Privacy Notice

INVITA PRIVACY NOTICE

This privacy notice was last updated on June 28, 2022
The security and confidentiality of your personal data is very important to us. This privacy notice informs you about our collection and processing of your personal data as explained below.

 

Additional Notices:
InVita Healthcare Technologies Cookie Policy
InVita Healthcare Technologies Terms of Use

 

1. WHEN DOES THIS PRIVACY NOTICE APPLY?

 

1.1. This privacy notice applies when you, as a resident of the European Union, the United
Kingdom, Norway, Iceland or Liechtenstein, or as a representative of a company or organization
established in one of these countries:

• communicate with us by email, phone or any other digital communication channel;
• enter into an agreement with us or communicate with us in that context;
• use or visit our social media, such as LinkedIn, Indeed or Twitter;
• register for or participate in our events; or
• hand us your business card.

In each of these instances we will collect and use your personal data in the manner described
herein.

1.2. This privacy notice may be amended as set forth in Article 8 below.

 

2. WHO ARE WE?

 

2.1. “We”, “us” or “our” in this privacy notice refers to InVita Healthcare Technologies, Inc.:

Name:                                InVita Healthcare Technologies, Inc.
Address:                           180 West Ostend Street (Suite 267A), Baltimore MD 21230 (USA)
Company number:      T00480039 – Maryland Company Register
E-mail:                              info@invita.com
2.2. We are responsible for the collection and use of your personal data in the manner explained
in this privacy notice. If you have any questions about this, please contact us by e-mail
nate.kugler@invitahealth.com

 

3. WHICH PERSONAL DATA DO WE PROCESS AND WHY?

 

We will only process your personal data for specific purposes and to the extent permitted by law.
We further explain below in which cases we collect and use your personal data. If we do not receive
your personal data directly from you, we will also inform you on this below.
3.1. When you communicate with us
3.1.1. When you communicate with us via social media, our communication form online, telephone,
email or any other digital communication channel, we collect and use the following personal data:

• Identity and contact details you provide to us, the content of the communication, the technical
details of the communication itself (e.g., date and time) and, if applicable, the device you used.

For processing this data, we rely on our legitimate interest in being able to respond to requests,
questions or comments or to contact you proactively for questions of any kind.

• Identity and contact details on the business card you give us. This allows us to contact you
within the framework of our normal relationship management.
For processing this data, we rely on our legitimate interest building and maintaining a network of
contacts.

3.2. When you contract with us
3.2.1. When you enter into an agreement with us, we collect and use the following personal data:

• Identity and contact details provided by you in the context of an agreement, including you name,
e-mail, phone number and professional function. This information is required for us to be able to
engage in or fulfil our contractual obligations (including invoicing and relation management) and,
if you are a customer, to deliver our products or provide our services to the company you
represent. If you or your company is a potential customer, we may collect and process personal data
on you found in public and/or paying databases supplying us with such data.
For processing this data, we rely on our legitimate interest in being able to conclude and execute
agreements with our customers and/or suppliers.

• Your e-mail address and information about previous purchases if you are an existing customer and
you did not object to this processing. This personal data allows us to provide you with
newsletters, brochures or other electronic communications.
For processing this data, we rely on our legitimate interest to keep you and the company you
represent, as our customer, informed about our products and services and to maintain our customer
relationship.

3.3. When you use our social media
3.3.1. When you visit or use our social media, such as LinkedIn, Indeed or Twitter, we collect and
use the following personal data:

• When you send messages to us via social media, we collect your identity and contact information,
your message content and your message technical details (e.g., date and time). This enables us to
communicate. Please note that these messages are not public. However, if you post a comment or like
or post other data (e.g., photos) on our public social media, these data will be public.
For processing this data, we rely on our legitimate interest in being able to respond to requests,
questions or comments.

• Information publicly available on our social media, such as customer experiences or reactions to
our services.

For processing this data, we rely on our legitimate interest in tracking messages about our
services or about us as a company, or the industry in which we operate.

3.4. When you register for or participate in our events or trainings
3.4.1. When you register for or participate in our events, we collect and use the following
personal data:

• Identity and contact details you provided to us in connection with, where applicable, your
registration and participation in our events, such as your name, e-mail address, telephone number,
the company you work for or represent, your professional position and/or payment details. When
events are organized online, using videoconferencing application such as GoToMeeting or Microsoft
Teams, your username, computer’s IP address, MAC address and device name may additionally be
collected. This information is required for processing your registration and our preparation and
security of the event.
For processing this data, we rely on our agreement with you by your acceptance of the applicable
terms and conditions.

• Your feedback about the event in which you participated, your identity and contact details
provided to us in that regard, unless your feedback was anonymous.

For processing this data, we rely on our legitimate interest to be able to organize events that
lead to high interest and attendance rates or to promote our products and services.

3.5. When you apply for a job with us
3.5.1. When you apply for a job with us, we collect and use the following personal data:

• Identity and contact details (e.g., name, e-mail, address, phone numbers, etc.), information
that you include on your resume and cover letter, and any other personal data you have chosen to
include in the application.

For processing this data, we rely on the necessity to process your personal data in order to reach
a possible agreement with you. If we decide not to hire you, we base ourselves on your consent to
be included in our recruitment reserve.

3.6. In all of the above cases
3.6.1. For all personal data that we collect in the above circumstances, we would like to make it
clear that we will also process your personal data for the following purposes:

• To comply with our legal obligations or to comply with any reasonable request from competent
police authorities, judicial authorities, government institutions or bodies, including competent
data protection authorities.
For processing this data, we rely on our related legal obligation.

• To prevent, detect and combat fraud or other illegal or unauthorized activities.
For processing this data, we rely on our legitimate interest in keeping our website, services and
operations safe and secure.

• To defend ourselves in legal proceedings.
For processing this data, we rely on our legitimate interest in using your personal data in these
proceedings.

• To inform a third party in the context of a possible merger with, acquisition of/by or demerger
by that third party, even if that third party is located outside the EU.

For processing this data, we rely on our legitimate interest in entering into business
transactions.

 

4. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

 

4.1. We do not share your personal data with anyone other than persons who work for us, as well as
with suppliers who help us process your personal data for the purposes identified above. Anyone who
has access to your personal data will always be bound by strict legal or contractual obligations to
keep your personal data safe and confidential. This means that only the following categories of
recipients will receive your personal data:

• You;
• Your employer or business partners, but only when this is necessary for the purposes mentioned
above (e.g., when your employer is our supplier or customer);
• Our employees and suppliers; and
• Government or judicial authorities to the extent that we are obliged to share your personal data
with them (e.g., tax authorities, police or judicial authorities).

4.2. We may send and process your personal data outside the European Economic Area (EEA) (the
European Economic Area consists of the EU, Liechtenstein, Norway and Iceland). We will transfer
your personal data outside the EEA to communicate with the categories of recipients of your
personal data as defined in this Article 4. We will take adequate safeguards to protect your
personal data when we transfer your personal data, such as an adequacy decision or standard data
protection clauses adopted by the European Commission.

5. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

 

5.1. Your personal data will only be processed for as long as necessary to achieve the purposes
described above or, when we have asked you for your consent, until you withdraw your consent. As a
general rule, we will de-identify your personal data when it is no longer needed for the purposes
described above or when the retention period, as explained in this Article 5, has expired. However,
we cannot delete your personal data if there is a legal or regulatory obligation or a court or
administrative order preventing us from doing so.
5.2. All personal data we collect through our social media (such as LinkedIn, Indeed or Twitter)
is retained as long as necessary to protect the legitimate interests stated in clause 3.1. Messages
that you send to us via social media, your identity, contact details and technical details related
thereto, will be retained as long as necessary to handle and follow up your question, request,
comment or other input. We will not retain this data longer than five (5) years after your message,
after which it will be deleted or de-identified. If information about our products or services, our
company or our industry based on publicly available social media interactions contains personal
data, we will retain it for as long as necessary to protect our legitimate interest. We will not
retain this data longer than five (5) years after the collection of this information.
5.3. We will retain all personal data collected in connection with our events for as long as
necessary to protect the legitimate interests stated in clause 3.4. Identity and contact details in
the context of your registration for or participation in an event, will be retained until your
personal data are no longer necessary in this context. We consider this retention to be necessary
at least as long as you can take legal action in connection with the event in question. Your
feedback about a particular event and your identity and contact information to the extent you have
provided it to us, we will retain as long as necessary to process your feedback for future events.
We will not retain this data longer than two (2) years after the event in question.
5.4. We will retain all personal data we collect from you as part of your application for the
duration of the application process and, if we choose to employ you, for the entire duration of
your contract with us and up to ten (10) years upon termination of the contract. If we do not
choose to employ you, but we have invited you for an interview, we will retain your personal data
for five (5) years after the review process has ended. If you consent to the inclusion of your
personal data in our recruitment reserve, we will retain your personal data for five (5) years
after receipt of your personal data.
5.5. All personal data we collect through our interactions with you through social media,
telephone, email or other digital communication channels will be retained for as long as necessary
to communicate with you, but also to maintain a historical record of our communications. This
allows us to return to previous communications when you come back to us with new questions,
requests, comments or other input.
5.6. All personal data we collect when you give us your business card, is kept as long as you do
not ask us to delete your personal data.

6. HOW DO WE KEEP YOUR PERSONAL DATA SECURE?

 

6.1. The security and confidentiality of the personal data we process is very important to us.
That is why we have taken measures to ensure that all personal data processed is kept secure. These
measures include technical and organizational measures to protect our infrastructure, systems,
applications and processes. We have also taken other measures, such as taking internal policy
measures, limiting the processing to the personal data necessary for the fulfillment of the
purposes, minimizing the processing of personal data, taking backups of personal data and
periodically evaluating our security measures.

7. YOUR RIGHTS REGARDING YOUR PERSONAL DATA

 

7.1. You have the right to request access to all personal data processed by us insofar it pertains
to you. You can exercise this right by contacting us as set out below. We reserve the right to
refuse multiple requests for access that are clearly submitted for causing nuisance or harm to us
or others.
7.2. You have the right to ask that any personal data pertaining to you which are inaccurate, are
corrected free of charge. If a request for correction is submitted, such request must be
accompanied by proof of the flawed nature of the data for which correction is asked.

7.3. You have the right to request that personal data pertaining to you will be deleted if they
are no longer required in light of the purposes outlined above. However, you need to keep in mind
that a request for deletion will be evaluated by us against:
• our own or a third party’s overriding interests; or

• legal or regulatory obligations or administrative or judicial orders which may contradict such
deletion.

Instead of deletion you can also ask that we limit the processing of your personal data if and when
(a) you contest the accuracy of that data, (b) the processing is illegitimate or (c) the data are
no longer needed for the purposes which are outlined above, but you need them to defend yourself in
judicial proceedings.
7.4. You have the right to withdraw your consent that was earlier given for the processing of your
personal data at any time.
7.5. You have the right to object to the processing of personal data, unless we demonstrate
compelling legitimate grounds for the processing which override your interests, rights and freedoms
or for the establishment, exercise or defense of legal claims.
7.6. Where the purposes identified above rely on your consent or a (pre-)contractual obligation,
you have the right to receive from us, in a structured, commonly used and machine-readable format,
any personal data you have provided to us.
7.7. Each request addressed to us can be send via e-mail to nate.kugler@invitahealth.com
An e-mail requesting to exercise a right will not be construed as consent for the processing of
your personal data beyond what is required for handling your request. Such request should clearly
state and specify which right you wish to exercise and the reasons for it, if such is required. It
should also be dated and signed, and – in general – be accompanied by a digitally scanned copy of
your valid identity card proving your identity.
We will promptly inform you of having received this request. If the request proves valid, we will
notify you as soon as reasonably possible and at the latest thirty (30) days after having received
the request.
7.8. If you have a complaint about the processing of your personal data by us, you can always
contact us at the e-mail address mentioned in clause 7.8. If you are not satisfied with our
response, you may lodge a complaint with the competent data protection authority, being the data
protection authority of the country of your habitual place of residence, place of work or the place
of an alleged infringement.

8. CHANGES TO THIS PRIVACY NOTICE

 

8.1. We can change this privacy notice on our own initiative, at any time. If material changes to
this privacy notice may impact the processing of your personal data, we will communicate these
changes to you in a way that we normally communicate with you (e.g., via e-mail).
8.2. We invite you to read the latest version of this privacy notice on our website
at www.invitahealth.com/privacynotice. Our privacy notice states the date our privacy notice was
last changed.

9. DO YOU HAVE ANY QUESTIONS?

 

9.1. Should you have any further questions about the processing of your personal data, please do
not hesitate to contact
our data protection officer. You can contact our data protection officer by e-mail:
nate.kugler@invitahealth.com