EPICS THERAPEUTICS SA VENDOR AND CUSTOMER PRIVACY NOTICE
Epics Therapeutics SA (hereinafter “Epics”) collects data concerning former, existing and prospective vendors and customers (“Partners”), including limited personal data about the employees of such Partners (“Partner Employees”) at the beginning and throughout the course of its vendor/customer relationships. As the controller of Partner Employees’ personal data, Epics will be responsible for what happens to those personal data.
2. The categories of data we process
The personal data we process concerning Partner Employees include: (i) professional contact information (e.g., name, postal address, email address, fax number and phone number); (ii) professional information (e.g. profession and title, place of work, and relationship to our Partner); (iii) electronic identification data (e.g., username and password); (iv) professional mobile phone number.
In some very limited cases, it may be a contractual requirement for us to collect such personal data from Partner Employees (for example, because the Partner Employee is a designated “point of contact”). If this information is not collected, this could result in a breach of contract by Epics or the Partner.
Note that Partner Employees’ passwords cannot be viewed by Epics as they are encrypted. We are able, however, to process passwords in a limited way – for example by resetting passwords which have been forgotten, or which have been compromised.
3. The legal bases we rely on to process data
We only process Partner Employees’ personal data to the extent it is necessary (i) to comply with Epics’ legal obligations; or (ii) for the purpose of our legitimate interests, including preventing fraud, ensuring compliance with company policies, protecting the rights, property and safety of Epics or others, and Epics’ commercial interest in promoting its business relationships and the services that Epics can offer to Partners. Partner Employees can obtain further information on our legitimate interests, and how we have balanced them against Partner Employees’ rights and freedoms, by contacting us using the details below.
We also rely upon Partner Employees’ consent in order to send marketing e-mails to Partners who are not existing Epics customers.
4. What we use data for
In particular, we process the personal data of Partner Employees to: (i) manage our contractual relationship with Partners and exercise our rights under the contract and enforce contractual terms and conditions; (ii) communicate with Partners; (iii) protect against and prevent fraud, unauthorized transactions, claims and other liabilities; (iv) comply with applicable legal requirements, industry standards and our policies (e.g., including anti-corruption/anti-bribery legislation); and (v) promote Epics’ relationship with Partners by sending marketing messages and greetings (including by sending marketing messages by e-mail to existing customers).
5. Who we share data with
Epics may share personal data of Partner Employees with government authorities or other third parties if required by law or reasonably necessary to protect the rights, property and safety of Epics and others.
Some of the data recipients are established in countries outside of the European Economic Area (“EEA”), such as the U.S. and Japan, where applicable laws may provide a different level of privacy and data protection compared to the laws in your home country. If Epics transfers your personal data to recipients outside of the EEA, it will protect the data in accordance with applicable law. If the personal data are transferred to countries that have not been recognized by the European Commission as providing an adequate level of data protection, Epics will put in place contractual safeguards to protect the data. For more information about the safeguards that have been put in place to protect personal data when transferred outside the EEA (including how to obtain a copy or consult these safeguards) Partner Employees may contact Epics using the contact details provided below.
6. How long we keep data for
Epics stores personal data relating to Partner Employees for as long as the Partners are in a contractual relationship with Epics, and for a minimum period of 10 years after that relationship has ended.
7. Data Protection Rights
Partner Employees have a number of data protection rights available to them, which apply in certain circumstances. One key right is the right to object to us using their data, where we are processing the data for the purposes of our own legitimate interests or for the purposes of direct marketing.
The other rights are the right to access to the personal data we process about them, the right to have incorrect personal data corrected, to have data erased where it should no longer be used, and the right to restrict our processing activity to storage of the personal data. Partner Employees have the right to ask us to transfer their personal data to them or to another business (data portability). Finally, Partner Employees have the right to withdraw consent to our use of their personal data, where we rely upon consent as our legal basis for processing (see above).
To exercise these rights, a written request should be sent to us, using our contact details set out below.
8. Comments, inquiries, requests and complaints
Any comments, inquiries, requests and complaints with respect to the processing of personal data described in this Privacy Notice can be addressed to the attention of Epics’ CEO at Epics Therapeutics SA, 47 rue Adrienne Bolland, 6041 Gosselies, Belgium.
We encourage Partner Employees to contact us first if they have concerns about how Epics has handled their data. However, Partner Employees have the right to lodge a complaint about Epics’ processing of their personal data with a supervisory authority, in particular in the EU Member State of their residence, place of work or of an alleged infringement of data protection law.