Protecting your privacy is important to Mobidiag Ltd and its affiliates (“Mobidiag“). On this page, you will find information on how we collect and store your personal data.
1. Overall description of our data processing practices
We process personal data under this Privacy Policy and in accordance with applicable legal provisions, including the General Data Protection Regulation (2016/679; the “GDPR“) and other applicable national data protection laws (“Data Protection Law“). This policy describes how we process the personal data of our customers’, distributors’, suppliers’, and other stakeholders’ contact persons as well as personal data of our recruitment candidates and shareholders. We also describe how personal data may be collected through our website.
This policy also includes general information on processing of (pseudonymized) data relating to the clinical samples used in the testing of our medical devices.
Mobidiag has separate privacy policy for employee personal data.
2. The purposes and legal basis for our processing
We collect personal data in the course of selling and marketing our products and services. Personal data of our customers’, distributors’, suppliers’ and other stakeholders’ contact persons may be collected for the preparation and implementation of our contractual relationship, as well as for marketing.
Personal data is processed for us to be able to manage and develop our customer relationships, for planning, developing and monitoring of different parts of our operations, as well as for the handling of general customer service, communications, marketing and customer satisfaction. These actions include the following purposes:
- managing and responding to customer requests in relation to our products, services or support,
- providing technical support for relevant products, and providing training to our customers’ employees on the proper use of our products,
- managing on-site and off-site repair,
- addressing customer complaints and possible product claims and recalls,
- supporting in the use of Mobidiag products.
Furthermore, we may collect personal data through our website as follows:
- Newsletter sign-up and contact form: On our website, we collect data when you order our newsletters or other information, and to respond to questions and other contact requests sent in through the webpage.
- Cookies: To adapt the content and the services to your individual needs and interests, we use cookies, i.e. data saved by the website server on the user’s computer and whose server can read each connection with that computer. This also enables you to login to our extranet application. Cookies provide statistical information on the movements of users and their use of particular website pages and enable services to be provided efficiently. You may at any time turn off the cookie option in your internet browser, however turning off the cookies option may cause difficulties in using the services or may even make such use impossible.
We may also collect personal information of healthcare professionals, such as investigators and study groups, participating in clinical performance studies or otherwise engaging in discussions with Mobidiag.
In compliance with the GDPR, Mobidiag may process personal data only if it has a legal basis for processing. Mobidiag primarily relies on the following legal grounds:
- legitimate interests pursued by Mobidiag, such as the handling of the customer or other contractual relationship, marketing of our services and responding to data subjects’ requests, and
- compliance with our legal obligation (e.g. shareholder register; product recalls).
We may also from time to time process results from clinical performance studies and other testing conducted on our medical devices, and we may process pseudonymized personal data related to clinical samples we use in our regulated IVD medical device development. Data subjects participating in clinical performance studies will be informed separately about the processing of their personal data before sample collection and asked for an informed consent, where required by law. The legal ground for processing (pseudonymized) sample data for testing purposes is, in addition to Mobidiag’s legitimate interest as well as public interest in the area of public health, the data subject’s explicit consent depending on the circumstances.
3. The data we process
The personal data that we process include the following data:
- Basic contact information, such as your name, title, position, company address, phone number, email address;
- Data related to our customer relationship with your company such as data in relation to the sales of our products and services, as well as participation in our trainings;
- Data related to marketing, such as your subscriptions to our newsletters and your preferences, and
- Pseudonymized data related to samples, necessary for conducting relevant tests on our medical devices.
4. Where we collect the data from
Personal data is mainly collected directly from the data subject. However, data may also be collected from your employer or colleagues. In some cases your personal data have been supplemented by information retrieved from other sources, including searches via publicly available search engines, sector specific newsletters, social media and your employer’s website, for the purpose of confirming your current professional position.
5. Disclosures and transfers to third parties
We will not disclose your personal data to any third parties unless required to do so under applicable laws, to perform requested services requested by you or based on legitimate interests pursued by Mobidiag in order to carry out its business.
We may need to disclose personal data in accordance with applicable laws. Information on customer, suppliers, investigators participating in our clinical performance studies and other stakeholders may need to be disclosed to authorities on their request, for their performance of tasks carried out in the public interest, including to authorities supervising IVD medical devices in the EU and other territories, such as to the FDA in the USA.
Any personal data that is provided to us is stored and processed in, and transferred between, any of the countries in which Mobidiag, its agents, contractors and affiliated organizations of the Hologic Group have offices, in order to enable Mobidiag to use that personal data as set out in this policy. The level of data protection in countries outside the EU/EEA may be lower than that offered within the EU/EEA. Where this is the case, we and the recipient of the data will implement appropriate measures under the GDPR to ensure that your personal information remains protected and secure.
We regularly use processors for the technical, commercial or operative implementation of data handling and your personal data may be transferred to and processed by such third-party providers which perform services for us to enable them to perform the services.
If we decide to sell, buy, merge or otherwise reorganize our business, this may involve us disclosing personal data to our and our owners’ professional advisors, prospective or actual buyers or investors and their professional advisors.
6. Principles of data security and retention
Mobidiag will only process personal data for the purposes for which it was collected and as set out above.
Mobidiag has taken appropriate technical and organizational measures to keep your personal data secure. Access to the information is secured so that the viewing of information requires the use of both the username administrated by Mobidiag as well as user-specific access credentials and password.
Access can be granted only to personnel working for Mobidiag who require the information for performing their assignments.
We will keep personal data confidential and not disclose it to any other entities than those set out in this Policy, unless you clearly authorize us to do so, or such an authorization results from legal provisions.
Your personal data is stored only for as long as and in the extent that it is necessary for the purposes for which the information was collected.
7. Your rights
You may at any time exercise your rights as a data subject in relation to your personal data that we process. Your rights include the following:
- Right to access and rectification: You have the right to request access to the personal data relating to you. This includes e.g. the right to be informed whether or not personal data about you is being processed, what personal data is being processed, and the purpose of the processing. You also have the right to request that inaccurate or incomplete personal data be corrected.
- Right to object: You are entitled to object to certain processing of personal data, including for example processing of your personal data for marketing purposes or when we otherwise base our processing of your personal data on a legitimate interest of ours or a third party.
- Right to erasure: You may also request that your personal data be erased if, for example, the personal data is no longer necessary for the purposes for which it was collected, the processing is unlawful, or the personal data has to be erased to comply with a legal requirement.
- Right to data portability: If personal data about you that you yourself have provided is being processed automatically with your consent or in accordance with a contract between you and Mobidiag, you may request that the data is provided to you in a structured, commonly used and machine-readable format and you may also request that the personal data is transmitted to another controller, if this is technically feasible.
- Right to withdraw your consent: In cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time.
- Opt-out from marketing: If we use your contact information to send you electronic marketing communications about our products or services, you will always have the possibility to opt out of future marketing.
You may exercise any of the above mentioned rights by contacting us at data.privacy@hologic.com
If you wish to file a complaint with a national supervisory authority regarding our processing of your personal data, you may do so by contacting the national authority:
Finland: Data Protection Ombudsman (tietosuoja@om.fi, +35829 56 16670, www.tietosuoja.fi)
France: CNIL – Commission Nationale de l’Informatique et des Libertés (+33 (0)1.53.73.22.22,https://www.cnil.fr/en/home)
Sweden: Swedish Data Protection Authority (datainspektionen@datainspektionen.se, 08-657 61 00, https://www.datainspektionen.se/other-lang/)
United Kingdom: Information Commissioner’s Office (https://ico.org.uk/global/contact-us/, https://ico.org.uk/)
8. Contact us
Mobidiag is the controller of your personal data for the purposes described above. If you have any questions or complaints about how we process your personal data, or would like further information, please contact us at any time at data.privacy@hologic.com
