collect, use, and disclose
information we obtain through the Service. All other terms not defined herein will have the meanings set forth in the Terms.
“Personal Information” means information that alone or when in combination with other information may be used to readily identify, contact, or locate you, such as: name, address, email address, or phone number. We do not consider Personal Information to include information that has been anonymized so that it does not allow a third party to easily identify a specific individual.
We collect Personal Information when you:
register to use the Service; use the Service; and communicate with us.
We also collect information, such as anonymous usage statistics, by using cookies, server logs, and other similar technology as you use the Service.
Personal Information Collection. You must register to use the Service. To register, you may need to provide Personal Information, such as your email address. You may also provide other optional information.
Using the Service. We collect information you post through the Service. For example, when you Post Data, the Service will collect the information you provide in such submissions.
Making Payments. When you make payments through the Service, you may need to provide Personal Information to our third-party service providers, such as your credit card number.
Customer Support. We may collect Personal Information through your communications with our customer-support team.
Cookies, Automatic Data Collection, and Related Technologies. The Service collects and stores information that is generated automatically as you use it, including your preferences and anonymous usage statistics.
When you visit the Service, we and our third-party service providers receive and record information on our server logs from your browser, including your IP address, and from cookies and similar technology. Cookies are small text files placed in visitors’ computer browsers to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, the Service may not work properly.
By using the Service, you are authorizing us to gather, parse, and retain data related to the provision of the Service.
We use Personal Information to:
Facilitate and improve our services; and communicate with you.
We may use aggregate information for any purpose, including for marketing purposes.
Internal and Service-Related Usage. We use information, including Personal Information, for internal and service-related purposes only and may provide it to third parties to allow us to facilitate the Service. We may use and retain information we collect to provide and improve our services.
Communications. We may send email to the email address you provide to us to verify your account and for informational and operational purposes, such as account management, customer service, or system maintenance.
Marketing. We may use information, including Personal Information, to provide online advertising on the Service and to facilitate transmittal of information that may be useful, relevant, valuable or otherwise of interest to you.
Aggregate Data. We may anonymize and aggregate information collected through the Service and use it for any purpose.
We Use Vendors and Service Providers. We may share any information we receive, which may include Personal Information or Data, with vendors and service providers retained in connection with the provision of the Service. For example, in order to provide you with the Service, we need to share information with our third party hosting provider.
Marketing. We do not rent, sell, or share Personal Information about you with other people or nonaffiliated companies for their direct marketing purposes, unless we have your permission. We may allow access to other information collected by the Service to facilitate transmittal of information that may be useful, relevant, valuable or otherwise of interest to you.
As Required By Law and Similar Disclosures. We may access, preserve, and disclose your Personal Information, other account information, and content if we believe doing so is required or appropriate to: comply with law enforcement requests and legal process, such as a court order or subpoena; respond to your requests; or protect yours’, ours’ or others’ rights, property, or safety.
We may also disclose your Personal Information with your permission.
By using the Service or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Service. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Service or sending an e-mail to you. You may have a legal right to receive this notice in writing. To receive free written notice of a security breach (or to withdraw your consent from receiving electronic notice), please notify us at email@example.com.
We do not knowingly collect information from children under 13 and we do not want it. We will take steps to delete it if we learn we have collected it.
We do not knowingly collect, maintain, or use Personal Information from children under 13 years of age, and no part of the Service is directed to children under the age of 13. If you learn that your child has provided us with Personal Information without your consent, you may alert us at firstname.lastname@example.org. If we learn that we have collected any Personal Information from children under 13, we will promptly take steps to delete such information and terminate the child’s account.
This Policy sets out the Biosero’s requirements for processing personal data and aligns with and, in some cases, exceeds the requirements of applicable laws and regulations. Local laws and regulations that apply to the Services and may be more restrictive than this Policy. Where that is the case, the more restrictive rules will be followed. Personal Data is any information about an identified or identifiable natural person (including but not limited to our employees, patients, shareholders, contractors, or the staff of our suppliers, visitors to our buildings, or website users). In some jurisdictions, the concept of Personal Data is interpreted broadly and expansively to include information that is not obviously an identifier of an individual (e.g., IP addresses and unique device IDs). The requirements in this Policy apply to: (i) All our employees and temporary staff who have access to Personal Data as part of their business activities; (ii) Managers who are accountable for ensuring that appropriate privacy controls are in place within their business function; and (iii) Program/project sponsors who are responsible for ensuring appropriate privacy requirements are assessed at an early stage and incorporated into processes, systems, and services wherever necessary. Third parties who perform services for or on behalf of Biosero are required to comply with the same standards of conduct consistent with the principles of this Policy. Protecting Personal Data To ensure that Biosero is meeting the requirements below, we will consider the privacy risks before we collect, use, retain, or disclose Personal Data, such as in a new system or as part of a project. Any new project or initiative, including new systems, infrastructure, websites, and mobile apps which will collect and/or host Personal Data, will be assessed for the privacy risks associated with the project or initiative prior to implementation.
A. Data Collection, Transparency and Consent: We will only collect Personal Data by fair, lawful, and transparent means, and we will be open with individuals about how we use their Personal Data, with whom we share it, and where it may be sent. Where legally required, we will ensure that individuals are provided with a privacy notice concerning the processing of their Personal Data. Privacy notices should, as a minimum, provide the below in addition to any other information as required by applicable local law: (a) The identity of Biosero affiliate collecting the information; (b) The use(s) to be made of the Personal Data; (c) Whether the information will be shared with or disclosed to third parties or other Biosero affiliates; (d) Whether the information will be transferred from its country of origin; and (e) Where legally required, how individuals can exercise their rights of access, correction, or deletion of their Personal Data. Under certain circumstances, individuals may have other possible rights, such as the right to object to further processing and the right to data portability. When required by law, Biosero will obtain the consent of individuals to collect, use, retain, and disclose their Personal Data. Many countries require consent before collecting and/or using any Sensitive Personal Data. Sensitive Personal Data may include information about a person’s: (i) Race or ethnic origin; (ii) Political opinions; (iii) Religious or other similar beliefs; (iv) Trade union membership; (v) Physical or mental health or condition; (vi) Sexual life; (vii) Commission (or alleged commission) of any offence, or proceedings relating to an offence; (viii) Genetic information; or (ix) Biometric Data. There are additional categories of Personal Data, which are generally considered sensitive, including financial information, such as bank account or credit card details, as well as official identification information, such as passport or Social Security numbers. Where we wish to use Personal Data for a purpose for which we had not previously notified the individual, we may need to notify the individual of the new purpose and, in some cases, gain their consent. In some countries and where legally required, we will notify or gain pre-approval from the local privacy regulator prior to collecting and using any Personal Data.
B. Data Minimization: We will only collect and use the minimum amount of Personal Data to support our business activities and will not make personal data available to anyone (including internal staff) who is not authorized, or does not have a business need to know the information.
C. Legitimacy: We will only use Personal Data where we have a legitimate business need or a legal obligation. Biosero will only process Personal Data in the way described in the applicable privacy notice and in accordance with any consent we have obtained from the individual.
D. Accuracy: We will keep Personal Data accurate and up-to date. Personal Data will be maintained in an accurate and up-to-date form during any processing (i.e., transfer, storage, and retrieval) to fulfill the purposes for which it is to be used.
E. Security: We will protect any personal data collected, used, retained, and disclosed to support our business activities by following the relevant usage, technical, and organizational policies, standards, and processes. Safeguards are in place to protect Personal Data against a variety of threats, including: (i) Loss or theft; (ii) Unauthorized access, use, or disclosure; (iii) Improper copying, modification, or tampering; (iv) Improper retention or destruction; and (v) Loss of integrity, availability, and access to Personal Data. Employees will take appropriate steps to prevent the misuse or loss of Personal Data, to prevent unauthorized access to it, and to report any known or suspected instance of misuse, loss, or unauthorized access to their line manager and their local Privacy Representative.
F. Data Subject Rights and Requests: We will respond to queries or requests made by individuals about their Personal Data, and, where required by law, we will provide individuals with the ability to access, correct, and delete their Personal Data. We will provide the ability for individuals to object to further processing and to request data portability where permitted by law in their country. Where legally permitted, Biosero may: (i) Charge a fee for granting access; (ii) Refuse a request (for example, where an individual makes the same request on several occasions in quick succession); (iii) Apply any relevant exemptions outlined in law to withhold Personal Data. If Biosero does not agree that the information is incorrect or should be deleted, we will record that the individual considers the information to be incorrect or wishes to have it deleted. In such situations, the individual may have a right to object to any further processing.
G. Retention: We will only keep Personal Data necessary to support a specific business activity or legal or regulatory requirement. Personal Data will be: (i) Kept only for as long as it is necessary to meet or support a business activity or comply with a legal or regulatory requirement; (ii) Kept in accordance with our Global Retention and Disposal (GRAD) schedule; and (iii) Securely disposed of or destroyed at the end of the specified retention period.
H. International Transfers: We will ensure that any transfer of Personal Data outside the Biosero complies with applicable law. Where required by law, we will obtain individuals’ consent for transferring their Personal Data outside their country of residence and, in some cases, notify or gain approval from the relevant privacy regulator prior to the transfer taking place.
I. Third Parties: We will ensure that access to and transfers of Personal Data to third parties are carried out for legally justifiable reasons and with suitable privacy safeguards, which may include contractual protections. We will ensure that any third parties or suppliers who will have access to Biosero Personal Data: (i) Go through a due diligence process which assesses their privacy risk; and (ii) Enter into a written contract with Biosero that contains appropriate privacy clauses.
J. Marketing and Promotional Activities: Biosero will abide by any relevant laws that require the consent of consumers when sending marketing communications and carrying out promotional activities. In some markets, Biosero sends marketing communications directly to clients/customers/patients/the public via email, direct mail, telephone, and SMS text messaging. In most markets, we also send promotional content to Healthcare Professionals via some or all of these channels. Where legally required, we will ensure that such communications are only sent with the individual’s prior consent (or equivalent opt-in/opt-out). An opt-out mechanism will be included or be readily available to the individual in each communication (e.g., an unsubscribe function in an email). Where an individual unsubscribes from receiving communications, we will honor their request promptly and ensure we maintain a list of individuals who have opted out from receiving communications from Biosero.
You may contact Biosero at email@example.com at any time to request information on how (i) Biosero processes your personal data, provides access to the personal data, and holds personal data about you; and (ii) to correct any mistakes or to request deletion of the same or withdraw your consent to certain types of processing of your personal data. If such a request places Biosero in breach of its obligations under applicable laws, regulations or codes of practice, then Biosero may not be able to comply with your request, but you may still be able to request that Biosero block (i.e. right to object) the use of your personal information for further processing. Subject to applicable law, you may also have a right to data portability to another data controller under certain circumstances which would involve the sharing of your data with the controller in an electronic format. Subject to applicable law, you can exercise these rights for free.