This Privacy Statement applies to you and your personal data because you are a customer of a subject that is part of the CBC Group. The subject of the CBC Group is a company that acts as a controller in the processing of your personal data. For the purpose of this Privacy Statement, the CBC Group subject with which you have a contract (controller) is responsible for protecting your personal data. This statement explains how we will use personal information that we obtain from you or from third parties for the duration of your contractual relationship with CBC. Please note that since this statement applies to the entire CBC group, small local differences may occur as the specific information is processed for individual purposes. For detailed information, please contact your local data protection officer (see below).
We may update this statement from time to time and, if this happens, we will inform you here. This version of the Privacy Statement was released on 1.4.2018.
- Types of personal data
We process the following data:
Personal contact information. For example, your name, surname, address, home address, mailing address, email address, contact phone number, ID card number, birth number, academic title, birth date. Work contact information. For example, the business address you represent, a working email address, and a phone number.
Contract data. For example, the content of a contract with our company, including all its additions, the scope of services provided, the type of terminal equipment, its designation.
Information about family members and family members. For the purpose of incorporating into preferred groups of customers.
Health facts. For example, microbiological and serological examinations of umbilical cord blood.
Payment information. For example bank account number and amount of paid services.
Correspondence and communication data. For example email correspondence, Internet data transfers and IP addresses.
- Purposes and objectives of data processing
The Controller will process your data for the following purposes:
Customer Administration. We keep personal records of all our customers and their services. Based on the analysis of our records, we also make strategic choices for our customers.
Processing and storage of umbilical cord blood, umbilical tissues, and placental tissue.
Direct marketing. We deal with the development of our customized offerings for them.
Taxes and accounting. In order to fulfill the obligations arising from the Tax Act and other financial-related regulations, we are obliged to process certain personal data.
Dispute resolution and infringement investigations. We may process personal data for the purpose of resolving disputes, complaints or legal proceedings, or if we suspect the offense that we would like to investigate further.
Compliance with the law. We may need to process your personal information to comply with the law (e.g. match your name with names on the so-called designated lists and comply with the law on money laundering) or to comply with a court order.
Share data with parent company Cord Blood Center AG. Your data in the necessary scope of services provided will also be provided by the decision of the Office for Personal Data Protection of the Slovak Republic within the CBC Group in order not to contact you with the services you have purchased from us and to benefit from the benefits of the CBC Group.
Marketing consents. We may also use other data, but only on the basis of special consents that we request from you in advance.
Voice recordings. Personal expressions from calls to call centers.
- Parties that may have access to your data
Controller may share your data with third parties in the following circumstances:
We may share your personal information with other third parties acting on our behalf, such as your service provider. In such cases, these third parties may use your personal information only for the purposes described above and only in accordance with our instructions;
Our employees will have access to personal data. In such a case, access shall be granted only if it is necessary for the abovementioned purposes and only if the employee is bound by the obligation of confidentiality;
If required by law or court order, we may share your personal information with, for example, our suppliers or clients, tax authorities, social security authorities, law enforcement agencies or other governmental authorities.
- Location of your personal information
Our employees will have access to your personal data within the European Economic Area while in our care. Access to your data will also be available in Switzerland, which has laws guaranteeing a level of data protection similar to that of the European Union.
- Storing personal data
We keep your personal data for a limited time, and these data will be deleted when they are no longer needed for processing, and other valid legislation does not require you to archive the data for a longer period of time. In most cases, this means that we will store your data for the duration of your contract. As far as possible, we will delete the data as long as your contract is in force as soon as it is no longer necessary. In any case, we will erase your personal records within 24 months after the termination of the contractual relationship, unless local legislation requires them to be retained.We may process your personal information for a longer period of time after termination of the relationship in the event of a continuing legal dispute or if you have granted us permission to store your personal data for a long time.
- Legal basis for processing your data
In most cases, we process your personal information on the basis that the processing is necessary for the purposes of the legitimate interest we are pursuing, on a contractual basis or on the basis of your consent as the data subject or by law as a separate regulation. In many cases, we will also need to process your personal information on a legal basis. In the case of consent processing, you always have the option to cancel your consent.
- Your rights under the General Data Protection Regulation
According to the GDPR, you have certain rights.
Right of access by the Data SubjectYou are entitled to a copy of the personal information we have about you as well as some details on how we use it.
Your personal information will normally be provided to you in writing, unless otherwise requested, or if you have requested it by electronic means, the information will be provided electronically if possible.
Right to rectification
We take reasonable steps to ensure the accuracy and completeness of the information we have about you. However, if you do not think so, you can ask us to update or supplement this information.
Right to erasure
Under certain circumstances, you have the right to ask us to delete your personal information, for example, when the personal data we have obtained is no longer necessary for the original purpose or when you withdraw consent. However, this will need to be balanced with other factors. For example, we may have legal and regulatory obligations, which means we will not be able to meet your request.
Right to restriction of processing
Under certain circumstances, you are entitled to ask us to discontinue your personal information, for example, when you believe that the personal information we have about you may be inaccurate or if you believe that we no longer need your personal data to be used.
Right to data portability
Under certain circumstances, you have the right to ask us to transfer the personal data you have provided us to another third party of your choice.
The right to object
You have a right to object to data processing that is based on our legitimate interests, as is the case here. If we do not have a valid legitimate reason for processing when you file an objection, we will not process your personal data further. However, please note that we may not be able to provide certain services or benefits unless we are able to process the necessary personal data for that purpose.
Rights related to automated decision making
You have the right to refuse automated decision-making, including profiling, which has a significant legal or similar effect on you. Group companies typically do not use automated decision making or profiling, but if you were the subject of an automated decision and you disagree with the result, you can contact us through the contact details below and ask us to review the decision.
Right to cancel consent
In most cases, we do not process your personal information with your consent. However, it may happen that we ask for your consent in specific cases. Where we do, you have the right to withdraw your consent to the further use of your personal information.
- Contact details
If you would like to contact our Data Protection Officer (DPO), please send an email to firstname.lastname@example.org.If you would like to file a complaint about how we process your personal information, even with respect to the above rights, you can contact our Data Protection Officer, and your suggestions and requests will be reviewed.If you are unhappy with our response or believe that we process your data unfairly or unlawfully, you may complain to the Supervisory Authority of the Office for the Protection of Personal Data. For more information about the Office and their complaints procedure, please visit: www.dataprotection.gov.sk.
If you have any further questions regarding the processing of your personal data, you can contact us through our Data Protection Officer.