DATA PROTECTION AT GENOHM
Genohm processes a lot of different kinds of information in order to function properly and conduct its business successfully. They can range from personal contact information of scientists asking to learn more about SLIMS, to personal data provided by customers in order for us to be able to execute sensitive administrative procedures when servicing them, or to data provided to Genohm by customers in order for our engineers to be able to service them.
We recognize the value of that spectrum of different information. Therefore, Data Protection is a very high priority for Genohm and we actively stimulate adherence to it internally. We see Data Protection as a tool to achieve our and your objectives rather than just an aspect of the business. Data Protection is, therefore, central to our operations at every level and help us provide to our customers the best product and services possibles.
We want you to rest assured that your data is in good hands with us, processed in an environment that is compliant with the latest regulations and legal requirements such as the EU General Data Protection Regulation (GDPR) and other data protection standard existing at national levels. We take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of any Data in our hands. This processing is carried out using anti-virus and malware-protected computers and/or IT enabled tools, following organizational data protection policies and procedures.
It’s a basic question of trust.
We take the same approach when dealing with information such as data from Contact Form or customer data that is processed on our SLIMS platform. Visitors of our websites as well as our customers know that when vising genohm.com, appstore.genohm.com, other customer-related websites or when using our product and services to perform their scientific procedures, they can rely on us to protect their data, as if it was our data. They know that the required securities and protections are in place in order to prevent any kind of data loss or breach.
Your data is well guarded at Genohm and on our digital platform SLIMS.
THE EUROPEAN UNION GENERAL DATA PROTECTION REGULATION, EU GDPR
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC. It’s a regulation intended to strengthen and unify data protection for all individuals across the European Union. The regulation concerns entities in the EU or outside that collect and process data from EU residents. The GDPR describes how organizations — such as Genohm — must collect, handle, store and dispose personal information of EU citizens. These rules apply regardless of whether data is stored electronically, on paper or on other materials.
PERSONAL DATA AND DATA SUBJECTS
The GDPR describes personal data as any information relating to an identified or identifiable natural person or Data Subject. This can be a name, a location, an identification number, an IP address or else that may be used to identify a Data Subject. Sensitive data are defined as data that may result in discrimination of a Data Subject, such as racial, ethnic, sexual orientation, religious and political conviction or genetic and health data.
The regulation is underpinned by a number of important principles. They describe how personal data must be processed, namely in a fairly, lawfully and in a transparent way and obtained with clear and intelligible consent only for specific, limited and lawful purpose. The data processed must be adequate, relevant and not excessive in regard to the purpose of collection. It must be accurate and kept up to date as well as not be held for any longer than necessary. It’s important that data be processed with integrity and confidentiality in accordance with the rights of Data Subjects, protected in appropriate ways as described in the regulation. Data transfers to countries without adequate level of protection must be safeguarded in a way compliant to the legislation, that includes inter-group transfers.
GENOHM CAN ACT AS CONTROLLER AND PROCESSOR OF PERSONAL DATA
To comply with the GDPR, Genohm has set up a data protection environment that enables any employee to process personal data, i.e. collect, store, use and dispose personal information fairly and safely and without disclosing it unlawfully. Depending on the nature of the data processed, Genohm can act as Controller of data or Processor of data.
A Controller of data determines the purposes and means of the processing of personal data. In the case of Genohm, the company acts as a controller with customer data gathered for business follow-up, or with the data submitted through the Contact Form or through the email: firstname.lastname@example.org, email@example.com. According to GDPR Article 6(1)(b), Genohm only process personal data from customers that is strictly necessary to execute the contract signed with them. Then, in order to meet our obligations under GDPR Article 6(1)(c), the company processes financial data and information that are needed to meet its accountability requirements. GDPR Article 6(1)(f) allows us to process personal data for other interests such as the improvement of the websites, to give its visitors a better user-experience, to make sure that the websites as well as our digital platform SLIMS are secure environments and finally use them for responsible marketing and business development only when positive consent has clearly been given.
Genohm treats personal data originating outside of the company with the same respect and follows the same data protection procedures as if they were property of the company.
DATA TRANSFERS INSIDE GENOHM
Genohm has offices in several locations worldwide. It is possible that in the course of its business, the company will have to transfer some Personal Data or Customer Data to another office location away from the original location. Therefore, the company has taken the necessary steps in order to protect the safety of the information in these cases.
Where such Personal Data will be transferred to, and processed in the USA by Genohm group companies, Genohm has put in place the European Commission’s model contracts for the transfer of personal data to third countries (the “Model Clauses”), pursuant to Decision 2004/915/EC. Please contact firstname.lastname@example.org, if you would like to see a copy of the Model Clauses. We may also transfer your personal data to our Genohm group company in Switzerland on the basis that this jurisdiction has been judged by the European Commission to provide adequate data protection laws.
In addition to the above, Genohm’s global organizational structure also requires the global transfer of Personal Data within the Genohm group of companies. As a consequence, as it is in our legitimate interests for the efficient operation of a global company, and as permitted by applicable law, the personal information that you provide to us will be transferred across state or country borders, including to countries outside the country in which you reside (including to countries outside the EEA), to consolidate data storage, simplify information management or synchronize customer relationship activities globally.
We may also share your Personal Data with suppliers. Where the GDPR applies and the recipient of your personal information is located outside the European Economic Area (“EEA”), such transfer will either be: (i) to a recipient certified to the US Department of Commerce’s EU-US Privacy Shield; (ii) based on an adequacy decision of the European Commission (ii) subject to the Model Clauses. For more information about the EU-US Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield website. If you would like to see a copy of the Model Clauses, please contact email@example.com.
Genohm has established processes, records and registers that make sure that its external partners and service providers that process personal data for administrative purposes are regularly audited and strictly adopt the same regulations. The company does not engage sub-processors to perform its business activities related to the SLIMS plaform.
GENOHM AND GDPR
Another series of rights, Right to Access (EU GDPR Art. 14-15), Right to Object (EU GDPR 16-18) and Right to be Forgotten (EU GDPR Art. 17) imply that Data Subject have to fully access their data processed by Genohm, they can request rectification of incorrect data, or revoke consent and opt out of data processing, or to ask for all the data to be fully erased. These latter rights are subject to lawful requirements that the company may have to abide to. The Data Portability right (EU GDPR Art. 20) allows Data Subjects to ask to retrieve all personal data which must be provided in a portable format. In regard to these rights, we have created an internal environment ready to respond to Data Subject requests to delete, modify, or transfer their data. Our employees working with personal data are well trained to respond to this kind of customer requests.
Finally, the Breach Notification right (EU GDPR Art. 33) is mandatory, the Data Protection Authority and the victim of the data breach have to be notified in 72 hours in the case of a data breach.
Genohm is fully committed to respect all of the rights of Data Subjects under the GDPR. The company has put in place technical and organizational measures in line with the GDPR regulation to safeguard the personal data processed and the rights of Data Subjects as detailed here. The company has developed policies and procedures, records and registers that ensure that any kind of data processed at Genohm is are mapped and can easily be audited.
In accordance with the Privacy by Design and by Default article (EU GDPR Art. 25), we have added the required elements to our SLIMS development lifecycle. Access to Customer Data that clients ask us to process is strictly limited to the employees mandated to execute these processes. Our internal procedures, records and registers make sure that we meet the GDPR accountability requirements in this regard.
Beside external partners and third-parties, Genohm performs regular internal audits to validate the effectiveness of its policies and processes in terms of data protection. The effectiveness of this environment can only be successful with knowledgeable employees. Therefore the company has set up an internal training program that teaches policies and procedures that make Genohm GDPR compliant. The internal training on Quality and Security is an integral part of the on-boarding process for every new employee. Team members that have to process personal data as part of their duties, receive a special training tailored to the kind of data they handle.
It’s a basic question of trust.
STATISTICAL DATA COLLECTION ON THE WEBSITES
The page Data Collection on the Websites contains relevant information on data collection on the websites through web analysis technologies. Surf this page if you want to know what kind of statistical data is collected here, through which tools and how it is processed.
Genohm’s employees, prospects and customers served in the USA or the EU, in Switzerland, in the Middle East or anywhere else in the world all receive the same standard of care in terms of Data Protection. Do you have any specific question on this matter? Any comment or complaint? Do you want to know more on Data Protection at Genohm or how we implement it in SLIMS?
Here is how you can contact us:
By email at the attention of our Data Protection Responsible at: firstname.lastname@example.org
Or by regular mail addressed to our R&D Europe Office: Genohm BVBA, Dendermondsesteenweg 48B/102, 9000 Gent. Belgium.
We will be very pleased to get back you with the requested information. Thank You.