Brainomix Europe Limited is both a Controller and Processor for the purposes of the Data Protection Legislation. A “controller” is an entity that controls how and why personal data is processed and a “processor” uses, handles or works with the data under the instruction of the controller, typically one of our clients, such as a hospital.
Brainomix Europe obtains, uses, stores, and otherwise processes personal data relating to current, prospective, and former employees, website users, contacts including customer and hospital clinical and administrative staff contacts as well as contacts relating to business-to-business activities.
In this context Brainomix Europe is a Controller because we determine what data we process, why it is processed, how it is processed and the legal basis for processing.
This Privacy Statement relates to Brainomix Europe as a Controller and explains the types of personal data we may collect about you when you interact with us or when your organisation or employer contracts or is contemplating entering into a contract with us. It also explains how we store and handle that data and keep it safe.
Please note that this Privacy Statement does not apply to the processing activities we engage in, as a processor, on behalf of controllers (typically hospitals). You can find more information about these processing activities in a link at the end of this statement.
How we use your personal data depends on whether you are a business contact or a visitor to our website. We use your personal data for the following purposes:
The legal basis for our processing of your personal data are:
Legitimate Interests
We process your personal data when it is necessary for our legitimate interests in running our business, e.g. for (with your permission) marketing, operating our website, and entering into, performing and managing contracts with you, your organisation or employer.
We process your personal data when it is necessary for the legitimate interests of your organisation or employer, e.g. instance in entering into a contract with us or receiving our products and services.
We usually collect your personal data directly from you, but sometimes we obtain your personal data from one of our distributors or customers. Sometimes your organisation or employer may provide your personal data to us.
You are not obliged to provide any personal data to us.
We collect and use the following kinds of personal data:
For users of Brainomix products we may use personal data provided by you or your organization or employer, including your name, e-mail address and phone number for the purposes of collecting non-marketing technical, clinical and usability feedback on our installed products that you use in order to provide support services.
We will not use any personal data for marketing purposes without your explicit consent.
Access
You can ask us to confirm whether we hold or use your personal data. If we do, you can ask for a copy of it.
Correction
You can have incomplete or inaccurate personal data corrected. We may need to check the accuracy of any new data you provide.
Erasure (the right to be forgotten)
You can ask for your personal data to be deleted if there is no good reason to continue using it.
You can also ask for your personal data to be deleted if:
Restriction
You can ask for the use of your personal data to be suspended in the following circumstances:
if you want the data's accuracy to be established;
if the use of your personal data is illegal, but you do not want it deleted;
if you need the data to be held in connection with a legal claim, but we do not need it; or
you have objected to the use of your personal data but we need to check whether it has overriding legitimate reasons to use it.
Object
If the legal basis for our using your personal data is legitimate interests, and you think that affects your rights, you can object to the use of your personal data.
In some cases, we may have compelling legitimate grounds to use your personal data and those grounds may override your rights.
Object to direct marketing
You can object if we use your personal data for direct marketing purposes.
Withdraw consent
If you have given consent to the processing of your personal data, you can withdraw that consent at any time.
If you withdraw consent, that will not affect the earlier use of your data with your consent.
Transfer of data (data portability)
If you provided your personal data and:
you can ask that your personal data be sent to you or to someone else.
We may disclose your personal data to:
Brainomix Europe Limited contracts with Brainomix Limited (UK) for various administrative and technical support services. As such, Brainomix UK is a processor for data controlled by Brainomix Europe Limited. All processing carried out by Brainomix UK on behalf of Brainomix Europe Limited is governed by a data processing agreement which sets out all obligations and responsibilities relating to the processing.
The majority of data processed by Brainomix UK relates to Brainomix Europe Limited employees for the purposes of carrying out business operations including but not limited to payroll, recruitment and pension provision.
Brainomix Europe Limited may also share personal data such as e-mail addresses, contact names and phone numbers relating to commercial and other contracts with Brainomix UK for administrative support and to meet contractual obligations.
Data is stored on encrypted systems on hosted cloud services such as Microsoft Office 365 and AWS, in transit, and at rest. These processors are located within the EEA.
We do not intend to transfer personal data outside the UK and European Economic Area, but if we change our mind about that we will let you know (by posting a notice on our website or sending you an email):
Our staff may access personal data when they are outside the EEA (e.g. UK), but the same safeguards apply as if our staff were accessing personal data from within the EEA.
In addition to EU based data centers, some data may be held in UK based data centers. We will ensure that the correct mechanisms and safeguards are in place to carry this out including but limited to EU Standard Contractual Clauses where no inter-governmental agreement is in place.
We retain your personal data only for as long as is necessary for the purpose for which we collected it.
We retain personal data used for marketing purposes for more than 18 months from when we collected it. If you ask us to stop sending you marketing, we will keep your name and email address and mark them so that they are no longer used for marketing.
At the end of the retention period personal data is either securely deleted or anonymised, except any personal data that we need to retain to show that we have complied with data protection law, or unless the law requires us to keep it for longer, or we need it to exercise our legal rights.
If we anonymise your personal data, it will no longer be personal data and we may keep and use it for longer.
The security of your personal data is important to us. We have appropriate technical and organisational measures to prevent the accidental loss, misuse, unauthorised access to or unauthorised alteration or disclosure of your personal data.
Access to your personal data is given only to those who have a need to know and are subject to a duty of confidence, via authenticated access only, controlled by our technical administrative staff
All personal data is encrypted at rest and in flight.
We cannot guarantee the security of all data sent over the internet, unless the transport protocols are of a secure nature (encrypted in flight).
Our website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow someone else to collect or share data about you.
We do not control other people's websites and we are not responsible for their privacy policies or their or privacy notices/statements.
This Privacy Statement does not apply to any website operated by anyone else. If you visit a website operated by someone else, please read its Privacy Notice (or privacy policy or statement) to find out how it uses your personal data.
Our website uses persistent cookies from Google Analytics to collect statistics on site visitors. These track your visit, and are used to allow us to improve our website based on how users use it.
Our website uses persistent cookies from Twitter to enable viewing of the Twitter timeline.
Except for essential cookies, we set cookies only if you have agreed to allow that cookie. If you do not want to allow a cookie, some website functionality may suffer.
If you have allowed a cookie, you may change your preference by selecting the “Cookie preferences” button in the bottom right of the website and adjusting your selection appropriately.
You may delete it at any time through your browser, typically on the browser's privacy or security options page.
Brainomix Europe Limited is the controller of your personal data. Brainomix is a company registered in the Republic of Ireland with the registration number 683049.
Our registered office is at:
Suite 10380,
26/27 upper Pembroke Street,
Dublin 2
D02 X361
Ireland
If you wish to exercise any of your rights or if you have any concerns or complaints about the use of your personal information, please contact our data protection officer at: dpo@brainomix.com
You always have the right to lodge a complaint with the Data Protection Commission about how we handle your personal data, but please contact us first to see if we can resolve your issue.
Data Protection Commission address:
21 Fitzwilliam Square South
D02 RD28
https://www.dataprotection.ie/
This Privacy Statement was last updated on 24th February 2021.
If we change how we use your personal data, we will let you know, either by posting a notice on our website or sending you an email.
If you don't agree to the changes, you can stop using our services and stop giving us personal data and, if you are registered with us, cancel your registration.
Please click here to learn more about how Brainomix processes patient and other data.