NOTICE OF PRIVACY PRACTICES
GEMCO Medical is committed to protecting the privacy of our employees, our customers, and their employees. This means that we process data about identified or identifiable individuals, which is called personal data, with due care and in accordance with applicable data protection law.
This Privacy Notice describes how GEMCO Medical, supported by its worldwide affiliated companies, process personal data collected from individuals in relation to their use of our websites, ordering and use of our services online and attendance at events (collectively, our “Services”). In legal terms, we are the data controller, as we determine the means and/or purposes of the processing data collected in these circumstances.
The personal information collected is transferred over a secure connection and stored on a secure server to ensure your privacy. Your personal information will not be publicly available unless required by law.
This Privacy Notice does not apply to personal data mentioned on business documents that our customers or patients transmit to our systems when using our Services. In these circumstances, GEMCO Medical is the data processor of such personal data and our customers are the data controllers.
This Privacy Notice only covers data processing carried out by GEMCO Medical. The Privacy Notice does not address, and we are not responsible for, the privacy practices of any third parties, also in cases where Services include hyperlinks to third parties’ websites or when cookies are set by third parties.
The personal data we collect from individuals using our Services mostly consists of customer data, such as name, business function, business address, telephone number, email address and other personal data they provide to us . This is mostly information in relation to an individual’s role at his/her company that does not concern him/her as a private person or as an individual consumer customer. These companies that individuals are working for, mostly are our prospects, customers, suppliers or partners. The specific kind of user data collected will depend on the Services used.
We may also collect technical data in relation to Users, such as IP address, browser type and version, preferred language, geographic location, operating system and computer platform, the full URL clickstream to, through and from our Services, including date and time, websites accessed immediately before and after visiting our websites, services Users viewed or searched for while using our Services, and parts of our Services that Users have visited. Although we do not normally use technical data to identify individuals, sometimes individuals can be recognized from it, either alone or when combined or linked with user data. In such situations, technical data can also be considered to be personal data under applicable law, and we will treat the combined data as personal data.
We process personal data for the following purposes:
- to allow us to run, maintain and develop our business,
- to allow us to offer and provide our Services,
- to allow us to conduct information and promotional campaigns (including direct marketing) related to our Services (including by phone, mail and email), keeping Users informed about our Services and special offers that are likely to interest them,
- to allow us to perform the contract we have signed with our customers, suppliers or partners,
- to allow customer service management, e.g. when Users contact our service desk,
- to allow contract management, e.g. to address our invoices to our customers,
- to enhance our Services and the use thereof,
- to perform research and analysis relating to our Services,
- to perform tracking of the use of our Services,
- to conduct market surveys and/or
- to detect fraud, e.g. breaches of intellectual property rights.
In consideration of the collection and processing for the purposes listed above, GEMCO Medical is supported by its affiliated companies acting as data processors on behalf of and under the responsibility of GEMCO Medical.
Should the personal data be provided to us via our prospect, customer, supplier or partner, we shall assume that our prospect, customer, supplier or partner has informed the individual of this Privacy Notice.
We do not store the personal data for longer than is legally permitted and necessary for the related processing purposes. The storage period depends on the type of personal data, the purposes and the applicable law and therefore varies per use.
Typically, we store User’s personal data for as long as the User is using our Services or for as long as we have another purpose to do so and, thereafter, for no longer than is required or permitted by law or necessary for internal reporting and reconciliation purposes.
We erase personal data after the above described storage period or when the User requests us to erase his/her personal data.
Legitimate Grounds for Processing
We process personal data to pursue our legitimate interest to run, maintain and develop our business. Furthermore, we process personal data to comply with our legal obligations.
In some parts of our Services, we might request Users’ consent for the processing of their personal data for specific purposes. In that event, Users may withdraw their consent at any time.
Rights of Users
Right to access. Any User may contact us to get confirmation as to whether or not we are processing User’s personal data. Where we do process User’s personal data, we will inform User of what categories of personal data we process regarding him/her, the processing purposes, the categories of recipients to whom personal data have been or will be disclosed and the envisaged storage period or criteria to determine that period.
Right to withdraw consent. In case our processing is based on a consent granted by the User, the User may withdraw the consent at any time by contacting us or by using the functionalities of our Services. Withdrawing a consent may lead to fewer possibilities to use our Services.
Right to rectification. Any User has the right to have inaccurate or incomplete personal data we store about the User rectified or completed.
Right to object. In case our processing is based on our legitimate interest to run, maintain and develop our business, any User has the right to object at any time to our processing. We shall then no longer process User’s personal data unless for the provision of our Services or if we demonstrate other compelling legitimate grounds for our processing that override User’s interests, rights and freedoms or for legal claims. Notwithstanding any consent granted beforehand for direct marketing purposes, any User has the right to prohibit us from using his/her personal data for direct marketing purposes, by contacting us or by using the functionalities of the Services or unsubscribe possibilities in connection with our direct marketing messages.
Right to restriction of processing. Any User has the right to obtain from us restriction of processing of User’s personal data, as foreseen by applicable data protection law, e.g. to allow our verification of accuracy of personal data after User’s contesting of accuracy or to prevent us from erasing personal data when personal data are no longer necessary for the purposes but still required for User’s legal claims or when our processing is unlawful. Restriction of processing may lead to fewer possibilities to use our Services.
Right to data portability. Any User has the right to receive User’s personal data from us in a structured, commonly used and machine-readable format and to independently transmit those data to a third party, in case our processing is based on User’s consent and carried out by automated means.
Right to erasure. Any User has the right to have personal data we process about the User erased from our systems if the personal data are no longer necessary for the related purposes, if we have unlawfully processed the personal data or if the User objects to processing for direct marketing. Any User furthermore has the right to erasure if the User withdraws consent or objects to our processing as meant above, unless we have a legitimate ground to not erase the data. We may not immediately be able to erase all residual copies from our servers and backup systems after the active data have been erased. Such copies shall be erased as soon as reasonably possible.
How to use these rights. To exercise any of the above-mentioned rights, User should primarily use the functions offered by our Services. If such functions are however not sufficient for exercising such rights, Customer shall send us a letter or email to the address set out below under Contact, including the following information: name, address, phone number, email address and a copy of a valid proof of identity. We may request additional information necessary to confirm User’s identity. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
We implement and maintain reasonable and appropriate technical and organizational security measures to protect the personal data we process, from unauthorized access, alteration, disclosure, loss or destruction.
We regularly audit the application of our security measures and we ask third party experts to review our security controls against international standards. These audits help us to further improve our security level.
Should despite our security measures, a security breach occur that is likely to result in a risk to the data privacy of Users, we will inform the relevant Users and other affected parties, as well as relevant authorities when required by applicable data protection law, about the security breach as soon as reasonably possible.
We only share personal data within our organization if and as far as necessary for the purposes specified in this Privacy Notice. Our staff members processing personal data are bound to confidentiality.
We do not share personal data with any third party outside of our organization unless one of the following circumstances applies.
Necessary for the purposes. We may share personal data with third parties to the extent our Services foresee such disclosure and Users submit their personal data for that purpose, such as through an address book to create connections and facilitate our Services. We may furthermore share personal data with our affiliated companies and other service providers that support us in the realization of the purposes specified in this Privacy Notice, such as by performing data hosting, direct marketing and customer services. Our agreements with these service providers foresee privacy and security commitments from these service providers that are no less protective than our own commitments described in this Privacy Notice. If our Users provide personal data directly to a third party, such as through a link on our website, the processing is typically based on such third party’s notice.
For legal reasons. We may share personal data with third parties if we have good-faith belief that their access to and use of the personal data is necessary (i) to meet any applicable law and/or court order, (ii) to detect, prevent or otherwise address fraud, security or technical issues, and/or (iii) to protect the interests, properties or safety of us, our Users or the public, in accordance with the law. We will notify Users about such disclosure, as far as reasonably possible.
In relation to corporate restructuring. If we are in a process of merger, acquisition or asset sale, we may transfer personal data to the involved third party. We continue to ensure the confidentiality of all personal data.
Upon User’s consent. We may share personal data with third parties for other reasons than the ones mentioned above, if we obtained User’s explicit consent to do so. The User has the right to withdraw this consent at any time.
Location and Transfer
We and our service providers have operations in several locations. Consequently, we and our service providers may transfer personal data to, or access it from, countries outside User’s country of domicile.
We take steps to ensure that Users’ personal data receives an adequate level of protection in the countries in which we process it.
To read our HIPAA Notice of Privacy click here to download a copy.
Lodging a Complaint
In case any User considers our processing of his/her personal data to be inconsistent with applicable data protection law, a complaint may be lodged with the local supervisory authority for data protection.
The English version of this Privacy Notice shall govern in the event of any conflict with or substantial translation changes into a non-English language.
Any User having any question or request on this Privacy Notice or our privacy practices, can contact us in the following ways:
- by email: firstname.lastname@example.org
- by phone: 800-733-7976
Effective Date of Notice: August 19, 2019. GEMCO Medical is required to follow the terms of this notice until it is replaced. GEMCO Medical reserves the right to change this Privacy Statement at any time as allowed by law and will notify you of any changes as required by law. GEMCO Medical reserves the right to make the changes apply to all information GEMCO Medical maintains.