INVITA PRIVACY NOTICE
This privacy notice was last updated on January 12th, 2023
The security and confidentiality of your personal data is very important to us. This privacy notice informs you about our collection and processing of your personal data as explained below.
- When does this privacy notice apply?
- This privacy notice applies when you, as a resident of the European Union, the United Kingdom, Norway, Iceland or Liechtenstein, or as a representative of a company or organization established in one of these countries:
- communicate with us by email, phone or any other digital communication channel;
- enter into an agreement with us or communicate with us in that context;
- use or visit our social media, such as LinkedIn, Indeed or Twitter;
- register for or participate in our events; or
- hand us your business card.
In each of these instances we will collect and use your personal data in the manner described herein.
- This privacy notice may be amended as set forth in Article 8 below.
- Who are we?
- “We”, “us” or “our” in this privacy notice refers to InVita Healthcare Technologies, Inc.:
InVita Healthcare Technologies, Inc.
180 West Ostend Street (Suite 267A), Baltimore MD 21230 (USA)
T00480039 – Maryland Company Register
- We are responsible for the collection and use of your personal data in the manner explained in this privacy notice. If you have any questions about this, please contact us by e-mail ([firstname.lastname@example.org).
- Which personal data do we process and why?
We will only process your personal data for specific purposes and to the extent permitted by law. We further explain below in which cases we collect and use your personal data. If we do not receive your personal data directly from you, we will also inform you on this below.
- When you communicate with us
- When you communicate with us via social media, our communication form online, telephone, email or any other digital communication channel, we collect and use the following personal data:
- When you communicate with us
- Identity and contact details you provide to us, the content of the communication, the technical details of the communication itself (e.g., date and time) and, if applicable, the device you used.
For processing this data, we rely on our legitimate interest in being able to respond to requests, questions or comments or to contact you proactively for questions of any kind.
- Identity and contact details on the business card you give us. This allows us to contact you within the framework of our normal relationship management.
For processing this data, we rely on our legitimate interest building and maintaining a network of contacts.
- When you contract with us
- When you enter into an agreement with us, we collect and use the following personal data:
- When you contract with us
- Identity and contact details provided by you in the context of an agreement, including you name, e-mail, phone number and professional function. This information is required for us to be able to engage in or fulfil our contractual obligations (including invoicing and relation management) and, if you are a customer, to deliver our products or provide our services to the company you represent. If you or your company is a potential customer, we may collect and process personal data on you found in public and/or paying databases supplying us with such data.
For processing this data, we rely on our legitimate interest in being able to conclude and execute agreements with our customers and/or suppliers.
- Your e-mail address and information about previous purchases if you are an existing customer and you did not object to this processing. This personal data allows us to provide you with newsletters, brochures or other electronic communications.
For processing this data, we rely on our legitimate interest to keep you and the company you represent, as our customer, informed about our products and services and to maintain our customer relationship.
- When you send messages to us via social media, we collect your identity and contact information, your message content and your message technical details (e.g., date and time). This enables us to communicate. Please note that these messages are not public. However, if you post a comment or like or post other data (e.g., photos) on our public social media, these data will be public.
For processing this data, we rely on our legitimate interest in being able to respond to requests, questions or comments.
- Information publicly available on our social media, such as customer experiences or reactions to our services.
For processing this data, we rely on our legitimate interest in tracking messages about our services or about us as a company, or the industry in which we operate.
- When you register for or participate in our events or trainings
- When you register for or participate in our events, we collect and use the following personal data:
- When you register for or participate in our events or trainings
- Identity and contact details you provided to us in connection with, where applicable, your registration and participation in our events, such as your name, e-mail address, telephone number, the company you work for or represent, your professional position and/or payment details. When events are organized online, using videoconferencing application such as GoToMeeting or Microsoft Teams, your username, computer’s IP address, MAC address and device name may additionally be collected. This information is required for processing your registration and our preparation and security of the event.
For processing this data, we rely on our agreement with you by your acceptance of the applicable terms and conditions.
- Your feedback about the event in which you participated, your identity and contact details provided to us in that regard, unless your feedback was anonymous.
For processing this data, we rely on our legitimate interest to be able to organize events that lead to high interest and attendance rates or to promote our products and services.
3.5. When you apply for a job with us
- When you apply for a job with us, we collect and use the following personal data:
- Identity and contact details (e.g., name, e-mail, address, phone numbers, etc.), information that you include on your resume and cover letter, and any other personal data you have chosen to include in the application.
For processing this data, we rely on the necessity to process your personal data in order to reach a possible agreement with you. If we decide not to hire you, we base ourselves on your consent to be included in our recruitment reserve.
- In all of the above cases
- For all personal data that we collect in the above circumstances, we would like to make it clear that we will also process your personal data for the following purposes:
- In all of the above cases
- To comply with our legal obligations or to comply with any reasonable request from competent police authorities, judicial authorities, government institutions or bodies, including competent data protection authorities.
For processing this data, we rely on our related legal obligation.
- To prevent, detect and combat fraud or other illegal or unauthorized activities.
For processing this data, we rely on our legitimate interest in keeping our website, services and operations safe and secure.
- To defend ourselves in legal proceedings.
For processing this data, we rely on our legitimate interest in using your personal data in these proceedings.
- To inform a third party in the context of a possible merger with, acquisition of/by or demerger by that third party, even if that third party is located outside the EU.
For processing this data, we rely on our legitimate interest in entering into business transactions.
- With whom do we share your personal data?
- We do not share your personal data with anyone other than persons who work for us, as well as with suppliers who help us process your personal data for the purposes identified above. Anyone who has access to your personal data will always be bound by strict legal or contractual obligations to keep your personal data safe and confidential. This means that only the following categories of recipients will receive your personal data:
- Your employer or business partners, but only when this is necessary for the purposes mentioned above (e.g., when your employer is our supplier or customer);
- Our employees and suppliers; and
- Government or judicial authorities to the extent that we are obliged to share your personal data with them (e.g., tax authorities, police or judicial authorities).
- We may send and process your personal data outside the European Economic Area (EEA) (the European Economic Area consists of the EU, Liechtenstein, Norway and Iceland). We will transfer your personal data outside the EEA to communicate with the categories of recipients of your personal data as defined in this Article 4. We will take adequate safeguards to protect your personal data when we transfer your personal data, such as an adequacy decision or standard data protection clauses adopted by the European Commission.
- How long do we keep your personal data?
- Your personal data will only be processed for as long as necessary to achieve the purposes described above or, when we have asked you for your consent, until you withdraw your consent. As a general rule, we will de-identify your personal data when it is no longer needed for the purposes described above or when the retention period, as explained in this Article 5, has expired. However, we cannot delete your personal data if there is a legal or regulatory obligation or a court or administrative order preventing us from doing so.
- All personal data we collect through our social media (such as LinkedIn, Indeed or Twitter) is retained as long as necessary to protect the legitimate interests stated in clause 3.1. Messages that you send to us via social media, your identity, contact details and technical details related thereto, will be retained as long as necessary to handle and follow up your question, request, comment or other input. We will not retain this data longer than five (5) years after your message, after which it will be deleted or de-identified. If information about our products or services, our company or our industry based on publicly available social media interactions contains personal data, we will retain it for as long as necessary to protect our legitimate interest. We will not retain this data longer than five (5) years after the collection of this information.
- We will retain all personal data collected in connection with our events for as long as necessary to protect the legitimate interests stated in clause 3.4. Identity and contact details in the context of your registration for or participation in an event, will be retained until your personal data are no longer necessary in this context. We consider this retention to be necessary at least as long as you can take legal action in connection with the event in question. Your feedback about a particular event and your identity and contact information to the extent you have provided it to us, we will retain as long as necessary to process your feedback for future events. We will not retain this data longer than two (2) years after the event in question.
- We will retain all personal data we collect from you as part of your application for the duration of the application process and, if we choose to employ you, for the entire duration of your contract with us and up to ten (10) years upon termination of the contract. If we do not choose to employ you, but we have invited you for an interview, we will retain your personal data for five (5) years after the review process has ended. If you consent to the inclusion of your personal data in our recruitment reserve, we will retain your personal data for five (5) years after receipt of your personal data.
- All personal data we collect through our interactions with you through social media, telephone, email or other digital communication channels will be retained for as long as necessary to communicate with you, but also to maintain a historical record of our communications. This allows us to return to previous communications when you come back to us with new questions, requests, comments or other input.
- All personal data we collect when you give us your business card, is kept as long as you do not ask us to delete your personal data.
- How do we keep your personal data secure?
- The security and confidentiality of the personal data we process is very important to us. That is why we have taken measures to ensure that all personal data processed is kept secure. These measures include technical and organizational measures to protect our infrastructure, systems, applications and processes. We have also taken other measures, such as taking internal policy measures, limiting the processing to the personal data necessary for the fulfillment of the purposes, minimizing the processing of personal data, taking backups of personal data and periodically evaluating our security measures.
- Your rights regarding your personal data
- You have the right to request access to all personal data processed by us insofar it pertains to you. You can exercise this right by contacting us as set out below. We reserve the right to refuse multiple requests for access that are clearly submitted for causing nuisance or harm to us or others.
- You have the right to ask that any personal data pertaining to you which are inaccurate, are corrected free of charge. If a request for correction is submitted, such request must be accompanied by proof of the flawed nature of the data for which correction is asked.
- You have the right to request that personal data pertaining to you will be deleted if they are no longer required in light of the purposes outlined above. However, you need to keep in mind that a request for deletion will be evaluated by us against:
- our own or a third party’s overriding interests; or
- legal or regulatory obligations or administrative or judicial orders which may contradict such deletion.
Instead of deletion you can also ask that we limit the processing of your personal data if and when (a) you contest the accuracy of that data, (b) the processing is illegitimate or (c) the data are no longer needed for the purposes which are outlined above, but you need them to defend yourself in judicial proceedings.
- You have the right to withdraw your consent that was earlier given for the processing of your personal data at any time.
- You have the right to object to the processing of personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
- Where the purposes identified above rely on your consent or a (pre-)contractual obligation, you have the right to receive from us, in a structured, commonly used and machine-readable format, any personal data you have provided to us.
- Each request addressed to us can be send via e-mail to email@example.com.
An e-mail requesting to exercise a right will not be construed as consent for the processing of your personal data beyond what is required for handling your request. Such request should clearly state and specify which right you wish to exercise and the reasons for it, if such is required. It should also be dated and signed, and – in general – be accompanied by a digitally scanned copy of your valid identity card proving your identity.
We will promptly inform you of having received this request. If the request proves valid, we will notify you as soon as reasonably possible and at the latest thirty (30) days after having received the request.
- If you have a complaint about the processing of your personal data by us, you can always contact us at the e-mail address mentioned in clause 7.8. If you are not satisfied with our response, you may lodge a complaint with the competent data protection authority, being the data protection authority of the country of your habitual place of residence, place of work or the place of an alleged infringement.
- Changes to this privacy notice
- We can change this privacy notice on our own initiative, at any time. If material changes to this privacy notice may impact the processing of your personal data, we will communicate these changes to you in a way that we normally communicate with you (e.g., via e-mail).
- We invite you to read the latest version of this privacy notice on our website (www.invitahealth.com/privacynotice). Our privacy notice states the date our privacy notice was last changed.
- Do you have any questions?
- Should you have any further questions about the processing of your personal data, please do not hesitate to contact our data protection officer. You can contact our data protection officer by e-mail: firstname.lastname@example.org.