We are committed to safeguarding your privacy, the privacy of our website visitors and the privacy of users of the BioLib Services.
In this Policy, "we", "us" and "our" refer to BioLib Technologies ApS.
This Policy applies where we are acting as a data controller with respect to the personal data of our website visitors and users of the BioLib Services; in other words, where we determine the purposes and means of the processing of that personal data.
Some data is submitted as input to apps that you run through the BioLib Services ("Input Data"). For Input Data where you yourself and only you are the data subject, we are the data controller, and our processing of such data is governed by this Policy. For Input Data where you yourself are not the only data subject, we are a data processor, and our processing of such data is governed by the BioLib Terms of Service including its Appendix II -- Data Processing Agreement https://biolib.com/legal/terms/.
Please read this Policy carefully. We strive to ensure fair and transparent processing of your data, so please do not hesitate to contact us on firstname.lastname@example.org if you have any questions or concerns regarding this Policy or our privacy practices.
The Data Controller for all personal information as specified in this Policy is:
BioLib Technologies ApS
Vesterbrogade 74, 3.
1620 Copenhagen V
In this section we set out: (a) the categories of personal data that we may process; (b) the purposes for which we may process personal data; and (c) the legal bases of the processing.
When you visit our website, use the BioLib Services, create an account, submit to us forms, send us emails or in other ways communicate with us, one or several of the following types of personal information may be collected, stored, used and/or in other ways processed:
You may only send or submit to us any personal information about or on behalf of another person if you have obtained in writing that persons consent or otherwise ensured that you have sufficient authority and legal basis to both the disclosure and the processing of that personal information in accordance with this Policy.
To the extent that we refer to our legitimate interest as the legal basis for the processing of personal data specified in 1-10 above we have conducted a balancing test for those interests to ensure that our interest is not overridden by your interests or fundamental rights and freedoms. Please refer to the contact details in B (Data Controller) above if you wish to receive more information on the balancing test.
We may transfer your personal data to any member of our group of companies (this means our subsidiaries, our parent company and all its subsidiaries), including BioLib Inc, an American company, as reasonably necessary for the purposes set out in this Policy. The legal basis for this is our legitimate interests, namely the proper administration of our website and business, and the provision of the BioLib Services, such as allowing you to make apps you have developed available in the US or other countries through a group company.
We may transfer your personal data to any of our insurers, professional advisers, agents, and suppliers, as reasonably necessary for the purposes set out in this Policy (in Section C, this Section D, and Section E), including providing the BioLib Services, administering our businesses, obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, undergoing audits, or improving the BioLib Services.
Your personal data may be entrusted to our data processors, including providers of data storage and cloud computation. We have entered into a data processing agreement with all our data processors to ensure they do not process data except in accordance with our instructions and which imposes the data processor to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk and to ensure compliance with the GDPR.
We may further disclose your personal data:
This Section E, provides information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).
We cannot guarantee that your personal data will be stored and processed in your home country, unless you and we have agreed so in a separate written agreement.
You acknowledge that personal data that you publish or submit for publication (data that you through your use and configuration of the BioLib services, chose to make available to some or all users of the BioLib Services) may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
In accordance with this Policy, we may transfer personal data, to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) to where they operate, as reasonably necessary for the purposes set out in this Policy in Section C and Section D. This includes BioLib Inc, an American company.
You acknowledge that data we collect may be stored, processed in and transferred between any of the countries in which we operate in order to provide the BioLib Services in accordance with this Policy.
The hosting facilities where our data bases containing the personal data we collect are currently situated in Ireland and Denmark, both within the EEA.
We will take reasonable technical and organizational precaution to ensure that any data for which we are responsible, will be stored and processed in accordance with this Policy as well as the applicable law of the country where the data is stored.
Non EEA countries may not provide the same level as data protection as within the EEA. Whenever we transfer your personal data out of the EEA, and such transfer is not qualified and allowed as a specific derogation under GDPR art 49, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented a) the country has been deemed to provide an adequate level of protection for personal data by the European Commission, b) Model contracts for the transfer of personal data to third countries, approved by the European Commission or c) the US recipient is certified under the EU-US Privacy Shield.
Please Contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
This Section F sets out our data retention policies and procedures, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
We will retain your personal data as follows:
a) Usage Data will be retained for a maximum period of three years following the date of collection; Your Usage Data may be aggregated with other users' Uage Data as usage statistics which will no longer constitute personal data and may be stored beyond that period;
b) Account Data will be retained for a maximum period of one year following the date of closure of the relevant account;
c) Publication Data will be retained for a maximum period of six months following the date when you delete the relevant publication from our website or the BioLib Services;
d) Enquiry Data will be retained for a maximum period of one year following the date of the closure or resolution of the enquiry;
e) Transaction Data will be retained for a minimum period of three years following the date of the transaction, and where transaction data must be safe kept for bookkeeping and tax purposes for a minimum period of five years following the expiry of the financial year in which the transaction was concluded unless otherwise required by law;
f) Notification Data will be retained for a maximum period of six months following the date that we are instructed to cease sending the relevant notifications (providing that we will retain Notification Data insofar as necessary to fulfil any request you make to actively suppress notifications). E-marketing consents will be retained for a period of two years after the consent has been withdrawn to enable us to demonstrate that e-marketing sent prior to the withdrawal of consent was based on a valid consent.
Notwithstanding the other provisions of this Section F, we may retain your personal data where such retention is reasonably necessary in any of the following circumstances:
a) when necessary to comply with a legal, contractual or other obligation to which we are subject;
b) when necessary to establish, exercise or defend a legal claim
c) when we believe that your personal data may be relevant to any ongoing or prospective legal proceedings; or
d) when we deem it necessary in order to protect your vital interests or the vital interests of another natural person.
We believe that data integrity and data security is of the utmost importance, and we will use the below means to make sure that your personal information is not exposed, exploited or in other ways made available in ways that are not in compliance with the GDPR.
In this Section H, we have listed the rights that you, if your personal data is governed by the GDPR, have under data protection law.
Your principal rights under data protection law are:
a) the right to access - you can ask for copies of your personal data;
b) the right to rectification - you can ask us to rectify inaccurate personal data and to complete incomplete personal data;
c) the right to erasure - you can ask us to erase your personal data;
d) the right to restrict processing - you can ask use to restrict the processing of your personal data;
e) the right to object to processing - you can object to the processing of your personal data;
f) the right to data portability - you can ask that we transfer your personal data to another organization or to you;
g) the right to complain to a supervisory authority about our processing of your personal data; (please refer to section K); and
h) the right to withdraw consent - to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent.
Note, that these rights are subject to certain limitations and exceptions. We may for example: require appropriate evidence of your identity before providing you any personal information; refuse to provide the personal information you request in non-electronic form; or withhold any personal information you request to the extent we are permitted by law.
You may exercise any of your rights in relation to your personal data by written notice to us, using the email-address email@example.com .
Insofar that our website or the BioLib Services include hyperlinks to, and details of, third party websites, content or services please note that we have no control over, and are not responsible for, the privacy policies and practices of any such third parties.
If you wish to file a complaint about our data management, you may do so to the Danish Data Protection Agency https://www.datatilsynet.dk/english/contact-us/.