General Information for Customers and Suppliers

Pursuant to Article 13 of the European Regulation 2016/679

We wish to inform you that the processing of personal data you provide, including special data, is carried out fairly, for lawful purposes and with respect for your confidentiality and rights. In accordance with the aforementioned Regulation we provide you with the following information.

  1. The Data Controller is Biomeris Srl – via Adolfo Ferrata 1 – 27100 Pavia, VAT no. 02441670185, info@biomeris.it
  2. The Data Protection Officer can be contacted at dpo@biomeris.it
ID 3. Purposes of processing Legal basis of processing (Ref. RE 2016/679).
a) Provision of data harmonization services to generate scientific evidence through observational studies, consulting on electronic data collection systems for non-profit clinical trials and pathology registries, installation and customization of clinical datawarehouses to support research projects. Management of requests, offers and contracts related to the services offered. processing is necessary for the performance of a contract to which the data subject is a party or for the execution of pre-contractual measures taken at the request of the data subject (Art. 6 paragraph 1 letter b)
b) Management of requests, offers and contracts concerning the services offered to potential customers. processing is necessary for the performance of a contract to which the data subject is a party or the execution of pre-contractual measures taken at the request of the same (Art. 6 paragraph 1 letter b))
c) Meeting current administrative, accounting and tax legal obligations for customers and suppliers the processing is necessary for the performance of a contract to which the data subject is a party and to fulfill a legal obligation (Art. 6 paragraph 1 letter b) and c))
d) Credit recovery the processing is necessary for the pursuit of the legitimate interest of the data controller, which consists in the protection of its credit (Art. 6 paragraph 1 letter f))
e) Fraud prevention, including computer fraud the processing is necessary for the pursuit of the legitimate interest of the data controller, which consists in the protection from fraudulent operations carried out also by third parties (Art. 6 paragraph 1 letter f))
  1. Method of processing.

 Data will be processed in written form and/or on magnetic, electronic or telematic media.

  1. Obligation or option to provide data and consequences of refusal

 The provision of personal data is optional, but the refusal to provide them does not allow us to provide the requested services.

  1. Transfer of data

The Data will be processed in the territory of the European Union. In the event that your Data is transferred outside the European Union, the Data Controller assesses the impact of data transfers and adopts, if applicable, the most appropriate safeguards (e.g., adequacy decisions or standard contractual clauses).

  1. Recipients of Personal Data.

Without prejudice to communications and disclosures made in performance of legal obligations, including for the purposes of credit protection and better management of our rights relating to the individual business relationship, exclusively for purposes related to contractual requirements and/or satisfaction of your requests, the data may be disclosed to:

  • personnel of the Data Controller
  • credit institutions
  • professionals and consultants
  • Companies that perform administrative, accounting, fiscal, technical tasks for us

No form of dissemination of data is envisaged.

  1. Data retention. The data will be retained for the times indicated in the following table:
ID Purposes of processing Categories concerned Duration of retention  
3a) Provision of data harmonization services to generate scientific evidence through observational studies, consulting on electronic data collection systems for nonprofit clinical trials and pathology registries, installation and customization of clinical datawarehouses to support research projects. Management of requests, bids and contracts inherent in the services offered. Clients 10 years for tax and accounting obligations
3b) Service offers and requests from potential clients that do not become contracts Potential Clients Up to 24 months
3c) Meet current administrative, accounting and tax legal obligations Customers and Suppliers 10 years
3d) Credit recovery Clients Up to litigation resolution
3e) Fraud prevention, including computer fraud Customers and Suppliers Up to 6 months
  1. Exercise of Data Subject’s Rights

In relation to the data themselves, individuals may exercise the rights provided for in Chapter III Articles 12 to 23 of the European Regulation 679/2016. We list below the rights that may be exercised against us provided for in Articles 15 and 16 of the European Regulation 679/2016:

  1. The data subject has the right to obtain confirmation from the Data Controller as to whether personal data concerning him or her is being processed and, if so, to obtain access to the personal data and receive the following information:
  2. the purposes of the processing;
  3. the categories of personal data concerned;
  4. the recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly if recipients in third countries or international organizations;
  5. when possible, the expected period of retention of personal data or, if this is not possible, the criteria used to determine this period;
  6. the existence of the right to request from the Controller the rectification or erasure of personal data or the restriction of their processing or to object to their processing;
  7. the right to lodge a complaint with a supervisory authority;
  8. The Controller shall provide, at the request of the data subject, a copy of the personal data being processed. If the data subject makes the request by electronic means, and unless otherwise specified by the data subject, the information shall be provided in a commonly used electronic format.
  • The data subject shall have the right to obtain from the Controller the rectification of inaccurate personal data concerning him/her without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, including by providing a supplementary declaration.
  1. The data subject has the right to obtain from the Controller the erasure of personal data concerning him/her without undue delay if:
  2. the personal data are no longer necessary in relation to the purposes for which they were collected;
  3. personal data have been processed unlawfully;
  4. the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the data controller is subject.

 

Point IV does not apply to the extent that the processing is necessary: for the establishment, exercise or defense of a legal claim.

If the legal basis of the processing is based on consent, the data subject may withdraw consent at any time without affecting the lawfulness of the processing based on the consent, given before the withdrawal.

The rights listed above may be exercised by writing to the contact references listed under “Data Controller.”

Ultima modifica: 26 maggio 2023