This Policy applies to processing your personal information as a representative of our current or future client, vendor, or business partner. You may find information about the processing of personal data you have provided us to perform the services provided here.
Why do we have access to your data and why do we process it?
In order to be able to sign and execute a contract with you or with the company you represent, it is necessary to process your personal data. We may also process personal information about visitors to our websites or physical locations, depending on how you have decided to communicate with us. You may be interested in the courses or stock we offer or the information we provide
We process your personal data only if we have a legal basis for it. This means that the processing must be necessary for the performance of the contract in which you or the company you represent is a party to the contract or that it is possible to take action on demand before the conclusion of the contract. In accordance with our legitimate interest, we may also use your information to provide you with information about our services, prospects, analyzes, events, training that may be of your best interest, or to fulfill the necessary or required tasks arising from a business relationship that you represent.
We have a legal obligation to provide your personal data for inspection by authorized institutions and for the prevention, monitoring and proving of fraud, the fight against money laundering and other criminal offenses.
Your data will be stored securely in accordance with data protection legislation.
What personal data do you process about me and why?
We keep the information necessary to manage a contractual or business relationship. In order to communicate with you and ensure secure and true identification, we need your name, job title and contact details such as address, phone number and email.
In order to be able to meet our statutory obligations regarding, for example, combating money laundering, verify other personal information such as birth or birth date, ID card or travel document number or similar identification and related information required under special regulations.
To ensure the security of our employees and to protect your personal data, we also use cameras in multiple locations, and we ask you to provide, for example, your name and phone number so that we can provide you with access to our premises where information such as, for example, personal data. If we do not have the legal obligation to keep the records, we will remove them after 15 days.
Unless we otherwise agree with you or it is not necessary to establish, enforce or defend legal claims, we will not include special categories of personal information (often referred to as “sensitive personal data” such as data revealing racial or ethnic origin, political opinions, religious or philosophical belief, membership of trade unions and the processing of data concerning health or sex life).
Will you share my personal information with other parties?
We may share your personal information with our suppliers who mediate and / or provide part of our services, printing and postal services, lawyers. We may also share your personal information with our Clients if you represent the vendor that is part of the services we provide to them and the eligible institutions.
Personal data will also be accessible to our employees. In such a case, access shall be granted only if it is necessary for the purposes described and only if the staff member is bound by the duty of discretion.
Will my personal data be transferred to another country?
Since we are part of the CBC Group, it is possible that your data will also be transferred to another country. If this happens, we will ensure that adequate safeguards are in place here, complying with the EU’s General Privacy Policy (GDPR). In general, your personal data will not be transferred outside of the European Economic Area (EEA). We also use third-party service providers to store data and access them outside the EEA, including but not limited to the US. We will never transfer your personal information outside of the EEA without securing their security and protection. Therefore, we ensure that all beneficiaries have signed EU standard contractual clauses to justify the transfer or that the country guarantees adequate protection under the legislation on the protection of personal data. We can also rely on a program called Privacy Shield. It is a program in which US companies can commit themselves to a higher level of privacy protection than required by US legislation. Information can also be made available outside these groups when it comes to fraud prevention or when required by law.
How long do you keep my personal information?
We retain your data for as long as is necessary to fulfill the purpose of the processing under the specific regulations and the purpose for which it was obtained if we have a legitimate interest in preserving them, until the termination of the contractual relationship and / or the expiration of the limitation period within which we should be able to defend against legal claims. From a legal point of view, we also have a duty to keep your personal information at a certain time in order to prevent and detect fraud, detect and demonstrate the fight against money laundering as well as financial audits.
As far as our backups are concerned, we will also erase your data from backup repositories, but only if and when the backup is recovering, according to our retention policy, BCM, and DRP. If your backup policy is cleared by the backup policy, we will delete your data completely.
Will I be subject to automated decision making?
Your personal data will not be used in automated decision making.
Legal basis for processing your data
In most cases, we process your personal information on the basis that the processing is necessary for the purposes of the legitimate interest we are pursuing, on a contractual basis or on the basis of your consent as the data subject or by law as a separate regulation. In many cases, we will also need to process your personal information on a legal basis. In the case of consent processing, you always have the option to cancel your consent.
Your rights under the General Data Protection Regulation
According to the GDPR, you have certain rights.
Right of access by the Data Subject
You are entitled to a copy of the personal information we have about you as well as some details on how we use it.
Your personal information will normally be provided to you in writing, unless otherwise requested, or if you have requested it by electronic means, the information will be provided electronically if possible.
Right to rectification
We take reasonable steps to ensure the accuracy and completeness of the information we have about you. However, if you do not think so, you can ask us to update or supplement this information.
Right to erasure
Under certain circumstances, you have the right to ask us to delete your personal information, for example, when the personal data we have obtained is no longer necessary for the original purpose or when you withdraw consent. However, this will need to be balanced with other factors. For example, we may have legal and regulatory obligations, which means we will not be able to meet your request.
Right to restriction of processing
Under certain circumstances, you are entitled to ask us to discontinue your personal information, for example, when you believe that the personal information we have about you may be inaccurate or if you believe that we no longer need your personal data to be used.
Right to data portability
Under certain circumstances, you have the right to ask us to transfer the personal data you have provided us to another third party of your choice.
The right to object
You have a right to object to data processing that is based on our legitimate interests, as is the case here. If we do not have a valid legitimate reason for processing when you file an objection, we will not process your personal data further. However, please note that we may not be able to provide certain services or benefits unless we are able to process the necessary personal data for that purpose.
Rights related to automated decision making
You have the right to refuse automated decision-making, including profiling, which has a significant legal or similar effect on you. Group companies typically do not use automated decision making or profiling, but if you were the subject of an automated decision and you disagree with the result, you can contact us through the contact details below and ask us to review the decision.
Right to cancel consent
In most cases, we do not process your personal information with your consent. However, it may happen that we ask for your consent in specific cases. Where we do, you have the right to withdraw your consent to the further use of your personal information.
Contact details
If you would like to contact our Data Protection Officer (DPO), please send an email to dataprotection@cordbloodcenter.com.
