We consider the right to protection of personal data a fundamental commitment, so we will devote all resources and efforts to process your data in full compliance with Regulation (EU) 679/2016 (“GDPR“), as well as any other applicable legislation. Since one of the key principles of this legal framework is transparency, we have prepared this document through which we want to inform you on how we collect, use, transfer and protect your personal data when interacting with us through our website.
WHO WE ARE AND HOW YOU CAN CONTACT US
According to Regulation (EU) 679/2016, 3S is an operator when processing your personal data.
3S is a CRO (Contract Research Organization) with offices and laboratories in Germany and Romania. Please visit our Contact page for more details.
Since we are always open to your feedback and willing to provide you with any additional information you may need regarding the processing of your data, we encourage you to contact our Data Protection Officer (DPO) at the e-mail address email@example.com or by fax, post or courier at the addresses listed in the Contact page.
1. HOW DO WE USE YOUR INFORMATION?
1.1 THE LEGAL BASIS OF DATA COLLECTION AND PROCESSING
The legal basis for collecting personal data is Article 6 of the EU General Data Protection Regulation 679/2016.
The personal data that we process through our site are mainly your identification, location, and contact details.
We collect and process, with your consent, strictly the information or personal data that is required to be collected and / or processed to meet the purpose for which they were collected, to meet customer requirements and provide the best quality of services.
Our employees who process personal data have explicit personal data protection clauses in the individual employment contract and in the job description.
We expressly state that, in accordance with the GDPR, our website does not collect and process data relating to: religious confession or philosophical beliefs, trade union membership, racial or ethnic origin, political opinions, genetic data, biometric data, health data, sexual life or sexual orientation.
1.2 WHEN USING OUR WEBSITE
Our website is addressed to people who are at least 18 years old, so we do not willingly process child’s data.
When you visit our website to inquire about our services and to view the information we provide, a number of cookies are used by us (first party cookies) and by others (third parties cookies) in order to allow the site to function, to collect useful information about visitors and to provide you with the best experience in using our site.
1.3 WHEN YOU SUBMIT A REQUEST THROUGH OUR WEBSITE
When you submit a request through our website contact form, we will ask for your name and e-mail address.
We use this information for responding to your querries, inclusively for providing information about our services, and request your consent for this in accordance with Article 6, paragraph 1 (a) of EU Regulation 2016/679. We can send you an email several times after you have made a request to ensure that we have answered your question and in order to improve your experience as a user. If we want to use your personal data in a way that we have not previously identified, we will contact you to provide you with information about it and, if necessary, to request your consent.
Your request is stored and processed by our employees and we do not use the information you provide to make automated decisions that may affect you. Your information is stored on our website and on our cloud server, both located within the European Union.
1.4 HOW WE PROTECT THE SECURITY OF YOUR PERSONAL DATA
We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures, according to industry standards.
We implement technical and organizational measures to ensure data protection against accidental or unauthorized destruction, loss and processing. We use secure SSL sessions to transfer data between you and us through the website and our security measures are constantly updated to meet the highest standards of data protection.
We keep your personal data on secure servers, ensuring redundancy of storage.
Despite the steps taken to protect your personal data, we would like to draw attention to the fact that the transmission of information via the Internet in general or through other unsecured public networks is not completely secure, with the risk that data may be seen and used by third unauthorized parties. We can not be responsible for such vulnerabilities of systems that are not under our control.
2. YOUR RIGHTS AS A DATA SUBJECT
Right of access (ART 15 of EU Regulation 679/2016) – you have the right to be informed about everything that happens with your personal data, what it is used for. You have the right to modify it and even revoke your consent to a specific organization. At the same time, you have the right to access your personal data whenever you want, within reasonable limits.
Right to rectification (ART 16 of EU Regulation 679/2016) – The person concerned has the right to obtain from the controller, without undue delay, the rectification of inaccurate personal data relating to him. Taking into account the purposes for which data was processed, the data subject has the right to obtain the completion of personal data that is incomplete, including by providing an additional statement.
Right to be forgotten (right to erasure) (ART 17 of EU Regulation 679/2016) – you can obtain data deletion, the general principle being that a person has the right to request the deletion of personal data. This right is not an absolute one, meaning that there are circumstances in which the data will not be erased at the request of the data subject, circumstances deriving from national legislation and which will be documented in the case of a request for deletion of the data.
Right to restriction of processing (ART 18 of EU Regulation 679/2016) – According to EU Regulation 679/2016, a person has the right to restrict the processing of personal data in various circumstances. For example, a person may restrict the processing of personal data when he believes they are not accurate. In this case, the person will be able to restrict data processing until their accuracy is verified. Another case in which data processing may be restricted is when the data subject objects to the processing.
Right to data portability (ART 20 of EU Regulation 679/2016) – you may request, under certain conditions, the personal data you have provided us in a format that can be automatically read, or you may request that the data be transmitted to another operator if technically feasible.
Right to object (ART 21 of EU Regulation 679/2016) – You can oppose the processing of your personal data.
Right to withdraw consent – in cases where processing is based on your consent, you can withdraw it at any time.
Additional rights related to automated decisions (ART 22 of EU Regulation 679/2016) – you can request and obtain human intervention regarding data processing, you can express your point of view.
You can send a request about your personal data by e-mail at firstname.lastname@example.org, fax, post or telephone, using the contact information provided in the Contact page.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the relevant request; this is to ensure that your data is protected and kept secure.
3. YOUR RIGHT TO FILE A COMPLAINT
You have the right to file a complaint with the supervisory authority about the processing of your personal data. In Romania, the contact information of the data protection supervisory authority is as follows:
Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal
B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, postal code 010336, Bucharest, Romania
Phone: +40.318.059.211 or +40.318.059.212;
Without prejudice to your right to contact the supervisory authority at any time, please contact us in advance and we promise that we will make every effort to resolve any issues amicably.
We remind you that you can contact our Data Protection Officer (DPO) at any time at email@example.com or by fax, post or courier at our addresses listed in the Contact page.
4. UPDATES TO THIS CONFIDENTIALITY POLICY