At Medista we respect the privacy of our customers and we are committed to keeping all your personal data secure.
This Privacy Policy explains how we use the personal data that Medista collects or generates in relation to our web shop (the “Web Shop”). This Privacy Policy only applies to the following website: www.medistashop.be.
The list below sets out what is covered in this Privacy Policy and you can click on the headings below to go to a specific section.
1. BACKGROUND
Medista NV with its registered office at Rue Hersmesstraat 5 1930 Zaventem (hereafter “Medista”, “us” or “we”), collects and uses certain Personal Data as a data controller in the meaning of the General Data Protection Regulation (GDPR). Medista is responsible for ensuring that it uses that Personal Data in compliance with data protection laws, including but not limited to the GDPR and the Belgian law of 30 July 2018 on the protection of natural persons with regard to the processing of their personal data.
“Personal Data”, “processing” or “data controller” under this Privacy Policy have the meaning provided under the GDPR.
Please note that this Privacy Policy may be updated from time to time due to the implementation of new technologies and/or through legislative changes. We will inform you accordingly in a suitable manner when it is updated.
2. THE TYPES OF PERSONAL DATA WE COLLECT AND PROCESS
- 2.1 Some of the services offered by Medista on its Web Shop require us to obtain Personal Data about you in order to enter into an agreement, to execute the orders that you place, to perform the services we have been engaged to provide and to sell our products. In relation to our Web Shop, we will collect and process the following Personal Data about you:
• Personal Data that you provide to Medista. This includes information about you that you provide to us when you place an order on our Web Shop or when you create an account or contact us via the Web Shop. The nature of the services you are requesting or the products you will purchase will determine the kind of Personal Data we might ask for, e.g.:
- Contact information, such as first name, family name, company name, (professional) email address, delivery address, country, healthcare Id;
- Financial information, VAT, invoicing detail such as address;
- List of products and/or services that you purchase;
- Consent to subscribe to our newsletters and (marketing) information;
- Any information that you choose to share with us (whether through our websites or otherwise) which may be considered Personal Data, including but not limited to questions, comments, complaints, orders, etc.
• Personal Data that we collect or generate about you. This includes :
- When you visit the Medista Web Shop, cookies are used to collect technical information about the services that you use and the products that you purchase. For more information on the cookies used by Medista on its Web Shop please consult the Cookie Policy;
- If you or your company are customers of Medista, any Personal Data concerning the services or products which you or your company have requested and our interactions with you or your company.
3. HOW WE USE YOUR PERSONAL DATA
3.1 Your Personal Data may be stored and processed by us for the following purposes:
- to process the orders that you place on our Web Shop;
- to handle information request through our contact form;
- to manage the accounts of customers created on the Web Shop;
- for the management and administration of our activities;
- to understand your needs and interests;
- for ongoing review and improvement of the information provided on or operation and security of Medista websites;
- to assess and manage your customer relationship with us, where applicable;
- to provide our customers and prospects with Medista services and products;
- in order to comply with and in order to assess compliance with applicable laws, rules and regulations, and internal policies and procedures; and / or
- for the administration and maintenance of databases storing Personal Data.
3.2 When we use Personal Data we make sure that the usage complies with applicable law, relies on a valid ground and the law allows us and/or requires us to use Personal Data for a variety of reasons. These include where:
- we need to do so in order to perform our contractual obligations with our customers;
- we have obtained your consent;
- we have legal and regulatory obligations that we have to discharge;
- we may need to do so in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings;
- the use of your Personal Data as described is necessary for our legitimate business interests, such as:
- allowing us to effectively and efficiently manage and administer the operation of our activities;
- manage the proper functioning of our website;
- maintaining compliance with internal policies and procedures; and
- promoting our services and products.
4. DISCLOSURE OF YOUR PERSONAL DATA TO THIRD PARTIES
4.1 We may share your Personal Data within Medista. We will take steps to ensure that the Personal Data is accessed only by employees of Medista that have a need to do so to carry out their tasks for the purposes described in this Privacy Policy.
4.2 We may also share your Personal Data outside of Medista with the following persons:
- with our business partners; for example, this could include intermediaries that introduced you to us or through whom you requested Medista services or products; Personal Data will only be transferred to a business partner who is contractually obliged to comply with appropriate data protection obligations and the relevant privacy and confidentiality legislation;
- with third party agents and contractors for the purposes of providing services to us (for example, Medista’s accountants, professional advisors, IT and communications providers and legal advisors); these third parties will be subject to appropriate data protection obligations and they will only use your Personal Data as described in this Privacy Policy;
- to the extent required by law, for example if we are under a duty to disclose your Personal Data in order to comply with any legal obligation (including, without limitation, in order to comply with tax reporting requirements and disclosures to regulators), or to establish, exercise or defend our legal rights.
5. HOW WE SAFEGUARD YOUR PERSONAL DATA
5.1 We have extensive controls in place to maintain the security of our information and information systems. The information that we handle is protected with safeguards appropriate to the sensitivity of the relevant information. Appropriate controls (such as restricted access) are placed on our computer systems. Physical access to areas where Personal Data is gathered, processed or stored is limited to authorised employees.
5.2 As a condition of employment, Medista employees and staff are required to follow all applicable laws and regulations, including in relation to data protection law. Access to Personal Data is limited to those employees and staff who need it to perform their roles.
6. HOW LONG WE KEEP YOUR PERSONAL DATA
6.1 How long we will hold your Personal Data for will vary and will be determined by the following criteria:
- the purpose for which we are using it – Medista will need to keep the data for as long as is necessary for that purpose; and
- legal obligations – laws or regulation may set a minimum period for which we have to keep your Personal Data.
6.2 We will no longer process your Personal Data if you withdraw your consent and there is no other valid ground to process your Personal Data.
When you have placed an order, we will keep the Personal Data related to such order for the duration of the applicable statute of limitation period.
7. YOUR RIGHTS
7.1 You have a number of rights in relation to the Personal Data that we hold about you. These rights include:
- the right to obtain information regarding the processing of your Personal Data and access to the Personal Data which we hold about you;
- where you have actively provided your consent for us to process your Personal Data, the right to withdraw your consent at any time;
- in some circumstances, the right to receive some Personal Data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible (“data portability”); please note that this right only applies to personal data which you have provided to us;
- the right to request that we rectify your Personal Data if it is inaccurate or incomplete;
- the right to request that we erase your Personal Data in certain circumstances; please note that there may be circumstances where you ask us to erase your Personal Data but we are legally entitled to retain it;
- the right to request that we restrict our processing of your Personal Data in certain circumstances; again, there may be circumstances where you ask us to restrict our processing of your Personal Data but we are legally entitled to refuse that request; and
- the right to lodge a complaint with the data protection authority (details of which are provided below) if you think that any of your rights have been infringed by us.
7.2 You can exercise your rights by contacting us using the details set out in the “Contacting us” section below.
7.3 You can find out more information about your rights by contacting a competent supervisory authority. In Belgium it is the Data Protection Authority (“Autorité de protection des données” or “Gegevensbeschermingautoriteit”), rue de la Presse/Drukpersstraat 35, 1000 Brussels, or by searching their website at www.dataprotectionauthority.be, www.autoriteprotectiondonnees.be or www.gegevensbeschermingsautoriteit.be.
8. CONTACTING US
8.1 If you have any questions or concerns about Medista’s handling of your Personal Data or about this Privacy Policy, or to exercise the above rights, please contact us using the following contact information:
Address: Medista NV/SA Rue HermesStraat 5 – 1930 Zaventem
Email Address: dataprotection@medista.be