Scope and Purpose
This policy applies to the processing of personal data by Hermes Medical Solutions (referred to as HMS). The purpose of this policy is to provide our current, former and potential customers (jointly referred to as “customers” or “you”) with a general understanding of:
- The circumstances under which we collect and process your personal data;
- The types of personal data we collect;
- The reasons for collecting your personal data;
- How we handle your personal data;
- Allocation of responsibility of processing operations between different legal entities in HMS
- As well as providing contact details for requests for rectification of personal data or subject access requests.
Principles of Data Processing
The processing of your personal data forms an important part of our provision of products and services to you. We appreciate the trust you place in us when providing us with your personal data, and consider your privacy an essential part of the services we offer. In order to safeguard your personal data while increasing the customer value and offering enhanced, safe products, we adhere to the following five general principles.
- Freedom of Choice
Your personal data belongs to you. We will not make any assumptions regarding your privacy preferences and aim to design our services so that you can choose whether to share your personal data with us. - Proportionality
HMS endeavours to only process customer personal data that is adequate, relevant and not excessive in relation to the purpose for which it has been collected. We aim to anonymize your personal data when a function or service can be achieved with anonymized data. If we combine anonymized or non-personal data with your personal data, it will be treated as personal data for as long as it remains combined. - Transparency and Security
HMS believes in being transparent about which data we process and for which purposes. To HMS it is also vital to protect your personal data. On request, HMS will provide customers with further information regarding our processing and protection of your personal data. - Legal Compliance
It is HMS policy to comply with the applicable laws, rules and regulations governing privacy and data protection in each and every country where we operate. Where necessary, we will adjust our processing of your personal data as described in this policy to ensure legal compliance.
Helpful Definitions
The following terms, used throughout this policy, have the meanings set out in Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Accordingly:
- “Data controller” means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data;
- “Data processor” means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
- “Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; and
- “Special categories of data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. HMS further defines:
- “Sensitive personal data” as personal data that is likely to cause harm or particular concern to the data subject if disclosed. Examples of such data are: special categories of data (as defined above), credit card numbers and other financial information regarding the data subject, personal identification numbers and location data.
Data Collection
- We may ask you to provide us with information about yourself (e.g. name, address, telephone number, email address) and/or your current installation or products/applications of interest.
Notice
When collecting or registering your personal data, we will, when reasonably practical or required by law, provide you with (i) specific information as to the purposes of the processing of your personal data, (ii) the identity of the data controller, (iii) the identities of any third parties to whom the data may be disclosed and (iv) other information which may be necessary to ensure that you are able to safeguard your rights.
Consent
Prior to collecting or using your personal data and when reasonably practical or required by law, we will acquire your consent. The request for your consent will be clear and specific and shall provide you with a reasonable basis for your decision-making. Your consent could always be revoked, for example by terminating a particular service or contacting HMS at the address indicated in the “Information and Access” section below.
Collection and Processing of Data Without Consent
The collection and use of product data may be necessary in order to register complaints or enhancement suggestions and/or fullfill legal requirements. When collecting or using recorded data for these purposes, and for similar legitimate interests pursued by HMS.
Allocation of Responsibility of Processing Operations
HMS is responsible for research and development of new and current Molecular Imaging Solutions products as well as certain global services offered to customers. HMS is also responsible for monitoring the quality of the products and any potential safety recalls. Each national sales company within HMS is generally responsible for marketing, sales and customer relations as well as market specific services on its market. In markets without a national sale company, a distributor usually has the same responsibility as a national sale company. HMS stresses strict rules regarding data protection compliance in its contracts with authorized dealers. Please note, however, that HMS and its external authorized dealers are separate legal entities and that we are generally not responsible if such dealers do not follow applicable laws. If you have questions regarding HMS dealers use of your personal data, please contact the dealer directly.
Data Use
The personal data which HMS collects about you and the products will be used:
- To provide you with products and services, including verifying your eligibility for certain purchases and services as well as to offer you enhanced offers and experiences;
- To inform you of updates to, or changes in, our products and services, including but not limited to changes to our terms and conditions and policies;
- To inform you of new products, services and events;
- To provide product support and services (warranty, recall information, etc.);
- For product development purposes, for example to improve usability, quality and safety;
- To evaluate and improve our offering to, and communication with customers;
- To inform you about our products and services and identify those that may be of interest to you;
- To carry out market research; and
- For analysis and customer profiling purposes (online and social included) done by ourselves and our chosen suppliers.
For most processing acts, you are able to terminate our use of your personal data by updating your preferences, terminating a particular service, revoking your consent to the processing by contacting HMS at the address indicated in the “Information and Access” section below or as otherwise instructed by us.
Retention
We will only retain your personal data for as long as it is necessary to fulfil the purposes outlined in this policy or the purposes of which you have otherwise been informed. This means that once you have consented to our processing of your personal data, we will retain your data in accordance with the consent given and/or until you revoke your consent. If you have revoked your consent, we may nevertheless retain certain personal data for the period required in order for us to meet our legal obligations and defend ourselves in legal disputes. If we have not obtained your consent to the processing, the data will only be retained for as long as such a period of time as permitted by law.
Data Quality
Where we process your personal data, we strive to ensure that it is accurate and up-to-date. We will seek to erase or rectify personal data that is inaccurate or incomplete. For more information regarding your right to ensure the accuracy of your personal data held by us, please see the “Information and Access” section below.
Information and Access
As stated in the “Notice” section above, we may provide you with specific information concerning our processing of your personal data when collecting or registering such data. Once per year you have the right to request, and receive free of charge, information on (i) what personal data relating to you we process, (ii) where the personal data is collected, (iii) the purpose of the processing, and (iv) with which recipients or categories of recipients the personal data is shared. Requests for such information must be made in writing and be personally signed by you, and include information on name, address and, preferably, your e-mail address. You also have the right to request that we correct, block or delete any incorrect data relating to you. Requests should be sent to the legal entity stipulated in the end of this document. Your requests will be dealt with in a prompt and proper manner. Requests to delete personal data will be subject to any applicable legal requirements. Where the applicable law provides for an administrative fee for complying with such a request, such a fee may be charged by HMS.
Security
HMS strives to implement appropriate technical and organizational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data.
Disclosures to Third Parties
HMS may share your personal data:
- Between HMS subsidiaries and affiliates;
- With HMS authorized distributors, for the purpose of distributing product and service offers and other communications to you; and
- When we, in good faith, believe that disclosure is necessary in order to protect our rights, for example in order to investigate potential violations of our terms and conditions or to detect, prevent or disclose fraud or other security issues.
HMS as being the data controller of your personal data will, as a general rule, only disclose your personal data to a third party if it has received your consent to do so. However, we may share your personal data without your consent, unless we consider your consent necessary in the individual case or your consent is required by law, in the following situations:
- Situations in which disclosure is required by law; and
- Situations in which disclosure is necessary for the purpose of a legitimate interest pursued by HMS (for example in order to protect our legal rights, as described above).
Data Processing on Our Behalf
We restrict access to your personal data to HMS employees and suppliers who need to use the information in order to process it on our behalf, and who are contractually required to keep your personal data secure and confidential. We aim to choose the option for data processing services that best safeguards the integrity of your personal data towards any third party.
Marketing
We will not share your personal data with third parties for their marketing purposes, unless we have received your consent for such disclosures. If you have provided such consent, but wish to stop receiving marketing materials from a third party, please contact that third party directly. We may provide you with information regarding new products, services, events or similar marketing activities. If you wish to unsubscribe to a particular e-mail newsletter or similar communication, please follow the instructions in the relevant communication.
Websites and Cookies
In general, you can visit HMS websites without telling us who you are or revealing any information about yourself. In order to provide you with certain services or offers we, however, usually need you to register certain personal data, such as your name and e-mail address. Even before such registration we may (through cookies) collect anonymous information about how you have used our websites. This information will be helpful to us in order to improve our websites or marketing. Each HMS website which is open to our customers includes information concerning our use of cookies. There is also an online procedure for accepting or declining cookies.
Changes
HMS reserves the right to amend this policy from time to time. The date of the last modification is stated at the end of this document.
Contact Details
In order to exercise your right to have information or access to your data, please use the following contact details.
Hermes Medical Solutions AB,
Strandbergsgatan 16,
112 51 Stockholm, Sweden.
email: info@hermesmedical.com
Document number: Q-208-02 Customer Privacy Policy