Protecting your privacy is important to Mobidiag Ltd and its affiliates (“Mobidiag“). On this page, you will find information on how we collect and store your personal data.
1. Overall description of our data processing practices
This policy also includes general information on processing of (pseudonymized) data relating to the clinical samples used in the testing of our medical devices.
2. The purposes and legal basis for our processing
We collect personal data in the course of selling and marketing our products and services. Personal data of our customers’, distributors’, suppliers’ and other stakeholders’ contact persons may be collected for the preparation and implementation of our contractual relationship, as well as for marketing.
Furthermore, we collect personal data of our shareholders for maintaining shareholder register of the company, for organizing shareholder meetings and for sending investor information to our shareholders.
Personal data is processed for us to be able to manage and develop our customer relationships, for planning, developing and monitoring of different parts of our operations, for maintaining our shareholder register, as well as for the handling of general customer service, communications, marketing and customer satisfaction. These actions include the following purposes:
- managing and responding to customer requests in relation to our products, services or support,
- providing technical support for relevant products, and providing training to our customers’ employees on the proper use of our products,
- managing on-site and off-site repair,
- addressing customer complaints and possible product claims and recalls,
- supporting in the use of Mobidiag products.
Furthermore, we may collect personal data through our website as follows:
- Newsletter sign-up and contact form: On our website, we collect data when you order our newsletters or other information, and to respond to questions and other contact requests sent in through the webpage.
We may also collect personal information of healthcare professionals, such as investigators and study groups, participating in clinical performance studies or otherwise engaging in discussions with Mobidiag.
In compliance with the GDPR, Mobidiag may process personal data only if it has a legal basis for processing. Mobidiag primarily relies on the following legal grounds:
- legitimate interests pursued by Mobidiag, such as the handling of the customer or other contractual relationship, marketing of our services and responding to data subjects’ requests, and
- compliance with our legal obligation (e.g. shareholder register; product recalls).
As regards recruitment data, we process personal data of recruitment candidates in order to assess whether the candidate could be a suitable new employee at Mobidiag. We only process personal data directly necessary for the recruitment process and for recruitment related statistics.
We may also from time to time process results from clinical performance studies and other testing conducted on our medical devices, and we may process pseudonymized personal data related to clinical samples we use in our regulated IVD medical device development. Data subjects participating in clinical performance studies will be informed separately about the processing of their personal data before sample collection and asked for an informed consent, where required by law. The legal ground for processing (pseudonymized) sample data for testing purposes is, in addition to Mobidiag’s legitimate interest as well as public interest in the area of public health, the data subject’s explicit consent depending on the circumstances.
3. The data we process
The personal data that we process include the following data:
- Basic contact information, such as your name, title, position, company address, phone number, email address;
- Shareholder information, such as your name, address, date of birth, nationality, and amount of shares held by you;
- Data related to our customer relationship with your company such as data in relation to the sales of our products and services, as well as participation in our trainings;
- Data related to marketing, such as your subscriptions to our newsletters and your preferences, and
- Data related to recruitment, such as name, contact information, education and work experience, and other information necessary for the recruitment that the candidate provides to Mobidiag during the recruitment process.
- Pseudonymized data related to samples, necessary for conducting relevant tests on our medical devices.
4. Where we collect the data from
Personal data is mainly collected directly from the data subject. However, data may also be collected from your employer or colleagues. In some cases your personal data have been supplemented by information retrieved from other sources, including searches via publicly available search engines, sector specific newsletters, social media and your employer’s website, for the purpose of confirming your current professional position.
As regards recruitment data, we mainly collected data directly from the recruitment candidate. Mobidiag may also collect data from the appointed recruitment team, from potential referees on your consent, and from possible external service providers e.g. in case suitability assessments are conducted. We do not collect data from any external sources without the candidate’s prior consent unless otherwise provided by law.
5. Disclosures and transfers to third parties
We will not disclose your personal data to any third parties unless required to do so under applicable laws, to perform requested services requested by you or based on legitimate interests pursued by Mobidiag in order to carry out its business.
We may need to disclose personal data in accordance with applicable laws. Information on customer, suppliers, investigators participating in our clinical performance studies and other stakeholders may need to be disclosed to authorities on their request, for their performance of tasks carried out in the public interest, including to authorities supervising IVD medical devices in the EU and other territories, such as to the FDA in the USA.
We primarily process personal data on servers within the EU/EEA. However, we may need to transfer your information from a location within the EU/EEA. The level of data protection in countries outside the EU/EEA may be lower than that offered within the EEA. Where this is the case, we and the recipient of the data will implement appropriate measures under the GDPR to ensure that your personal information remains protected and secure.
We regularly use processors for the technical, commercial or operative implementation of data handling and your personal data may be transferred to and processed by such third-party providers which perform services for us to enable them to perform the services.
If we decide to sell, buy, merge or otherwise reorganize our business, this may involve us disclosing personal data to our and our owners’ professional advisors, prospective or actual buyers or investors and their professional advisors.
6. Principles of data security and retention
Mobidiag will only process personal data for the purposes for which it was collected and as set out above.
Mobidiag has taken appropriate technical and organizational measures to keep your personal data secure. Access to the information is secured so that the viewing of information requires the use of both the username administrated by Mobidiag as well as user-specific access credentials and password.
Access can be granted only to personnel working for Mobidiag who require the information for performing their assignments.
Furthermore, personal data of shareholders is handled in accordance with applicable legislation, including access to the data in accordance with such legislation.
We will keep personal data confidential and not disclose it to any other entities than those set out in this Policy, unless you clearly authorize us to do so, or such an authorization results from legal provisions.
Your personal data is stored only for as long as and in the extent that it is necessary for the purposes for which the information was collected.
As regards recruitment data, Mobidiag stores applications and attachments (CVs and copies of certificates) it receives as well as interview summaries during the recruitment process and for maximum 2 years thereafter to enable Mobidiag to respond to possible claims regarding the recruitment process. With your consent Mobidiag may also consider your application to other suitable opening positions in addition to the one you initially applied. Personal data of new recruits will be transferred to Mobidiag’s register of employee data.
7. Your rights
You may at any time exercise your rights as a data subject in relation to your personal data that we process. Your rights include the following:
- Right to access and rectification: You have the right to request access to the personal data relating to you. This includes e.g. the right to be informed whether or not personal data about you is being processed, what personal data is being processed, and the purpose of the processing. You also have the right to request that inaccurate or incomplete personal data be corrected.
- Right to object: You are entitled to object to certain processing of personal data, including for example processing of your personal data for marketing purposes or when we otherwise base our processing of your personal data on a legitimate interest of ours or a third party.
- Right to erasure: You may also request that your personal data be erased if, for example, the personal data is no longer necessary for the purposes for which it was collected, the processing is unlawful, or the personal data has to be erased to comply with a legal requirement.
- Right to data portability: If personal data about you that you yourself have provided is being processed automatically with your consent or in accordance with a contract between you and Mobidiag, you may request that the data is provided to you in a structured, commonly used and machine-readable format and you may also request that the personal data is transmitted to another controller, if this is technically feasible.
- Right to withdraw your consent: In cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time.
- Opt-out from marketing: If we use your contact information to send you electronic marketing communications about our products or services, you will always have the possibility to opt out of future marketing.
You may exercise any of the above mentioned rights by contacting us at email@example.com
If you wish to file a complaint with a national supervisory authority regarding our processing of your personal data, you may do so by contacting the national authority:
Finland: Data Protection Ombudsman (firstname.lastname@example.org, +35829 56 16670, www.tietosuoja.fi)
France: CNIL – Commission Nationale de l’Informatique et des Libertés (+33 (0)22.214.171.124.22,https://www.cnil.fr/en/home)
Sweden: Swedish Data Protection Authority (email@example.com, 08-657 61 00, https://www.datainspektionen.se/other-lang/)
8. Contact us
Mobidiag is the controller of your personal data for the purposes described above. If you have any questions or complaints about how we process your personal data, or would like further information, please contact us at any time at firstname.lastname@example.org.