1. Purpose and compliance with law
2. Personal data collected by Kerecis
2.1 Customers – legal entities
Kerecis processes data on representatives of customers such as name, e-mail address, phone number, correspondence history etc. We process the data to fulfil contractual obligations with the customer in question and for marketing purposes. The processing is based on the legitimate interests of Kerecis.
2.2 Customers – individuals
Kerecis processes data on customers who are individuals for invoicing purposes. The data processed is the customer’s name, address, e mail/phone number, information on product/s bought and as applicable information received by doctors treating the customer (as patient). The processing is based on a contract between us and the customer.
If you contact us via our contact form we also process the personal data provided, including your name, e-mail address and the subject of your request. The processing is necessary for Kerecis to reply to your request.
On our website individuals can register to receive our newsletter. In relation to such registrations, we process data on the individuals’ name and e-mail addresses. The processing is based on our legitimate interests and individuals always have the option to opt out of receiving our newsletters.
2.5 Job applicants
When individuals apply for a job at Kerecis we process the applicant’s personal data. That includes the applicant’s name, title, gender, national ID number, address, postal code, town/city, country, e-mail address, telephone, education and training data, work experience, previous employers, curriculum vitae, as well as other information voluntarily submitted by an applicant. We process the data to be able to select the best candidate for the position and for communication with the applicants. The processing is based on the applicant’s request to enter into a contract with Kerecis.
3. When do we disclose your personal data?
We may share your personal data with third parties acting as our service providers. That includes employment agencies in relation to our processing on job applicants and various IT service providers which may access our data, for technical support services, or host data on our behalf as part of the services.
Further, your personal data may be disclosed as permitted or required by applicable law or regulations or to comply with valid legal processes such as search warrants, subpoenas or court orders.
In addition, personal data may be disclosed or transferred to another party in the event of a change in ownership of Kerecis.
As Kerecis is a global company with operations in the United States as well, transfer of personal data can take place from the European Economic Area to the US, both in relation to transfer of data between entities within the group but also in relation to Kerecis’ use of data processors which can be established outside the European Economic Area.
4. How is your personal data protected?
Kerecis endeavours to maintain physical, technical and procedural safeguards that are appropriate to the sensitivity of the personal data in question. These safeguards are designed to protect your personal data from loss and unauthorized access, copying, use, modification or disclosure.
5. Retention of your personal data
Except as otherwise permitted or required by applicable law or regulations, Kerecis endeavours to retain your personal data only for as long as we believe is necessary to fulfil the purposes for which the personal data was collected. This means that Kerecis deletes your personal data when such data is no longer necessary.
As a general rule, we delete personal data of our business contacts after 4 years from the end of our business relationship. In terms of individual customers invoicing data is retained for 7 years. Job applications for a specific, advertised position will be stored for 6 months, while unsolicited applications are stored for up to 12 months. After that time the application and all data relating to it will be securely deleted, unless you consent to a longer retention time. You may at any time withdraw your application.
6. Updating your personal data and the right to rectification
It is important that personal data in our records is both accurate and current. If your personal data happens to change during the course of your relationship with Kerecis, please keep us informed of such changes.
You are entitled to request rectification of inaccurate data on you. Taking into account the purpose of the processing, you also have the right to have incomplete personal data completed.
7. Access to your personal data
You are entitled to request access to the personal data we process on you and information on the processing. You may also be entitled to a copy of the personal data undergoing processing. Where you have provided us with your personal data which we process based on your consent or our contract with you, you may have the right to receive such data in a machine-readable format and to have the data transferred to a third party.
8. Right to erasure and restriction of processing
Under certain circumstances you may have the right to request us to erase personal data concerning you with undue delay, such as where the personal data is no longer necessary in relation to the purpose for which they were collected or otherwise processed or if you withdraw your consent and where there is no other legal ground for the processing.
You may also have the right to restrict further processing of your data where certain requirements are fulfilled, such as if the processing is unlawful and you prefer the restriction of data processing instead of erasure of the data.
9. Inquiries or concerns
Please note that your rights relating to your personal data are not all absolute. In the event we cannot approve your request in relation to your personal data, we will endeavour to inform you of the reasons why, subject to any legal or regulatory restrictions.
If your request is approved, the necessary action will be taken within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. However, we will always inform you of the reason for such a delay within a month of receipt of the request. Rejections of requests will also be acted on within these timelines.
If you are not satisfied with our response, you are entitled to make a written submission to the applicable data protection authority where Kerecis entity is established.