PRIVACY STATEMENT
BILTHOVEN BIOLOGICALS B.V.
 
This is the Privacy Statement of Bilthoven Biologicals B.V. ('BBio'). This Privacy Statement applies to all persons who interact with BBio with the exception of its employees. More specifically, this means that this Privacy Statement applies to:

• visitors, customers, job applicants, clients, contractors (including self-employed persons and suppliers insofar as natural persons) and other relations of BBio;

• visitors to BBio's website (https://www.bbio.nl) or a domain name affiliated with this domain name.

 
All such persons are hereinafter referred to collectively as 'you' and 'your'. The words "we" and "us" refer to BBio. Chapter 1 explains a number of concepts. These terms are indicated with a capital letter in the Privacy Statement.
 
It is very important to us that your Personal Data is handled with care. It goes without saying that we comply with all legal regulations, including the General Data Protection Regulation ('GDPR'), and secure your Personal Data carefully and adequately.

We ask you to read this Privacy Statement carefully. For the sake of readability, we have divided the Privacy Statement into chapters. You will find the table of contents below. By clicking on the topic or chapter, you will be taken directly to the chapter that is relevant to you.
 
This Privacy Statement was last amended on and applies as of January 2021.
 
TABLE OF CONTENTS
1.       GLOSSARY. 3
2.       WE MAY PROCESS THIS PERSONAL DATA ABOUT YOU. 4
3.       WHY DO WE PROCESS YOUR PERSONAL DATA?. 5
4.       WE PROCESS PERSONAL DATA ON THESE GROUNDS. 5
5.       SHARING PERSONAL DATA WITH THIRD PARTIES. 6
6.       SHARING OF PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA. 7
7.       SECURITY. 7
8.       AUTOMATED DECISION-MAKING.. 8
9.       RETENTION PERIODS. 8
10.     MINORS ON THE BBIO WEBSITE. 8
11.     YOUR RIGHTS. 8
12.     COOKIES AND SIMILAR TECHNIQUES. 10
13.     CONTACT DETAILS / QUESTIONS / COMPLAINTS / COMMENTS. 10
14.     CHANGES AND APPLICABLE LAW.. 10
 
 
 
 
 
 
1.GLOSSARY
Person concerned:
the person to whom the Personal Data being processed relates. In other words, the person whose personal information is being processed.
 
Sensitive personal data:
Special categories of personal data are data about a person's religion or belief, race, political affiliation, health, sexual life and membership of a trade union.
 
Third parties:
 
(legal) persons who are not Data Subjects or part of BBio, such as: (legal) persons with whom BBio shares Personal Data on the basis of an agreement. These Third Parties may be processors or joint Controllers.
 
Personal data:
any data relating to an identified or identifiable person. In other words, any information that identifies or can be used to identify the Data Subject.
 
Process:
 
 
 
 
anything that can be done with Personal Data, such as collecting, recording, storing, modifying, retrieving, using, disseminating and destroying.
 
Data Controller:
 
the person who processes data of Data Subjects for a specific purpose. For the purposes of this Privacy Statement, this is BBio.
 
 
 
 
 
 
2.WE MAY PROCESS THIS PERSONAL DATA ABOUT YOU
Below we explain which Personal Data BBio may Process from you.
Information provided by you, such as:

• your contact details (name, address, place of residence, e-mail address, telephone number);

• your gender details and date of birth;

• data following a telephone conversation with you;

• data from an e-mail from you;

• Invoice;

• data from your CV/employment history data.

 
Information we have received through our websites, newsletters and emails:

• information about the device you used to access our website;

• your surfing behaviour on the website, such as:

• what data/web pages you have viewed from us;

• the way in which you navigate through the website;

• whether you open a newsletter or e-mail and which parts of it you click on;

• the dates and times of your visit to our website;

• the operating system you are using;

• your browser type and IP address;

• your internet service provider;

• the internet address of the website used to link the link;

• geolocation;

• the data you have downloaded from the website.

 
Information we have received from other sources, such as:

• camera images (at the relevant places, our information boards point out the camera surveillance);

• data that is available from public sources and is apparent to have been made public by you, such as on social media and business websites;

• data from the Trade Register of the Chamber of Commerce and from the Land Registry.

3.WHY DO WE PROCESS YOUR PERSONAL DATA?
We use your Personal Data for the following purposes:

• to verify your identity;

• to improve (the security of) our services, including by carrying out checks;

• to monitor the safety of our employees and other persons, including preventing the infection with or spread of poliovirus;

• to keep you informed about BBio news, developments, services and products;

• to be able to evaluate, research and develop our services;

• to contact you for newsletters, if you have subscribed to them;

• for internal quality purposes;

• to operate, secure, customise and improve our websites;

• for marketing/commercial purposes;

• for recruitment and selection;

• to comply with a legal obligation to which BBio is subject;

• to be able to contact you and respond to the questions you have asked;

• to process your request for information and to handle complaints;

• to prevent theft, abuse, vandalism or other criminal behaviour;

• to be able to carry out satisfaction surveys.

4.WE PROCESS PERSONAL DATA ON THESE GROUNDS
In order to be able to use Personal Data, we need a legal basis from the GDPR.
We use the following grounds:

• you have given permission to BBio;

• the use is necessary to perform or enter into a contract with you;

• the use is necessary to comply with a legal obligation to which BBio is subject;

• in emergency situations: the use is necessary to protect a vital interest of yours or of another person;

• the use is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in BBio;

• we have a legitimate interest in the use, unless your interest or the interest of a Third Party to privacy outweighs it.

 
BBio can invoke the following legitimate interests:

• protecting your safety;

• protecting the safety of employees and/or others, BBio's buildings and property;

• for quality and training purposes;

• improve IT management and security;

• analyse and improve the services and content of our websites;

• provide, improve, customize, support, research, and analyze our services;

• promoting the quality and safety of services;

• communicate with you and other BBio affiliates;

• Preventing and deterring fraud, unauthorized use, and violations of our terms and policies or other harmful or illegal activities.

5.SHARING PERSONAL DATA WITH THIRD PARTIES
We only share your Personal Data with Third Parties if this is necessary because Third Parties carry out work on behalf of BBio and only for the purposes described in this Privacy Statement. If a Third Party is engaged, BBio will ensure that this Third Party maintains the same level of security and confidentiality as that maintained by us.
 
BBio can make use of the following categories of contractors:

• IT management;

• website management;

• websitehosting;

• e-mail communications;

• other contractors/suppliers.

 
BBio remains responsible for the processing of your Personal Data. BBio enters into agreements with Third Parties to ensure that your Personal Data is properly secured.
 
BBio may share your Personal Data with a Third Party, such as a prospective buyer or seller, through a merger, acquisition or sale of all or part of its organization. Of course, we will inform you about this by e-mail and/or a clearly visible notice on our website and inform you of your rights in this situation.
6.SHARING OF PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA
It may sometimes be necessary to transfer your Personal Data to Third Parties located outside the European Economic Area ("EEA"). In accordance with the GDPR, BBio will only transfer your Personal Data to countries outside the EEA:
 

1. if the European Commission has decided that the third country ensures an adequate level of protection; or

2. if appropriate safeguards are provided and you have enforceable rights and proper legal remedies; or

3. the transfer is necessary for the performance of your agreement with BBio; or

4. if you have expressly consented to the transfer, after having been informed of the risks involved in the transfer; or

5. if the transfer is necessary for important reasons relating to the public interest; or

6. if the transfer is incidental and necessary for BBio's overriding interests and BBio has taken appropriate safeguards and has informed the Dutch Data Protection Authority about this.

 
In situations where BBio transfers your Personal Data outside the EEA, we take steps to ensure that your Personal Data remains well protected.
7.SECURITY
BBio takes the protection and security of your Personal Data very seriously and continuously takes measures to optimally protect your Personal Data against unlawful use. We have taken the following measures, among others:

• only persons who are authorised to do so have access to Personal Data, whereby as few persons as possible have access to the Personal Data;

• all BBio employees have signed a duty of confidentiality, committing themselves to complete confidentiality regarding all information (including Personal Data);

• BBio applies a policy (protocol) for data breaches in order to act adequately and carefully in the event of unexpected data breaches, in order to minimize the consequences of a data breach and prevent recurrence;

• electronic transmission of Personal Data always takes place via a secure connection;

• The website is secured via https;

• we will ensure that your Personal Data will only be shared with Third Parties if we have agreed appropriate security measures with these Third Parties.

 
In addition, BBio ensures that all its user settings, programs and services are set up in such a way that your privacy protection is maximized from the start of development. With regard to the provision of information and services, BBio applies the 'opt-in arrangement' by default: information is only provided or services are only provided if you have given explicit permission for this. This can be done, for example, by ticking a cross on the website.
8.AUTOMATED DECISION-MAKING
If necessary, BBio can decide on matters that may have (significant) consequences for you on the basis of automated processing. These are decisions that are made by computer programs or systems, without a person (e.g. an employee of BBio) being involved. For example, if fraudulent activity is suspected, we may block you from using our websites.
9.RETENTION PERIODS
BBio never stores Personal Data longer than is necessary for the purpose of the processing. BBio will retain your Personal Data for as long as we deem necessary to provide you with services, enable you to use the website, comply with applicable laws, resolve disputes with parties, and otherwise to the extent necessary to enable us to conduct our business.
 
BBio will store your Personal Data at least for the period that you have an agreement with BBio. Some Personal Data is subject to statutory retention periods. BBio fully observes these statutory retention periods.
10.MINORS ON THE BBIO WEBSITE
Although visitors of all ages can visit our websites, we do not want to collect Personal Data from children under the age of 16 without parental consent. Therefore, you may only use our website under the supervision of your parents or legal guardian if you are 16 years of age or younger.
11.YOUR RIGHTS
If your Personal Data is processed, you have a number of rights, which are set out below. You can exercise these rights by submitting your request in writing and sending it to BBio or by sending an email to SecurityOfficer@bbio.nl. BBio will verify your identity before your request can be fulfilled.
 
BBio will respond to your request as soon as possible, but no later than one month. In principle, your requests will be processed electronically, unless this is not possible or you request otherwise. BBio will not charge you any fees for the handling of your aforementioned requests, unless your requests are excessive.
 

1. Access to personal data

You can ask us at any time to indicate which (categories of) Personal Data BBio processes about you, for what purposes, from which source the Personal Data comes and what retention periods are used.
 

1. Changes to personal data

You can contact us at any time to complete or correct your Personal Data. In the unlikely event that BBio has processed and/or provided incorrect Personal Data about you to Third Parties, BBio will immediately correct this. If BBio has changed your Personal Data, BBio will notify you accordingly.
 

1. Restrict the processing of your Personal Data

If you do not agree with the content of the Personal Data that BBio holds about you, in some cases you can submit a request to temporarily restrict the processing of your Personal Data.
 

1. Withdrawal of consent

You may also withdraw your consent to the Processing of your Personal Data at any time. Upon receipt of your letter or e-mail, BBio will immediately cease processing your Personal Data for which you have given consent. However, withdrawing your consent will not affect the processing that has already taken place.
 

1. Right to transfer Personal Data (right to data portability)

You can request the Personal Data that BBio holds about you in a structured, commonly used and machine-readable format. Upon receipt of the Personal Data, you are free to transfer this information.
 

1. Right to be forgotten

If you no longer wish to use BBio's services, you can request the deletion of all your Personal Data.
 

1. Right to object

You have the right to object to the processing of your Personal Data based by BBio on the grounds of "legitimate interest of BBio or of a third party" and "performance of a task carried out in the public interest". If BBio bases itself on these principles, BBio will weigh up the interests of your privacy. The right to object gives you the opportunity to require BBio to weigh up the interests again.
 

1. Right to lodge a complaint / initiate legal proceedings

We are committed to working with you to find a fair resolution if you have a complaint or concern about our use of your Personal Data. However, if you believe that we have not been able to help you with your complaint or problem, you also have the option of filing a complaint with the Dutch Data Protection Authority or initiating legal proceedings.
 

1. The right to request not to be subject to a decision based solely on automated processing

12.COOKIES AND SIMILAR TECHNIQUES
BBio uses cookies and similar techniques on its website. Cookies are small pieces of information that are stored on your computer. We use cookies to operate and provide our services. As a result, BBio is able to see how its visitors use the website. This allows BBio to tailor its website to user preferences. The next time you visit the BBio website, these small pieces will be recognized.

More information about the cookie policy can be found at: [link to cookie policy]
13.CONTACT DETAILS / QUESTIONS / COMPLAINTS / COMMENTS
Our contact details are:
Bilthoven Biologicals B.V.        
To the attention of Security Officer       
Antonie van Leeuwenhoeklaan 9          
3721MA Bilthoven        
Email: SecurityOfficer@bbio.nl
Phone number: 030 - 8004
 
Registered in the trade register of the Chamber of Commerce under the number: 53751221.
 
We rely on you to ensure that your Personal Data is complete, accurate and up to date. Please notify us immediately of any changes or inaccuracies in your Personal Data by contacting us.
14.CHANGES AND APPLICABLE LAW
There may be times when our Privacy Statement needs to be updated. The latest version is always available on our website. We will notify you of any changes to the Privacy Statement by email and/or a prominent notice on our website.
 
None of the provisions of this Privacy Statement is intended to create any obligation or agreement with you and BBio. The provisions of this Privacy Statement and all disputes arising therefrom are governed by Dutch law.
 
*****