Privacy Policies
Biosensors International Privacy Policies
Find here the privacy policies applicable to the whole range of products of Biosensors International. (Drug-eluting, Drug-coated stents and Balloons)
PRIVACY STATEMENT – FOR EUROPE AND UK
This Privacy Statement is intended for European visitors
PLEASE READ THIS PRIVACY STATEMENT CAREFULLY.
Biosensors International is committed to protecting your privacy when you visit our website. This Privacy Statement ('Privacy Statement') details how Biosensors International Group Ltd. and its subsidiaries and affiliates ('biosensors', 'we' or 'us') collect, hold and process information about individual persons who visit this www.biosensors.com website (the “Website”). This Privacy Statement does not apply to situations where we have notified the individual person that an alternative privacy statement applies.
This Privacy Statement was last revised on May 24th 2018. We may change this Privacy Statement at any time and for any reason; however we will always handle your Personal Data in accordance with the Privacy Statement that was in effect at the time of collection. If we make a significant change to our Privacy Statement, we will post a notice on the homepage for a period of timed after the change is made. You should refer to this Privacy Statement regularly.
A. OUR COMMITMENT TO PRIVACY
We respect the privacy of your information. As a result, we believe that it is important to provide you with this explanation about our online information practices as they relate to your use of this Website.
Generally we will only process your Personal Data as described in this Privacy Statement. However, we reserve the right to conduct additional processing to the extent permitted or required by law, or in support of any legal or criminal investigation.
The next sections of the Privacy Statement describe what personal information is being collected and how it is being collected, for what purpose the personal information is being collected, how it is being used, for how long it is being stored and what are your rights.
B. THE PERSONAL INFORMATION WE COLLECT
Personal Information: Personal information is any information that individually identifies you ('Personal Data'), such as:
> your first and last name;
> user name, e-mail address, physical address, phone number or other similar contact information;
> Medical license registration number, qualifications;
> Personal health information;
> IP (internet Protocol) address when such address is associated with a specific user
The information we collect through the Website will depend on what you do when visiting the website. We will collect Personal Data from you when you register to order goods or services, send any online enquiry (for example through the Contact Us Form) or in connection with cookies and other technologies.
Sensitive Information: Some types of Personal Data are sensitive information. Sensitive information is personal information revealing or relating to your health, genetic or biometric data, your racial or ethnic origin, religious or philosophical beliefs, sex life or sexual orientation, political opinions or trade union membership. Such Sensitive Information require additional controls to ensure specific protection and is subject to a specific treatment different from other Personal Data. Therefore, Biosensors will only collect and process Sensitive Information about You as follows:
> in ways for which you have given your explicit consent (for example, participants to a clinical trial that have explicitly consented to participate to such trial)
> to protect the vital interests of You or another person, in cases where your explicit consent cannot be given or reasonably requested
> according to applicable laws which include suitable and specific measures to safeguard your fundamental rights and interests (for example, as may be required by a competent authority in order to assure the safe and effective use of our products)
> where the processing is necessary for medical purposes and we are, under the circumstances, under a duty of confidentiality equivalent to the duty of confidentiality of a health professional (for example, information obtained through healthcare professionals who we work with to provide technical support for our products or services to You)
> to establish, exercise, or defend a legal claim
C. HOW DOES BIOSENSORS COLLECT PERSONAL DATA
Biosensors collects Personal Data (excluding Sensitive Information) in the following ways:
-
When You enter personal information on pages of the Website:
- For example, you may fill out the “Contact Us” form when you contact us on the Website by clicking on the 'Contact' button; or
- When you register yourself for access to those areas of the Website where access might be restricted (such as a password- protected area for licensed medical professionals). We may require users to register on the Website or otherwise by providing certain Personal Identifiable Information in order to access certain parts of the Website. For example, certain content may only be made available to Registered Users who are licensed medical professionals. Any information you provide to us must be true, accurate, non-misleading and consistent and relevant for the purpose for which you are providing the information. If you are a registered user, you must have the authority to provide the information submitted to and through the Website, and understand and agree that we may from time to time verify such data.
-
By using automated means:
- Cookies: we may use cookies to store and sometimes track information about you. A 'cookie' is a small amount of data that is sent to your browser from a Web server and stored on your computer's hard drive. Cookies do not damage your computer. Generally, we use cookies to remind us of who you are, to give you easier access to repeatedly used account information, to gather statistical information about usage, to research visiting patterns, and to help target advertisements based on user interests. Such information is used by us to improve the contents of the site and to compile aggregate statistics about individuals using our site for internal, market research purposes. Your web browser settings, which you may change at any time, determine if and how a cookie will be accepted. You have several options for controlling how cookies are used on your device or browser. You can opt to receive a notification when cookies are set, you can delete cookies that have already been set, and you can choose to refuse all or certain cookies. For further details on the options available visit https://cookiesandyou.com. If you decide to reject all cookies, please be aware that you may be required to re-enter your information more often and certain features of our Website may be unavailable to you.
- Usage Data: we automatically gather general statistical information about our Website and visitors, such as IP addresses, date and time you access the Website, your origin and destination URLs, the computer technology you are using, the pages you viewed, the number of visitors, your time spent on each page, items accessed, your browsing preferences, etc. ('Usage Data').
D. HOW DOES BIOSENSORS USE PERSONAL INFORMATION
We may use the Personal Data (other than sensitive information, see above for specific reference) for the purposes specified below:
> to respond to your specific requests;
> to provide You with any requested information, resources, goods or services;
> to resolve and track the status of any consumer and/or product or service issues;
> to enter into, or perform a contract with You;
> in other ways to which you consent
Biosensors may also use the Personal Data to the extent necessary to achieve the following legitimate interests – provided that such legitimate interests are compatible with your rights and expectations of privacy:
> For analytical and improvement purposes in order to research, develop and improve products, services, content and program;
> To enforce this Privacy Statement or to protect Biosensors’ rights or property
Biosensors may also use the Personal Data for a public interest or safeguard of a person’s vital interests:
> As necessary to protect someone’s health, safety or welfare; or
> In order to comply with a law or regulation, court order or other legal process
Finally Biosensors may anonymize your information by removing any personal identifiers (name, email address, etc) so that it may be used for other purposes. In that case, the information would no longer identify you and be treated like other non personal information.
E. DOES BIOSENSORS SHARE PERSONAL DATA WITH THIRD PARTIES?
Biosensors does not sell your Personal Data to third parties. Biosensors will not share nor distribute your Personal Data collected from this Website with a third-party except as described in this Privacy Statement. As per our organization and in the ordinary course of business, we may share some Personal Data with Biosensors affiliates or third party companies that we hire to perform services or functions on our behalf. For example, we may use a third party to administer some website function or use our company affiliates to provide supporting services relating to your Personal Data. e.g. we may store your information on a secure server based at our affiliate’s site in Europe, in Switzerland or in Singapore. Biosensors will only share information that is necessary for the specific purpose or task and we will not authorize any third parties to keep, disclose or use your Personal Data except to provide the requested services in line with the purposes it has been originally collected for.
In addition, we may use and disclose your Personal Data to third parties if necessary – and in compliance with the applicable law - to:
> enforce this Privacy Statement;
> protect Biosensors’ rights or property;
> protect someone's health, safety or welfare;
> comply with a law or regulation, court order or other legal process;
> investigate or take action in cases of suspected fraud or illegal activities
F. HOW LONG DOES BIOSENSORS KEEP YOUR PERSONAL DATA FOR?
Biosensors will only keep your Personal Data for so long as necessary to fulfill the purposes for which we are allowed to use them, as set out in this Privacy Statement. Once the purpose is completed and provided that no specific legal recordkeeping obligations apply, we shall delete the Personal Data.
G. DATA TRANSFER ABROAD
We are part of the Biosensors International Group which is a global group of companies located in several countries worldwide. In certain cases, Biosensors may transfer your Personal Data to one of its affiliates or third party service providers in other countries, potentially including countries which may not be considered by EU or Swiss competent authorities as providing an adequate level of protection for your Personal Data compared with the ones provided in the European Union, but only in furtherance of the purposes set out in this Privacy Statement. In such cases, Biosensors will ensure that safeguards equivalent to those provided by European and Swiss data protection laws are in place prior to any transfer.
H. LINKS TO OTHER SITES
This Privacy Statement applies only to this Website and not to websites owned by third parties. We may provide links to other websites which we believe may be of interest to our visitors and for the convenience of our visitors. We aim to ensure that such websites are of the highest standard; however, due to the nature of the internet, Biosensors cannot guarantee the privacy standards of websites to which we link nor can we be responsible for reviewing, monitoring or controlling the contents of sites other than this one. Biosensors recommends that you review the privacy practices that apply to information you may provide on other websites.
Biosensors will have no liability for websites operated by third parties or your business dealing with them.
I. PERSONAL DATA AND CHILDREN
Biosensors care about protecting the online privacy of children. Most of the services and information available on this Website are intended for persons 16 years of age and older. Any individual who requests information about a medical product indicated for use in children must be 16 or over and Biosensors does not allow children under 18 to register or to receive marketing communications arising from their use of the Website. No information should be submitted to or posted at the Website by children under 16 years of age without the consent of their parent or legal guardian. Biosensors will not knowingly nor intentionally collect, use or disclose Personal Data from a minor under the age of 16, without obtaining prior consent from a person with parental responsibility (e.g. parent or guardian) through direct off-line contact. If you have information that we may have collected Personal Data from someone under the age of 16, please contact us.
J. WEBSITE SECURITY - CONFIDENTIALITY
Security is very important to us. To ensure the security and confidentiality of Personal Data that we collect on the Website, we use data networks protected inter alia by industry standard firewall and password protection and in the course of processing your Personal Data, we use industry standards to protect your Personal Data from loss, misuse, unauthorized access, disclosure, alteration or destruction.
However note that no website or email transmission is 100% secure and we encourage you to take special care in deciding what information you send or request via email, and take appropriate precautions such as keeping any usernames and passwords you use strictly confidential.
K. WHAT ARE YOUR RIGHTS?
Whenever we process Personal Data, we take reasonable steps to ensure that your Personal Data is kept accurate and up-to-date for the purposes for which it was collected. At any time, you may exercise your right to access, rectify and, as the case may be, erase, any personal information relating to You, or restrict the processing of your Personal Data, in compliance with applicable laws:
> Right to access: You can ask us for a copy of the personal data held by Biosensors about you.
> Right to restrict processing/right to object: You can ask us to stop any processing of personal data concerning you for which you have given your consent or which is based on our legitimate interests
> Right to rectification: You can ask us to correct any incorrect personal data we may hold about you
> Right to be forgotten/erasure: to be forgotten/erasure: You can ask us to erase any personal data we may hold about you where such data is unnecessary, where the processing is unlawful or where you have withdrawn your consent to the processing (where applicable).
> Right not to be submitted to automated decision: If a decision is made through a solely automated process, and that decision affects You significantly, you have the right to express your point of view and object to such a decision. You also have the right to access the criteria of such a decision.
> Right to Data Portability: in case You provided Personal Data to us and we are processing your personal information as part of a service to you or based on your consent, You have the right to receive Your Personal Data in an appropriate machine readable form to enable You to pass such Personal Data to another company or person of your choice.
Please send such requests electronically to privacy.office@biosensors.com
or in writing to:
Biosensors Europe SA - Att: Data Privacy - Rue de Lausanne 29, 1110 Morges (Switzerland)
or to our representative in the European Union:
Biosensors BV - Att: Data Privacy - Arnoudstraat 8, 2182 DZ Hillegom (The Netherlands)
or for the UK to our affiliate: Biosensors International UK Ltd, 12 New Fetter Lane, London, EC4 1JP, UK
If you contact us, please note the specific information you would like to us to correct, update or delete plus a proper identification of You. Requests to delete Personal Data will be subject to any applicable legal and ethical reporting or document filing or retention obligations imposed on Biosensors.
In case you are not satisfied with our handling of your request you may contact us at privacy.office@biosensors.com or contact the applicable Data Protection Authority.
L. CONTACT US.
If you have any queries, comments or complaints about our compliance with this Privacy Statement, or if you would like to make any recommendations or comments to improve the quality of our Privacy Statement, please email us at privacy.office@biosensors.com
Copyright © December 2020. Biosensors International Group, Ltd.
New Valve Technology Privacy Policies
Find here all privacy policies applicable to the whole range of products of New Valves Technology. (Valves)
Data Privacy Policy
Basic principle
NVT takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection provisions and this privacy policy.
It is ordinarily possible to use our website without supplying personal data. If personal data (such as name, address or e-mail addresses) is collected on our pages, this always occurs on a voluntary basis to the extent possible. Such data is not shared with third parties without your express consent.
We point out that the transmission of data over the Internet (for example, while communicating via e-mail) can have security vulnerabilities. It is not possible to completely protect data against third-party access.
Name and address of party responsible for the processing
The controller in terms of the General Data Protection Regulation, of other applicable data protection laws in the member states of the European Union and of other provisions with a data protection character is:
NVT GmbH
Lotzenäcker 17
72379 Hechingen
phone: +49 (0) 7471 989 79 0
email: info-sh@biosensors.com
Name and address of the data protection officer
The data protection officer of the controller is:
Steffen Wacker
E-Mail: privacy@biosensors.com
Server-Log-Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Date and time of the server request
- Quantity of data sent in bytes
- Your IP address (in anonymized form, if appropriate)
This data cannot be related to specific persons. This data is not conflated with other data sources. The data is processed pursuant to Art. 6 (1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not shared or used in any other manner. We reserve the right to review this data later if we become aware of concrete indications of unlawful use.
Please keep in mind that you can set your browser to inform you of the setting of cookies and can individually decide on accepting them or can exclude cookies for specific cases or generally. Each browser differs in the way it administers cookie settings. This is described in the help menu of each browser, which explains for you how you can change your cookie settings. You can find them for the particular browsers at the following links:
Internet Explorer:
https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox:
https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Chrome:
https://support.google.com/chrome/answer/95647?hl=en&hlrm=en
Safari:
https://support.apple.com/en-gb/HT201265
Opera:
https://help.opera.com/en/latest/web-preferences/
Please note that refusal to accept cookies can limit the functionality of our website.
SSL encryption
This site uses SSL encryption for reasons of security and to protect the transmission of confidential content, such as the queries you send to us as the site operator. You can recognize an encrypted connection by the fact that the browser address line changes from “http://” to https://” and through the padlock icon in your browser line. When SSL encryption is activated, the data you transmit to us cannot be read by third parties.
Making contact
Contact form
If you send inquiries to us by a contact form, we store your information from the inquiry form—including the contact data you supply there—for the purpose of processing the inquiry and in case of follow-up questions. We do not share this data without your consent.
The data that is entered into the contact form is thus processed exclusively based on your consent (Art. 6(1)(a) GDPR). You can revoke this consent at any time.
An informal e-mail communication to us is sufficient. The lawfulness of the data processing operations that are completed up to the revocation remains unaffected by the revocation.
Data you entered in the contact form remains with us until you ask us to delete it, you revoke your consent to store it or the purpose of the data storage no longer applies (for example, after completion of the processing of your query). Compulsory statutory provisions—especially retention periods—remain unaffected.
Query by e-mail, telephone or fax
When you contact us by e-mail, telephone or fax, your query, along with all resulting personal data (name, query), is stored and processed by us for purposes of handling your matter. We do not share this data without your consent.
This data is processed based on Art. 6(1)(b) GDPR if your query is associated with the fulfillment of a contract or is required for the performance of pre-contractual activities. In all other cases, the processing is based on your consent (Art. 6(1)(a) GDPR) and/or on our legitimate interests (Art. 6 (1)(f) GDPR) because we have a legitimate interest in the effective handling of the queries that are sent to us.
Data you sent to us via contact requests remains with us until you ask us to delete it, you revoke your consent to store it or the purpose of the data storage no longer applies (for example, after the processing of your matter is completed). Compulsory statutory provisions—especially statutory retention periods—remain unaffected.
Data processing for order handling
To process your order, we work with service providers who assist us, entirely or in part, with the performance of contracts that have been entered into. When you engage us to render a service or to ship goods, your personal data is used without your separate consent only to the extent necessary for rendering the service or performing the contract. This expressly includes the sharing of your data with carriers, credit bureaus or other service companies that are employed to render the service or process the contract.
We share personal data we collect in the course of contract processing with, for example, the carrier that is engaged for the delivery, provided that this is required for the delivery of the goods. We share your payment data with the financial institution we engage in the course of payment processing, provided that such is required for payment processing. The legal basis for the sharing of the data while doing this is Art. 6 (1)(b) GDPR.
We disclose customer accounts and personal data about customers when we are legally required to do so or when such disclosure is required in order to enforce our general terms and conditions of business or other agreements or to protect our rights and the rights of our customers and those of third parties.
Rights of the data subject
Applicable data protection law affords you extensive data-subject rights (information and intervention rights) toward the controller regarding the processing of your personal data; we inform you of these rights below:
- Right to information pursuant to Art. 15 GDPR: You expressly have a right to information about your personal data that we process, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data was or is disclosed, the planned duration of storage or criteria for its definition, the existence of a right to rectification, erasure or restriction of processing, the right to object to the processing, lodging a complaint with a supervisory authority, the origin of your data if we did not collect it from you, the existence of an automated decision-making process, including profiling and any meaningful information about the logic involved and the implications and intended effects on you of such processing as well as your right to be informed of the safeguards which exist pursuant to Art. 46 GDPR if your data is transmitted to a third country;
- Right to rectification pursuant to Art. 16 GDPR: You have a right to have, without undue delay, incorrect data that concerns you rectified and/or your incomplete data that is stored with us completed;
- Right to erasure pursuant to Art. 17 GDPR: You have the right to request that your personal data be erased if the requirements of Art. 17 (1) GDPR exist. However, this right expressly does not exist if processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
- Right to restriction of processing pursuant to Art. 18 GDPR: You have the right to request that the processing of your personal data be restricted while the accuracy of your data that you have contested is being verified, when you oppose the erasure of your data in view of unlawful processing and instead request that the processing of your data be restricted, when you need your data for the establishment, exercise or defense of legal claims after we no longer need this data for the purpose of the processing or when you have objected for reasons of your special situation, pending verification whether our legitimate grounds are overriding;
- Right to notification pursuant to Art. 19 GDPR: If you have asserted the right to rectification, erasure or restriction of processing with respect to the controller, the controller is obligated to communicate such rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about those recipients.
- Right to data portability pursuant to Art. 20 GDPR: You have the right to receive your personal data you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller as long as this is technically feasible;
- Right under Art. 7 (3) GDPR to withdraw consents you have given: You have the right to withdraw, at any time with future effect, a consent you once gave for the processing of data. In case of withdrawal, we will erase the data at issue without undue delay, unless a continued processing is legally supportable on the basis of processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
- Right to lodge a complaint pursuant to Art. 77 GDPR: If you feel that the processing of personal data concerning you infringes the GDPR, you have—without prejudice to any other administrative or judicial remedy—the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged infringement.
Right to information, erasure, blocking
You have the right at all times to information, without charge, about your stored personal data, its origin and recipient(s) and the purpose of the data processing as well as a right to have the data rectified, blocked or erased. For this and other questions on the subject of personal data, you may contact us at any time at the address indicated in the Imprint.
Should you have questions that this privacy policy was unable to answer or should you have questions about the processing of your personal data, you can contact our data protection officer, who is also available to respond to requests for information, suggestions or complaints.
Data security
We maintain all kinds of security measures in terms of Art. 32 GDPR (technical and organizational measures) for the protection of your personal data. If you should contact us by e-mail, we point out that the confidentiality of the transmitted information is not guaranteed. Under certain circumstances, the content of e-mails can be viewed by third parties. We therefore recommend that you send confidential information to us by conventional mail.
Objection to promotional e-mails
Contact information published for the site notice obligation may not be used to send promotional and informational materials that have not been expressly requested. The operators of the pages expressly reserve the right to take legal steps against unsolicited promotional information, such as in the form of spam.
Right to object
If in the course of a weighing of interests, we process your personal data based on our predominantly legitimate interests, you have the right to object to this processing at any time with future effect for reasons that originate from your special situation.
If you avail yourself of the right to object, we stop processing the affected data. However, we reserve the right to continue processing if we can prove compelling reasons for processing that are worth protecting and outweigh your interests, fundamental rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims.
If we process your personal data in order to engage in direct advertising, you have the right to object at any time to the processing of personal data about you for purposes of such advertising. You can make the objection as described above. If you avail yourself of the right to object, we stop processing the affected data for purposes of direct advertising.
Duration of the storage of personal data
The duration of the storage of personal data is calculated with reference to the respective statutory retention period (e.g. commercial and taxation-related retention periods). Upon expiration of the period, the corresponding data is routinely erased unless it is still required for contract performance or initiation and/or a legitimate interest in continued storage persists on our part.
Update of the privacy policy
This privacy policy shall be updated if and when NVT launches new products or services, changes Internet procedures or if Internet and computer security technology develops. We will publish the changes here.
General Information Obligations
Which of your data do we process? And for what purposes?
If we have received data from you, we will only process it for the purposes for which we received or collected it.
Data processing for other purposes is only considered if the necessary legal requirements pursuant to Art. 6 (4) GDPR are met.
In the following, we inform you about the purposes for which we process your data in particular.
Duty to inform website visitors
Purpose and legal basis of data processing (Art. 13 (1c) GDPR)
- Handling and processing of inquiries when using the contact form integrated into the website (Art. 6 para. 1 f GDPR)
- Technical operation of the website (Art. 6 para. 1 f GDPR)
- Optimization of the website offer by evaluating website usage data (Art. 6 para. 1 f GDPR)
Interests of the controller in the balancing of interests (Art. 13 (1d) GDPR)
- Assertion of legal claims and defense in legal disputes
- Ensuring the company's IT security and IT operations
- Prevention of criminal offenses
- Measures for business management and further development of services and products
Recipients or categories of recipients of the personal data (Art. 13 (1e) GDPR)
Software manufacturer of third-party components, advertising agency, affiliated companies, IT service providers.
Transfer to third countries (Art. 13 para. 1f GDPR)
Data may be transferred to affiliated companies in Switzerland and Singapore.
Storage period in accordance with statutory retention obligations (Art. 13 para. 2a GDPR)
Personal data is generally erased within ten years of termination of the contractual relationship or earlier if the purpose of storage no longer applies and there are no statutory retention obligations to the contrary.
Existence of a requirement to provide personal data (Art. 13 para. 2e GDPR)
The data collected is required for the technical operation of the website and the processing of your inquiries.
Duty to inform customers
Purpose and legal basis of the data processing (Art. 13 para. 1c GDPR)
- Processing of customer inquiries and orders transmitted in person, by email, telephone or other technical means of communication (Art. 6 (1b) GDPR)
- Processing of complaints (Art. 6 para. 1c GDPR)
- Billing purposes (Art. 6 para. 1b GDPR)
- Implementation of brand ting measures (Art. 6 para. 1a GDPR)
- Implementation and documentation of product training measures (Art. 6 para. 1a GDPR & Art. 6 para. 1c GDPR)
- Informing customers in the event of a product recall (Art. 6 (1d) GDPR)
- Fulfillment of legal obligations (Art. 6 para. 1c GDPR)
- Sending information material (Art. 6 para. 1b GDPR)
- Support of operational processes by service providers (Art. 28 GDPR)
Interests of the controller in the balancing of interests (Art. 13 (1d) GDPR)
- Assertion of legal claims and defense in legal disputes
- Ensuring the company's IT security and IT operations
- Prevention of criminal offenses
- Measures for business management and further development of services and products
Recipients or categories of recipients of the personal data (Art. 13 para. 1e GDPR)
Authorities, companies with a public mandate (DEKRA/TÜV, auditors), IT service providers, banks, suppliers and service providers, tax office, purchasing groups, consultants, affiliated companies
Transfer to third countries (Art. 13 para. 1f GDPR)
Data may be transferred to affiliated companies in Switzerland and Singapore.
Storage period in accordance with statutory retention obligations (Art. 13 para. 2a GDPR)
All documents relevant to commercial or tax law are stored for at least 10 years, in special circumstances for 18 years due to other legal requirements. The storage of e-mail correspondence is stored in our archiving system for at least 10 years regardless of deletion from the respective mailbox.
Existence of a requirement to provide personal data (Art. 13 para. 2e GDPR)
The data collected is required for the conclusion of the purchase contract or for legal information purposes. Data for marketing purposes is provided voluntarily.
Information obligation for interested parties
Purpose and legal basis of the data processing (Art. 13 para. 1c GDPR)
- Contacting and establishing contact by an affiliated company, a customer or a medical advisor on the basis of transmitted contact data (e.g. business card) (Art. 6 para. 1a GDPR)
- Processing of contact requests (Art. 6 para. 1f GDPR)
- Preparation of offers for interested parties (Art. 6 para. 1f GDPR)
- Conclusion of purchase or commercial contracts (Art. 6 para. 1f GDPR)
- Fulfillment of legal obligations (Art. 6 para. 1c GDPR)
Interests of the controller when weighing up interests (Art. 13 (1d) GDPR)
- Assertion of legal claims and defense in legal disputes
- Ensuring the company's IT security and IT operations
- Prevention of criminal offenses
- Measures for business management and further development of services and products
Recipients or categories of recipients of the personal data (Art. 13 (1e) GDPR)
IT service providers, affiliated companies
Transfer to third countries (Art. 13 para. 1f GDPR)
Data may be transferred to affiliated companies in Switzerland and Singapore.
Storage period in accordance with statutory retention obligations (Art. 13 para. 2a GDPR)
Personal data is generally deleted within ten years or earlier if the purpose of the processing no longer applies (e.g. if a prospective customer does not become a customer) or the data subject requests this, provided that there are no statutory retention obligations to the contrary.
Existence of a requirement to provide personal data (Art. 13 para. 2 e GDPR)
The data collected is required to process inquiries from interested parties, to prepare offers, to conclude purchase or commercial contracts or to carry out business operations.
Information obligation for suppliers and service providers
Purpose and legal basis of the data processing (Art. 13 para. 1c GDPR)
- Purchase and processing of services and deliveries of goods (Art. 6 (1f) GDPR)
- Fulfillment of legal obligations (Art. 6 para. 1c GDPR)
- Sending information material (Art. 6 para. 1b GDPR)
- Support of operational processes by service providers (Art. 28 GDPR)
Interests of the controller when weighing up interests (Art. 13 (1d) GDPR)
- Assertion of legal claims and defense in legal disputes
- Ensuring the company's IT security and IT operations
- Prevention of criminal offenses
- Measures for business management and further development of services and products
Recipients or categories of recipients of the personal data (Art. 13 para. 1e GDPR)
Public authorities, companies with a public mandate (DEKRA/TÜV, auditors), IT service providers, banks, suppliers and service providers, purchasing groups, consultants, affiliated companies
Transfer to third countries (Art. 13 para. 1f GDPR)
Data may be transferred to affiliated companies in Switzerland and Singapore.
Storage period in accordance with statutory retention obligations (Art. 13 para. 2a GDPR)
All documents relevant to commercial or tax law are stored for at least 10 years, and in special circumstances for 18 years due to other legal requirements. The storage of e-mail correspondence is stored in our archiving system for at least 10 years, irrespective of deletion from the respective mailbox.
Existence of a requirement to provide personal data (Art. 13 (2e) GDPR)
The data collected is required for the conclusion and performance of the supplier or service relationship.
Duty to inform patients
Purpose and legal basis of the data processing (Art. 13 para. 1c GDPR)
- Supporting operational processes as a service provider for clinics and distributors in assessing the suitability of patient anatomies for our medical devices on the basis of pseudonymized computer tomographies (Art. 6 para. 1f GDPR).
- If a pseudonymization of the CT scans is not sufficient to clearly identify a patient in the context of an implantation of our medical devices, we may also store the full name in order to avoid confusion (Art. 6 para. 1d GDPR).
- Development of a heart valve prosthesis specially made for the patient as part of a custom-made product commissioned by a clinic or distributor (Art. 6 para. 1b GDPR, Art. 6 para. 1c GDPR & Art. 6 para. 1d GDPR)
Interests of the controller when weighing up interests (Art. 13 (1d) GDPR)
- Assertion of legal claims and defense in legal disputes
- Ensuring the company's IT security and IT operations
- Prevention of criminal offenses
- Measures for business management and further development of services and products
- Exclusion of confusion that could lead to danger to life and limb
Recipients or categories of recipients of the personal data (Art. 13 (1e) GDPR)
Public authorities, companies with a public mandate (DEKRA/TÜV, auditors), IT service providers, consultants, affiliated companies, distributors
Transfer to third countries (Art. 13 para. 1f GDPR)
Data may be transferred to affiliated companies in Switzerland and Singapore.
Storage period in accordance with statutory retention obligations (Art. 13 para. 2a GDPR)
All documents relevant to commercial or tax law are stored for at least 10 years, and in special circumstances for 15 years due to other legal requirements. The storage of e-mail correspondence is stored in our archiving system for at least 10 years regardless of deletion from the respective mailbox. Data on patients is stored for 8 weeks for rejected cases after receipt of the data or 8 weeks for cases after implantation. In the case of custom-made products, we store the data for up to 18 years due to legal requirements.
Existence of a necessity to provide personal data (Art. 13 para. 2e GDPR)
The data collected is necessary for the conclusion and implementation of the supplier or service relationship with our customers (dealers, hospitals) and to ensure your medical care.
Information obligation for applicants
Purpose and legal basis of the data processing (Art. 13 para. 1c GDPR)
- Processing of applications and conclusion of employment contracts (Section 26 (1) BDSG-new)
Interests of the controller in the balancing of interests (Art. 13 (1d) GDPR)
Not applicable.
Recipients or categories of recipients of the personal data (Art. 13 (1e) GDPR)
IT service providers, affiliated companies
Transfer to third countries (Art. 13 para. 1f GDPR)
Data may be transferred to affiliated companies in Switzerland and Singapore.
Storage period in accordance with statutory retention obligations (Art. 13 para. 2 a GDPR)
The personal data will be deleted six months after the end of the application process, taking into account Section 61b para. 1 ArbGG in conjunction with Section 15 AGG.
Existence of a requirement to provide personal data (Art. 13 para. 2e GDPR)
The data collected is necessary for the application process. If it is not provided, it will not be possible to carry out the application process.
Duty to inform employees
Purpose and legal basis of the data processing (Art. 13 para. 1c GDPR)
- Management of the personnel file (Section 26 (1) BDSG-new in conjunction with Art. 88 (1) GDPR)
- Payroll accounting (Section 26 (1) BDSG-new in conjunction with Art. 88 (1) GDPR)
- Administration of pension contracts (Section 26 (1) BDSG-new in conjunction with Art. 88 (1) GDPR)
- Access and time recording (Section 26 (1) BDSG-new in conjunction with Art. 88 (1) GDPR)
- Collection of driver's license data for company car management and organization of rental cars (Art. 6 para. 1c GDPR)
- Processing of fines in road traffic (Art. 6 para. 1c GDPR)
- Displaying images of the data subject on the company website, in marketing materials or internal documents (e.g. employee handbook) with the data subject's consent (Art. 6 (1a) GDPR)
- Support of operational processes by service providers (Art. 28 GDPR)
- Exercising rights or fulfilling legal obligations under employment law, social security law and social protection law, e.g. providing health data to the health insurance fund, recording severe disability due to additional leave and determining the severely disabled person's levy (Art. 9 para. 2b GDPR)
- Processing of health data for the assessment of your ability to work (Art. 9 (2h) GDPR)
- Implementation of company integration management (Art. 9 para. 2a GDPR)
Interests of the controller when weighing up interests (Art. 13 (1d) GDPR)
- Assertion of legal claims and defense in legal disputes
- Ensuring the company's IT security and IT operations
- Prevention of criminal offenses
- Measures for business management and further development of services and products
Recipients or categories of recipients of the personal data (Art. 13 para. 1e GDPR)
Authorities, companies with a public mandate (DEKRA/TÜV, auditors), IT service providers, banks, suppliers and service providers, tax office, IT service providers, consultants, affiliated companies, customers/dealers, travel and passenger transport service providers, car rental companies, advertising agencies, photographers, insurance companies, third-party debtors in the event of wage and salary garnishment, insolvency administrators in the event of personal insolvency
Transfer to third countries (Art. 13 para. 1f GDPR)
Data may be transferred to Switzerland, Singapore and China to affiliated companies and consultants as well as to other third countries (e.g. if customers are located outside the EU and Switzerland).
Storage period in accordance with statutory retention obligations (Art. 13 para. 2 a GDPR)
Personal data is deleted 3 years after the employee leaves the company. Documents relevant to remuneration are stored for 10 years for tax law reasons. In the case of documents that establish a pension entitlement, we are obliged to keep these for 30 years.
Existence of a necessity to provide personal data (Art. 13 para. 2 e GDPR)
The data collected is necessary for the conclusion and maintenance of the employment relationship and for payroll accounting.
General rights of data subjects
Right of access, rectification, erasure, restriction, data portability and objection (Art. 13 (2b) GDPR)
As a data subject, you have the right to access, rectification and erasure of your data and to restriction of processing, as well as the right to data portability, at any time. Please contact the controller using the contact details provided.
Right to object (Art. 21 (1) GDPR)
If your data is processed to protect legitimate interests, you have the right to object to this processing at any time by contacting us using the contact details provided if your particular situation gives rise to reasons that conflict with this data processing. We will then terminate this processing unless it serves overriding interests worthy of protection on our part.
Right of withdrawal (Art. 13 para. 2c GDPR)
If you have consented to the processing of your data, you have the right to revoke this consent at any time for the future. This does not affect the lawfulness of the processing up to the time of revocation. Please contact the controller using the contact details provided.
Right to lodge a complaint (Art. 13 para. 2d GDPR)
As a data subject, you can contact the responsible State Commissioner for Data Protection and Freedom of Information Baden-Württemberg at any time if you have a complaint.
Der Landesbeauftragte für Datenschutz und Informationssicherheit Baden-Württemberg
Lautenschlagerstrasse 20
70173 Stuttgart
Tel.: +49 (0) 711 6155410
E-Mail: poststelle@lfdi.bwl.de
Biosensors Europe SA Privacy Policies
Find here the privacy policies applicable to the whole range of products of Biosensors Europe SA.
Biosensors Europe SA
PRIVACY NOTICE
| VERSION | 1 |
|---|---|
| EFFECTIVE DATE | 1st February 2026 |
CONTENTS
INTRODUCTION
This privacy notice ("Notice") sets out how Biosensors Europe SA and its affiliates ("Biosensors International Group") use and protect your personal data. This Notice is provided in a layered format so you can click through to the specific areas set out below. This Privacy Notice has been updated to align with the requirements of the EU General Data Protection Regulation (Regulation (EU) 2016/679), the UK General Data Protection Regulation and Data Protection Act 2018, as amended by the Data (Use and Access) Act 2025 (DUAA), and the Swiss Federal Act on Data Protection (FADP, 2023 revision). It applies to the collection and processing of personal data by Biosensors Europe SA (the European Headquarters of Biosensors International Group Ltd) when you use the websites or interact with the organisation.
You can download a copy of the Notice here.
1. Important information and who we are
This Notice gives you information about how Biosensors International Group collects and uses your personal data through your use of the website or your interaction with the organisation.
2. Controller
Biosensors Europe SA, "we", "us" or "our" is the party responsible for this website https://www.biosensors.com/intl/ (the "Website") to which this Notice applies.
Accordingly, Biosensors Europe SA (also referred to as "BESA") is the controller and the party responsible for your personal data when using the Website. This means Biosensors Europe SA determines what data is collected, how this data is going to be used and how it will be protected, in accordance with applicable data protection laws, including (but not limited to) the EU GDPR, the UK GDPR as amended by the Data (Use and Access) Act 2025 and the Swiss Federal Act on Data Protection (FADP, 2023 revision).
3. How to contact us
You can contact us at:
Biosensors Europe SA
Postal address:
rue de Lausanne 29
1110 Morges
Switzerland
Email: hremea@biosensors.com
Telephone: +41 21 804 70 00
4. Data Protection Officer (DPO) and GDPR EU Representative
We have appointed a data protection officer (DPO), who is responsible for overseeing our data privacy compliance and questions in relation to this Notice. Namely, Biosensors Europe SA has appointed GRCI Law Ltd as its independent Data Protection Officer (DPO).
If you have any questions about this Notice and/or in relation to our privacy practices, you may contact our DPO at dpaas@grcsolutions.io.
Please ensure you include our company name in any correspondence you send to our DPO.
BESA has appointed an EU representative in line with its obligation under article 27 GDPR. You can contact the EU representative at: Biosensors BV, Arnoudstraat 8, 2182 DZ Hillegom, Netherlands or at privacy.office@biosensors.com.
For the UK, you can contact our affiliate: Biosensors International UK Ltd, 12 New Fetter Lane, London, EC4 1JP, UK or contact us at privacy.office@biosensors.com.
5. The types of personal data we collect about you
Personal data, sometimes also referred to as "personal information", means any information about an individual from which that person can be identified directly or indirectly, such as their name, address, bank account details, Internet protocol (IP) address, username or another identifier.
The personal information we collect may include:
| Category | Data Types |
|---|---|
| Account Access Data | Username and credentials for restricted areas (excluding passwords); registration verification information. |
| AFU/MDR required security data | Device identifiers, usage data, activity logs, access credentials. |
| Candidate Data | Includes information you have provided to us in your curriculum vitae, covering letter and/or application form, including name, title, address, telephone number(s), personal email address, date of birth, job title, job role, location, employment history, educational background and qualifications, areas of expertise, registrations with professional bodies and any additional personal data you may share with us voluntarily. |
| Clickstream Data | The virtual breadcrumb trail that a user leaves behind while browsing. We may record paths you have taken through our Website (e.g. sections or area clicked and the order in which it is done) and use this information to provide customised content. |
| Contact Data | Email address; telephone number; physical or mailing address; other similar contact information. |
| Cookie Data | Cookie identifiers and tracking information used to recognise returning users, store preferences, compile statistics, and personalise Website content. |
| Health / Sensitive Information | Personal health information, biometric or genetic information, or other sensitive data, only when collected under explicit consent or as required by applicable laws for product safety, medical purposes, or regulatory obligations. |
| Identity Data | First and last name; username; Medical Licence registration number; qualifications. |
| Inquiry / Communications Data | Information you submit via the "Contact Us" form or other enquiries, including the content of your message and any attachments you provide. |
| Marketing data | Includes your preferences in receiving marketing from us, including in relation to our events, and your communication preferences. |
| Technical Data | IP address, browser type and version, device information, operating system, time of access, originating and destination URLs, and similar technical information. |
| Usage Data | Statistical information generated by your visit, including pages viewed, time spent on pages, browsing preferences, and navigation patterns across the Website. |
| Transactional / Payment Data | Information about the products and service purchased from us. Includes payment details, including payor name, Contact Data and/or Business Contact Data, billing address, bank account details. |
In certain cases, we may also collect other information, including information about third parties, and any other information, when you provide that to us.
6. Further information about Special Category Data
Special Category Data, sometimes also referred to as "sensitive personal data", is personal data that needs more protection because it is sensitive.
Sensitive personal data are information relating to your health, genetic or biometric data, your racial or ethnic origin, religious or philosophical beliefs, sex life or sexual orientation, political opinions or trade union membership. Such Sensitive data require additional controls to ensure specific protection and is subject to a specific treatment different from other Personal Data. Therefore, Biosensors will only collect and process Sensitive Data about You as follows:
- in ways for which you have given your explicit consent (for example, participants to a clinical trial that have explicitly consented to participate to such trial)
- to protect the vital interests of You or another person, in cases where your explicit consent cannot be given or reasonably requested
- according to applicable laws which include suitable and specific measures to safeguard your fundamental rights and interests (for example, as may be required by a competent authority in order to assure the safe and effective use of our products) and therefore collection and processing is necessary to fulfil our legal obligations (for example, to enable us to comply with our responsibilities under applicable laws);
- where the processing is necessary for medical purposes and we are, under the circumstances, under a duty of confidentiality equivalent to the duty of confidentiality of a health professional (for example, information obtained through healthcare professionals who we work with to provide technical support for our products or services to You)
- to establish, exercise, or defend a legal claim
We have implemented appropriate policies and safeguards, as required by law, to ensure the secure and lawful processing of sensitive or special category data. For more information on these safeguards, or to request further details about how we handle this type of data, please contact us using the details provided in the "How to contact us" section of this Notice.
7. How is your personal data collected?
We use different methods to collect data from and about you, including through:
(a) Your direct interactions with us.
You may give us your personal data by filling in online forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- apply for our products or services;
- subscribe to our service or publications;
- request information to be sent to you;
- give us feedback or contact us.
For example, you may fill out the "Contact Us" form when you contact us on the Website by clicking on the 'Contact' button; or when you register yourself for access to those areas of the Website where access might be restricted (such as a password-protected area for licensed medical professionals). We may require users to register on the Website or otherwise by providing certain Personal Identifiable Information in order to access certain parts of the Website. For example, certain content may only be made available to Registered Users who are licensed medical professionals. Any information you provide to us must be true, accurate, non-misleading and consistent and relevant for the purpose for which you are providing the information. If you are a registered user, you must have the authority to provide the information submitted to and through the Website and understand and agree that we may from time to time verify such data.
(b) Indirectly through the operation of automated technologies or indirect interactions.
As you interact with our Website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies.
We may use cookies to store and sometimes track information about you. A 'cookie' is a small amount of data that is sent to your browser from a Web server and stored on your computer's hard drive. Cookies do not damage your computer. Generally, we use cookies to remind us of who you are, to give you easier access to repeatedly used account information, to gather statistical information about usage, to research visiting patterns, and to help us engage in communication with you based on user interests. Such information is used by us to improve the contents of the site and to compile aggregate statistics about individuals using our site for internal, market research purposes. Your web browser settings, which you may change at any time, determine if and how a cookie will be accepted. You have several options for controlling how cookies are used on your device or browser. You can opt to receive a notification when cookies are set, you can delete cookies that have already been set, and you can choose to refuse all or certain cookies. For further details on the options available visit https://cookiesandyou.com. If you decide to reject all cookies, please be aware that you may be required to re-enter your information more often and certain features of our Website may be unavailable to you.
Please see our cookie notice [LINK] for further details.
(c) Other ways we collect personal data.
We automatically gather general statistical information about our Website and visitors, such as IP addresses, date and time you access the Website, your origin and destination URLs, the computer technology you are using, the pages you viewed, the number of visitors, your time spent on each page, items accessed, your browsing preferences, etc. ('Usage Data').
8. How we use your personal data
We may use the Personal Data (other than sensitive information, see above for specific reference) for the purposes specified below:
- to respond to your specific requests;
- to provide You with any requested information, resources, goods or services;
- to resolve and track the status of any consumer and/or product or service issues;
- to enter into, or perform a contract with You;
- To enforce this Privacy Statement or to protect Biosensors' rights or property
- in other ways to which you consent
We do not typically use data for analytical purpose, however we may process data to improve services, content and program.
Biosensors may anonymize your information by removing any personal identifiers (name, email address, etc) so that it may be used for other purposes. In that case, the information would no longer identify you and be treated like other non-personal information.
The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases when processing your personal data:
- Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you.
- Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). We use our legitimate interest as a legal basis provided that such legitimate interests are compatible with your rights and expectations of privacy.
- Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.
- Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to our newsletter.
-
Vital interest: We may also use the Personal Data for a public interest or safeguard of a person's vital interests:
- As necessary to protect someone's health, safety or welfare; or
- In order to comply with a law or regulation, court order or other legal process
9. Overview of how we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use the various categories of your personal data, and which of the legal bases we rely on to do so in each case. We have also identified what our legitimate interests are where appropriate.
| PURPOSE | TYPES OF INFORMATION COLLECTED | LAWFUL BASIS | EXPLANATION OF LEGITIMATE INTEREST |
|---|---|---|---|
| To register new customers, including setting up customer accounts for supply of our products and to determine your requirements to tailor service provision as required. |
|
Performance of a contract | N/A |
| To provide our services, including management of user accounts, fulfilment of transactions and/or performance of a contract with you or at your request. |
|
Performance of a contract | N/A |
| To prospect potential new supplier relationships, including to analyse and discuss the suitability of the offering before entering into a transactional relationship. |
|
Performance of a contract | N/A |
| To manage, provide and improve our Website, including monitoring, troubleshooting, carrying out data analysis and network security, and system testing. |
|
Legitimate interest (Website effectiveness and integrity) | Necessary to maintain the useability, security and integrity of our Website and networks as well as to inform areas of improvement to that. |
| To manage and monitor our business and services, including (but not limited to) the provision of administration and IT services, network security, fraud prevention, due diligence on the customers and/or in the context of a business reorganisation or group restructuring exercise. |
|
Legitimate interest (service improvement) | Managing, protecting and administering our business to enable us to maintain, monitor and improve the services we offer to our customers and users. Maintaining the integrity of our service provision. |
| To manage payments, fees and charges in relation to the services we provide. |
|
Performance of a contract | N/A |
| To assess the quality of our products and services, and their delivery. |
|
Legitimate interest (service delivery) | Ensuring the provision of high-quality services. Necessary to inform the making of changes and improvements to our services and service delivery processes as appropriate. |
| To provide service updates and support: Contacting individuals regarding services, updates (including updates to purchased products, services and software) and client support. |
|
Legitimate interest (communication and support) | Processing is necessary to maintain communication and provide assistance to users and clients to ensure efficient and responsive service, continuity of service, and fulfilment of customer expectations. |
| Recruitment and job applications, including registering job applicants and processing applications, scheduling interviews, and assessing candidate suitability for roles. |
|
Legitimate interest (recruitment) | Processing is necessary to assess and manage job applications and recruit suitable candidates for organisational needs. |
| Recruitment and job applications, including the collection and processing of sensitive data related to diversity, health or background checks. |
|
Compliance with a legal obligation | Processing is necessary to enable compliance with applicable laws for certain roles or for voluntary diversity monitoring purposes. |
| Product enquiries: Receiving and managing product enquiries submitted via the Website. |
|
Consent | N/A |
| Cookies: Collection and analysis of information about Website usage to improve user experience and functionality. (Non-essential cookies) |
|
Consent. Obtained where required by law for non-essential cookies via appropriate cookie opt-in mechanism. | N/A |
| Cookies: Collection and analysis of information about Website usage to improve user experience and functionality. (Essential cookies) |
|
Legitimate interest (website analytics) | Processing is necessary to analyse website performance, improve user experience and maintain functionality. |
| Rights and claims |
|
Legitimate interest (enforcement of legal rights) | Processing is necessary to allow us to enforce or apply our Website terms of use, our terms and conditions of business, or other contract, and to enable us to exercise our rights, to defend ourselves from claims, and to keep to laws and regulations that apply to us and the third parties we work with. |
| Data transfers: Transfers of personal data across jurisdictions to support our operations and services. |
|
Legitimate interest (global operations) | Processing is necessary to facilitate our global operations and to enable us to comply with applicable international transfer mechanisms, including Standard Contractual Clauses or other approved safeguards. |
| Marketing: Provision of promotional information about services and updates (general marketing). |
|
Consent | N/A |
| Marketing: Promotion of services and updates to existing customers or users. |
|
Legitimate interest (marketing) | Necessary to promote services to existing customers or users who have a reasonable expectation of receiving such communications. |
| Data subject rights: Processing and verifying identity of the requester. |
|
Legal obligation | N/A |
| Data subject rights: Processing and responding to the exercise of a Data Subjects Rights Request. | All data types are potentially in scope. | Legal obligation | N/A |
| Record keeping: Keeping appropriate internal records about our business and services. |
|
Legal obligation | N/A |
| Legal requirements: Processing as necessary for compliance with legal obligations, such as, but not limited to, security requirements and/or applicable law, for example in response to a request from a court or regulatory body, where such request is made in accordance with the law, and/or to detect fraudulent or criminal activity. In such instances, we may share information with law enforcement organisations such as the police. | All data types are potentially in scope. |
Legal obligation Legitimate interest |
Necessary for the purposes of detecting unusual activity including (but not limited to) fraud. |
10. Children's data
Our Website is not directed at young people, and we do not knowingly collect or process personal data from Minors.
Biosensors care about protecting the online privacy of children. Most of the services and information available on this Website are intended for persons 16 years of age and older. Any individual who requests information about a medical product indicated for use in children must be 16 or over and Biosensors does not allow children under 18 to register or to receive marketing communications arising from their use of the Website. No information should be submitted to or posted at the Website by children under 16 years of age without the consent of their parent or legal guardian. Biosensors will not knowingly nor intentionally collect, use or disclose Personal Data from a minor under the age of 16, without obtaining prior consent from a person with parental responsibility (e.g. parent or guardian) through direct off-line contact.
If we become aware that we have collected personal information from a Minor without appropriate parental or guardian consent, we will take steps to delete the information as soon as possible. If you believe we may have inadvertently collected data from a Minor, please contact us using the details set out in the "How to contact us" section of this Notice.]
11. Direct marketing, third-party marketing and opting-out
Where you have agreed, we may contact you for marketing purposes concerning our products or services and/or to send you updates and/or our newsletter. This may include information concerning promotions or offers that could benefit you. We will only contact you using the methods that you agree when you provide your information to us. We will only contact you by post, email, phone or SMS about our products, services [or promotions] if you have asked us to do so.
You can ask us to stop sending you marketing communications at any time. If you have changed your mind and would prefer us not to contact you, then you can opt out at any time by contacting us at privacy.office@biosensors.com or by accessing the unsubscribe link on the email sent to you and updating your preferences. We will process any such request promptly in accordance with applicable data protection laws. Please note that opting out of marketing communications does not affect transactional or service-related communications necessary for the performance of a contract or other legitimate purposes.
We will not provide your information to third parties other than as set out in this Notice.
12. Cookies
Each time you interact with our Website, we may, depending on the consent provided, automatically collect personal information, including technical data about your device, your browsing actions and patterns, content and usage data. We collect this data using cookies, and other identifiers to remember your preferences, to understand how our Website is used. You can access additional information about our use of cookies and other tracking technologies by accessing our Cookie Notice here.
13. Data accuracy
We are committed to maintaining the accuracy and relevance of the personal data we hold and process. Accordingly, it is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example if you have a new address or change your contact email address.
Under applicable privacy laws, you have the right to request that we correct or update inaccurate or incomplete personal data we hold about you. Accordingly, if you need to request that we update or correct the personal information we hold about you, please contact us at privacy.office@biosensors.com.
14. Automated decision-making
We do not use automated decision-making or profiling.
15. Artificial Intelligence
We may use in the future artificial intelligence (AI) systems to support the delivery of our services, for example in data analysis, drafting communications or providing customer support.
All AI tools we may use will be subject to robust oversight and deployed in accordance with applicable data protection law. Where personal data is processed by AI, we ensure it is handled lawfully, fairly and transparently, with appropriate safeguards in place.
If you have any questions about our use of AI or wish to exercise your data protection rights in this context, please contact us at privacy.office@biosensors.com.
16. Disclosures of your personal data
Biosensors does not sell your Personal Data to third parties. Biosensors will not share nor distribute your Personal Data collected from this Website with a third-party except as described in this Notice (see paragraph below).
As per our organization and in the ordinary course of business, we may however share some Personal Data with Biosensors affiliates or third party companies that we hire to perform services or functions on our behalf. For example, we may use a third party to administer some website function or use our company affiliates to provide supporting services relating to your Personal Data. e.g. we may store your information on a secure server based at our affiliate's site in Europe, in Switzerland or in Singapore.
Biosensors will only share information that is necessary for the specific purpose or task and we will not authorize any third parties to keep, disclose or use your Personal Data except to provide the requested services in line with the purposes it has been originally collected for.
In addition, we may use and disclose your Personal Data to third parties if necessary – and in compliance with the applicable law to:
- enforce this Privacy Statement;
- protect Biosensors' rights or property;
- protect someone's health, safety or welfare;
- comply with a law or regulation, court order or other legal process;
- investigate or take action in cases of suspected fraud or illegal activities
This list is non-exhaustive, and there may be other situations where we need to share your personal data with further third parties to effectively provide our products and services to you.
We only allow those parties/organisations to handle your personal data if we are satisfied they take appropriate measures to protect it. We also impose contractual obligations on them to ensure they can only use your personal data to provide services to us and, where applicable, to you.
We or the third parties mentioned above may occasionally also share personal data with:
- our and/or their external auditors, e.g. in relation to the audit of our or their accounts, in which case the recipient of the information will be bound by confidentiality obligations;
- our and/or their professional advisors, in which case the recipient of the information will be bound by confidentiality obligations, for example (but not limited to circumstances) where reasonably necessary for the establishment, exercise or defence of a legal claim;
- law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations, for example where we are required to disclose information under a subpoena, court order or other mandatory reporting requirements; and
- other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, an acquisition, an asset sale, an initial public offering or in the event of our insolvency. In such circumstances, information will usually be anonymised, but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations.
We will not share your personal data with any other third party without your consent.
The specific kind of information we share will depend on your activities with us and only to the extent as required or permitted by law, and/or with your consent.
Please note that this Notice does not apply to sharing of personal information by third parties that may collect personal information from you and may share it with us. In these situations, we strongly advise you to review the relevant third party's privacy notice before submitting your personal information to them.
18. International data transfers
We are part of the Biosensors International Group which is a global group of companies located in several countries worldwide. In certain cases, we may transfer and process your personal data outside of the European Economic Area (EEA), the United Kingdom, and Switzerland. All such transfers will be carried out in accordance with Chapter V of the EU GDPR, Part 3 of the UK GDPR, the Data (Use and Access) Act 2025 (DUAA), and the Swiss FADP. Where an adequacy decision does not apply, appropriate safeguards such as the EU Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement (IDTA) or Addendum, and the Swiss-approved clauses are implemented. Transfers to the United States may rely on the EU–US Data Privacy Framework, the UK Extension to the DPF, or the Swiss–US DPF, as applicable.
To safeguard your personal information, we ensure that all international transfers comply with applicable data protection laws and ensure that the standard of protection afforded to personal data in the destination country is not materially lower than that applicable within the UK, EU and Switzerland. We undertake thorough due diligence and risk assessments before any data transfer takes place to ensure that your information has an appropriate level of protection. Where required, we implement legal safeguards, such as the specific standard contractual terms approved for use in the UK (such as the International Data Transfer Agreement or, as applicable, the International Data Transfer Addendum to the European Commission's standard contractual clauses for international data transfers), in the EU or Switzerland or other approved mechanisms to ensure your data is handled securely and lawfully.
For further details about the protection given to your information when it is transferred overseas, contact us using the details set out in the "How to contact us" section of this Notice.]
19. Data security
The security of your personal data is important to us. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those of our employees, agents, contractors and other third parties that have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
Please be aware that the transmission of information via the Internet is not completely secure. While we strive to use commercially acceptable means to protect your personal data, we do not have any control over what happens between your device and the boundary of our information infrastructure and therefore cannot guarantee its absolute security. You should be aware of the many information security risks that exist (including, but not limited to, when you contact us by email) and take appropriate steps to safeguard your own information.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
20. Third-party links
Our Website may include links to third-party websites, plugins and applications. Clicking those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy policy of every website you visit.
21. Data retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
The factors we will take into account when determining the retention period to be applied to personal data may include:
- The amount, nature and sensitivity of the personal data.
- The risk of harm from unauthorised use or disclosure.
- The purposes for which we process the personal data and whether these purposes can be achieved through other means.
- Any applicable legal, regulatory or contractual requirements.
- Any applicable requirements and guidance under the UK Data (Use and Access) Act 2025, including rules on minimising retention of special category or biometric data and retaining only what is necessary for recognised purposes.
In some circumstances, you can ask us to delete your data: see the "Your legal rights" section of this Notice for further information. These rights apply under the EU GDPR, UK GDPR (as amended by DUAA), and the Swiss FADP. They include the rights of access, rectification, erasure, restriction, objection, data portability, and to withdraw consent. Residents of Switzerland also have the right to request information on data disclosure abroad under Article 19 FADP.
In some circumstances, we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
22. Your legal rights
These rights apply under the EU GDPR, UK GDPR (as amended by DUAA), and the Swiss FADP. They include the rights of access, rectification, erasure, restriction, objection, data portability, and to withdraw consent. Residents of Switzerland also have the right to request information on data disclosure abroad under Article 19 FADP.
You have a number of rights under data protection laws in relation to your personal data.
You have the right to:
- Request access to your personal data (commonly known as a "subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information that override your right to object.
- You also have the absolute right to object any time to the processing of your personal data for direct marketing purposes (see the "Direct marketing, third-party marketing and opting-out" section of this Notice for details of how to object to receiving direct marketing communications).
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information that you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
-
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:
- If you want us to establish the data's accuracy.
- Where our use of the data is unlawful but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
If you wish to exercise any of the rights set out above, please contact us at privacy.office@biosensors.com or Biosensors BV, Data Privacy, Arnoudstraat 8, 2182 DZ Hillegom, Netherlands.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your valid right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. We will carry out reasonable and proportionate searches to respond to access requests. We may pause the response time while we wait for additional information.
Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
23. Complaints
You have the right to raise a complaint with your local data protection authority. In the European Union, you may contact the supervisory authority in your Member State of residence or workplace. In the United Kingdom, you may contact the Information Commissioner's Office (ICO) at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or via https://ico.org.uk. In Switzerland, you may contact the Federal Data Protection and Information Commissioner (FDPIC) via https://www.edoeb.admin.ch. We encourage you to contact our DPO first so that we may seek to resolve your concerns promptly.
If you have concerns about how your personal data has been handled or believe your privacy rights have been infringed, please contact us first at privacy.office@biosensors.com or by mail to Biosensors BV, Data Privacy, Arnoudstraat 8, 2182 DZ Hillegom, Netherlands or via the contact form on our Website. We are committed to addressing and resolving privacy-related concerns promptly and fairly.
24. Changes to this Notice
We keep this Notice under regular review.
We may modify or amend this Notice from time to time at our discretion to reflect changes in our practices, legal requirements, or for other operational reasons.
When we make material changes to this Notice, [we will post the updated Notice on our Website]. The effective date will always be shown at the top of this Notice. If required by applicable law, we will also notify you directly or request your consent before the changes take effect. The modified or amended Notice will be effective as to the personal information governed by it as of the revision date.
We encourage periodic review of this Notice to view any updates so that you may stay informed about how we protect your personal information.
