have access. Furthermore, it means that we process no more data than what is necessary for each
individual purpose and that data obtained shall be used only for the purpose for which we have obtained it.
BioXpedia have taken appropriate technical and organisational measures to ensure data security in the
form of access restrictions and pseudonymisation.