PRIVACY NOTICE
Processing Concerned by this Privacy Notice
Your privacy and keeping you informed on processing your personal data is important to us. This Privacy Notice provides you with information on how we collect and process personal data of our clients, potential future clients and our business contacts.
We comply with the EU General Data Protection Regulation (GDPR) and are committed to protecting the privacy of the contacts whose personal data we hold in our records.
Data Controller
Bioretec is made up of different legal entities, details of which can be found at the bottom of this page. This Privacy Notice is issued on behalf of the Bioretec Group so when we mention “we”, “us” or “our” in this Privacy Notice, we are referring to the relevant company in the Bioretec Group responsible for processing your data. Bioretec Ltd is the controller and responsible for this website.
Contact Information
Bioretec Ltd
Yrittäjänkulma 5
FI-33710 Tampere, Finland
+358 20 778 9500
privacy@bioretec.com
Purposes of Processing
We process your personal data for following purposes:
- Delivering our products and services to our clients; managing our business relationship with our clients and other stakeholders (such as communication with our potential clients, vendors and other parties, invoicing, contract management, maintaining documentation on customers etc. as well as any other activities we may deem necessary in order to maintain our business relationships and carry out sourcing and purchasing)
- Developing our products and services, reporting (such as collecting statistics on and analyzing the use of our products and services)
- Marketing and promotion of our products and services, seeking out potential clients, personalization and development of our marketing activities
- Preventing, detecting, and investigating fraud and other unlawful activities
- Processing and storage of personal data for accounting purposes and in order to comply with other legal obligations
- Direct marketing
- Improving your experience when using our website, statistics and analytics, marketing optimization, provision of embedded third-party services
Lawful Basis of Processing
Processing of personal data is based on our legitimate interests (related to delivering our products and services as well as managing and developing our business relationship), a legal obligation (e.g. accounting requirements), or a contract with the data subject.
In certain limited circumstances (such as in case of newsletter subscriptions), the processing of your personal data can also be based on your consent. Where processing is based on consent, you have the right to withdraw your consent at any time (e.g. by unsubscribing from the newsletter). The withdrawal of consent does not, however, affect the lawfulness of processing based on consent before its withdrawal.
Please contact us if you need details about the specific legal ground, we are relying on to process your personal data.
Personal Data Processed
The personal data that we process mainly includes the following:
- Your identification information, such as your name and your contact information (email, address, phone number(s)), name of the company you represent, your title or position)
- Position and personal data given in the contracts
- Information relating to your business relationship with Bioretec, including information about any past or current contracts and orders as well as our correspondence
- Marketing and communications data, such as your subscription to our newsletter and your communication preferences
- Any information about and relating to your participation in our meetings and events
- Any data obtained and/or collected from public information sources such as your company websites, social media profiles and public registers
- Technical data, such as internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other information relating to the devices you use to access this website
Cookies
- As you interact with our website, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use and to edit your preferences regarding our use of cookies on your browser, please see the cookie settings.
Regular Sources of Information
In connection with distribution and sales of our products as well as the training and consulting related to them, we collect data directly from the persons involved (e.g. when you place an order of our products, request information about our products or services, register to attend our events or subscribe to our publications). We may also receive personal data about you from third parties (e.g. analytics and survey providers, advertising networks, social media platforms and data brokers) and public sources (such as your company websites, social media profiles and public registers).
The provision of personal data may be a statutory or contractual requirement, or a requirement necessary to enter into a contract, in which case you are obliged to provide the personal data. If you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you.
Regular Disclosure of Personal Data and Transfer of Data outside the EU or the EEA
Unless required by law, we do not distribute your personal data in any manner to third parties, but we may share information with our suppliers when they perform services on our behalf under contractual obligations to us and only consistent with the purposes defined above.
We may also share your personal data with third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.
Some of our service providers, including Google as an analytics provider, are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data. For further details, see Adequacy decisions.
- Where we use certain service providers, we may use specific contracts approved for use in the EEA which give personal data the same protection it has in the EAA. For further details, see Standard Contractual Clauses (SCC).
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Protection of your Personal Data
We implement appropriate technical and organizational measures against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to personal data by, for example, maintaining security policies and procedures to ensure our systems are secure and protected. We also make sure that any service providers processing personal data on our behalf commit to implement appropriate technical and organizational security measures. Processing of your personal data is limited to personnel who needs to access data for the purposes above while we provide our services. We provide continuous training to our personnel regarding privacy, data protection and security.
Storage Time
We will retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for or as required by laws, regulations and professional rules and codes of conduct applicable to us. We may retain your personal data for a longer period to the extent we deem the data necessary to assert or defend legal claims during any relevant retention period or to identify possible conflicting assignments.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Data Subjects’ Rights
Under data protection law, you have certain rights related to our processing of your personal data. You always have the right to:
- Be informed how we process your personal data
- Request access to your personal data
- Request correction of the personal data that we hold about you
Additionally, subject to requirements set out in the GDPR, you may have the right to:
- Request the erasure of your personal data where there is no good reason for us to continue processing it
- Object to processing of your personal data where we are relying on a legitimate interest
- Request restriction of processing of your personal data
- Request the transfer of your personal data to you or a third party
If you wish to exercise any of the rights set out above, or if you have any questions, please contact us using the information above. We may need to request specific information from you to help us confirm your identity and ensure your right to exercise any of your rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information concerning your request to speed up our response.
In addition to the rights described above, you also have the right to lodge a complaint at any time with a supervisory authority for data protection issues. In Finland, the supervisory authority is the Data Protection Ombudsman's Office. We would, however, appreciate the chance to deal with your concerns before you approach a supervisory authority, so please contact us in the first instance.
Changes to the Privacy Notice
We keep this Privacy Notice under regular review. This version was last updated on 06 September 2024.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Third-Party Links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.