Privacy Policy

 

1. Who are we?

 

We are B Medical Systems S.à r.l. We have our registered office and our principal place of business at 17, Op der Hei, L-9809 Hosingen in Luxembourg. We are registered with the Luxembourg Register of Commerce and Companies under company number B91535. More information about us, our products and our services may be found on our website: https://www.bmedicalsystems.com

In the context of our activities, we collect, hold, disclose and/or otherwise process personal data relating to our customers, the representatives of our customers, our business partners and services providers and suppliers (such as our agents, distributors, consultants and IT service providers), as well as other individuals who use or are interested in our products or services. Pursuant to applicable data protection and privacy legislation, we qualify as the controller with respect to the personal data that we process.

We know your privacy is important to you.

We value your right to privacy and strive to protect your personal data in accordance with applicable data protection legislation and more specifically with the General Data Protection Regulation EU 2016/679 (“GDPR”) and its national implementing legislation.

In this Privacy Policy we set forth how we collect your personal data, how and for what purposes we may use your personal data and to whom your personal data may be disclosed by us. Further, this Privacy Policy includes important information regarding your rights with respect to the processing of your personal data. Therefore, we encourage you to read this Privacy Policy very carefully.

From time to time, we may need to change this Privacy Policy. The most recent version of this Privacy Policy is available on our website https://www.bmedicalsystems.com

We encourage you to regularly review this Privacy Policy. You may also ask us to send you a copy of the most recent version of this Privacy Policy.

 

2. Whose personal data do we collect?

 

In the context of our services, we may collect personal data relating to you, as our (existing and potential) customers, our business partners or service providers and visitors of our website.

 

3. How do we collect personal data relating to you?

 

We may collect information about you in various ways:

 

  • directly from you, for example when you contact us via our website forms or when you send us an email;
  • from third parties, for example social media;
  • information collected during some events organized by us or to which we participate;
  • when you visit our website by means of cookies,
  • we may collect or receive information about you from other sources, notably in order to keep your contact details accurate and up to date using publically available sources.

 

4. What personal data do we collect and for what purposes do we use your personal data?

 

We collect the following information about you and we use it for the following purposes:

 

Personal data: Purposes: Legal basis
Identification and contact information, such as name, address, telephone number, email address, title, name of the company you are working for or other contact details)

Financial information, such as your account number and other payment-related information.

  • Customer administration;
  • Answering a question or request from you;
  • In the context of a possible business transaction;
  • Administration and management of personnel and intermediaries;
  • To put you in contact with one of our agent or distributor in your country;
  • To deliver the services or products you ordered;
  • For the execution of a contractual relationship;
  • For administrating payment of invoices and to collect debts;
  • For marketing purposes;
  • To send you Newsletters, invitation to events.
Depending on the purpose we pursue:

  •  Your consent;
  • Taking steps at your request (prior to entering into a contract);
  • Performance of a contract between you and us;
  • Compliance with a legal obligation to which we are subject;
  • B Medical Systems S.à r.l.’s legitimate interest (e.g., to keep our customer database up-to-date, to manage our business relationship with you and the organisation you represent, to handle potential claims and disputes and in particular to establish, exercise or defend any legal rights, to send you our newsletter or invite you to events).
Technical information collected through cookies (such as device and network information, your IP address, browser type and version, operating system, and surfing/browsing activity)
  • To improve our services and the quality thereof, including our website.
For more information, please consult our cookies’ policy.
We can also consult identification and contact information via external databases that we purchase and combine this information with the data we have collected from you, in order

to obtain more complete or accurate information.

  • For making decisions about entering into a business relationship (e.g., risk profile).

 

  • Performance of a contract between you and us,
  • Compliance with our legal obligations (e.g., screening obligations to prevent insolvency or money laundering);
  • Our legitimate interests (e.g., fraud prevention).

 

5. With whom do we share your personal data?

 

In the context of the purposes listed above, we may share your personal data with third parties, such as our main shareholder or agents, distributors, consultants, Regional Managers, marketing agencies, our IT Service Providers. The information that we share is strictly limited to related to the above mentioned business purposes.

We will ensure that, where relevant, contractual safeguards are implemented to ensure the protection of your personal data when disclosing your personal data to a third party. For example, we will enter into data processing agreements with relevant parties (providing for restrictions on the use of your personal data and obligations with respect to the protection and security of your personal data).

The parties to whom we may disclose your personal data as referred to above may be located in countries outside the European Economic Area (EEA), which countries may offer a lower level of data protection than in Luxembourg. For example, such shall be the case in the following situation: to our main shareholder.

In such case, it shall be ensured that adequate measures are taken to ensure adequate protection of your personal data in accordance with applicable data protection legislation. More specifically, we have implemented the following measures: EU Standard Contractual Clauses. A copy of these clauses can be obtained on request as set out in section 9 below.

Your personal data and/or person profiles shall not be rented, nor sold to third parties without your prior explicit consent.

 

6. How long do we store your personal data?

 

Your personal data will not be stored for longer than is necessary in relation to the purposes for which we process them (we refer to the purposes as listed above in paragraph 4). Only where we are legally obliged to, or where this is necessary for defending our interests in the context of judicial proceedings (e.g. in case of a dispute), we will store the personal data for longer periods.

More specifically, the following storage periods apply:

For all data relating to our client the storage period is generally 10 years from the termination of the contractual relation with us.

For data relating to visitors of our website technical data collected during your use of our website is stored for a maximum period of time of six months from the date of their collection.

 

7. How do we protect your personal data?

 

We will implement the necessary administrative, technical and organizational measures for ensuring a level of security appropriate to the specific risks that we have identified. We protect your personal data against destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed. More specifically, we have taken the following measures:

  • Access is granted only to identified people based upon their rights and in relation to the business purpose
  • Outside access is blocked by the rules in place in the firewall environment
  • Processes on the data are executed by authorized people
  • All our data is backed up and externalized to prevent data loss or deletion according to EU requirements

Further, we seek to ensure that we keep your personal data accurate and up to date. In view thereof, we kindly request you to inform us of any changes to your personal data (such as a change in your contact details).

 

8. What are your rights and how you can exercise them?

 

Subject to the conditions of applicable data protection legislation, you have the right to:

  • Request information about and access to your personal data;
  • Rectify your personal data;
  • Request erasure of your personal data (‘right to be forgotten’);
  • Restrict the processing of your personal data;
  • Object to the processing of your personal data;
  • Receive your personal data in a structured, commonly used and machine readable format and to (have) transmit(ted) your personal data to another

To read more about these rights, and circumstances under which you can use these rights, in particular your right to object, please see the Annex.

Moreover, when the processing of your personal data is based on consent, you have the right to withdraw your consent at any time.

Finally, you have the right to lodge a complaint in relation to the processing of your personal data by us with the relevant Data Protection Authority, such as the Commission nationale pour la protection des données (CNPD) in Luxembourg.

 

9. Contact

If you have any questions, comments or complaints in relation to this Privacy Policy or the processing of your personal data by us, please feel free to contact us at by regular mail at privacy@bmedicalsystems.com

 

Annex

Right to information and right to access your personal data You may at any time request more information on our processing activities and the personal data that we are keeping from you. You also have the right to access your personal data.
Right to rectification of inaccurate or incomplete personal data of You have the right to require us to , without undue delay, rectify or complete any of your personal data that is inaccurate or incomplete.
Right to deletion of your personal data (‘right to be forgotten’) You may request us to delete (part of) your personal data in the following situations:

  • when the processing is no longer necessary for achieving the purposes for which they we collected or otherwise processed these; or
  • when the processing was based on your consent and you have decided to withdraw that consent;
  • when you have other reasonable grounds to object to the processing of your personal data;
  • when we would unlawfully process your personal data;
  • when your personal data have to be erased in compliance with a legal obligation directed to us.

 We would like to underline that in some case, we may refuse to delete your personal data: (i) for exercising the right of freedom of expression and information; (ii) for compliance with a legal obligation; or (iii) for the establishment, exercise or defence of legal claims.

Right to restriction of processing You may request us to (temporarily) restrict the processing of your personal data in the following situations:

  • when you have contested the accuracy of your personal data, for a period enabling us to verify this accuracy; or
  • when the processing appears to be unlawful and you request us the restriction of use of your data instead of the deletion of this data; or
  • when we no longer need the personal data for the purposes of the processing, but you need them for the establishment, exercise or defence of legal claims; or
  • pending verification whether our legitimate grounds override yours in the framework of an objection.
Right to object to the processing of your personal data (free of charge) You may under certain circumstances object to the processing of your personal data, in certain circumstances and on grounds relating to your specific situation. If we agree, we will no longer process your personal data, unless we have compelling legitimate grounds to do so, or because such a processing is necessary.

Where   we   process   your  personal   data  for   direct  marketing purposes, you may at any time object to the processing thereof. You also have the right not to be subject to profiling for direct marketing purposes.

Right to data portability In some cases, you have the right to receive all your personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller. This right applies:

  • in case the processing is based on consent or on the necessity for the performance of a contract; and
  • in case the processing is carried out by automated means.

We reserves the right to charge a fee for such transfer, especially in the case of frequent request and / or in the event a request is deemed excessive given the volume of data to be transferred.

Right to withdraw your consent To the extent the processing of your personal data is based on consent, you have the right to withdraw your consent at any time.