Data Privacy Statement
This Privacy Statement provides you with information concerning:
(i) The processing of your personal data when you get in touch with us or utilize any of our services.
(ii) The purpose behind the processing of your personal data.
(iii) Your corresponding rights.
HARPS Europe GmbH located at Wiedner Gürtel 9-13, A-1100 Vienna, Austria ("Sempermed"), acts as the data controller overseeing the processing of your personal data, unless explicitly stated otherwise. This responsibility extends to Sempermed subsidiaries, if applicable.
How does Sempermed Process Your Personal Data?
We process personal data which is provided directly from you if you:
- are representing your organization; or
- have applied for a job; or
- have made a request for information, an enquiry or a complaint; or
- would like to attend or have attended our events; or
- subscribed to one of our services.
- We also receive personal data indirectly (e.g. by third parties):
- from your company when they share your personal data with us for business purposes; or
- where you have made your contact information available publicly and we use this to contact you and your organization for business purposes; or
- from recruiters or agencies we hired for employment or consultancy services; or
- when we get your personal data from public authorities, regulators or law enforcement bodies; or
- when whistleblowers include information about you in their reports.
Sempermed engages in the processing of your personal data when you visit our website, access our premises, submit a job application, or when you, as a business partner or your employees, engage in business transactions with us. In cases where you contact or utilize services provided by one of our undertaking affiliate services, they become the controllers of the personal data they process. To facilitate our business operations, we might exchange personal data within our group companies, ensuring compliance with relevant legal regulations.
The processing of personal data, particularly contact information, of our business partners and their employees by Sempermed is necessary to fulfill contractual obligations and adhere to legal responsibilities. This encompasses tasks such as addressing your inquiries, contracting and utilizing services you provide, as well as handling invoicing, business-related financial matters, record storage, and other activities related to your business association with Sempermed. This could involve subsequent improvements or support services.
Sempermed also processes personal data when mandated by legal obligations. In certain cases, processing may necessitate specific informed consent declarations for one or multiple explicit purposes. You retain the right to revoke your consent at any point, which would prevent Sempermed from further processing your personal data according to the purposes outlined in the consent declaration. In instances where individuals reasonably expect us to utilize their personal data in ways that are predictable and where the impact on privacy is limited, we process data based on our legitimate interests. Such interests might include instances where the processing benefits Sempermed or third parties, facilitates smooth business interactions and corporate procedures, involves the utilization of client or employee data, supports marketing, fraud prevention, legal claims, due diligence checks for corporate acquisitions, intra-group transfers, or IT security.
Sharing Your Personal Data
In order to fulfill our contractual and pre-contractual commitments, as well as legal obligations, it could be necessary to share personal data belonging to you or your employees with Sempermed’s partners or service providers. To facilitate this, we engage third party data processors which provide various services for which we contract them. We provide them with clear instructions on the permissible handling of your personal data and mandate that they refrain from sharing your personal data with others without proper authorization, aligning with our contractual arrangement. Our stipulation also mandates that they safeguard personal data and retain it for the duration specified by our directives.
Certain situations might legally require us to share information; for instance, in response to court orders or governmental investigations. We might also share information with regulatory bodies as mandated by law.
We don't share your data with any third parties for direct marketing purposes. We only transfer your personal data or that of your employees as required for the respective purpose, in accordance with applicable laws, legitimate interests, or your consent.
Some of our partners who process personal data of you or your employees are located outside the EU/EEA. The data protection standards in these regions may not be identical to those in the EU/EEA. However, we will ensure to maintain a level of data protection and security that aligns with European standards to the extent possible. To achieve this, we only transfer your personal data to countries that the EU Commission has deemed to possess adequate data protection measures, or we implement measures to ensure that all recipients maintain an appropriate level of data protection. This is facilitated through the utilization of EU-standard contractual clauses.
We engage in the processing of personal data during business transactions. This includes the processing of contact information belonging to individuals who are acting as representatives of their respective organizations. This processing is carried out on the basis of our legitimate interests. Additionally, we undertake the processing of personal information for the specific purpose of tender processes.
Visitors To The Premises
We engage with a diverse range of individuals including visitors, job applicants, suppliers, customers, tradespeople, stakeholders, and organizations. When you schedule an appointment or your visit is planned, we notify our receptionist and might provide you with an identification badge. Occasionally, we might request visitors to register at the reception desk and present a form of identification, solely for verification purposes.
To enhance security and safety, some of our premises are equipped with closed-circuit television (CCTV) coverage at entry points. Access to the information processed for legitimate interests is strictly limited to authorized personnel.
For certain operational needs, we may record audio and video during training sessions conducted by external training providers. In such instances, we ensure to obtain the necessary agreements from these providers.
Complaints And Whistleblowing Reports
When you raise a complaint or report a concern through our whistleblowing mechanism, we engage in the processing of your personal data. The purpose of processing your data is to effectively manage your complaint, conduct necessary investigations, and implement appropriate actions. We handle the information you provide with utmost confidentiality and will only disclose it if legal obligations mandate such disclosure.
When you engage in communication with us and submit an inquiry, we collect information and your personal data for the purpose of providing a response.
We employ encryption and adhere to established email security standards to safeguard email communications. Our practices include monitoring incoming emails and file attachments for viruses or malicious software. It is essential that any email or content you transmit adheres to legal guidelines.
Attending Our Events
We collect your contact details and necessary information based on your consent, in order to effectively arrange and manage events, conferences, trainings, or similar activities, ensuring a seamless experience for you. You have the option to withdraw your consent at any time.
When it comes to event organization, we collaborate with data processors to streamline our events. We may utilize online platforms to collect registration details. For events such as video conferences, webinars, or similar interactions, we process your personal data, including video, audio, and photographs, solely with your consent. For instances where events are recorded, we will provide advanced notification.
Our practice of promoting events involves various platforms. Microsoft Teams serves as both an event delivery and communication tool. As a result, data may be transferred outside the EU/EEA in relation to our use of Microsoft Teams.
Links To Other Websites
Our website could include links leading to third-party websites. It's important to note that this privacy statement pertains exclusively to the Sempermed website. We do not possess control over the content or data protection procedures of these external websites. If you visit these websites through links on our platform, we recommend reviewing their privacy policies for comprehensive information.
I want to change my cookie preferences
You may change your cookie preferences at any point by changing the settings here. Please save and close your selection, and then refresh your page for the new preferences to take effect.
You may also control your cookies in any web browser via the browser settings (visit the browser developer's website). We have chosen the most popular for you:
To find information relating to other browsers, visit the browser developer's website. To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout .
We utilize third-party providers for facilitating communication with you. Our website is equipped with plug-ins that enable interaction via the (social) media networks we use to communicate with external audiences. Messages you transmit to us via social media channels will be retained by the providers according to the agreed-upon retention period. These messages will not be shared with any other entities. If you choose to get in touch with Sempermed through social media platforms, we advise you to review their privacy information.
Our Website Visitors and Analytics
When you access www.sempermed.com, we employ a third-party analytics service. This tool enables us to gather typical internet log information and insights into visitor behavior trends. Our objective is to ascertain the number of visitors accessing different sections of our website and to enhance the quality of our service. The collection of this data is contingent upon your explicit consent. We have implemented measures to safeguard the information we gather.
How Long Will Your Personal Data Be Retained?
Sempermed handles your personal data with precise intentions and retains it throughout the duration of our contractual relationship, until your consent is revoked, in alignment with our business choices or legal obligations. The duration of retention is tailored to individual data processing purposes. Additionally, Sempermed is bound by various statutory obligations regarding data retention, which necessitate the continued storage of some of your data even after the termination of our contractual relationship. Furthermore, Sempermed preserves your data for the time period essential for the initiation, execution, or defense of claims linked to our relationship.
The data protection regulation affords you various rights pertaining to the processing of your personal data. The following are the rights that are always applicable:
Your right to access [Art 15 GDPR]
You possess the right to be informed about the specifics of the personal data we utilize or retain. This includes understanding the purpose, methods, duration, and recipients of your data. You also have the right to inquire about the data's origin, categories, retention periods, recipients in cases of data transfer, details on profiling, legal basis, and the objectives behind the data processing, among others.
Your right to a copy of your personal data [Art 15 GDPR]
You can request a copy of your personal data. If you submit an electronic request and do not specify an alternative format, we will provide you with a copy in a standard format. To safeguard your data, we will require authentication from you. If you require additional copies, a reasonable fee might be applicable, based on our administrative expenses.
Your right to rectification [Art 16 GDPR]
If Sempermed holds inaccurate or incomplete data about you, you have the right to request rectification or completion in writing. To ensure the security of your data, we will request authentication from you.
Your right to restriction of processing [Art 18 GDPR]
You have the option to request the limitation of specific processing activities, subject to certain conditions. It's important to note that legislative provisions and special circumstances might impose limitations on the exercise of certain rights.
Your right to erasure [Art 17 GDPR]
The right to be forgotten, also known as the right to erasure, allows you to ask for your data to be deleted depending on certain conditions:
- when we no longer need your data;
- when you withdraw your consent;
- if your data has been unlawfully processed;
- when you object to the processing and Sempermed has no reason to continue processing your data;
- when data erasure is required for compliance with a legal obligation (EU law or national law).
Your right to object to processing [Art 21 GPDR]
Even if your personal data is accurate, complete, and lawfully processed by Sempermed you retain the right to raise objections against the data processing. It's important to note that this right to object is applicable only in specific justified cases. You possess the right to object to processing activities if we are processing your information based on our legitimate interests as part of our business operations.
Your right to data portability [Art 20 GPDR]
This right is applicable only under certain circumstances and solely to the data you have provided to Sempermed You possess the right to request the transfer of the information you have provided to us from one entity to another, or to receive it yourself. This right is applicable when we are processing information based on your consent, or when the processing pertains to discussions regarding a contractual agreement and is carried out in an automated manner.
Your right to lodge a complaint
While Sempermed takes extensive measures to maintain the confidentiality and integrity of your personal data, occasional differences in perspective may arise. Should you have any inquiries about personal data processing or intend to submit a complaint, you can reach out to the HARPS Compliance Team at firstname.lastname@example.org.
Furthermore, you hold the right to register a complaint with the relevant supervisory authority in your country. This option is available if you believe that your privacy rights have been infringed upon by us or if your data subject rights have not been adequately upheld.
In Austria, you can contact the Austrian Data Protection Authority at Barichgasse 40-42, A-1030 Vienna, for such matters.
In order to prevent unauthorized access or disclosure of personal data, and to uphold the accuracy and appropriate utilization of both your personal data and general data, we implement technical and organizational measures aimed at safeguarding data protection.
How To Contact Us
Please contact the HARPS Compliance Team (email@example.com) for any questions or concerns regarding the processing of personal data in relation to our business relations.
Privacy Statement Information Update
Update Date: 09.15.2023