Genea Biomedx Data Privacy Statement

All subsidiaries of Genea Group under the Biomedx banner, including Genea Biomedx Pty Ltd, Genea Biomedx UK Ltd, Biomedx Innovations Pty Ltd, Biomedx Innovations SL and Biomedx Innovations SAS, follow the applicable national and European data protection regulations in their operations and interactions with their customers, vendors, suppliers, and other interacting parties (“Data Subjects”, i.e. “you”).

This Data Privacy Statement summarises what personal data we collect, why we collect it, and how you can exercise your data protection rights. “Personal Data” includes all information relating to a natural person and with which this person can be directly or indirectly identified.

Should you have questions about processing of your personal data by us, please contact our Data Protection Officer at dpo@geneabiomedx.com.

1. Data Controller, Data Processor and Data Protection Officer

For the processing activities described here the ultimate Data Controller or Data Processor is Genea Biomedx Pty Ltd. Data Controller means the entity determining the purposes and means of the processing of your personal data, whereas Data Processor is the entity who processes data on your behalf under a contractual or otter arrangement, where you are the Data Controller. Genea Biomedx has appointed a Data Protection Officer (DPO) to manage privacy inquiries and complaints.

You may reach Genea Biomedx at:

Genea Biomedx Pty Ltd

Level 2/ 321 Kent St
Sydney
New South Wales 2000
Australia
Tel. (+)61-2-9229 6420
Fax. (+61)-2-9229 6478
Email. info@geneabiomedx.com

You may reach Biomedx DPO at:

Genea Biomedx Pty Ltd – Data Protection Officer

Level 2/ 321 Kent St
Sydney
New South Wales 2000
Australia
Tel. (+)61-2-9229 6420
Fax. (+61)-2-9229 6478
Email. dpo@geneabiomedx.com

2. Data Processing Activities

We process your personal data for the purpose of the operation of our services, and whenever you access our services, you automatically transfer personal data to our servers for technical reasons. Certain general processing activities are described in this section.
The data processing is based on our legitimate business interests for the purpose of presenting our services and to ensure its technical stability and security (e.g., to prevent hacker attacks).

2.1. Contact Forms

We process your personal data to operate the contact form we provide in our service. This enables you to contact us for example for requestion for additional information or issue other service requests. Your personal data will only be processed for the purpose of responding to your inquiry. This processing activity may include the following data categories:

The contact information you provided to us (such as your name and email address); and
Other personal information that you include in your request.

The processing is based on our legitimate business interests. It serves our and your legitimate interest in answering your inquiry in a quick and competent manner.

2.2. Newsletters and targeted emails

If you subscribe to our email news or newsletters, we process your personal data. This processing activity includes the following data categories:

The information you provided to subscribe, such as your title, name, email address and personal/professional interests.

The processing is based on the consent you provided to us in the subscription process. Your personal data will be deleted when you withdraw your consent by contacting us to inform you want to unsubscribe.

2.3. Social Bookmarks

We use social media plugins from various social networks (e. g. Facebook and Twitter) to allow you to link with us in these social networks. The plugins are deactivated by default and therefore do not send data to other websites. By clicking on the symbol of a specific social network on our website, your browser establishes a direct connection with their servers as soon as you access the operator’s website. The content of the respective plugin is transmitted directly from the social media network to your browser and embedded into the website. The social media network receives the information of your visit and if you are logged in to the social media network, it allocates the visit to your account and the corresponding information is transferred directly from your browser to the social media network and stored there. Even if you are not logged in to social media networks, with an active plugin, your browser sends a cookie with an identifier every time you connect to a network server without being asked.

Thus the network could use it to create a profile of the websites visited by the user associated with the ID and assign this identifier to the same person again, for example when they log on to the social network later. For the purpose and scope of data collection and the further processing and use of the data by social media networks, as well as your rights and options for the protection of your privacy, and in particular your right to revoke your consent, please refer to the data protection notices of the respective networks.

Facebook’s privacy policy (provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304 USA)
Twitter’s privacy policy (provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA)
LinkedIn’s privacy policy (provided by LinkedIn Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA)
YouTube’s privacy policy (provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA

2.4. Cookies

Our websites and pages use what the industry refers to as “cookies.” Cookies are small text files that do not cause any damage to your device, and which are either stored temporarily for the duration of a session (session cookies) or are permanently archived on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit, and permanent cookies remain archived on your device until you actively delete them or they are automatically eradicated by your web browser. In some cases, it is possible that third party cookies are stored on your device once you enter our site (third party cookies). These cookies enable you or us to take advantage of certain services offered by the third party (e.g. cookies for the processing of payment services).

Cookies have a variety of functions. Many cookies are technically essential since certain website functions would not work in the absence of the cookies. The purpose of other cookies may be the analysis of user patterns or the display of promotional messages. Some cookies are required for the performance of electronic communication transactions or are necessary for the optimization of the website (necessary cookies) or for the provision of certain functions you want to use (functional cookies). These cookies may change from time to time, and if you would like to know the specific cookies we use and their purpose at any given time, please contact dpo@geneabiomedx.com.

The processing of necessary cookies is based on our legitimate business interest to be able to provide our basic webservices in a secure and useful manner. Our website cannot function without the necessary cookies and they can only be disabled by changing your browser preferences. The processing of other cookies is based on your consent you provided to us. Your consent is voluntary, and you may decline or revoke it at any time without any disadvantages for you by reopening the cookie banner and deactivating the cookie type. However, without your consent, some website functions will not be available to you.
Some computer browsers automatically accept all cookies and thus you may not see the cookie banner allowing their individual management. However, you may be able to change your browser settings to block all cookies, configure them so that only certain types of cookies are blocked, or to set a notification when a new cookie is to be stored on your computer, allowing you to accept or reject cookies individually. Help function of your browser will provide more detailed explanations about these functions and their availability, and information on how to delete all or certain consented cookies.

For more information on managing and deleting cookies for popular browsers, please see the following links: Google Chrome, Mozilla Firefox, Microsoft Internet Explorer, Microsoft Edge, Apple Safari.

The use of Google Analytics has been extended by the plug-in “AnonymizeIP”, to ensure an anonymized collection of your IP address, so that we cannot relate your data to your person. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

3. Processing of Your Personal Data in Specific Contexts

We also process your personal data upon your interaction with us regarding the products and services we offer to you or you to us. This includes the processing of your personal data to communicate with you for commercial reasons, for marketing purposes, and in the course of our R&D activities. These activities usually involve the processing of data categories required for these purposes, such as your contact data, preferences and payment details.

Such processing of your personal data is usually based on our legitimate business interest to develop and offer our products and services, learn more about your interests and continuously improve our offerings. Depending on the nature of the interactions, different data categories may be processed as described below.

3.1. Contract Initiation & Execution

Biomedx processes your personal data for the initiation and execution of contracts, including the administrative management of related order inquiries and assignments. This processing activity may include the following data categories:

Your contact information (e.g., name, title, form of address, private address, gender, telephone numbers, email address, place of work, etc.);
Your payment details (e.g., bank account number, bank code, credit institute, tax identification number).

The processing of these personal data is necessary for the performance of a contract with you as an individual or is necessary to safeguard our legitimate interests of conducting business with your employer. Without your provision of your data, we cannot establish and maintain contact with you in the context of the specific contract.

3.2. Purchasing, Services & Enquiries

When providing or invoicing goods and/or services to you or from you, we may process your personal data. Also, if you contact us for information or service request, your data will be processed to handle your request, e.g., by answering or forwarding your request to a competent department. These processing activities may include the following data categories:

Your contact information (e.g., name, title, form of address, private address, gender, telephone numbers, email address);
Details on your profession (e.g., job title, position, personnel number, place of work, branch office, department).
Any further information you provide to us, e.g., in the process of your request or which is otherwise required to answer your request.
Accounting data (e.g., purchased goods and services, bank details, customer number, tax identification number, tax category);

The processing of these personal data is based on the necessity for the performance of a contract with you as an individual, is necessary to safeguard our legitimate interests of conducting business with your employer, or to communicate with our contacts and customers and in particular, provide customer service. Without your provision of these personal data, we usually cannot establish and maintain contact with you, issue and receive invoices, receive or deliver services and/or goods or process your inquiry and establish or maintain contact.

3.3. Marketing

We process your personal data within the scope of our public relations and marketing processes. This may include issuance of newsletters, press kits, and registrations for press distribution lists, press contacts and press representatives. This processing activity may include the following data categories:

Your contact information (e.g., name, title, form of address, private address, gender, telephone numbers, email address);
Details on your profession (e.g., job title, position, personnel number, place of work, branch office, department).

This data processing is based for our legitimate business interests, as we have a legitimate economic interest in informing our clients of news, events, etc. to gain new leads and establish and maintain a long-term business relationship. Furthermore, we process your data if you have consented to such processing.

3.4. Business Contracts

If Biomedx has received your contact details from business events or business appointments (e.g., by exchanging business cards) or as part of an assignment, we use your contact and business details to maintain our business contacts. For this purpose, we usually transfer your contact details to our CRM (Customer Relationship Management). This processing activity may include the following data categories:

Your contact information (e.g., name, title, form of address, private address, gender, telephone numbers, email address);
Details on your profession (e.g., job title, position, personnel number, place of work, branch office, department, qualifications).

This data processing is based for our legitimate business interests, as we have a legitimate economic interest in maintaining contacts beyond the initial contact and in using them to establish and develop a business relationship and to remain in contact with the parties concerned.

3.5. Accounting

Biomedx may process your personal data for the purpose of an orderly and lawful accounting. This is for instance necessary to process and record invoices, issue monetary compensation or refunds and to verify claims. In addition, Biomedx is subject to legal documentation and retention obligations based on tax and accounting laws which also involve the processing of your personal data. The record keeping, documentation and archiving of such documents usually takes place in our IT systems, in some cases also in the form of paper files. This processing activity may include the following data categories:

Your contact information (e.g., name, title, form of address, private address, gender, telephone numbers, email address, etc.);
Accounting data (e.g., purchased goods and services, bank details, customer number, tax identification number, tax category, etc.);
Details on your profession (e.g., job title, position, personnel number, place of work, branch office, department, etc.).

The data processing is necessary for us to manage, document, maintain and archive files and documents in order to fulfill legal obligations under tax, commercial and corporate laws. If and to the extent such laws do not apply for the processing of your personal data in this context, this processing activity relies on our legitimate business interest to establish and maintain an adequate accounting process, in particular to issue or settle invoices.

3.6. R&D

We may process your personal data within the framework of R&D and research collaboration in the biology of reproduction and related fields. This processing activity may include the following data categories:

Your contact information (e.g., name, title, form of address, private address, gender, telephone numbers, email address, etc.);

In these cases, the legal basis of the data processing depends on the specific context. This processing can be necessary to safeguard our legitimate interests for the purposes of improving our products and gain understanding of their performance in the field.

4. Data Deletion and Data Transfers

Unless otherwise stated in this Data Privacy Statement, your personal data are regularly deleted as soon as we do not need them any more to meet our business interests, no statutory data retention obligations apply, or you withdrew your consent.

In general, you are neither contractually nor statutorily obliged to provide your personal data for the above purposes, however your decision to not provide your data may lead to negative consequences, such as reduced features and functionalities, the impossibility to use our information and services offered in this context, the denial of access to our services and/or exclusion from our business activities to the extent the processing of your personal data is key in these contexts.

We might share your personal data with third parties, such as financial institutions to process payments, lawyers and auditors, other Genea-entities, etc. to the extent required to meet our business goals. Please note that we ensure to enter into adequate data protection agreements with these parties to the extent legally required and in this context safeguard that these recipients agree on technical and organizational measures to protect your data adequately. However, Biomedx entities form a Group, and only process data for the interests detailed in Whereas (48) GDPR and thus its entities are not considered as external parties.
Should such data transfer involve the transmission of your personal data to external parties in countries outside the EU/EEA, and this country does not have an adequate level of data protection compared to the EU, we usually safeguard such level of data protection by entering into standard contractual clauses with any such recipients. This ensures that your data protection rights are protected. You may download a copy of these standard contractual clauses under the following URL: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

5. Your Data Protection Rights

Regarding the data processing in the European Union, you have the following data protection rights:

Right of access: You have the right to obtain information on the processing of your personal data and to receive a copy these data.
Right to rectification: You have the right to ask us to correct or complete your personal data to the extent they prove to be wrong and/or incomplete.
Right to erasure: Under certain circumstances, you have the right to ask us to delete your personal data.
Right to restriction of processing: You may also have the right to ask us to limit the processing of your personal data.
Right to data portability: You have the right to receive your personal data in a structured, common and machine-readable format and request that these data are transferred to another data controller.
Right to object: You have the right to object to the processing of your personal data by us, in particular if the processing of your personal data is based on (i) the necessity of the performance of a task in the public interest, or (ii) legitimate interests. We will then stop the processing of your personal data unless we remain legally authorized to do so.
Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority against the processing of your personal data if you believe that the processing of your personal data violates data protection regulations.

In case you granted us your consent to process your personal data, you may withdraw this consent with effect for the future. We will then stop the processing of your personal data, unless we have a legal permission to do so. Please note that your withdrawal has effect for future processing operations only and does not make data processing operations, which we executed before such withdrawal, unlawful.

To withdraw your consent, you may send an email to dpo@geneabiomedx.com. If you withdraw your consent, you may no longer be able to use the services affected by the withdrawal, but apart from that, you will not suffer any further disadvantages.
If you do not specify your withdrawal to a specific processing operation, we will assume that you withdraw your consent regarding all processing of your personal data that is based on your consent.

This Data Privacy Statement is up-to-date and dates from October 2021. We reserve the right to amend the data privacy declaration at any time with effect for the future, especially to adapt it to a further development of the website or the implementation of new technologies.