Privacy Policy

GENERAL PRIVACY POLICY

This Privacy Policy applies to personal data Kerecis processes on customers and vendors, on job applicants and on visitors on the website of Kerecis. These data subjects are also collectively referred to as “you” in this Privacy Policy.

The terms “Kerecis” and the “Company” refer to all Kerecis entities, as applicable, and all references in this Privacy Policy to “we”, “us”, “our” and like terms should be interpreted accordingly.

If you are unsure of how this Privacy Policy applies to you, please contact us using the contact information set out below.

1. Purpose and compliance with law
It is Kerecis’s policy to comply with applicable data protection legislation. This Privacy Policy is based on the General Data Protection Regulation 2016/679 (“GDPR”). In addition, each Kerecis entity may be subject to additional requirements when it comes to processing of personal data, depending on national legislation.

2. Personal data collected by Kerecis
For the purposes of this Privacy Policy, personal data means any information relating to an identified or identifiable individual, i.e. information that can be traced directly or indirectly to a specific individual. Personal data does not include anonymous data or non personal data (i.e., information that cannot be associated with or tracked back to a specific individual).

2.1 Customers – legal entities

Kerecis processes data on representatives of customers such as name, e-mail address, phone number, correspondence history etc. We process the data to fulfil contractual obligations with the customer in question and for marketing purposes. The processing is based on the legitimate interests of Kerecis.

2.2 Customers – individuals

Kerecis processes data on customers who are individuals for invoicing purposes. The data processed is the customer’s name, address, e mail/phone number, information on product/s bought and as applicable information received by doctors treating the customer (as patient). The processing is based on a contract between us and the customer.

2.3 Website

When you visit the Kerecis website we collect IP address, browser version and session detail in relation to our use of cookies. The processing is partly necessary for the site to work but in other instances we use the data for analytical and marketing purposes. Further information on what cookies we use, the basis for the processing and information on how to turn off the cookies can be found in our Cookie Policy.

If you contact us via our contact form we also process the personal data provided, including your name, e-mail address and the subject of your request. The processing is necessary for Kerecis to reply to your request.

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

2.4 Newsletters

On our website individuals can register to receive our newsletter. In relation to such registrations, we process data on the individuals’ name and e-mail addresses. The processing is based on our legitimate interests and individuals always have the option to opt out of receiving our newsletters.

2.5 Job applicants

When individuals apply for a job at Kerecis we process the applicant’s personal data. That includes the applicant’s name, title, gender, national ID number, address, postal code, town/city, country, e-mail address, telephone, education and training data, work experience, previous employers, curriculum vitae, as well as other information voluntarily submitted by an applicant. We process the data to be able to select the best candidate for the position and for communication with the applicants. The processing is based on the applicant’s request to enter into a contract with Kerecis.

3. When do we disclose your personal data?

We may share your personal data with third parties acting as our service providers. That includes employment agencies in relation to our processing on job applicants and various IT service providers which may access our data, for technical support services, or host data on our behalf as part of the services.

Further, your personal data may be disclosed as permitted or required by applicable law or regulations or to comply with valid legal processes such as search warrants, subpoenas or court orders.

In addition, personal data may be disclosed or transferred to another party in the event of a change in ownership of Kerecis.

As Kerecis is a global company with operations in the United States as well, transfer of personal data can take place from the European Economic Area to the US, both in relation to transfer of data between entities within the group but also in relation to Kerecis’ use of data processors which can be established outside the European Economic Area.

4. How is your personal data protected?

Kerecis endeavours to maintain physical, technical and procedural safeguards that are appropriate to the sensitivity of the personal data in question. These safeguards are designed to protect your personal data from loss and unauthorized access, copying, use, modification or disclosure.

5. Retention of your personal data

Except as otherwise permitted or required by applicable law or regulations, Kerecis endeavours to retain your personal data only for as long as we believe is necessary to fulfil the purposes for which the personal data was collected. This means that Kerecis deletes your personal data when such data is no longer necessary.

As a general rule, we delete personal data of our business contacts after 4 years from the end of our business relationship. In terms of individual customers invoicing data is retained for 7 years. Job applications for a specific, advertised position will be stored for 6 months, while unsolicited applications are stored for up to 12 months. After that time the application and all data relating to it will be securely deleted, unless you consent to a longer retention time. You may at any time withdraw your application.

6. Updating your personal data and the right to rectification

It is important that personal data in our records is both accurate and current. If your personal data happens to change during the course of your relationship with Kerecis, please keep us informed of such changes.

You are entitled to request rectification of inaccurate data on you. Taking into account the purpose of the processing, you also have the right to have incomplete personal data completed.

7. Access to your personal data

You are entitled to request access to the personal data we process on you and information on the processing. You may also be entitled to a copy of the personal data undergoing processing. Where you have provided us with your personal data which we process based on your consent or our contract with you, you may have the right to receive such data in a machine-readable format and to have the data transferred to a third party.

8. Right to erasure and restriction of processing

Under certain circumstances you may have the right to request us to erase personal data concerning you with undue delay, such as where the personal data is no longer necessary in relation to the purpose for which they were collected or otherwise processed or if you withdraw your consent and where there is no other legal ground for the processing.

You may also have the right to restrict further processing of your data where certain requirements are fulfilled, such as if the processing is unlawful and you prefer the restriction of data processing instead of erasure of the data.

9. Inquiries or concerns

If you want to use any of your rights referred to in this Privacy Policy or if you have any questions regarding our processing of your personal data, please contact us by using the contact form on our website or send us an e-mail, info@kerecis.com.

Please note that your rights relating to your personal data are not all absolute. In the event we cannot approve your request in relation to your personal data, we will endeavour to inform you of the reasons why, subject to any legal or regulatory restrictions.

If your request is approved, the necessary action will be taken within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. However, we will always inform you of the reason for such a delay within a month of receipt of the request. Rejections of requests will also be acted on within these timelines.

If you are not satisfied with our response, you are entitled to make a written submission to the applicable data protection authority where Kerecis entity is established.

10. Revisions to this Privacy Policy

Kerecis may from time to time make changes to this Privacy Policy to reflect changes in our legal or regulatory obligations or in the manner in which we deal with your personal data. We will communicate any revised version of this Privacy Policy.  Any changes to this Privacy Policy will be effective from the time they are communicated.