Data Protection Policy

Data Controller:
BioPorto Diagnostics A/S, Tuborg Havnevej 15, st., 2900 Hellerup, Denmark, CVR no. 18645882 (“BioPorto”)

BioPorto is subject to the General Data Protection Regulation (“GDPR”), and we process personal data in accordance with the GDPR.

BioPorto is committed to protecting your rights when processing your personal data and we will only process personal data with a specific purpose.

As a natural part of BioPorto’s business activities, we collect and process certain personal data concerning you and we have implemented necessary security measures considering the nature, scope, and context of the processing activities.

We continuously strive to monitor our security measures and make improvements when needed to protect your personal data from unauthorized access, destruction, or loss.

When you are asked to provide personal data, you may decline. If you choose not to provide personal data that is necessary for us to provide the requested services, we may not be able to provide you with those services.

If you submit personal data on another individual, you represent that you have the authority to do so and permit us to use the information in accordance with this Data Protection Policy.

Your personal data may be transferred within the EEA or to countries outside the EEA, that are not deemed to provide an adequate level of protection of your personal data compared to the EEA. Instead, we have provided appropriate safeguards as required by GDPR art. 49 (1) through EU standard contractual clauses. You may obtain a copy of the EU standard contractual clauses by contacting us on the address stated above.

In general, you have the following rights:

  • You are entitled to request access to, rectification or erasure of your personal data.
  • You are also entitled to oppose the processing of your personal data and to request the restriction of the processing of your personal data.
  • If the processing of your personal data is based on your consent, you are entitled to revoke such consent at any time. Revocation of your consent will not affect the lawfulness of the processing carried out prior to your revocation of consent.
  • You are entitled to receive personal data which you provided to us in a structured, commonly used, and machine-readable format (data portability).
  • You can always lodge a complaint with a data protection authority, for example, the Danish Data Protection Agency.
  • Further, you have a right to object to the following processing:
    • You have a right to object on grounds relating to your particular situation, at any time, to the processing of your personal data which is based on GDPR Art 6(1)(e) or Art. (6)(1)(f), including profiling based on those provisions.
    • When your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data for such marketing.

You may exercise these rights by contacting us as stated above.

Minors under the age of 18 are not intended to use this website.

CALIFORNIA PRIVACY RIGHTS
In addition to the rights set forth in this Privacy Policy, California Civil Code Section 1798.83 permits California residents who are individual consumers or users of our Site to request certain information regarding its disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please contact us via mail or email at the address identified in the “Connect With Us” section.

If you have any questions or requests concerning your personal data, please contact us at the address stated above.

Read more about our personal data processing in the categories below:

Use of Website and Contact E-mails

This Privacy Protection Policy explains how BioPorto processes your personal data in the administration of our corporate website; www.bioporto.com and our relationship with you as a customer, potential customer, supplier, business contact or other third party.

 

Use of Personal Data

We may use your personal data for the following purposes:

  • To answer your inquiries via our official e-mail accounts: [email protected], or [email protected]. These-email accounts are continuously monitored, and your personal data is collected only to the extent necessary to reply. If they recipient of your e-mail is unable to answer your question, your e-mail will be forwarded to the relevant person.
  • To include you on our newsletter list as requested by you when you sign up for the newsletters.
  • For statistical purposes in a de-identified manner.
  • To collect information about your visit to our website by the use of cookies.
Categories of Personal Data

We may collect the following personal data about you:

 

Name, address, email address, organization, country, telephone number, role, IP addresses, and other personal data you provide in your e-mail / message.

 

Sources

You provide us with personal data in your e-mail / message and we may collect personal data via cookies we place on your device

 

Legal Basis

We process your personal data on the following legal basis:

 

Art. 6 (1)(f) of the GDPR – Legitimate interest. This means that the processing of your personal data is necessary for the purposes of the legitimate interests pursued by us when making our website functionalities available to you and for us to be able to provide you with the answers requested and needed when using our website.

 

Art. 6(1)(a) of the GDPR – Consent. If we send out direct marketing this is based on your consent.

 

Sharing of Your Personal Data

We may share your personal data with our affiliates and service providers.

 

Retention of Your Personal Data

We will retain your personal data according to the specific purpose depending on your request and your use of our website. However, we will never keep your personal data longer than required by applicable law.

 

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

 

Engagements with Healthcare Professionals and Healthcare Organization (HCPs)

 

This Data Privacy Statement explains how BioPorto processes your personal data when you have an engagement with us.

 

Use of Personal Data

We may use your personal data for the following purposes:

  • To provide, collect, review, and communicate information on the proper use of our medical devices, and other products (hereinafter referred to collectively as “Products”).
  • To provide, collect, review and communicate information on quality, safety or effectiveness of Products.
  • To interact and collaborate with you based on your professional expertise when we have a contractual relationship with you.
  • To provide, collect, review, and communicate healthcare-related information.
  • To report on the occurrence of safety issues of Products.
  • To conduct research on actual use and user needs of Products.
  • To request and implement clinical investigations and other studies.
  • To handle complaints about our Products and services.
  • To cultivate better communication among HCPs.
  • To make notifications and reports to government and other public offices and agencies.
  • To contact HCPs regarding the above tasks.
Categories of Personal Data

We may collect the following personal data about you:

 

Name, address, email address, telephone number, employer, CV, title, occupation, affiliation, professional qualifications, and scientific activities (such as previous clinical experience, and participation in past or pending research studies with BioPorto and other companies), transfer of value, professional license information and contract information including billing information.

 

Sources

We may collect your personal data from various sources such as:

  • Documents or forms that you provide to participate in our sponsored or supported initiatives, such as sponsored clinical investigation and development activities.
  • Publicly available sources.
  • CVs.
  • Professional vendors.
  • Your employer.
  • Online and from databases and websites, which may be managed by third parties on our behalf.
Legal Basis

We process your data on the following legal basis:

 

Art. 6 (1)(f) of the GDPR – Legitimate interest. This means that the processing of your personal data is necessary for the purposes of the legitimate interests pursued by us when assessing the activity/services and legitimate business need, adherence to local law and industry standards, and assessing fair market value.

 

Art. 6(1)(b) of the GDPR – Performance of Contract. If you have a working relationship with us such relationship is confirmed in writing and personal data will be collected to perform the contract.

 

Art. 6(1)(a) of the GDPR – Consent. In certain situations, we also ask for your consent to process your personal data, e.g., for disclosure of transfer of value, if such disclosure is not a legal obligation.

 

Art. 6(1)(c) of the GDPR – Legal Obligation. For clinical investigations we may also process your personal data in relation to patient safety to adhere to a legal obligation.

 

Sharing of Your Personal Data

We may share your personal data with:

 

Our affiliates, collaborative partners, authorities, and other HCPs.

 

Retention of Your Personal Data

We retain personal data where we have an ongoing legitimate business need to do so (e.g., to maintain our engagement with you).

 

When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it or, if this is not possible (e.g., because your personal data has been stored in backup archives), we will securely store your personal data and isolate it from any further processing until deletion is possible.

 

Clinical Investigations

 

The protection of personal data is of utmost importance to BioPorto, and we are committed to protecting your rights as a participant in our clinical investigations. In our informed consent form, we provide participants with relevant information about our use and processing of their personal data.

 

Use of Personal Data

We collect and use your personal data to conduct our clinical investigations to investigate medical devices on humans intended to establish or verify the safety and/or performance of a medical device.

 

Categories of Personal Data

We may collect the following personal data about you, for example:

  • Ordinary personal data: your gender, year of birth, body weight and height.
  • Special categories of data: medical history, current and past medications (prescription and/or over-the-counter medications) that you are taking, whether you are taking part in any research studies or using any other experimental therapies or treatments, your race and ethnicity, scans, blood samples, biopsies, and information about your use of the clinical trial medicine, the effect it has on you, and its potential side effects.

As the sponsor of the clinical investigation, we will not know your name. A unique ID will be assigned to you and all personal data processed by us will be linked to that ID, i.e., we will only receive your personal data in pseudonymous form. Only the investigator of the clinical investigation will know your name.

 

Sources

We receive your pseudonymized personal data from the investigator as part of the clinical investigation.

 

Legal Basis

We may process your personal data on the following legal basis:

 

Art. 9 (2)(i) cf. Art 6(1)(f) of the GDPR. We have a legitimate purpose in collecting and using your personal data for scientific research purposes as described above.

 

Art. 9(2)(i) cf. Art. (6)(1)(c) of the GDPR. The processing of your personal data is necessary for us to comply with a legal obligation to collect and report medical device incidents to regulatory authorities.

 

Art. 9(2)(i) cf. Art. 6(1)(a) of the GDPR – Consent. In certain situations, we also ask for your consent to participate in the clinical investigation or for disclosure to your general practitioner or for future use of your personal data.

 

Sharing of Your Personal Data

We may share your personal data with other companies and organizations commissioned by us to conduct the clinical investigation. These companies and organizations may only use your personal data for the purposes described in the informed consent form and this Data Protection Policy.

 

Furthermore, personal data stored at the investigator may be accessed by our monitors and auditors and authorized employees of the regulatory authorities of your country of residence and other countries to verify that the clinical investigation is being conducted correctly and to analyze the personal data collected during the clinical investigation. All third parties are obligated to observe the rules of professional confidentiality.

 

We may also share your personal data with third parties to the extent required by law, for example, if we are obligated to disclose your personal data to comply with any legal obligation or to establish, exercise or defend our legal rights. Your general practitioner may be informed of your participation in one of our clinical trials if you consent to such disclosure.

 

Retention of Your Personal Data

We store your personal data no longer than strictly necessary to achieve the objectives for which your personal data is collected.

 

Safe Medical Devices

 

The protection of personal data is of utmost importance to BioPorto, and we are committed to protecting your rights when processing your personal data to ensure safe medical devices. As part of our work, we monitor products for device malfunction, failure and deficiencies, and report every serious medical device incident that is caused by a medical device to regulatory authorities.

 

Use of Personal Data

We collect and use your personal data to report incidents to local and international authorities in accordance with applicable legislation.

 

Categories of Personal Data

Other entities, such as your physician, reporting incidents to us may collect the following personal data about you, but we will only receive it in a pseudonymized form:

 

Your name, personal identification number, and incident.

 

Sources

We receive your personal data directly from you, your physician, or other reporter.

 

Legal Basis

We may process your personal data on the following legal basis:

 

Art. (6)(1)(c) of the GDPR. The processing of your personal data is necessary for us to comply with a legal obligation to collect and report incidents to regulatory authorities.

 

Art. 6(1)(a) of the GDPR – Consent. In certain situations, we also ask for your consent to process your personal data, e.g., for the use of your personal identification number as a unique identifier in the regulatory system.

 

Sharing of Your Personal Data

We may share your personal data with our affiliates, other companies and organizations commissioned by us to collect and report the data. These companies and organizations may only use your personal data for the purposes described above.

 

We will share your personal data with local and international authorities to the extent required by law.

 

Retention of Your Personal Data

Your personal data will be retained in accordance with regulatory requirements.

 

Product Quality Complaints

 

This Privacy Protection Policy explains how BioPorto processes your personal data in relation to any complaints reported by you regarding the use of any of our medical devices and other products and their quality.

 

Use of Personal Data

We may use your personal data to assess, handle and respond to your complaint.

 

Categories of Personal Data

When submitting your complaint to [email protected] we may process the following personal data about you:

 

Name, e-mail and other contact details, telephone number, and the medical device / product you are complaining about.

 

You should only include information relevant to your complaint. You should not include information about your race or ethnic origin, religion or belief, political opinion, sexual orientation, or union membership.

 

Sources

We collect the personal data directly from you as provided in your complaint.

 

Legal Basis

Art. 6 (1)(f) of the GDPR – Legitimate interest. This means that the processing of your personal data is necessary for the purposes of the legitimate interests pursued by us when assessing your complaint.

 

Sharing of Your Personal Data

We will only share your personal data with third parties that are involved in the complaint process.

 

Retention of Your Personal Data

We store your personal data in accordance with applicable law and no longer than strictly necessary to achieve the objectives for which your personal data is collected.

 

Corporate Governance

 

This Privacy Protection Policy explains how BioPorto processes your personal data for our corporate governance.

 

Use of Personal Data

We may use your personal data for the following purposes:

 

If you are a board member or management, we process your personal data for the purpose of making official registrations with public authorities, i.e., the Danish Business Authority and the Danish Registration Court.

 

Categories of Personal Data

We may collect the following personal data about you:

 

Information about your name, address, place of birth and nationality; confirmation of identity in the form of a scanned copy of a passport, driver’s license, health insurance card and/or a birth certificate. If beneficial owners are not Danish, or do not have permanent residence in Denmark, it may be necessary to collect additional data.

 

Sources

We collect personal data directly from you.

 

Legal Basis

Art. 6(1)(c) – Legal obligation – we are obliged to collect and provide personal data to authorities.

 

Art. 6 (1)(f) – Legitimate interests – this means that the processing of your personal data is necessary for the purposes of the legitimate interests pursued by us in relation to corporate governance matters, including communicating with you and the relevant authorities.

 

Sharing of Your Personal Data

We may share your personal data with our affiliates, public authorities, suppliers, and vendors that assist our company, i.e., service providers, technical support, supply services, and financial institutions.

 

Retention of Your Personal Data

Personal data will be retained for as long as necessary in accordance with legal requirements to retain such personal data. In general, we will not keep your data for more than current year plus five years after the expiry of the business relationship.

 

Vendor Management

 

This Privacy Protection Policy explains how BioPorto processes your personal data in the administration of our contracts.

 

Use of Personal Data

We may use your personal data to maintain a working relationship with you and/or your employer.

 

Categories of Personal Data

We may collect the following personal data about you:

 

Name, contact information, CV, employer, title, job role, billing information, TAX ID, contract terms, training certificates, etc.

 

Sources

We collect the information directly from your employer, you or from the contracts we enter into with your employer or with you.

 

Legal Basis

Art. 6(1)(b) of the GDPR – Performance of Contract. Personal data will be collected to perform the contract.

 

Art. 6 (1)(f) – Legitimate interests – this means that the processing of your personal data is necessary for the purposes of the legitimate interests pursued by us in relation to our on-going business relation and this is not to perform the contract.

 

Sharing of Your Personal Data

We may share your personal data with our affiliates, public authorities, suppliers, and vendors that assist our company.

 

Retention of Your Personal Data

Personal data will be retained for as long as necessary. We may keep your personal data for up to 30 years to fulfill legal requirements, such as bookkeeping, GxP documentation, etc.

 

Job Applicant

 

This Privacy Protection Policy explains how BioPorto processes your personal data in connection with the recruitment process, including the receipt of unsolicited applications for future job opportunities via the website.

 

Use of Personal Data

We may use your personal data for the following purposes:

  • To assess your qualifications and skills and comparing your profile with a current job offering and any potential vacancies and future job opportunities within BioPorto.
  • To communicate the recruitment procedure of BioPorto to you.
  • To contact you.
Categories of Personal Data

When applying, you decide which personal data to share with us. We may process the following personal data about you as an applicant:

 

Name, e-mail and other contact details, telephone number, motivation, CV. You should only include information relevant to the review of your application. You should not include information about your race or ethnic origin, religion or belief, political opinion, sexual orientation, or union membership. Please do not provide your personal identification number (CPR number) and/or copies of identification papers together with your application, unless we expressly ask for this.

 

Sources

We collect personal data directly from you, from your references, from recruitment agencies and if you apply through LinkedIn, we also collect personal data from LinkedIn.

 

Legal Basis

Art. 6 (1)(f) of the GDPR – Legitimate interest. This means that the processing of your personal data is necessary for the purposes of the legitimate interests pursued by us when assessing your application for a job opportunity.

 

Art. 6(1)(b) of the GDPR – Performance of Contract. If you have a working relationship with us such relationship is confirmed in writing and personal data will be collected to perform the contract.

 

Art. 6(1)(a) of the GDPR – Consent. In certain situations, we also ask for your consent to process your personal data, e.g., if we need to process your social security number, if such information is not a legal obligation.

 

Sharing of Your Personal Data

We will only share your personal data with third parties that are involved in the recruitment process (e.g., recruitment agencies) or if such third parties are needed for the preparation and issuing of your employment contract.

 

Retention of Your Personal Data

We store your personal data no longer than strictly necessary to achieve the objectives for which your personal data is collected. This means that personal data of applicants for a job offering will be kept until the recruitment process is completed and for further 6 months to document the fairness of the recruitment process. If you are hired, your personal data will be transferred to your personnel file as an employee of BioPorto.

 

Personal data provided in connection with an unsolicited application will be kept for a period of up to 6 months from its receipt to match it with new openings. Hereinafter, the personal data will be properly deleted from our systems.

 

Marketing

 

This Privacy Protection Policy explains how BioPorto processes your personal data for marketing related purposes.

 

Use of Personal Data

We may use your personal data for the following purposes:

 

Personal data will be processed for marketing-related purposes, including sending relevant information regarding our products and services (direct marketing), and for targeting our communication with you. We will not send you direct marketing unless you have given your consent. You may revoke your consent at any time and discontinue the use of the service.

 

Categories of Personal Data

We may collect the following personal data about you:

 

E-mail address, name, address, telephone number, profession, workplace.

 

Sources

We collect the personal data directly from you.

 

Legal Basis

Art. 6(1)(a) – Consent – we will ask for your explicit consent before sending you direct marketing and targeting our communication with you.

 

Sharing of Your Personal Data

We may share your personal data with suppliers and vendors working for us.

 

Retention of Your Personal Data

Personal data will be retained for as long as necessary to provide you with the given service. If you withdraw your consent, we will delete your personal data two years after the date of your withdrawal in accordance with guidance from the Danish Consumer Ombudsman.

 

Social Media

 

This Privacy Protection Policy explains how BioPorto processes your personal data collected on social media pages such as LinkedIn and Twitter.

 

Use of Personal Data

We may use your personal data for the following purposes:

 

To administer our pages and communicate with users.

 

Categories of Personal Data

We may collect the following categories of personal data about you:

 

Information made public by you, including your name, e-mail address, profession, workplace, interests, pages you like or follow, preferences, friends, incident reports, racial or ethnic origin, political opinions, etc.

 

Sources

We collect the personal data directly from you.

 

Legal Basis

Art. 6(1)(f) – Legitimate Interest – this means that the processing of your personal data is necessary for the purposes of the legitimate interests pursued by us in relation to our communication with you.

 

Art. 9(2)(e) – Information manifestly made public by you.

 

Sharing of Your Personal Data

We may share your personal data with our affiliates, suppliers and vendors working for us, and public authorities.

 

Personal data will be retained for as long as necessary to handle your requests on social media, answer your enquiries, or to undertake marketing-related initiatives based on the information provided by you on social media.

 

Investor Relations

 

This Privacy Protection Policy explains how BioPorto processes your personal data as an investor or potential investor in BioPorto.

 

Use of Personal Data

We may use your personal data for the following purposes:

  • To answer your inquiries via our official e-mail accounts:
    [email protected]. This e-mail account is continuously monitored, and your personal data is collected only to the extent necessary to reply. If the recipient of your e-mail is unable to answer your question, your e-mail will be forwarded to the relevant person.
  • To include you on our investor newsletter list as requested by you when sign up for the investor newsletters.
Categories of Personal Data

We may collect the following personal data about you:

 

Name, address, email address, organization, country, telephone number, role, IP addresses, and other personal data you provide in your e-mail / message.

 

Sources

You provide us with personal data in your e-mail / message.

 

Legal Basis

We process your personal data on the following legal basis:

 

Art. 6 (1)(f) of the GDPR – Legitimate interest. This means that the processing of your personal data is necessary for the purposes of the legitimate interests pursued by us when making our website functionalities available to you and for us to be able to provide you with the answers requested and needed when using our website.

 

Art. 6(1)(a) of the GDPR – Consent. If we send out direct marketing this is based on your consent.

 

Sharing of Your Personal Data

We may share your personal data with our affiliates and service providers.

 

Retention of Your Personal Data

We will retain your personal data according to the specific purpose depending on your request and your use of our website. However, we will never keep your personal data longer than required by applicable law.

 

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.