Menu

This Privacy Policy explains how Biocartis NV (“we”, “our”) and our subsidiaries/affiliates handle your personal data collected through our Website (this “Website”), affiliated websites (the “Websites”), or which is otherwise processed by us in our role of data controller.

At Biocartis, we value your trust and want to make sure that you understand our policies and practices regarding data protection. Therefore, we encourage you to read this Privacy Policy. In addition to the privacy practices set out here, we have Terms of Use which incorporate the terms of this policy. Our Terms of Use can be read here.

OUR COMMITMENT TO PROTECT YOUR PERSONAL DATA

We are committed to protect the confidentiality, integrity, availability and security of your personal data. At Biocartis we only process the personal data that we need by keeping the amount of data we collect from you to a strict minimum. Biocartis is an ethical organization – we commit to protect your fundamental rights and freedoms when we are processing your personal data. To achieve and sustain our commitment, we use appropriate technical and organizational measures in such a manner to help us meet personal data processing requirements of the national, European Union and United States laws and thus ensure the protection of your rights. Biocartis assures that the whole of its staff understands these principles and enforces privacy safeguards throughout the company. To that end, we communicate an internal privacy and information security policy.

If you have any questions about how we handle or protect your personal data, please do not hesitate to contact our Biocartis Data Protection Officer via email at [email protected].

PROCESSING OF YOUR PERSONAL DATA BY BIOCARTIS

Personal data for Biocartis includes any information relating to an identified or identifiable natural person – also known as a “data subject”. A data subject relates to someone who can be identified, directly or indirectly, in particular by reference to an identification number or one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity. Different pieces of information, which, collected together, can lead to the identification of a particular person, also constitute personal data. This information may include, but is not limited to, your name, address, email address, phone number, electronic identification number or business contact information and also biometric data, DNA, etc.

Personal data that has been de-identified, encrypted or pseudonymized but can be used to re-identify a person, remains personal data and falls within the scope of the General Data Protection Regulation (GDPR) and this Privacy Policy. Personal data that has been rendered anonymous (by Biocartis, its subsidiaries or received in its anonymous form by a third party) in such a way that the individual is not or no longer identifiable, is no longer considered personal data. For data to be truly anonymized, the anonymization must be irreversible and thus permanent.

We use your personal data only for the purposes of processing your requests, to conduct our business, to develop analytical and aggregated data that allow us and our partners to improve our websites and related processing activities, for recruitment-related purposes or for business development purposes.

More information on the personal data we collect, the use of personal data and channels used to collect this data can be found further in this Privacy Policy.

LEGAL GROUND FO RPROCESSING YOUR PERSONAL DATA

We will only process your personal data if we have obtained your prior consent, if the processing is necessary to perform our contractual obligations or to take pre-contractual steps at your request, if the processing is necessary to comply with legal or regulatory obligations or if the processing is necessary for our legitimate interests such as for business development, while taking your interests, fundamental rights and freedoms into consideration.

YOUR PRIVACY RIGHTS

At Biocartis, we are committed to protect your privacy at all times and therefore guarantee fair and transparent processing of your personal data. You, as a data subject whose personal data is being processed by us, are entitled to certain rights.

As such, you have the right to access your personal data, the right to rectification in case your processed data is incorrect or incomplete, the right to request the erasure of your personal data if Biocartis would have no more grounds for the processing thereof, the right of data portability (meaning to request your data to be transferred to yourself or another organization in a machine readable standard format), the right to request the restriction of further processing of your personal data, the right to object to further processing of your personal data when you believe your rights and freedoms override our compelling ground for the processing and the right to withdraw your consent if the processing of your personal data is based on consent.

To exercise – or gain more information about – the abovementioned rights, you can contact the Biocartis Data Protection Officer by email at [email protected].

After verifying your identity we will do everything reasonably possible to comply with the request unless it will require completely unreasonable measures. This means there may be situations where we cannot guarantee complying to your request when, for example, Biocartis must take technically or organizationally virtually impossible measures or extremely costly measures. Furthermore, some data subject right requests might be subject to a verification of the applicability criteria. We may refuse to process requests that are unreasonably repetitive or systematic. All requests are handled within one month (30 calendar days) after receiving them.

You also have the right to lodge a complaint with the competent data protection supervisory authority. You can contact the Belgian Supervisory Authority through their e-mail address [email protected]; by phone +32 (0)2 274 48 00 or find more information on their website www.gegevensbeschermingsautoriteit.be.

PERSONAL DATA BIOCARTIS COLLECTS BY USING OUR WEBISTE

The personal data we collect from you depends on how you interact with us through our website. Please find hereinunder the relevant section that applies to you as a user of our web services.

By using one or more of the contact forms on our website, for example the generic ‘contact’ form, the subscription form to the news for the investors or the ‘schedule a meeting’ form, Biocartis only collects the personal data that you provide to us. This personal data includes your name, e-mail address, company name, country, topic of interest, preferred date and time for meeting (for ’schedule a meeting’ form) and any other information you choose to provide to us – for example your phone number and the content of your message. We may use your personal data to get in touch with you to respond to your message. We also may use your personal data to send you direct marketing materials. You can always object to the use of your personal data for direct marketing purposes. Please see the Your Privacy Rights section of this Privacy Policy.

If you access the secure area on our website for the first time, you will be asked to create an account. When creating an account, we act as data processor, collecting your personal data on behalf of our customers or business contacts. We process personal data you provide by filling in the form on our website to create your account. This personal data includes your account type (customer/distributor/service engineer), your name, e-mail address, phone number, company/organization/institute name and full address. Your personal data may be used to initiate the account creation process. We also may use your personal data to send you direct marketing materials. You can always object to the use of your personal data for direct marketing purposes. Please see the Your Privacy Rights section of this Privacy Policy.

We collect your personal data when you use the ‘Subscribe to News’ service on our Investor website. We process personal data you provide by filling in the form to subscribe to the news. This personal data includes your title, name, e-mail address, company/organization/institute name, country, your language of choice and topics of interest. Your personal data may be used to send relevant news releases you subscribed to. We may also use your personal data to send you direct marketing materials. You can always object to the use of your personal data for direct marketing purposes. Please see the Your Privacy Rights section of this Privacy Policy.

We do not collect any personal data on our Instructions For Use (IFU) web page, apart from data generated through the use of Cookies. For more information about the Cookies used on our Websites please see below and consult our Cookie Policy.

PERSONAL DATA BIOCARTIS COLLECTS USING COOKIES

Our websites collect your personal data through the use of Cookies. Cookies are small data files generated by a website and saved by your web browser. Any information obtained consequently is used on an anonymous, aggregated basis. You will not be identified from such information. You are not required to accept a Cookie that we send to you and you can modify your browser settings so that it will not accept Cookies. For more information about the Cookies used on our websites please consult our Cookie Policy.

PERSONAL DATA BIOCARTIS COLLECTS BY USING OUR SOCIAL MEDIA PAGES & PLUG-INS

We use several social media platforms to communicate some of our marketing actions and monitor our social media presence and visibility. Biocartis is acting as a joint controller with these social media platforms in relation to your personal data generated through the use of these pages. We may use aggregated, statistical data about people who visit our social media pages, provided to us by the analytics systems integrated into these social media platforms. Biocartis and these social media platforms are jointly but not equally accountable for your personal data used on our social media pages such as Facebook, LinkedIn, YouTube and Twitter.

In addition, through social plug-ins such as the ‘Like’ button, information is sent to social media platforms about your device, which pages you visit and how you use our services. This happens regardless of whether or not you have a social media account or are signed in to one of these social media platforms. This is done through the use of Cookies. For more information about the Cookies used on our websites please consult our Cookie Policy.

PERSONAL DATA BIOCARTIS COLLECTS WHEN APPLYING FOR A JOB

If you apply for a job at Biocartis, we may collect your personal data for the purposes of selecting suitable candidates and for the creation of a talent pool.

Biocartis relies on its legitimate interest to perform and document the recruitment process. In certain aspects, it is Biocartis’ legal obligation to process personal data – for example to determine your eligibility for employment. For the extension of the retention period of your application, Biocartis will rely on your consent. More information about the retention period of your personal data can be found in the section below.

Categories of personal data that might be collected by Biocartis during the recruitment process include your personal identification data (name, last name, photo), birth date (not mandatory), nationality, curriculum vitae (educational and professional background, skills and competences), hobbies, marital/family status, your contact details, contact detail of the references (only requested towards the end of the process for final candidate(s)), interview notes and any other information you choose to provide to us.

Biocartis does not require you to share special categories of personal data – such as ethnic origin, sexual orientation, religion or belief, trade union membership, data related to health etc. However, Biocartis may collect information about an applicant’s disabilities to make reasonable adjustments for the applicant during the selection process – for example to provide the necessary facilities during the interview stage. Biocartis processes such information to carry out its obligations and to exercise specific rights in relation to your employment. When personal data is not provided to Biocartis directly by you, Biocartis obtains this data from recruitment/interim agencies/consultancy organizations – if the applicant was introduced via these recruitment/interim agencies/consultancy organizations.

Please keep in mind that your personal data might be shared with recruitment agencies through which you as an applicant have applied for a certain position at Biocartis, any references that you identified as an applicant and also assessment service providers, website hosting providers and consultancy firms.

No personal data of the applicants applying for EU based positions will be transferred outside of the European Economic Area (“EEA”). More information about the international transfers of personal data can be found in the section below.

Biocartis will not retain your personal data for longer than it is necessary to fulfill the purpose of this processing activity. If the application is unsuccessful, Biocartis will keep the data for 1 year after filling in the advertised position. If you agree, Biocartis will keep the file for an additional year for any suitable future employment opportunities. If the application is successful, personal data gathered during the recruitment process will be transferred to the HR file and retained during the entire duration of employment. The successful applicant will be provided with an additional privacy statement during the onboarding process.

PERSONAL DATA BIOCARTIS COLLECTS OF CUSTOMERS AND PROSPECT CUSTOMERS

We collect personal data of our customers and prospect customers for the purposes of business development, direct marketing, marketing material usage analytics, accounting, client management and contract archiving.

The personal data that is being used may include but is not limited to your name, e-mail address, telephone number, organization related details, signature and contact history with Biocartis. In relation to marketing material analytics, your personal data will be retained for 13 months, after which it will be deleted.

If you come in contact with Biocartis at a conference or a webinar, Biocartis may collect your personal data for the purposes of providing a demo of our services that you have expressed interest in, to contact you regarding Biocartis’ products and services or shares. You can always object to the use of your personal data for direct marketing purposes. Please see the Your Privacy Rights section of this Privacy Policy.

DATA BIOCARTIS COLLECTS FOR RESEARCH AND DEVELOPMENT PURPOSES

We process personal data for research and development purposes. Scientific research is conducted for the general development of the Biocartis products as well as for reliability and safety research purposes. To be able to conduct such scientific research, the Biocartis Biobank also obtains and stores human body material. The processing of personal data for these purposes is based on the grounds of legitimate interests of Biocartis as well as a legal obligation to assure compliancy of its products and research to the applicable laws.

 

The personal data processed in this regard is highly pseudonymized and the individual cannot be identified by Biocartis itself. The processed data is provided through intermediary parties from consenting and informed patients or donors. It includes a sample id, description of the tissue, age, diagnosis done on the sample, therapy followed by the patient or donor, gender of the patient or donor, whether the person smokes, the ethnicity of the sample, etc. Technical and procedural safeguards are put into place in accordance with (parts of) the processed information falling under special categories of personal data.

Please note that even though this is treated as highly sensitive data, Biocartis cannot identify the data subjects this data refers or belongs to. Therefore, if you want to exercise your rights as a data subject on your personal data processed within this context, you can contact the facility or physician under whose responsibility the sample was acquired from you and who informed you of the processing that would be done.

PERSONAL DATA BIOCARTIS COLLECTS OF SPEAKERS

We collect personal data of customers and/or subject-matter experts engaged as speakers for Biocartis when we wish to retain the services of a speaker to deliver a presentation about a given topic related to the business interest of Biocartis.

We will only collect the personal data that is strictly necessary to manage our contractual relationship with you as a speaker such as – but not limited to – administrative management and payment purposes and to comply with our transparency obligations. Related to the purposes identified above, processing is necessary for the performance of the contract between Biocartis and the speaker, or for compliance with a legal obligation to which Biocartis is subject.

Biocartis will only process your personal identification data – such as your name, your contact details, identification numbers, your current position, job title, curriculum vitae (only if requested) and employer and financial data.

Your personal data may be transferred to Biocartis affiliates, governmental bodies or financial institutions located in your country of residence and Cloud service providers.. More information about the international transfers of personal data can be found in the section below. Biocartis will not retain your personal data for longer than it is necessary to fulfill the purpose of this processing activity.

PERSONAL DATA BIOCARTIS COLLECTS OF BUSINESS CONTACTS

In case you are a business contact person for Biocartis, your personal data is used for business relationship management purposes such as maintaining the ongoing relationship with – for example –our contractors, service providers, partners, consultants, health care professionals and holders of shares or other financial instruments issued by Biocartis.

The personal data that is being used may include, but is not limited to, your name, e-mail address, telephone number, organization related details, curriculum vitae, unique identification number, contact history, number of financial instruments held and signature. This information may either be directly provided by you or by the organization you are related to.

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

In accordance with the storage limitation principle, we will not retain your personal data for longer than it is necessary to fulfill the purposes outlined in each section of this Privacy Policy. More specific retention times are listed in relevant sections of this Privacy Policy.

In order to protect Biocartis against any legal claims or to respond to potential inquiries, files may be stored in back-ups, log files or in archives in compliance with the applicable statutes of limitation. These archived copies will only be used if strictly required for the establishment, exercise or defense of legal claims and can, in such circumstances, be shared with legal advisors.

THIRD PARTIES INVOLVED AND TRANSFER OF YOUR PERSONAL DATA INSIDE THE EEA

Biocartis may share your personal data with third parties involved with our company. Your personal data may also be used by a parent, subsidiary, or affiliate entity to Biocartis, partner entities, and the vendors and service providers that we may engage to assist us.

We do not sell, trade, or otherwise transfer to third parties any personal data we collect from you without your consent, except in the cases described below.

We may release personal data to authorized agents or third-party contractors whom we employ to perform tasks on our behalf and to the extent we need to share information with them to conduct our business or to provide products, services and make offers to you. Unless we communicate with you differently, our authorized agents do not have the right to use any personal data we share with them beyond what is necessary to work with us. Below you can find a non-exhaustive list of third parties that may process your personal data on our behalf:

    • Website hosting service providers
    • Cloud service providers
    • Software solution service providers
    • Two-factor authentication service providers
    • Telecommunication companies
    • Collaboration, online meeting, web conferencing and videoconferencing applications service providers
    • Press release distribution service providers
    • Conference organizers providing participant scanning solutions (if applicable)
    • Customer database hosting service providers
    • Marketing material usage analytics services
    • Marketing agencies
    • Recruitment agencies through which the applicant applies for the position
    • Assessment service providers
    • Independent contractors
    • Consultancy firms
    • Scientific writers
    • Financial institutions
    • Document management technology service providers
    • Waste management companies (for possible paper files)

Your personal data may also be disclosed to third parties that do not act on our behalf but have their own purposes and means of processing your personal data. A non-exhaustive list of third parties that might receive your personal data includes governmental authorities and bodies if required by law to share your data, references identified by job applicants, conference organizers, our partners (in the context of collaborative work) and social media and social networking service companies.

INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA OUTSIDE THE EEA

Biocartis offers services and products around the world and processes personal data in accordance with its business goals. In doing so, we comply with the applicable data protection and security laws. More information about the transfer of personal data to and from the United States can be found in the section Legal Disclaimer regarding citizens and residents of the United States of America.

For users residing in the European Economic Area, (“EEA”), the data that we collect from you may be transferred to, and stored at, a destination outside the EEA. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers.

If we do transfer data outside the EEA, we will ensure it is protected by employing one of the following safeguards:

  • transfer the data to a non-EEA country which has received an adequacy decision by the European Commission;
  • put in place a data transfer and data processing agreement with Biocartis’ affiliates or any third party to ensure that they protect the data with the same level of protection as required within the EEA.

LEGAL DISCLAIMER REGARDING CITIZENS AND RESIDENTS OF THE UNITED STATES OF AMERICA

Biocartis does not transfer or process your personal data from or to the United States except in limited circumstances as described hereinunder.

We may provide personal information to third parties – including our affiliates, agents and contractors located both inside and outside the United States – for their use in performing internal business functions (e.g., payment processing, maintenance, security, email transmission, or data hosting) on our behalf. Such entities only use your personal information in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and this Privacy Policy and for no other purpose than to provide us with the necessary services.

We may also disclose personal information if we have a good-faith belief that doing so is required by a subpoena or other judicial or administrative order or otherwise required by law. Additionally, we may disclose personal information where we, in good faith, deem it appropriate or necessary to prevent violations of the Biocartis Terms of Use, or our other agreements, to take precautions against liability, to protect the rights, property, or safety of Biocartis, any individual, or the general public, to maintain and protect the security and integrity of our services or infrastructure, to protect ourselves and our services from fraudulent, abusive, or unlawful uses, to investigate and defend ourselves against third-party claims or allegations or to assist government enforcement agencies. Depending on the specific laws applicable in certain States, some of these provisions may not be relevant to you.

MINORS AND PERSONAL DATA PROCESSING

We do not knowingly collect personal data from minors. If we become aware that a child or minor has provided us with personal data, we will take reasonable steps to remove such information from our systems without undue delay.

CHANGES TO OUR PRIVACY POLICY

From time to time, this Privacy Policy may be revised. Any changes to this Privacy Policy will be indicated through the mention of the effective date and version number.

HOW TO CONTACT BIOCARTIS FOR PRIVACY QUESTIONS

If you have any questions about how we handle or protect your personal data, please do not hesitate to contact our Biocartis Data Protection Officer via email at [email protected].

Biocartis NV holds its seat at Generaal de Wittelaan 11 B, 2800 Mechelen Belgium.

You can contact us by phone at +32 15 632 600

You can send us an e-mail at [email protected]

You can visit our website at www.biocartis.com