Data privacy policy

DATA PRIVACY POLICY

UNICLE BIOMEDICAL DATA SCIENCE BV

Version January, 2023

 

  1. Identity of the data controller

UNICLE BIOMEDICAL DATA SCIENCE BV, a private limited liability company under Belgian law, with registered offices at Kapeldreef 60, 3001 Leuven, Belgium (Legal Entities Register (RPR) of Leuven) and company number 0770.950.357 (hereinafter referred to as “UNICLE”, “we” or “us”), acts as the data controller for the processing of your personal data.

This general privacy policy (hereafter “Privacy Policy”) contains essential information on how UNICLE, as the data controller, collects and processes your personal data, including for what purposes, for how long, and what your rights as a data subject are. The Privacy Policy applies to all websites connected to UNICLE, such as unicle.com, but also all websites that can be identified by the following composition: www.(…).content.unicle.com or other domains (e.g. www.unicle.be, .life, .bio)

If you have any questions after carefully reading this Privacy Policy, please do not hesitate to contact us using the contact details in section 8 below.

 

  1. Applicable legislation

UNICLE undertakes to process and protect your personal data in accordance with the applicable legislation on the protection of personal data, in particular Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), as well as national or international laws or regulations that introduce or supplement the General Data Protection Regulation and any applicable data protection legislation.

For the purposes of this statement, terms such as “personal data”, “data controller”, “processing”, and “data subject” have the meaning given to them in the applicable legislation on the protection of personal data.

 

  1. Processing of personal data

We may process personal data for various activities and purposes,  which are described below;

3.1 Contact form or correspondence
By completing the contact form on the website, you consent to UNICLE processing your name, email address, function, company position and your inquiry or message. If you contact us directly (by email, phone or letter), we will process your contact information and the content of this correspondence. We only use this information to adequately handle your question or message.

3.2 Internal and external communications
When sending out internal and external communications, UNICLE processes your name, first name, email address and company if you are external. UNICLE collects this personal data based on your consent and for the purpose of sending you relevant information and keeping you informed about our latest developments at UNICLE. Justified interest can also be used as a legal basis if the conditions of the applicable legislation are met.

Our internal and external communications also include so-called “tracking pixels”. A tracking pixel is a thumbnail image that allows statistical analysis of the impact of a marketing campaign, e.g. to check whether the email containing the internal/external communication has been opened. The personal data collected via these pixels are stored and analyzed with the aim of optimizing the form and content of the communication and better tailoring the content to your interests in the future.

3.3 Sales and marketing
UNICLE may use your name and contact information for direct marketing campaigns to inform you about promotions related to the products and services UNICLE provides, and to contact potential future customers. We may also use the data to make targeted offers. We will send these communications or place the advertisements based on UNICLE’s legitimate interest if we perceive that you are interested in, or could benefit from, our services or products.

3.4 Survey / feedback
Based on the legitimate interest of UNICLE, we may use your contact information and feedback information to assess, evaluate and improve the services offered. For this purpose, we may send questionnaires or customer surveys, or ask you to complete our customer feedback form.

3.5 Social media plug-ins
UNICLE may use your name and contact information for direct marketing campaigns to inform you about promotions related to the products and services UNICLE provides, and to contact potential future customers. We may also use the data to make targeted offers.

3.6 Events
In the context of events, we collect and use your name, first name, gender, address, email address, phone number, function, company and address for general administration and organizational purposes, e.g. promotional pre-, during and post-communication, as we need your data for planning and logistics, to invoice you, to provide you with customer service in connection with the event, and the general administration of your attendance at the event (e.g. compiling participant lists). The legal basis we use for this is necessity for the formation or performance of a contract.

At events, footage might be taken that can be used to promote our services and to promote future events on our website, social media channels and in marketing materials. You will be notified if we plan to photograph/film an event, for example in the invitation and on signs at the event entrance. The legal basis used for this is legitimate interest. You can always express your right to object to the use of the visual material for the above purposes.

3.7 Applications
UNICLE processes applicants’ CV, name, first name, position, motivation, personality traits, salary expectations, job progression, date of birth, nationality, work experience, references and publications as part of recruitment procedures. We strongly encourage you not to include sensitive personal data in your motivation or CV when applying for a job with UNICLE. This data will be processed based on your consent.

If you are not considered for a position and we are not interested in including your profile in our recruitment reserve, we guarantee that your personal data will be deleted no later than 4 weeks after the completion of the recruitment procedure.

If we are interested in including you in our recruitment reserve, we will ask for your consent to do so which will remain valid for 1 year.

If you are hired, we will keep your personal data for as long as it is necessary in function of the employment.

3.8 Optimizing the website
Based on our legitimate interest to optimize our website, UNICLE may analyze your behavior on the website (e.g. clicks, time spent on the website, browser type, etc.). If consent is required for this activity, we will ask for it before starting this activity.

3.9 Management of relationships with suppliers and customers
To manage our relationships with customers and suppliers, UNICLE processes name, first name, email address, phone number, bank account number, deposits, direct debit and VAT numbers. We process these personal data in order to execute or conclude a contract. These data are kept for 10 years after the next year end after the last assignment.

3.10 Social media plug-ins
UNICLE organizes education and training courses for customers, employees and external parties. For this purpose, we may process your name, first name, email address, phone number, job title, center, university, department and nationality. These personal data are processed because it is necessary for the execution of a contract with the participants.

3.11 UniApp and Unicle system login
UNICLE platforms (including UniApp) require login details. In order to set-up an account, we may process your name, organization, email address, subscription type and phone number. These personal data are processed because it is necessary for the execution of the services. When applicable, a two-factor authentication procedure requires a phone number or email address as a second form of authentication, which are processed by the 2FA service party and not stored on UNICLE servers.

  1. With whom will your data be shared?

Your personal data may be shared in the following cases:

  • Between the different offices of UNICLE, in case this transfer is required for the provision of our products or services in accordance with the predetermined purpose.
  • Personal data may be shared with external service providers to which UNICLE has outsourced certain processing activities (e.g. linance, HR, legal). In any case, they are limited to processing your personal data in accordance with our instructions and, if necessary, a processing agreement will be concluded so that they are obliged to comply with all obligations required by applicable data protection laws.
  • Personal data may be shared with partners with whom we collaborate to organize an event.
  • If required by applicable laws or regulations.

When your data is transferred outside the European Economic Area to a third country that does not benefit from an adequacy decision by the European Commission, we guarantee that we will implement appropriate safeguards to secure this international transfer, such as entering into Standard Contractual Clauses with the contracting party in the third country in question. UNICLE also examines for each international transfer whether additional technical, organizational or contractual safeguards must be implemented in addition to the Standard Contractual Clauses in order to achieve an adequate level of data protection.

 

  1. For how long will your data be kept?

UNICLE retains your personal data for no longer than is strictly necessary for the fulfillment of the purposes for which we have collected the data, for example for the performance of a contract or to comply with a legal obligation. Retention periods differ with respect to the type of processing activity and the purpose for which the personal data was collected. For example, personal data may be kept longer if there is a legal or regulatory reason to do so, or shorter if the data subject objects to the processing of his/her personal data and if there is no longer a legitimate reason for us to keep them.

We guarantee that we will only provide limited access to archived data and that we will delete or anonymize your personal data when the retention period has expired.

 

  1. Your rights

In accordance with the provisions of the GDPR, you may exercise the following rights:

6.1 Right to information
You have the right to be informed about how your personal data are processed (in particular what personal data are processed, for what purposes and on what legal basis). The Privacy Statement you are reading now aims to do exactly this.

6.2 Right to access
You have the right to access your personal data and request a copy of the personal data.

6.3 Right to rectification
You have the right to have incorrect personal data corrected, or incomplete personal data completed.

6.4 Right to deletion
You can request the erasure of personal data held about you. The request to erase your personal data cannot always be granted, for example due to contractual or legal obligations.

6.5 Right to object
You have the right to object to the processing of your personal data, e.g. if the processing is carried out on the grounds of legitimate interest or the public interest of UNICLE processing your data. If your personal data is used for direct marketing purposes, you have an absolute right to object to this processing activity.

6.6 Right to restrict
You have the right to obtain restriction of processing in certain situations, for example if you dispute the accuracy of personal data, for a period of time that allows UNICLE to verify the accuracy.

6.7 Right to data portability
You have the right to receive personal data concerning you, processed by UNICLE, in a structured, commonly used and machine-readable format and/or to transfer such data to another controller.

6.8 Right to file a complaint
In case of problems, we encourage you to contact UNICLE to reach an amicable agreement. However, if you consider that an amicable settlement is not possible or desirable, you may exercise your right to file a complaint with the Belgian Data Protection Authority

If handling your request requires unreasonable measures (e.g. it is technically or organisationally virtually impossible or extremely costly), UNICLE may charge you a reasonable fee in light of the administrative costs involved in handling the request. We may also refuse to process requests that are excessive, in particular due to their repetitive nature.

You may exercise these rights by sending an email to our Data Protection Officer (“DPO”) at the following email address privacy@unicle.com.  We will handle your request in accordance with applicable privacy laws.

 

  1. Security

We have implemented technical and organizational security measures to prevent the destruction, loss, forgery, alteration, unauthorized access or disclosure of your personal data to third parties and any other unauthorized processing of such data. Additionally, we have made effort to ensure the confidentiality, integrity and availability of the information systems and services in which personal data are processed. All our employees and third parties engaged by us are obliged to respect the privacy and security of your data.

 

  1. Contact details

If you have any questions regarding this Privacy Policy, please contact us at privacy@unicle.com for further assistance.