Data Protection Policy

This Privacy Protection Policy explains how BioPorto processes your personal data in the administration of our corporate website; www.bioporto.com and our relationship with you as a customer, potential customer, supplier, business contact or other third party.

Use of Personal Data

We may use your personal data for the following purposes:

• To answer your inquiries via our official e-mail accounts: [email protected], or [email protected]. These-email accounts are continuously monitored, and your personal data is collected only to the extent necessary to reply. If they recipient of your e-mail is unable to answer your question, your e-mail will be forwarded to the relevant person.
• To include you on our newsletter list as requested by you when you sign up for the newsletters.
• For statistical purposes in a de-identified manner.
• To collect information about your visit to our website by the use of cookies.

Categories of Personal Data

We may collect the following personal data about you:

Name, address, email address, organization, country, telephone number, role, IP addresses, and other personal data you provide in your e-mail / message.

Sources

You provide us with personal data in your e-mail / message and we may collect personal data via cookies we place on your device

Legal Basis

We process your personal data on the following legal basis:

Art. 6 (1)(f) of the GDPR – Legitimate interest. This means that the processing of your personal data is necessary for the purposes of the legitimate interests pursued by us when making our website functionalities available to you and for us to be able to provide you with the answers requested and needed when using our website.

Art. 6(1)(a) of the GDPR – Consent. If we send out direct marketing this is based on your consent.

Sharing of Your Personal Data

We may share your personal data with our affiliates and service providers.

Retention of Your Personal Data

We will retain your personal data according to the specific purpose depending on your request and your use of our website. However, we will never keep your personal data longer than required by applicable law.

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

This Data Privacy Statement explains how BioPorto processes your personal data when you have an engagement with us.

Use of Personal Data

We may use your personal data for the following purposes:

• To provide, collect, review, and communicate information on the proper use of our medical devices, and other products (hereinafter referred to collectively as “Products”).
• To provide, collect, review and communicate information on quality, safety or effectiveness of Products.
• To interact and collaborate with you based on your professional expertise when we have a contractual relationship with you.
• To provide, collect, review, and communicate healthcare-related information.
• To report on the occurrence of safety issues of Products.
• To conduct research on actual use and user needs of Products.
• To request and implement clinical investigations and other studies.
• To handle complaints about our Products and services.
• To cultivate better communication among HCPs.
• To make notifications and reports to government and other public offices and agencies.
• To contact HCPs regarding the above tasks.

Categories of Personal Data

We may collect the following personal data about you:

Name, address, email address, telephone number, employer, CV, title, occupation, affiliation, professional qualifications, and scientific activities (such as previous clinical experience, and participation in past or pending research studies with BioPorto and other companies), transfer of value, professional license information and contract information including billing information.

Sources

We may collect your personal data from various sources such as:

• Documents or forms that you provide to participate in our sponsored or supported initiatives, such as sponsored clinical investigation and development activities.
• Publicly available sources.
• CVs.
• Professional vendors.
• Your employer.
• Online and from databases and websites, which may be managed by third parties on our behalf.

Legal Basis

We process your data on the following legal basis:

Art. 6 (1)(f) of the GDPR – Legitimate interest. This means that the processing of your personal data is necessary for the purposes of the legitimate interests pursued by us when assessing the activity/services and legitimate business need, adherence to local law and industry standards, and assessing fair market value.

Art. 6(1)(b) of the GDPR – Performance of Contract. If you have a working relationship with us such relationship is confirmed in writing and personal data will be collected to perform the contract.

Art. 6(1)(a) of the GDPR – Consent. In certain situations, we also ask for your consent to process your personal data, e.g., for disclosure of transfer of value, if such disclosure is not a legal obligation.

Art. 6(1)(c) of the GDPR – Legal Obligation. For clinical investigations we may also process your personal data in relation to patient safety to adhere to a legal obligation.

Sharing of Your Personal Data

We may share your personal data with:

Our affiliates, collaborative partners, authorities, and other HCPs.

Retention of Your Personal Data

We retain personal data where we have an ongoing legitimate business need to do so (e.g., to maintain our engagement with you).

When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it or, if this is not possible (e.g., because your personal data has been stored in backup archives), we will securely store your personal data and isolate it from any further processing until deletion is possible.

The protection of personal data is of utmost importance to BioPorto, and we are committed to protecting your rights as a participant in our clinical investigations. In our informed consent form, we provide participants with relevant information about our use and processing of their personal data.

Use of Personal Data

We collect and use your personal data to conduct our clinical investigations to investigate medical devices on humans intended to establish or verify the safety and/or performance of a medical device.

Categories of Personal Data

We may collect the following personal data about you, for example:

• Ordinary personal data: your gender, year of birth, body weight and height.
• Special categories of data: medical history, current and past medications (prescription and/or over-the-counter medications) that you are taking, whether you are taking part in any research studies or using any other experimental therapies or treatments, your race and ethnicity, scans, blood samples, biopsies, and information about your use of the clinical trial medicine, the effect it has on you, and its potential side effects.

As the sponsor of the clinical investigation, we will not know your name. A unique ID will be assigned to you and all personal data processed by us will be linked to that ID, i.e., we will only receive your personal data in pseudonymous form. Only the investigator of the clinical investigation will know your name.

Sources

We receive your pseudonymized personal data from the investigator as part of the clinical investigation.

Legal Basis

We may process your personal data on the following legal basis:

Art. 9 (2)(i) cf. Art 6(1)(f) of the GDPR. We have a legitimate purpose in collecting and using your personal data for scientific research purposes as described above.

Art. 9(2)(i) cf. Art. (6)(1)(c) of the GDPR. The processing of your personal data is necessary for us to comply with a legal obligation to collect and report medical device incidents to regulatory authorities.

Art. 9(2)(i) cf. Art. 6(1)(a) of the GDPR – Consent. In certain situations, we also ask for your consent to participate in the clinical investigation or for disclosure to your general practitioner or for future use of your personal data.

Sharing of Your Personal Data

We may share your personal data with other companies and organizations commissioned by us to conduct the clinical investigation. These companies and organizations may only use your personal data for the purposes described in the informed consent form and this Data Protection Policy.

Furthermore, personal data stored at the investigator may be accessed by our monitors and auditors and authorized employees of the regulatory authorities of your country of residence and other countries to verify that the clinical investigation is being conducted correctly and to analyze the personal data collected during the clinical investigation. All third parties are obligated to observe the rules of professional confidentiality.

We may also share your personal data with third parties to the extent required by law, for example, if we are obligated to disclose your personal data to comply with any legal obligation or to establish, exercise or defend our legal rights. Your general practitioner may be informed of your participation in one of our clinical trials if you consent to such disclosure.

Retention of Your Personal Data

We store your personal data no longer than strictly necessary to achieve the objectives for which your personal data is collected.

The protection of personal data is of utmost importance to BioPorto, and we are committed to protecting your rights when processing your personal data to ensure safe medical devices. As part of our work, we monitor products for device malfunction, failure and deficiencies, and report every serious medical device incident that is caused by a medical device to regulatory authorities.

Use of Personal Data

We collect and use your personal data to report incidents to local and international authorities in accordance with applicable legislation.

Categories of Personal Data

Other entities, such as your physician, reporting incidents to us may collect the following personal data about you, but we will only receive it in a pseudonymized form:

Your name, personal identification number, and incident.

Sources

We receive your personal data directly from you, your physician, or other reporter.

Legal Basis

We may process your personal data on the following legal basis:

Art. (6)(1)(c) of the GDPR. The processing of your personal data is necessary for us to comply with a legal obligation to collect and report incidents to regulatory authorities.

Art. 6(1)(a) of the GDPR – Consent. In certain situations, we also ask for your consent to process your personal data, e.g., for the use of your personal identification number as a unique identifier in the regulatory system.

Sharing of Your Personal Data

We may share your personal data with our affiliates, other companies and organizations commissioned by us to collect and report the data. These companies and organizations may only use your personal data for the purposes described above.

We will share your personal data with local and international authorities to the extent required by law.

Retention of Your Personal Data

Your personal data will be retained in accordance with regulatory requirements.

This Privacy Protection Policy explains how BioPorto processes your personal data in relation to any complaints reported by you regarding the use of any of our medical devices and other products and their quality.

Use of Personal Data

We may use your personal data to assess, handle and respond to your complaint.

Categories of Personal Data

When submitting your complaint to [email protected] we may process the following personal data about you:

Name, e-mail and other contact details, telephone number, and the medical device / product you are complaining about.

You should only include information relevant to your complaint. You should not include information about your race or ethnic origin, religion or belief, political opinion, sexual orientation, or union membership.

Sources

We collect the personal data directly from you as provided in your complaint.

Legal Basis

Art. 6 (1)(f) of the GDPR – Legitimate interest. This means that the processing of your personal data is necessary for the purposes of the legitimate interests pursued by us when assessing your complaint.

Sharing of Your Personal Data

We will only share your personal data with third parties that are involved in the complaint process.

Retention of Your Personal Data

We store your personal data in accordance with applicable law and no longer than strictly necessary to achieve the objectives for which your personal data is collected.

This Privacy Protection Policy explains how BioPorto processes your personal data for our corporate governance.

Use of Personal Data

We may use your personal data for the following purposes:

If you are a board member or management, we process your personal data for the purpose of making official registrations with public authorities, i.e., the Danish Business Authority and the Danish Registration Court.

Categories of Personal Data

We may collect the following personal data about you:

Information about your name, address, place of birth and nationality; confirmation of identity in the form of a scanned copy of a passport, driver’s license, health insurance card and/or a birth certificate. If beneficial owners are not Danish, or do not have permanent residence in Denmark, it may be necessary to collect additional data.

Sources

We collect personal data directly from you.

Legal Basis

Art. 6(1)(c) – Legal obligation – we are obliged to collect and provide personal data to authorities.

Art. 6 (1)(f) – Legitimate interests – this means that the processing of your personal data is necessary for the purposes of the legitimate interests pursued by us in relation to corporate governance matters, including communicating with you and the relevant authorities.

Sharing of Your Personal Data

We may share your personal data with our affiliates, public authorities, suppliers, and vendors that assist our company, i.e., service providers, technical support, supply services, and financial institutions.

Retention of Your Personal Data

Personal data will be retained for as long as necessary in accordance with legal requirements to retain such personal data. In general, we will not keep your data for more than current year plus five years after the expiry of the business relationship.

This Privacy Protection Policy explains how BioPorto processes your personal data in the administration of our contracts.

Use of Personal Data

We may use your personal data to maintain a working relationship with you and/or your employer.

Categories of Personal Data

We may collect the following personal data about you:

Name, contact information, CV, employer, title, job role, billing information, TAX ID, contract terms, training certificates, etc.

Sources

We collect the information directly from your employer, you or from the contracts we enter into with your employer or with you.

Legal Basis

Art. 6(1)(b) of the GDPR – Performance of Contract. Personal data will be collected to perform the contract.

Art. 6 (1)(f) – Legitimate interests – this means that the processing of your personal data is necessary for the purposes of the legitimate interests pursued by us in relation to our on-going business relation and this is not to perform the contract.

Sharing of Your Personal Data

We may share your personal data with our affiliates, public authorities, suppliers, and vendors that assist our company.

Retention of Your Personal Data

Personal data will be retained for as long as necessary. We may keep your personal data for up to 30 years to fulfill legal requirements, such as bookkeeping, GxP documentation, etc.

This Privacy Protection Policy explains how BioPorto processes your personal data in connection with the recruitment process, including the receipt of unsolicited applications for future job opportunities via the website.

Use of Personal Data

We may use your personal data for the following purposes:

• To assess your qualifications and skills and comparing your profile with a current job offering and any potential vacancies and future job opportunities within BioPorto.
• To communicate the recruitment procedure of BioPorto to you.
• To contact you.

Categories of Personal Data

When applying, you decide which personal data to share with us. We may process the following personal data about you as an applicant:

Name, e-mail and other contact details, telephone number, motivation, CV. You should only include information relevant to the review of your application. You should not include information about your race or ethnic origin, religion or belief, political opinion, sexual orientation, or union membership. Please do not provide your personal identification number (CPR number) and/or copies of identification papers together with your application, unless we expressly ask for this.

Sources

We collect personal data directly from you, from your references, from recruitment agencies and if you apply through LinkedIn, we also collect personal data from LinkedIn.

Legal Basis

Art. 6 (1)(f) of the GDPR – Legitimate interest. This means that the processing of your personal data is necessary for the purposes of the legitimate interests pursued by us when assessing your application for a job opportunity.

Art. 6(1)(b) of the GDPR – Performance of Contract. If you have a working relationship with us such relationship is confirmed in writing and personal data will be collected to perform the contract.

Art. 6(1)(a) of the GDPR – Consent. In certain situations, we also ask for your consent to process your personal data, e.g., if we need to process your social security number, if such information is not a legal obligation.

Sharing of Your Personal Data

We will only share your personal data with third parties that are involved in the recruitment process (e.g., recruitment agencies) or if such third parties are needed for the preparation and issuing of your employment contract.

Retention of Your Personal Data

We store your personal data no longer than strictly necessary to achieve the objectives for which your personal data is collected. This means that personal data of applicants for a job offering will be kept until the recruitment process is completed and for further 6 months to document the fairness of the recruitment process. If you are hired, your personal data will be transferred to your personnel file as an employee of BioPorto.

Personal data provided in connection with an unsolicited application will be kept for a period of up to 6 months from its receipt to match it with new openings. Hereinafter, the personal data will be properly deleted from our systems.

This Privacy Protection Policy explains how BioPorto processes your personal data for marketing related purposes.

Use of Personal Data

We may use your personal data for the following purposes:

Personal data will be processed for marketing-related purposes, including sending relevant information regarding our products and services (direct marketing), and for targeting our communication with you. We will not send you direct marketing unless you have given your consent. You may revoke your consent at any time and discontinue the use of the service.

Categories of Personal Data

We may collect the following personal data about you:

E-mail address, name, address, telephone number, profession, workplace.

Sources

We collect the personal data directly from you.

Legal Basis

Art. 6(1)(a) – Consent – we will ask for your explicit consent before sending you direct marketing and targeting our communication with you.

Sharing of Your Personal Data

We may share your personal data with suppliers and vendors working for us.

Retention of Your Personal Data

Personal data will be retained for as long as necessary to provide you with the given service. If you withdraw your consent, we will delete your personal data two years after the date of your withdrawal in accordance with guidance from the Danish Consumer Ombudsman.

This Privacy Protection Policy explains how BioPorto processes your personal data collected on social media pages such as LinkedIn and Twitter.

Use of Personal Data

We may use your personal data for the following purposes:

To administer our pages and communicate with users.

Categories of Personal Data

We may collect the following categories of personal data about you:

Information made public by you, including your name, e-mail address, profession, workplace, interests, pages you like or follow, preferences, friends, incident reports, racial or ethnic origin, political opinions, etc.

Sources

We collect the personal data directly from you.

Legal Basis

Art. 6(1)(f) – Legitimate Interest – this means that the processing of your personal data is necessary for the purposes of the legitimate interests pursued by us in relation to our communication with you.

Art. 9(2)(e) – Information manifestly made public by you.

Sharing of Your Personal Data

We may share your personal data with our affiliates, suppliers and vendors working for us, and public authorities.

Personal data will be retained for as long as necessary to handle your requests on social media, answer your enquiries, or to undertake marketing-related initiatives based on the information provided by you on social media.

This Privacy Protection Policy explains how BioPorto processes your personal data as an investor or potential investor in BioPorto.

Use of Personal Data

We may use your personal data for the following purposes:

• To answer your inquiries via our official e-mail accounts:
  [email protected]. This e-mail account is continuously monitored, and your personal data is collected only to the extent necessary to reply. If the recipient of your e-mail is unable to answer your question, your e-mail will be forwarded to the relevant person.
• To include you on our investor newsletter list as requested by you when sign up for the investor newsletters.

Categories of Personal Data

We may collect the following personal data about you:

Name, address, email address, organization, country, telephone number, role, IP addresses, and other personal data you provide in your e-mail / message.

Sources

You provide us with personal data in your e-mail / message.

Legal Basis

We process your personal data on the following legal basis:

Art. 6 (1)(f) of the GDPR – Legitimate interest. This means that the processing of your personal data is necessary for the purposes of the legitimate interests pursued by us when making our website functionalities available to you and for us to be able to provide you with the answers requested and needed when using our website.

Art. 6(1)(a) of the GDPR – Consent. If we send out direct marketing this is based on your consent.

Sharing of Your Personal Data

We may share your personal data with our affiliates and service providers.

Retention of Your Personal Data

We will retain your personal data according to the specific purpose depending on your request and your use of our website. However, we will never keep your personal data longer than required by applicable law.

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

This Privacy Protection Policy explains how BioPorto processes your personal data collected in connection with the administration of BioPorto’s whistleblower scheme. 

Purpose

We process your personal data for the purpose of managing BioPorto’s whistleblower scheme, e.g. to investigate, follow up on, and report criminal offenses to the police or other relevant authorities.  

We may process your personal data if you are being reported to the whistleblower scheme or if you are the whistleblower. 

Categories of Personal Data

If the whistleblower report concerns you, we may process your name, contact information, position, and information related to the compliance concern, including details of alleged criminal offenses or other serious offenses, where applicable. 

We will not process sensitive personal data unless the report concerns a matter relating to sensitive personal data, for example discrimination or harassment based on race, ethnicity, religion or political opinions, religious or philosophical beliefs, trade union membership, or sexuality, or exposure to sexual harassment.  

If you are a whistleblower, we may process your name and contact information (unless you are reporting anonymously).  

Sources

We will receive your personal data from the whistleblower applying BioPorto’s whistleblower scheme. Consequently, the source of your personal information could be a former or current employee, a job applicant, a member of the Executive Board or the Board of Directors, a shareholder,  a volunteer or a trainee (paid or unpaid) working in BioPorto, a contractor or consultant working for BioPorto, a person working under the supervision and management of a third party with professional or contractual relationship with BioPorto, such as contractors, subcontractors, suppliers, or customers.  

If you are a whistleblower, we will receive your personal data directly from you. 

Legal Basis

We process your personal data based on the following legal basis: 

Ordinary personal data: We have a legitimate interest in ensuring that BioPorto, its employees, and stakeholders, comply with relevant laws and BioPorto’s Code of Conduct (GDPR art. 6.1.f). 

Sensitive personal data: Our processing is necessary for reasons of substantial public interest on the basis of EU and Danish laws (GDPR art. 9.2.g). 

Sharing of Your Personal Data

We may share your personal data with: 

• Professional advisers, including lawyers and auditors. 

• Our group companies  

• Service providers, including hosting and IT providers  

• The Danish police, regulators and other authorities. 

Retention of Your Personal Data

We will not store your personal data for longer than necessary. Our retention of your personal data depends on the nature of the whistleblower report and the measures taken and whether we have a legal obligation to store your personal data for either compliance or regulatory purposes or to ensure our interests and contractual obligations. 

Subject to other requirements under local law, the collected information will be deleted: 

• immediately if the report is beyond the scope of BioPorto’s Whistleblower Policy or the concern is concluded to be unsubstantiated or not severe enough that a sanction is deemed appropriate;  

• right after the closing of the case by the authorities if a report is filed with the police or other relevant authorities; 

• 2 months after the investigation has been completed if no further action is taken and the case is closed by the Chief Legal Officer, provided that no further retention is required for the reasons set out above; or  

• At the latest 5 years following your departure if you are an employee and disciplinary actions are taken against you based on collected information unless longer retention is required for compliance or regulatory purposes. The collected information will be stored in the personnel folder in question.