We are committed to safeguarding your privacy, the privacy of our website visitors and the privacy of users of the BioLib Services.
In this Policy, "we", "us" and "our" refer to BioLib Technologies ApS.
This Policy applies where we are acting as a data controller with respect to the personal data of our website visitors and users of the BioLib Services; in other words, where we determine the purposes and means of the processing of that personal data.
Some data is submitted as input to apps that you run through the BioLib Services ("Input Data"). For Input Data where you yourself and only you are the data subject, we are the data controller, and our processing of such data is governed by this Policy. For Input Data where you yourself are not the only data subject, we are a data processor, and our processing of such data is governed by the BioLib Terms of Service including its Appendix II -- Data Processing Agreement https://biolib.com/legal/terms/.
Please read this Policy carefully. We strive to ensure fair and transparent processing of your data, so please do not hesitate to contact us on firstname.lastname@example.org if you have any questions or concerns regarding this Policy or our privacy practices.
The Data Controller for all personal information as specified in this Policy is:
BioLib Technologies ApS
Vesterbrogade 74, 3.
1620 Copenhagen V
In this section we set out: (a) the categories of personal data that we may process; (b) the purposes for which we may process personal data; and (c) the legal bases of the processing.
When you visit our website, use the BioLib Services, create an account, submit to us forms, send us emails or in other ways communicate with us, one or several of the following types of personal information may be collected, stored, used and/or in other ways processed:
We may collect and process data about your use of the BioLib Services including our website ("Usage Data"). The Usage Data may include information about your computer including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation paths, as well as information about the nature, timing, frequency and pattern of your use of the BioLib Services. The source of the Usage Data is our first party analytics tracking system. This Usage Data may be processed for the purposes of analyzing and documenting the use of our website and services. The legal basis for this processing is our legitimate interests, namely monitoring, documenting and improving our website and services.
We may collect and process data such as your name, email address, biographical data, name of the company or organization that you represent, that you provide or give us access to when creating or updating your account ("Account Data"). The Account Data may be processed for the purposes of operating our website, providing the BioLib services, ensuring the security of our website and the BioLib Services, maintaining back-ups of our databases, communicating with you, an meeting legal and contractual needs or requirements. The legal bases for this processing are: your consent given when you create an account; and our legitimate interests, namely providing the BioLib Services and the proper administration of our website and business.
We may collect and process information, such as descriptions, names, contact information and biographical information, that you post for publication through the BioLib Services including on our website ("Publication Data"). The Publication Data may be processed for the purposes of enabling such publication and administering and providing our website and the BioLib Services. The legal bases for this processing are: your consent given through your use and configuration of the BioLib Services; and our legitimate interests, namely the proper administration of our website and business.
We may collect and process information contained in any enquiry or communications that you send or submit to us, whether through forms on our website, by email or by other means of communication regarding for example services, support, feed-back, job opportunities or other matters ("Enquiry Data"). The Enquiry Data may be processed for the purposes of addressing your enquiry including without limitation offering, marketing and selling relevant goods and/or services to you, resolving support issues, and processing job applications. The legal basis for this processing is our legitimate interests to reply to your enquiries and to deliver our Services to you or the company or organization that you represent.
We may collect and process information relating to transactions, including purchases of goods and/or services through our website or use of the BioLib Services ("Transaction Data"). The Transaction Data may include your contact details, your card details and the transaction details. The source of the Transaction Data is you and/or our payment services provider. The Transaction Data may be processed for the purpose of supplying the purchased goods and/or services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or third parties, and/or taking steps, at your request, to enter into such a contract; providing that, if you are not the person contracting with us, the legal basis for this processing is our legitimate interests, to deliver our Services to you or the company or organization that you represent. Transaction Data may also be processed to comply with legal obligations to which we are subject, including being able to properly document transactions for book keeping and tax purposes.
We may collect and process information that you provide to us for the purpose of subscribing to our email notifications, newsletters and or other channels of communication ("Notification Data"). Notification Data may be processed for the purposes of sending you the relevant information or notifications and/or newsletters. The legal basis for this processing is consent, given by you to us when subscribing to such notifications. In situations where no such consent has been given the legal basis is our legitimate interests, namely communications with our website visitors and service users or to meet legal requirements.
As explained in Section A (introduction), we may as a data controller process Input Data, where you yourself and only you are the data subject. The legal basis for this processing is our legitimate interests, to deliver the BioLib Services to you or the company or organization that you represent as you have instructed us to do through your use and configuration of the BioLib Services.
We may process any of the data identified in this Policy where necessary for the establishment, exercise or defense of legal claims. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
We may process any of the data identified in this Policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
In addition to the specific purposes for which we may process your personal data set out in this Section C, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
You may only send or submit to us any personal information about or on behalf of another person if you have obtained in writing that persons consent or otherwise ensured that you have sufficient authority and legal basis to both the disclosure and the processing of that personal information in accordance with this Policy.
To the extent that we refer to our legitimate interest as the legal basis for the processing of personal data specified in 1-10 above we have conducted a balancing test for those interests to ensure that our interest is not overridden by your interests or fundamental rights and freedoms. Please refer to the contact details in B (Data Controller) above if you wish to receive more information on the balancing test.
We may transfer your personal data to any member of our group of companies (this means our subsidiaries, our parent company and all its subsidiaries), as reasonably necessary for the purposes set out in this Policy. The legal basis for this is our legitimate interests, namely the proper administration of our website and business, and the provision of the BioLib Services, such as allowing you to make apps you have developed available in the US or other countries through a group company.
We may transfer your personal data to any of our insurers, professional advisers, agents, and suppliers, as reasonably necessary for the purposes set out in this Policy (in Section C, this Section D, and Section E), including providing the BioLib Services, administering our businesses, obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, undergoing audits, or improving the BioLib Services.
Your personal data may be entrusted to our data processors, including providers of data storage and cloud computation. We have entered into a data processing agreement with all our data processors to ensure they do not process data except in accordance with our instructions and which imposes the data processor to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk and to ensure compliance with the GDPR.
We may further disclose your personal data:
To the extent that we are required to do so by law or court order;
In connection with any ongoing or prospective legal proceedings whether in court proceedings or in administrative or out-of-court procedures;
In order to establish, exercise, or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
To third parties to whom we may choose (or are contemplating) to sell, transfer, or merge parts of our business or our assets;
To any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information; and
In order to protect your vital interests or the vital interests of another natural person.
This Section E, provides information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).
We cannot guarantee that your personal data will be stored and processed in your home country, unless you and we have agreed so in a separate written agreement.
You acknowledge that personal data that you publish or submit for publication (data that you through your use and configuration of the BioLib services, chose to make available to some or all users of the BioLib Services) may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
In accordance with this Policy, we may transfer personal data, to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) to where they operate, as reasonably necessary for the purposes set out in this Policy in Section C and Section D.
You acknowledge that data we collect may be stored, processed in and transferred between any of the countries in which we operate in order to provide the BioLib Services in accordance with this Policy.
The hosting facilities where our data bases containing the personal data we collect are currently situated in Ireland and Denmark, both within the EEA.
We will take reasonable technical and organizational precaution to ensure that any data for which we are responsible, will be stored and processed in accordance with this Policy as well as the applicable law of the country where the data is stored.
Non EEA countries may not provide the same level as data protection as within the EEA. Whenever we transfer your personal data out of the EEA, and such transfer is not qualified and allowed as a specific derogation under GDPR art 49, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented a) the country has been deemed to provide an adequate level of protection for personal data by the European Commission, b) Model contracts for the transfer of personal data to third countries, approved by the European Commission or c) the US recipient is certified under the EU-US Privacy Shield.
Please Contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
This Section F sets out our data retention policies and procedures, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
We will retain your personal data as follows:
a) Usage Data will be retained for a maximum period of three years following the date of collection; Your Usage Data may be aggregated with other users' Uage Data as usage statistics which will no longer constitute personal data and may be stored beyond that period;
b) Account Data will be retained for a maximum period of one year following the date of closure of the relevant account;
c) Publication Data will be retained for a maximum period of six months following the date when you delete the relevant publication from our website or the BioLib Services;
d) Enquiry Data will be retained for a maximum period of one year following the date of the closure or resolution of the enquiry;
e) Transaction Data will be retained for a minimum period of three years following the date of the transaction, and where transaction data must be safe kept for bookkeeping and tax purposes for a minimum period of five years following the expiry of the financial year in which the transaction was concluded unless otherwise required by law;
f) Notification Data will be retained for a maximum period of six months following the date that we are instructed to cease sending the relevant notifications (providing that we will retain Notification Data insofar as necessary to fulfil any request you make to actively suppress notifications). E-marketing consents will be retained for a period of two years after the consent has been withdrawn to enable us to demonstrate that e-marketing sent prior to the withdrawal of consent was based on a valid consent.
Notwithstanding the other provisions of this Section F, we may retain your personal data where such retention is reasonably necessary in any of the following circumstances:
a) when necessary to comply with a legal, contractual or other obligation to which we are subject;
b) when necessary to establish, exercise or defend a legal claim
c) when we believe that your personal data may be relevant to any ongoing or prospective legal proceedings; or
d) when we deem it necessary in order to protect your vital interests or the vital interests of another natural person.
We believe that data integrity and data security is of the utmost importance, and we will use the below means to make sure that your personal information is not exposed, exploited or in other ways made available in ways that are not in compliance with the GDPR.
We will take any reasonable technical and organizational precautions to prevent the loss, misuse, or alteration of your personal information.
We will store all the personal information you provide on password- and firewall-protected servers.
Even though we always strive to encrypt data in transit whenever possible, you acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
In this Section H, we have listed the rights that you, if your personal data is governed by the GDPR, have under data protection law.
Your principal rights under data protection law are:
a) the right to access - you can ask for copies of your personal data;
b) the right to rectification - you can ask us to rectify inaccurate personal data and to complete incomplete personal data;
c) the right to erasure - you can ask us to erase your personal data;
d) the right to restrict processing - you can ask use to restrict the processing of your personal data;
e) the right to object to processing - you can object to the processing of your personal data;
f) the right to data portability - you can ask that we transfer your personal data to another organization or to you;
g) the right to complain to a supervisory authority about our processing of your personal data; (please refer to section K); and
h) the right to withdraw consent - to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent.
Note, that these rights are subject to certain limitations and exceptions. We may for example: require appropriate evidence of your identity before providing you any personal information; refuse to provide the personal information you request in non-electronic form; or withhold any personal information you request to the extent we are permitted by law.
You may exercise any of your rights in relation to your personal data by written notice to us, using the email-address email@example.com .
Insofar that our website or the BioLib Services include hyperlinks to, and details of, third party websites, content or services please note that we have no control over, and are not responsible for, the privacy policies and practices of any such third parties.
If you wish to file a complaint about our data management, you may do so to the Danish Data Protection Agency https://www.datatilsynet.dk/english/contact-us/.