Privacy Policy
Last updated: 28. oktoober 2020
This Privacy Policy (“Privacy Policy”) explains how information about you is collected, used and disclosed by Biptec and our affiliates (collectively “Biptec”, “we”, “us” or “our”) when you visit the Biptec website https://biptec.com, subdomains, and any associated web-based and mobile applications (collectively, the “Website”), as owned and operated by Biptec
1. Data Controller information. Overview information.
Biptec, with headquarters and address of management: Mustamäe tee 16, Tallinn 10617, Eesti. (“Biptec”) is a personal data Controller and is responsible for compliance with the provisions of the General Regulation on Protection (Regulation (EC) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC).
Personal data is any information relating to an identified or identifiable natural person.Biptec respects the privacy of the subjects from which it has received personal data and guarantees the fullest possible protection of personal data. The purpose of the present Privacy Policy is to inform you of what personal data we collect, how we use it, who we can share it with, what rights and decisions you have regarding the usage of your personal data, and how you can review and change it.
2. Legal grounds for processing. Processing Purposes. Principles.
Biptec only processes personal data if it is absolutely necessary. The purposes of processing and the legal grounds for doing so are the following:
- For performance of a contract or in the context of pre-contractual relationships (lawful grounds for processing under Article 6 (1) (b) of the General Data Protection Regulation);
- To implement statutory obligations applicable to Biptec (lawful grounds for processing under Article 6 (1) (b) “c” of the General Data Protection Regulation); and
- With the explicit consent of the subject to provide the data for one or more specific purposes (lawful grounds for processing pursuant to Article 6 (1) (a) and Article 7 of the General Data Protection Regulation). Marketing is part of the purposes for consent processing of data, including sending information about events, trainings, and publications.
- We may use your information where there is a legitimate reason to do so. For example, we may use your information where it would help achieve our business objectives or to facilitate a benefit to you or someone else.
- We only rely on legitimate interests if the reason for using your information is fair and lawful. Where we want to rely on legitimate interests as a legal basis, we will carry out a balancing test between our legitimate interests and your privacy rights.
When data processing is based on “explicit consent”, on the grounds of Article 6 (1) (a) and Article 7 of the General Data Protection Regulation, the provision of personal data for this purpose is optional. Lack of consent may result in Biptec not being able to respond to a request or an application.
Biptec as personal data Controller follows the following principles when processing your personal data:
- legality, acting in good faith and with transparency;
- limitation of processing purposes;
- relevance to processing purposes and minimization of data collection;
- accuracy and updates of the data;
- restriction of data storage in order to achieve the processing purposes;
- integrity and confidentiality of the processing, ensuring an adequate level of security of personal data.
3. Processing of personal data
Biptec as Controller executes the following operations and processes personal data for the following purposes:
- Creating an account and signing up for use of a service – the purpose of this operation is to identify the person in order to provide him / her with the service / order;
- Processing of payment for a service and accounting, if any – the purpose of this operation is to enable payment and bookkeeping;
- Individualized data (eg name, personal ID, address, e-mail, telephone, etc.) – for marketing purposes, incl. sending information about events, trainings, and publications;
- Collecting information on the type and duration of provided services – for marketing purposes, incl. sending information about events, trainings, and publications.
- Processing of data when necessary for the performance of contractual or pre-contractual obligations or in case such data is required by law;
- We use Cookies, in accordance with our Cookie Policy, which is available on the website, please click here;
- Event profile. If you are participating in a Biptec event, Biptec may post your photo to our site for the purpose of event publications.
When you visit our website and you are asked for personal information, you share and provide this information with Biptec.
4. Information We Collect
When you consent to use our Website, we collect information about you as you use the Website or as you provide it to us, including:
- Website activity, including data about your browsing activity on our Website, such as which pages you visit, links you click, and when;
- Technical information about the device or browser you use to access our Website, such as your device’s IP address, cookie string data and (in the case of mobile devices) your device type and mobile device’s unique identifier such as the Apple IDFA or Android Advertising ID;
- Personal data, if you choose to provide via a form submission: your name, email address, place of business, job title, or phone number;
- Customer service information you may provide to Biptec representatives including survey responses, email messages, or phone conversations.
5. Recipients and categories of recipients of personal data
Biptec provides personal data to persons outside the European Union only with the explicit consent of the data submitter and an adequately high level of protection of personal data, by requiring contractual provisions or other instruments to ensure high protection of such data. All personal data collected on our website may be stored and processed in the United States if you have provided us with your consent.
6. Retention period
The received personal data is stored and processed for the following terms:
- For a period of 5 years – when personal data is received for the purposes of performance of contracts or pre-contractual relationships. The 5-year period starts from the latter of the two dates: the date of correspondence on the possible conclusion of the contract or the date of execution of the contract;
- For the relevant statutory period – if the personal data is collected and processed on the basis of the fulfillment of a statutory obligation by Biptec;
- For 3 (three) years – when personal data is received for marketing purposes, incl. information about events, trainings and publications or for job applicants if they have provided us with an explicit consent.
7. Data security
Biptec uses technical and organizational security measures to provide the most comprehensive protection of personal data from unwanted access. Along with providing safe work environment, we use an encryption procedure in some areas to prevent misuse of data by third parties. Our data security is in accordance the present day technology. We make every reasonable effort to protect your personal information.
Personal data is stored in the HubSpot CRM, which is TRUSTe certified for Enterprise Privacy (https://privacy.truste.com/privacy-seal/HubSpot-Inc-/validation?rid=edeef904-c1be-4bf2-9593-e668b3295b73) and complies with the EU-U.S. Privacy Shield framework (https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG). Biptec also uses Google’s Universal Analytics tracking on our Website. Learn more about how Google handles your data here (https://www.google.com/policies/privacy/partners/).
8. Rights of data subjects
8.1 Right to information
You may at any time request from us information about your personal data that we store and process, as well as about the origin, recipients or categories of recipients to whom we transmitted it and the purpose of processing it.
8.2 Right of Withdrawal
If you have provided us with your consent to process your data, you can withdraw it at any time without giving any reasons.
8.3 Correction rights
If your personal data processed by Biptec is incorrect, you can ask us to correct it at any time.
8.4 Erasure and blocking rights
You have the right to delete and block your personal data that Biptec processes. Deleting can be done at any time by contacting us. In general, your data will be deleted immediately, at the latest 30 days after exercising this right as a data subject. If deletion is contrary to legal, contractual, criminal or commercial law, or other legitimate reasons, instead of deletion, only blocking of your data may take place. After deleting your data, it is no longer possible for us to recover it.
8.5 Right to data portability
If you require us to provide you with your personal data, we will transfer the data to you or another controller in a structured, widely used and machine-readable format. We will only transfer the data directly if it is technically feasible.
8.6 Right of objection
You have the right at any time and without giving any reason to object to our processing of your data, including if we processes it for the purposes of marketing or application for a job position.
8.7 Advanced rights in automated data processing, including profiling
Biptec does not perform automated data processing including profiling. Notwithstanding the above, with respect to automated data processing including profiling, you have the additional right to request human intervention from the Controller, the right to challenge the decision and the right to express your point of view.
8.8 Contact (for the exercise of your rights as a data subject)
When contacting us by e-mail at privacy@biptec.com or by mail at: Mustamäe tee 16, Tallinn 10617, Eesti Attn: Legal Department, the reported data (including e-mail address, name and telephone number, if any) are stored by us in order to respond to your questions and respond to your case. We will delete the retained data as soon as the storage is no longer necessary or will restrict its processing if there are statutory obligations.
8.9 Right of Complaint
You are entitled to file a complaint against the processing of personal data before the competent control body if you believe that your personal data protection rights have been violated.
9. Use of Biptec’s website by children
We do not intend our Web sites or online services to be used by anybody under the age of 18. If you are a parent or guardian and you think we may have collected information about a child, please contact us at privacy@biptec.com.
10. Competent supervisory authority
The competent supervisory body is the Commission for Personal Data Protection, Sofia 1592, “Prof. 2 Tzvetan Lazarov Blvd., Internet address www.cpdp.bg, tel. 02 915 3 518
11. Sharing Your Information
We may share your information as follows or as otherwise described in this Privacy Policy:
- In response to legal process;
- In order to investigate or remedy potential violations of our user agreements or policies, or to protect the rights, property and safety of Biptec, our users or others;
- With our subsidiaries and related companies;
- In connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business to another company;
- With your consent or at your direction.
We may also share aggregated or de-identified information, which cannot reasonably be used to identify you.
12. Your Access and Control Over Your Information
You can opt-out of receiving targeted ads served by our advertising partners:
- Our personalized advertisements are served via AdRoll, a member of the Network Advertising Initiative (NAI) and adheres to the NAI Codes of Conduct. You may use the NAI opt out tool here (http://optout.networkadvertising.org/), which will allow you to opt out of seeing targeted ads from all NAI approved member companies.
- AdRoll also complies with the Self-Regulatory Principles for Online Behavioral Advertising as managed by the Digital Advertising Alliance (DAA). You may opt out of receiving targeted ads from other companies that perform ad targeting services, including some that we may work with as Advertising Partners via the DAA website here (http://optout.aboutads.info).
- Canadian citizens may opt out of receiving targeted ads from companies that perform ad targeting services, including some that we may work with as Advertising Partners via the the Digital Advertising Alliance of Canada (DAAC) website here (http://youradchoices.ca/choices/).
- If you are located in the European Economic Area you may opt out of online advertising via the European Interactive Advertising Digital Alliance (EDAA Your Online Choices website here (http://www.youronlinechoices.com/).
- If you are located in the European Economic Area you may also have the right to access, correct or update some of the information we hold about you. You can also request that we delete your information. If you wish to exercise any of these rights, please contact us at privacy@biptec.com.
- You may opt out of Google Analytics tracking by visiting this website:https://tools.google.com/dlpage/gaoptout/
- You may also request that we stop emailing you by clicking on the “unsubscribe link” or “email preferences link” in our marketing emails or by contacting privacy@biptec.com.
13. Links to Other Websites
Our Website may contain links to third party websites. These links are provided solely as a convenience to you. By linking to these websites, we do not create or have an affiliation with, or sponsor such third party websites. The inclusion of links within our Website does not constitute any endorsement, guarantee, warranty, or recommendation of such third party websites. Biptec has no control over the legal documents and privacy practices of third party websites; as such, you access any such third party websites at your own risk.
14. Amendments to this Privacy Policy
We may change this Privacy Policy from time to time. If we decide to make changes to this Privacy Policy, we will update the Privacy Policy date at the top of the policy, and post the amended Privacy Policy. You are advised to consult this Privacy Policy regularly for any changes, as continued use is deemed approval of all changes.
15. General Terms
Our Legal Terms shall be treated as though it were executed and performed in that State of Minnesota, USA, and shall be governed by and construed in accordance with the laws of the State of Minnesota, USA, without regard to conflict of law principles. In addition, you agree to submit to the personal jurisdiction and venue of such courts. Any cause of action by you with respect to our Website, must be instituted within one (1) year after the cause of action arose or be forever waived and barred. Should any part of our Privacy Policy be held invalid or unenforceable, that portion shall be construed consistent with applicable law and the remaining portions shall remain in full force and effect. To the extent that any Content in our Website conflicts or is inconsistent with our Privacy Policy, our Privacy Policy shall take precedence. The rights of Biptec under our Legal Terms shall survive the termination of our Legal Terms.
Contact
If you have questions about this Privacy Policy, please contact Biptec at privacy@biptec.com, or write to us at: Biptec OÜ, Mustamäe tee 16, Tallinn 10617, Eesti. Attn: Legal Department.