1. Who are we?
We are B Medical Systems S.à r.l. We have our registered office and our principal place of business at 17, Op der Hei, L-9809 Hosingen in Luxembourg. We are registered with the Luxembourg Register of Commerce and Companies under company number B91535. More information about us, our products and our services may be found on our website: https://www.bmedicalsystems.com
In the context of our activities, we collect, hold, disclose and/or otherwise process personal data relating to our customers, the representatives of our customers, our business partners and services providers and suppliers (such as our agents, distributors, consultants and IT service providers), as well as other individuals who use or are interested in our products or services. Pursuant to applicable data protection and privacy legislation, we qualify as the controller with respect to the personal data that we process.
We know your privacy is important to you.
We value your right to privacy and strive to protect your personal data in accordance with applicable data protection legislation and more specifically with the General Data Protection Regulation EU 2016/679 (“GDPR”) and its national implementing legislation.
2. Whose personal data do we collect?
In the context of our services, we may collect personal data relating to you, as our (existing and potential) customers, our business partners or service providers and visitors of our website.
3. How do we collect personal data relating to you?
We may collect information about you in various ways:
- directly from you, for example when you contact us via our website forms or when you send us an email;
- from third parties, for example social media;
- information collected during some events organized by us or to which we participate;
- when you visit our website by means of cookies,
- we may collect or receive information about you from other sources, notably in order to keep your contact details accurate and up to date using publically available sources.
4. What personal data do we collect and for what purposes do we use your personal data?
We collect the following information about you and we use it for the following purposes:
|Personal data:||Purposes:||Legal basis|
|Identification and contact information, such as name, address, telephone number, email address, title, name of the company you are working for or other contact details)
Financial information, such as your account number and other payment-related information.
||Depending on the purpose we pursue:
|Technical information collected through cookies (such as device and network information, your IP address, browser type and version, operating system, and surfing/browsing activity)||
||For more information, please consult our cookies’ policy.|
|We can also consult identification and contact information via external databases that we purchase and combine this information with the data we have collected from you, in order
to obtain more complete or accurate information.
5. With whom do we share your personal data?
In the context of the purposes listed above, we may share your personal data with third parties, such as our main shareholder or agents, distributors, consultants, Regional Managers, marketing agencies, our IT Service Providers. The information that we share is strictly limited to related to the above mentioned business purposes.
We will ensure that, where relevant, contractual safeguards are implemented to ensure the protection of your personal data when disclosing your personal data to a third party. For example, we will enter into data processing agreements with relevant parties (providing for restrictions on the use of your personal data and obligations with respect to the protection and security of your personal data).
The parties to whom we may disclose your personal data as referred to above may be located in countries outside the European Economic Area (EEA), which countries may offer a lower level of data protection than in Luxembourg. For example, such shall be the case in the following situation: to our main shareholder.
In such case, it shall be ensured that adequate measures are taken to ensure adequate protection of your personal data in accordance with applicable data protection legislation. More specifically, we have implemented the following measures: EU Standard Contractual Clauses. A copy of these clauses can be obtained on request as set out in section 9 below.
6. How long do we store your personal data?
Your personal data will not be stored for longer than is necessary in relation to the purposes for which we process them (we refer to the purposes as listed above in paragraph 4). Only where we are legally obliged to, or where this is necessary for defending our interests in the context of judicial proceedings (e.g. in case of a dispute), we will store the personal data for longer periods.
More specifically, the following storage periods apply:
For all data relating to our client the storage period is generally 10 years from the termination of the contractual relation with us.
For data relating to visitors of our website technical data collected during your use of our website is stored for a maximum period of time of six months from the date of their collection.
7. How do we protect your personal data?
We will implement the necessary administrative, technical and organizational measures for ensuring a level of security appropriate to the specific risks that we have identified. We protect your personal data against destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed. More specifically, we have taken the following measures:
- Access is granted only to identified people based upon their rights and in relation to the business purpose
- Outside access is blocked by the rules in place in the firewall environment
- Processes on the data are executed by authorized people
- All our data is backed up and externalized to prevent data loss or deletion according to EU requirements
Further, we seek to ensure that we keep your personal data accurate and up to date. In view thereof, we kindly request you to inform us of any changes to your personal data (such as a change in your contact details).
8. What are your rights and how you can exercise them?
Subject to the conditions of applicable data protection legislation, you have the right to:
- Request information about and access to your personal data;
- Rectify your personal data;
- Request erasure of your personal data (‘right to be forgotten’);
- Restrict the processing of your personal data;
- Object to the processing of your personal data;
- Receive your personal data in a structured, commonly used and machine readable format and to (have) transmit(ted) your personal data to another
To read more about these rights, and circumstances under which you can use these rights, in particular your right to object, please see the Annex.
Moreover, when the processing of your personal data is based on consent, you have the right to withdraw your consent at any time. You may also object to the future processing of your personal data relating to you for the purpose of marketing purposes by sending an email to firstname.lastname@example.org to unsubscribe or by contacting the marketing team via the unsubscribe section under privacy center on our website: https://www.bmedicalsystems.com
Finally, you have the right to lodge a complaint in relation to the processing of your personal data by us with the relevant Data Protection Authority, such as the Commission nationale pour la protection des données (CNPD) in Luxembourg.
|Right to information and right to access your personal data||You may at any time request more information on our processing activities and the personal data that we are keeping from you. You also have the right to access your personal data.|
|Right to rectification of inaccurate or incomplete personal data of||You have the right to require us to , without undue delay, rectify or complete any of your personal data that is inaccurate or incomplete.|
|Right to deletion of your personal data (‘right to be forgotten’)||You may request us to delete (part of) your personal data in the following situations:
We would like to underline that in some case, we may refuse to delete your personal data: (i) for exercising the right of freedom of expression and information; (ii) for compliance with a legal obligation; or (iii) for the establishment, exercise or defence of legal claims.
|Right to restriction of processing||You may request us to (temporarily) restrict the processing of your personal data in the following situations:
|Right to object to the processing of your personal data (free of charge)||You may under certain circumstances object to the processing of your personal data, in certain circumstances and on grounds relating to your specific situation. If we agree, we will no longer process your personal data, unless we have compelling legitimate grounds to do so, or because such a processing is necessary.
Where we process your personal data for direct marketing purposes, you may at any time object to the processing thereof. You also have the right not to be subject to profiling for direct marketing purposes.
|Right to data portability||In some cases, you have the right to receive all your personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller. This right applies:
We reserves the right to charge a fee for such transfer, especially in the case of frequent request and / or in the event a request is deemed excessive given the volume of data to be transferred.
|Right to withdraw your consent||To the extent the processing of your personal data is based on consent, you have the right to withdraw your consent at any time.|