At Biolegal, we care about privacy and protecting personal data. All personal data collected will be processed in compliance with applicable data protection legislation, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
Below is a description of how and why we collect, process and share personal data that is either provided to us or obtained by us, including the legal grounds for doing so and the rights of the data subjects.
What personal data do we collect and process?
We primarily collect and process basic information e.g. name and professional contact information, mainly company name, e-mail and telephone number, obtained either (a) directly from the person involved, e.g. clients, business partners or counterparties to clients, when contacting us via telephone, e-mail or via our web site, or (b) indirectly via LinkedIn and other sources. In providing our services we also receive information about other individuals without the information being provided directly by them.
Why do we collect and process personal data?
We process personal data in order to (a) communicate with the person involved when we perform our services, (b) fulfil our obligations towards our clients, (c) safeguard the interests of our clients, (d) administrate our professional relationships, (e) comply with our legal obligations, and (f) market and offer our services.
What are our legal grounds for processing personal data?
Generally, the underlying legal basis for processing personal data for our clients is execution of the agreement under which we perform the services, however, in relation to physical individuals e.g. clients' representatives, representatives and counsel of counterparties, etc., instead our processing is generally based on a balancing of interests where our assessment is that the legitimate interests to process certain personal data outweigh any opposing interests or fundamental rights and freedoms of the person whose personal data is being processed.
Any processing of personal data relating to suppliers or their representatives and other external parties is generally based on our legitimate interest of performing contractual obligations and administrating the business relationship.
Any processing of personal data for business development and marketing purposes is based on our legitimate interest of improving and marketing our business.
There may also be other grounds for the processing in connection with specific services that we perform.
Who has access to the personal data that we process?
As a main rule, we will not disclose personal data to anyone outside our company, except where (a) it has been agreed with the person involved, (b) it is required to protect the rights and interests of a client; (c) it is required in order to fulfil a statutory obligation or comply with a decision of a public authority or a court of law, or (d) we work with external service providers or business partners who support our business or perform services on our behalf, or (e) it is otherwise permitted by law. Specifically, we do not transfer personal data or make personal data available to third parties for their marketing or similar commercial purposes.
All personal data is protected by organizational and technical security measures in part provided by third-party IT-service providers that we use for handling our data which is generally stored and processed within the EU/EEA. Any transfers of personal data outside the EU/EEA are made in compliance with applicable data protection laws, either (a) to a third country, of which, the European Commission has decided that it ensures an adequate level of protection (transfer on the basis of an adequacy decision), or (b) to a third country that does not ensure an adequate level of protection according to the European Commission, in accordance with the Standard Contractual Clauses applicable from time to time.
In addition, in performing specific services, we may need to transfer personal data to third countries in which case we will ensure that we have consent from the person involved or that the transfer will be compliant with applicable data protection laws.
How long will we store personal data?
We retain personal data only as long as required given the context and purpose of the processing or as otherwise required or permitted by law.
What are the rights of data subjects?
According to applicable data protection laws, a data subject has the right (a) to know what personal data we process about them, (b) to request that we rectify or erase inaccurate or incomplete personal data about them, (c) to object to specific processing of personal data and to request that we restrict certain processing of their personal data, and (d) to receive the personal data that they have provided and have the data transferred to another party responsible for data processing.
If you have any questions or complaints about our processing of your personal data or wish to exercise any of your rights set out herein or according to law, please contact us by email at firstname.lastname@example.org or by post to the address below.
If you are dissatisfied with how we process your personal data, you may also report this to the supervisory authority for processing of personal data, the Swedish Data Inspection Board (Sw. Datainspektionen).
Who is responsible at Biolegal for the processing of personal data?
Biolegal AB, 559119-1175, Övre Slottsgatan 28A, 753 12 Uppsala, Sweden, ("Biolegal") is the personal data controller according to GDPR. This means that we are responsible for ensuring that all personal data is processed correctly and in accordance with applicable data protection laws.
Version and Updates