1. Data controller
Your personal data are processed by Exphar SA, with registered office at Avenue Thomas Edison 105, 1402 Thines, Belgium, and registered with the Crossroads Bank for Enterprises under the company number 0421.802.718 (RPM Brabant Wallon).
2. Types of personal data we process
2.1. Whenever you use our website, we collect:
- Technical information associated with the device you use, such as device type, screen resolution, operating system name and version, internet browser type and version, system language and location;
- Technical identifiers that identify the device you use, such as IP address, IDFA (identifier for advertisers), MAC address, and other unique identifiers;
- Information concerning your browsing behavior and engagement information, such as how long you visit, what links you click on, what pages you visit, how many times you visit a page and how long it takes for you to come back.
2.2. When you contact us via email, phone, or any other way, we collect the information you provide us with. In most cases this is:
- Your contact information, such as your name, email address, phone number and postal address;
- Your professional characteristics, such as your organization or function;
- The content of your communication and the technical details of this communication, such as with whom you correspond at our end, and the date and time;
- Publicly available information about you;
- Any other personal data you choose to provide to us.
3. Purposes for which we process your personal data
3.1. We process your personal data in order to enable your access to our website, to deliver the content of our website correctly, to provide the functionality of our website, to provide relevant customer service, to respond to your inquiries, to fulfil your requests and to send you alerts about our services.
3.2. We also process your personal data to send you newsletters or invitations to events.
3.3. We process your personal data, including the data described in 2.1, to perform statistical analyses, such as calculating service usage levels, diagnosing server problems, and administering the website, to improve our website in general and to ensure the long-term functionality of our information technology systems and our website.
3.5. We may process your personal data for audits and to otherwise verify that our internal processes function as intended and are in compliance with applicable laws and/or regulatory requirements and/or contractual obligations to which we are subject.
3.6. We may process your personal data for informing any third party in the context of corporate operations (such as a possible merger or any other form of reorganization).
3.7. We may use your personal data to comply with our legal obligations (such as pharmacovigilance obligations).
3.8. We process your personal data to comply with any reasonable request from competent law enforcement agents or representatives, judicial authorities, governmental agencies or bodies, including competent data protection authorities. In the same way we may share your personal data upon our own initiative with the police or judicial authorities as evidence or if there are justified suspicions of an unlawful act or crime committed by you through your use of our website or any other interaction with us.
4. Legal basis for processing your personal data
4.1. We process your personal data to provide you the service you requested as set out in clause 3.1, as far as this is necessary for performing an agreement between us. This includes sending you communications and updates about services you requested and messages to follow up on your customer service queries.
4.2. Where required, we will obtain your consent in order to send you relevant marketing communications to keep you up to date about our current and future activities. We may process your personal data to send you communications based on our legitimate interest to stay in touch with you, where your consent is not legally required. In both cases, you will of course have the option to opt-out from future communications.
4.3. The processing of your personal data for the purposes outlined in clauses 3.3, 3.4, 3.5 and 3.6 is necessary for the purpose of our legitimate interests, which are:
- Continuous improvements of our website, activities and other work to ensure that you have the best experience possible;
- Keeping our assets and business, including our website, safe from misuse and illegal activity and the enforcement of our policies;
- Marketing and promotion of our products, services, and overall successful roll-out of our products and services;
- Conducting our business in good faith, including any form of reorganization of our company.
4.4. The processing of your personal data for the purposes outlined in clause 3.7 and 3.8 is necessary to allow us to comply with our legal obligations.
5. Recipients of your personal data and data transfers
5.1. You understand that if you use our website or otherwise interact with us, your personal data is also processed by third parties (“processors”) that process your data on our behalf. For example, we rely on third parties to safely store your personal data. Moreover, we rely on third parties to follow certain of your actions on our website in order to better understand how our website is used. Our processors are only allowed to process your personal data on behalf of us upon our explicit written instruction. We select all of our processors with due care and they are contractually obliged to observe the safety and integrity of your personal data.
5.2. In order to process your personal data for the purposes outlined in clause 3 above, we may transfer your personal data to third parties which are located outside of the European Economic Area, such as any country where we have facilities or service providers.
Each of these third-country recipients that process your personal data on our behalf shall be bound to observe appropriate safeguards with regard to the processing of your personal data. Such safeguards will be the consequence of:
- The recipient country having legislation in place which is considered essentially equivalent to the protection offered within the European Union, or;
- A contractual arrangement being in place between us and the third-country third party that is based on the standard contractual clauses for international data transfers adopted by the European Commission.
6. What we do to protect your personal data
6.1. Exphar does its utmost to process only that personal data that is necessary to achieve the purposes listed under clause 3.
6.2. Your personal data is processed for as long as needed to achieve the purposes listed under clause 3 or if processing is based on consent up until such time you withdraw your consent for processing them. We will de-identify your personal data when they are no longer necessary for the purposes outlined in clause 3, unless there is an overriding interest of us or any other third party in keeping your personal data identifiable, or if there is a legal or regulatory obligation or a judicial or administrative order that prevents us from de-identifying them.
6.3. We want you to feel confident about using our website and interacting with us, so we make our best effort to ensure that any personal data we collect is safely kept. We take technical and organizational measures to keep your personal data safe from unauthorized access or theft as well as accidental loss, tampering or destruction. Access by our staff, partners and third-party processors is only on a need-to-know basis and subject to strict confidentiality obligations. You understand, however, that safety and security are best efforts obligations only which can never be guaranteed.
7. Your rights as a data subject
7.1. You have the right to request access to all personal data processed by us pertaining to you. We reserve the right to charge an administrative fee for multiple subsequent requests for access that are clearly submitted for causing nuisance or harm to us.
7.2. You have the right to ask that any personal data pertaining to you that are inaccurate, are corrected free of charge. Your request for correction must be accompanied with proof of the flawed nature of the data for which you ask the correction.
7.3. You have the right to withdraw your earlier given consent for processing your personal data, and the right to request that your personal data will be deleted if they are no longer required in light of the purposes outlined in clause 3 or if you withdraw your consent. This request will be evaluated by us against:
- Overriding interests of exphar or any other third party;
- Legal or regulatory obligations or administrative or judicial orders which may contradict such deletion.
7.4. Instead of deletion you can also ask that we limit the processing of your personal data if and when (a) you contest the accuracy of that data, (b) the processing is illegitimate or (c) the data are no longer needed for the purposes listed under clause 3 but you need them to defend yourself in judicial proceedings.
7.5. If you are registered to receive communications from us, you can change your preferences for receiving such communications by clicking the “unsubscribe” link in our communications or by sending us your request by email to privacy(at)exphar.be.
7.6. If you no longer want to receive medical reminders from us on a going forward basis, you may also opt out of receiving them by contacting us via privacy(at)exphar.be.
7.7. You have the right to object to the processing on grounds relating to your particular situation. However, you can always object to processing for direct marketing purposes free of charge and without justification.
7.8. When we process your personal data based on your consent or in order to perform a contract, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller.
7.9. You have the right not to be subject to a decision solely based on automated processing, which produces legal effects concerning you or when this decision similarly significantly affects you, unless these decisions are made as a consequence of our agreement in order to provide you with the services requested by you or when we asked your explicit consent for this.
7.10. If you wish to submit a request to exercise one or more of the rights listed above, you can send an email to privacy(at)exphar.be or contact us via the contact form on our website. Your request to exercise a data subject right shall not be construed as consent with the processing of your personal data beyond what is required for the handling of your request. Your request should clearly state which right you wish to exercise and, if required, the reasons or proof for it.
We will promptly inform you of having received your request. We will verify your identity, and if your request proves valid, we will honor it as soon as reasonably possible. If we have doubts about your identity, we may request additional information that is necessary to verify your identity.
If you are unhappy with any aspect of our handling of your personal data you, you can send an email to privacy(at)exphar.be or contact us via the contact form on our website. If you remain unsatisfied with our response, you are free to file a complaint with the Belgian supervisory authority, being the Gegevensbeschermingsautoriteit/Autorité de protection des données (contact(at)apd-gba.be).