VENDOR AND CUSTOMER PRIVACY NOTICE

 

1. Introduction

Epics Therapeutics SA (hereinafter “Epics”) collects data concerning former, existing and prospective vendors and customers (“Partners”), including limited personal data about the employees of such Partners (“Partner Employees”) at the beginning and throughout the course of its vendor/customer relationships. As the controller of Partner Employees’ personal data, Epics will be responsible for what happens to those personal data.

2. The categories of data we process

The personal data we process concerning Partner Employees may include: (i) professional contact information (e.g., name, postal address, email address, fax number and phone number); (ii) professional information (e.g., profession and title, place of work, and relationship to our Partner); (iii) electronic identification data (e.g., username and password); (iv) professional mobile phone number.

In some very limited cases, it may be a contractual requirement for us to collect such personal data from Partner Employees (for example, because the Partner Employee is a designated “point of contact”). If this information is not collected, this could result in a breach of contract by Epics or the Partner.

Note that Partner Employees’ passwords cannot be viewed by Epics as they are encrypted. We are able, however, to process passwords in a limited way – for example by resetting passwords which have been forgotten, or which have been compromised.

3. The legal bases we rely on to process data

We only process Partner Employees’ personal data to the extent it is necessary (i) to comply with Epics’ legal obligations; or (ii) for the purpose of our legitimate interests, including preventing fraud, ensuring compliance with company policies, protecting the rights, property and safety of Epics or others, and Epics’ commercial interest in promoting its business relationships and the services that Epics can offer to Partners. Partner Employees can obtain further information on our legitimate interests, and how we have balanced them against Partner Employees’ rights and freedoms, by contacting us using the details below.

We also rely upon Partner Employees’ consent in order to send marketing e-mails to Partners who are not existing Epics customers.  

4. What we use data for

In particular, we process the personal data of Partner Employees to: (i) manage our contractual relationship with Partners and exercise our rights under the contract and enforce contractual terms and conditions; (ii) communicate with Partners; (iii) protect against and prevent fraud, unauthorized transactions, claims and other liabilities; (iv) comply with applicable legal requirements, industry standards and our policies; and (v) promote Epics’ relationship with Partners by sending marketing messages and greetings (including by sending marketing messages by e-mail to existing customers).

5. Who we share data with

Epics shares personal data of Partner Employees with any and all of Epics’ employees or consultants who need access to such data in order to carry out work or provide services on Epics’ behalf, whether in the framework of any sort of agreement between Partner and Epics or discussion related thereto.

Epics may share personal data of Partner Employees with government authorities or other third parties if required by law or reasonably necessary to protect the rights, property and safety of Epics and others.

If Epics transfers your personal data to recipients outside of the European Economic Area (EEA), it will protect the data in accordance with applicable law. If the personal data are transferred to countries that have not been recognized by the European Commission as providing an adequate level of data protection, Epics will put in place contractual safeguards to protect the data.

6. How long we keep data for

Epics stores personal data relating to Partner Employees for as long as the Partners are in a contractual relationship with Epics, and for a minimum period of 10 years after that relationship has ended.

7. Data Protection Rights

Partner Employees have a number of data protection rights available to them, which apply in certain circumstances. One key right is the right to object to us using their data, where we are processing the data for the purposes of our own legitimate interests or for the purposes of direct marketing.

The other rights are the right to access to the personal data we process about them, the right to have incorrect personal data corrected, to have data erased where it should no longer be used, and the right to restrict our processing activity to storage of the personal data. Partner Employees have the right to ask us to transfer their personal data to them or to another business (data portability). Finally, Partner Employees have the right to withdraw consent to our use of their personal data, where we rely upon consent as our legal basis for processing (see above).

To exercise these rights, a written request should be sent to us, using our contact details set out below.

8.Information collected automatically when you use our website

When you use this website, a cookie may be placed within the memory of your internet access device. A cookie is a small piece of information that a website can store via your internet access device for later retrieval. We may use permanent cookies or session cookies to help us track use of our services by users, including casual visitors to this website, such as, without limitation, the number and frequency of visits to our pages and which parts of this website are visited. On this website, we use the following cookie:

Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).

Google analyses your use of our website on our behalf. The information collected by Google in connection with your use of our website (e.g. the referring URL, our webpages visited by you, your browser type, your language settings, your operating system, your screen resolution) will be transmitted to a server of Google in the US, where it will be stored and analysed. The respective results will then be made available to us in anonymized form. Your usage data will not be connected to your full IP address during this process. Moreover, Google is certified under the EU-US Privacy Shield, which ensures that an adequate level of data protection is maintained with respect to the processing of data by Google in the US.

In case you use our contact form (“Get a Quote”) to contact us through our website your email and attached information that you may provide via this form (first name, last name, company, professional phone and country where you are based) will be shared with Epics’ employees who need access to such data in order to provide services on Epics’ behalf.

9. Comments, inquiries, requests and complaints

Any comments, inquiries, requests and complaints with respect to the processing of personal data described in this Privacy Notice can be addressed to the attention of Epics’ CEO at Epics Therapeutics SA, 47 rue Adrienne Bolland, 6041 Gosselies, Belgium.

We encourage Partner Employees to contact us first if they have concerns about how Epics has handled their data. However, Partner Employees have the right to lodge a complaint about Epics’ processing of their personal data with a supervisory authority, in particular in the EU Member State of their residence, place of work or of an alleged infringement of data protection law.