DIAsource attaches the outmost importance to the protection of personal data and the privacy of its Clients and any other persons who access its website.
The present personal data protection Policy (“Policy”) outlines which types of personal data relating to you DIAsource and its processors, if any, may process.
All operations on your personal data are carried out in observance of the applicable regulations, with particular reference to the Act of 8 December 1992 on personal privacy protection in relation to the processing of personal data, as amended, and to Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“Regulation”).
DIAsource conducts research and development activities, develops test kits for medical purposes and produces various test kits.
The aim of the present personal data protection Policy (hereinafter referred to as the “Policy”) is to inform the Data Subjects of the way in which their personal data are collected and processed by DIAsource.
SOME PRACTICAL DEFINITIONS
What are personal data?
‘Personal data’ means all information concerning an identified natural person or a natural person who is directly or indirectly identifiable by reference to an identification number or one or several elements specific to him.
What does the processing of personal data entail?
‘Processing’ means any operation or set of operations which is/are performed on personal data, whether or not by automated processes, such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
What is a controller?
A ‘controller’ means the natural or legal person, public authority, agency or other body who/which, alone or jointly with others, collects and processes personal data.
What is a recipient?
A ‘recipient’ means the natural or legal person, public authority, agency or other body who/which receives personal data that are disclosed, regardless of whether or not it is a third party.
What is an authorised third party?
An ‘authorised third party’ means a natural or legal person, public authority, agency or body who/which is placed under the direct authority of the controller or of the processor, which is authorised to process the personal data.
- Article 1: Who is the controller of your personal data?
- Article 2: For which purposes are your personal data collected by DIAsource?
- Article 3: Which personal data are processed by DIAsource?
- Article 4: To whom are the collected personal data transmitted?
- Article 5: How and for how long are your personal data stored?
- Article 6: Which rules apply in the event of links to websites and third party applications?
- Article 7: What is DIAsource’s policy on the collection and storage of personal data concerning minors under the age of 15?
- Article 8: How to exercise your rights?
Article 1: Who is the controller of your personal data?
- The party responsible for the processing of your personal data (i.e. the controller) is the company by the name of DIAsource, with registered office at 2 Rue du Bosquet in 1348 Louvain-la-Neuve, registered with the BCE (Central Cross-Reference Database for Businesses in Belgium) as company number 0457.934.723.
Article 2: For which purposes are your personal data collected by DIAsource?
In the context of the performance of a contract or to take steps prior to entering into a contract:
✓ The purchase of products and services;
✓ Payment of the products and services ordered;
✓ Access to a customer account enabling you to update personal information, and to consult or change the orders placed on the website;
✓ Building a customer database to follow up on and deliver services;
✓ Customer satisfaction surveys;
✓ Contacts by a customer account employee.
As part of the User’s or Client’s consent:
✓ Sending out newsletters, demands and personalised marketing messages geared to your preferences and your areas of interest, provided the Client ticks the purpose-provided box in which he expresses his acceptance when signing up to our Services;
✓ Management of quotes, surveys and polls among Users and Clients regarding our Services or the content of the website.
✓ Recommending products and the personalisation of the website interface
As part of the body’s legitimate interest to enable it to ensure the continuity of service delivery:
✓ To reply to enquiries.
Article 3: Which personal data are processed by DIAsource?
- Where data are collected, the Client shall be informed if certain data must be provided on an compulsory basis or whether they are optional. Failing the supply of the said data, access to and use of the services by the Client shall be impossible, with DIAsource unable to handle your requests or fill your orders. In all cases, DIAsource undertakes to process all data collected in compliance with applicable regulations, with particular reference to the Act of 8 December 1992 on personal privacy protection in relation to the processing of personal data, as amended, and to Regulation no. 2016/679.In addition, DIAsource may have cause to collect personal data for other purposes, for which it shall seek the prior consent of the Data Subjects.What are the personal data collected and used in the context of the creation and follow-up of the customer account on the website, the application or in the store?
In the context of the creation of a customer account and the follow-up of this account, DIAsource may collect the following data:
- Identity: surname, first name, address, telephone number (landline or mobile), fax number, e-mail address, date of birth, internal processing code which allows for the Client to be identified (this internal processing code is distinct from the registration number with the National Register of natural persons, the social security number or the bank card number);
- Contact details: the messages sent in across the website through the contact forms, any correspondence we might receive from the Client/user.
- Data concerning the commercial relationship: requests for documentation, trial applications, products or services purchased or account subscriptions taken out, quantities, amounts, frequency, delivery address, purchase history, products returned, origin of the sale (seller, agent) or of the order, correspondence exchanged with the Client and after-sales services;
- Data concerning the payment of bills </658: terms of payment, discounts granted, information concerning the credits taken out (amounts and duration, name of the financial institution), sums paid, receivables, reminders and balance amounts;
- Identity: surname, first name, address, telephone number (landline or mobile), fax number, e-mail address, date of birth, internal processing code which allows for the Client to be identified (this internal processing code may be distinct from the registration number with the National Register of natural persons, the social security number or the bank card number);
- Data concerning the payment methods </676: bank account or postal account number, transaction numbers, cheque number, bank card numbers;
Article 4: To whom are the collected personal data transmitted?
- DIAsource and its processors
The personal data collected are solely intended for DIAsource and its processors.
Where DIAsource were to assign the data processing activities to processors, the latter shall be selected based on the fact that they provide adequate assurances regarding their implementation of appropriate technical and organisational measures, particularly in terms of reliability and security measures.
The data may be transmitted to DIAsource’s commercial partners with the Client’s express and prior consent. The Client is free to withdraw his permission at any time.
- Data transferred to the authorities and/or government agencies
In compliance with the applicable regulation, the data may be transmitted to the competent authorities in response to their request, and particularly to the government agencies, solely in order to comply with the statutory obligations, and requests from the officers of the law, public officers and the bodies tasked with recovering debts.
- Data transferred abroad
No data shall be transferred outside of the European Union. However, where – in exceptional cases – data were to be transferred outside of the European Union, DIAsource undertakes to warrant performance by the processor or the co-contracting party to whom the data are transferred, of the obligation to comply with all Belgian and European privacy protection laws and regulations. In addition, DIAsource reserves the right to transmit your personal data in order to comply with its statutory obligations, particularly when it is forced to do so under a court order.
Article 5: How and for how long are your personal data stored?
- DIAsource keeps your personal data on record in a protected environment for the length of time necessary to accomplish the purposes for which they were collected or for the minimum retention period set out under applicable civil and commercial law. Certain personal data may be stored by DIAsource for longer periods of time solely for archiving purposes, in the public interest, for the purposes of scientific or historical research or for statistical purposes.The data are stored strictly for the length of time required for the management of the commercial relationship. The data processed with your consent as part of prospecting activities may not be stored for longer than 3 years after you last contacted us at your own impetus or in the context of you filing an objection.
Article 6: What is DIAsource’s policy on the collection and storage of personal data of minors?
- DIAsource neither collects nor stores personal data concerning minors without obtaining their permission and the verifiable consent of their parents, in the awareness that the holders of the parental authority over the minor are within their rights to request information concerning their child and to request for this information to be deleted.
Article 7: How to exercise your rights?
In compliance with Regulation (EU) 2016/679 on the protection of personal data, the Client has the following rights in respect of his data: right of access, right to rectification, right to erasure (‘right to be forgotten’), the right to object, the right to restriction of processing, the right to data portability, and the right not to be subjected to decisions based solely on automated processing. The Client may also have complementary rights under national law (e.g. defining instructions as to the retention, erasure and the communication of your personal data after your death).
For reasons to do with his specific situation, the Client also has the right to object to having his data processed.
To exercise these rights, the Client may directly contact DIAsource using the contact form on the website or by sending an email to firstname.lastname@example.org
- To stop receiving communications by e-mail or text message from DIAsource, the Client is also free to opt out at any time by clicking the unsubscribe link included in the e-mails and text messages received.Except where the Client were to fail to comply with the provisions set out above, the Client is within his rights to file a complaint with the DPA (Data Protection Authority).
Article 8: How does DIAsource protect your personal data?
- In light of the fast-paced developments in terms of technology, implementation costs, the nature of the data to be protected as well as the risks to the rights and freedoms of natural persons, DIAsource puts in place appropriate technical and organisational measures in order to ensure the confidentiality of the personal data collected and processed, and a level of security that is adapted to the risk.