2017-04-12 09:49:38
SARA Series

2016-02-11 14:26:06
Privacy statement

Privacy Statement September 2018.pdf

 

Group Data Privacy Policy September 2018.pdf  

 

 

Microdis Group Data Privacy Policy

 

 

What is the Microdis Group Data Privacy Policy?

The Microdis Group Data Privacy Policy is a corporate guideline for the data protection standards applicable within the Group and is designed to satisfy legal data protection requirements. All companies within the Group are bound by these regulations with reference to the use of personal data belonging to customers, employees and suppliers. As such, it constitutes the legal basis for Microdis´ transmission of personal data belonging to its customers and employees to Group companies around the world, and ensures compliance with EU data protection legislation.

 

 

The principles of data protection

Group companies are obliged to protect your personal data. Personal data is any data which can directly or indirectly identify you as an individual, for example your contractual data, such as your name and surname, postal or email address, telephone number or, should an employment relationship exist, your personnel number or data from your personnel file. Insofar as your data has been collected within the scope of the European General Data Protection Regulation, i.e. you are a European customer or employee, all Group companies must observe the following basic principles, in particular:

 

- Your personal data is only processed in the event that a legal basis to do so exists. This legal basis may be derived from a law, a contract or your previous express consent, insofar as the processing of your personal data is required (Principle of legitimating basis).

- Group companies may only process such personal data required in terms of type and scope for the fulfillment of authorized purposes. Such data must be relevant and appropriate (Principle of purpose limitation).

- As a matter of principle, you will be informed of the concrete purpose of the data processing in question and of the controller, being the unit responsible for these activities, insofar as no special exceptions exist with reference to the duty to inform, e.g. you have already been informed via another channel or the data is already publically accessible. Information is available in the Privacy Statements on our websites or within the framework of written contracts (Principle of transparency).

- Your personal data is deleted as soon as it may no longer be retained pursuant to Microdis storage guidelines or applicable legislation. Where at all possible and economically viable, anonymization and pseudonymization measures are applied to ensure that your actual identity is not discernible or cannot be reestablished without recourse to a disproportionate amount of effort (Principle of data minimization and data avoidance).

- All necessary technical and organizational measures are taken to ensure that your personal data is protected against unauthorized use and publication, and its security and confidentiality guaranteed. All data stored is up to date (Principle of data security and data quality).

 

Group companies may transmit your personal data to third parties, such as internal or external service providers or suppliers commissioned by Microdis to render services on your behalf. Your personal data shall, however, only be transmitted to companies who are obliged to observe data secrecy and who abide by the relevant legislation in the processing of your data. Should such companies be located outside the EU, Microdis shall ensure the protection of your personal data in accordance with the relevant legislation by means of the Microdis Data Privacy Policy or other appropriate measures.

Should you, under exceptional circumstances provide Microdis with personal data which is, according to some legal standards, classified as particularly sensitive – such as ethnic origin, religion or health issues, the Group is obliged to only process such sensitive personal data in compliance with the applicable legislation, which can often first require your express consent.

 

 

Your rights as the data subject

Group companies are obliged to protect and uphold the rights of the person whose data is processed (data subjects’ rights). As a European customer or employee, the following, in particular, fall under such rights in accordance with EU privacy legislation:

- In your capacity as data subject you may, at any time, request to be informed which data pertaining to you is stored by a given Group company, and also to whom such personal data has been transferred. Microdis is however not obliged to comply with your request for information in the event that it affects the interests of a third party in a manner which is not legally permissible, or in the event that, in a specific case, a legitimate interest in protecting business secrets contradicts such a course of action (Right to information).

- As the data subject, you retain the right of rectification should the saved data pertaining to you be incomplete or incorrect (Right of rectification).

- Group companies must delete your personal data in the event that data processing was illegal or the requirement for data processing no longer exists. Should statutory retention periods apply, or if deletion is not possible or unreasonable, data shall be blocked (Right to deletion and blocking).

- You retain the right to object to the use of your data in the event that a contractual or legal right to object exists. In the event you are approached for the purposes of advertising or market/opinion research, the Group company must, upon first contact, inform you once again of your right to object as regards the use or transfer of data for direct marketing purposes. In the event you have consented to the use of your data, you retain the right to revoke your consent at any time (Right to object and right of revocation).

- The exercising of your rights may not result in discrimination against your person (Prohibition of discrimination).

- You retain the right to approach the data protection officer of the respective Group company with questions at any time (Right to express concerns).

 

 

The contact details of the respective responsible controller as well as the data protection officer or rather responsible person, please find in the respective country-specific information.

 

 

Status September 2018