Privacy Policy

June 2018

Who are we?

This is the Privacy Policy of Inovigate.

In the context of our activities (as an independent strategy and management consulting company operating in the Life Science industry, specialized in helping our clients to innovate and navigate through an increasingly complex health ecosystem) we collect, hold, disclose and/or otherwise process personal data. Pursuant to the applicable data protection and privacy legislation, we qualify as the controller with respect to the personal data that we process.

What is the importance of this Privacy Policy?

We value your right to privacy and strive to protect your personal data in accordance with applicable data protection legislation and more specifically with the General Data Protection Regulation (“GDPR”) and its national implementing legislation.

In this Privacy Policy we set forth how we collect your personal data, how and for which purposes we may use your personal data and to whom your personal data may be disclosed by us.

Further, this Privacy Policy includes important information regarding your rights with respect to the processing of your personal data. Therefore, we encourage you to read this Privacy Policy carefully.

From time to time, we may need to change this Privacy Policy. The most recent version of this Privacy Policy is available on our website www.inovigate.com.

Attention: By sharing your personal data with us, we expect that you read this Privacy Policy carefully. This does however not mean that we need your ‘consent’ to the processing of your personal data. We do not process your personal data on the basis of your consent, unless specifically indicated.

Whose personal data do we collect?

In the context of our business (as described above), we process personal data of our clients, of the visitors of our website, of visitors of our premises, of contact persons at administrative authorities, and of persons who otherwise come into contact with us, e.g. because their name and contact details as employee, agent, representative, subcontractor or director of our customers, suppliers, subcontractors and other commercial partners are provided to us.

How and when do we collect personal data?

We collect your personal data in various ways and in various situations:

  • directly from you when you provide us with your personal data in the context of our consultancy activities;
  • directly from you in the context of contractual negotiations or the conclusion of an agreement;
  • directly from you when you provide us your personal data when entering our premises;
  • directly from you when you register on our website, when you navigate our website, when you complete a contact form on our website;
  • via your employer with whom we have a contract or partnership (e.g. when you act as a contact person of our clients, suppliers, subcontractors and other commercial partners).

When we request personal data from you, you have the right to refuse to provide this data. Such a refusal however could obstruct our ability to contract with you or provide the necessary services. Furthermore, it could change the nature and or management of our contractual relationship.

What personal data do we collect?

We may collect the following personal data about you (limitative list):

Identification and contact information Personal identification data: name, address, telephone/mobile number, email address
Electronic identification data: IP addresses, information collected via cookies (see point 10)
Personal characteristics Personal characteristics: sex, birth date, nationality, language preference
Profession and employment Profession and employment information (individual or company, where appropriate VAT number)
Career

For what purposes do we use your personal data?

We use personal data for the following purposes:

  • for customer, supplier and subcontractor management,
  • for the management of (invoice) disputes and claims,
  • for public relations purposes,
  • for the management of our website,
  • to provide you with information requested by you, for example:
    • to contact you with respect to our offering of services,
    • to answer a question,
  • for planning or follow-up of deliveries,
  • to comply with legal obligations,
  • for contact purposes in the context of our services,
  • for security and access control of our premises.

For your perfect information, you can find hereinafter the legal grounds applicable to these processing activities:

  • for the processing of your personal data for the delivery of services and for the follow-up on sales and invoicing, to provide you with certain information with respect to our services, or in the context of customer complaint handling, we rely upon the necessity for the performance of a contract,
  • in all other cases, the processing of your personal data is based on our legitimate business / commercial interests (i.e. the interest of contacting prospects and possible customers, of informing clients and partners of our offering of services and to promote our business in general, both online and offline).

With whom do we share your personal data?

  • With our service providers (‘processors’):
    In the context of our activities as described above, we may share your personal data with third parties, in particular with service providers (IT/cloud service providers) that act as our ‘processors’.
  • With our subcontractors:
    In the context of the delivery of our services to our clients, we may share your personal data also with subcontractors.
  • Within our group of undertakings:
    We may also share your personal data within our group of undertakings. Note that we have an affiliate in Switzerland, so located without the European Economic Area but offering adequate protection of your personal data according to an adequacy decision of the European Commission.
  • With our external law firms:
    Further, we may share your personal data with law firms in case of (threatened) litigation.
  • With government authorities:
    Finally, we may share your personal data with the government, police authorities or the judiciary in case we have a legal obligation to do so.

We will implement appropriate safeguards when transferring your personal data to third parties. If necessary, we will for example conclude a data transfer or a processing agreement specifying the limitations to the use of your personal data and the obligations with respect to the security of your personal data.

Your personal data and your profile will not be lent or sold to third parties for marketing purposes without your prior explicit consent.

Your personal data can be transferred to Switzerland, a country outside the European Economic Area, but offering adequate protection of your personal data according to an adequacy decision of the European Commission.

How long do we store your personal data?

Your personal data will not be stored for longer than is necessary in relation to the purposes for which we process them (as listed above). Afterwards it is still possible that they can be found in our back-ups or archives, but they will no longer be actively processed in a file.

More specifically, the following retention guidelines are applied by us:

  • personal data included in accounting, financial or other official documents will be retained for as long as such documents legally need to be kept,
  • personal data required for the execution and follow-up of a contractual relationship will be kept for the entire duration of that relationship and for 10 years following termination thereof,
  • personal data obtained in the context of complaint handling will be deleted as soon as the complaint is closed.

Only where we are legally obliged to, or where this is necessary for defending our interests in the context of judicial proceedings (e.g. in case of a dispute), we will store the personal data for longer periods.

How do we protect your personal data?

We only allow access to your personal data to persons who require this information to perform their tasks. These persons are required to respect strict confidentiality and have to guarantee that they have taken all the necessary administrative, technical and organizational measures to ensure the confidentiality of your personal data.

We will implement the necessary administrative, technical and organizational measures for ensuring a level of security appropriate to the specific risks that we have identified.

We protect your personal data against destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.

Further, we seek to ensure that we keep your personal data accurate and up to date. In view thereof, we kindly request you to inform us of any changes to your personal data (such as a change in your contact details).

Are there cookies?

Our website www.inovigate.com makes use of cookies, i.e. small electronic files that are placed on the computer of the user.

In the current case, cookies placed by the website are measuring tools for Google audience Analytics to obtain information on the browsing of the visitors. They allow in particular to understand how the users access the site and to understand how they browse.

Other information depends on the browser of the user. The user can parametrize his/her browser so that (s)he accepts for example the reception of a cookie or offers the possibility of refusing the insertion of a cookie. (S)he can also delete the cookies that were placed.

What are your rights and how can you exercise them?

You have (under certain conditions), the right to:

  • information about and access to your personal data;
  • rectify your personal data;
  • erasure of your personal data (‘right to be forgotten’);
  • restriction of processing of your personal data;
  • object to the processing of your personal data;
  • receive your personal data in a structured, commonly used and machine readable format and to (have) transmit(ted) your personal data to another organization.

When your personal data are processed based on your consent, note that you have the right to withdraw that consent at any time, free of charge, and without this having any negative implications for you.

You can exercise your right by contacting us via post or e-mail:

  • Post address: Sneeuwbeslaan 14 – 2610 Wilrijk (Belgium)
  • E-mail: caroline.demeulder@inovigate.com

Finally, you have the right to lodge a complaint with the Belgian Data Protection Authority (Drukpersstraat 35, 1000 Brussels, www.dataprotectionauthority.be) relating to the processing of your personal data by us.

To read more about these rights, and circumstances under which you can use these rights, please also read the Annex to this Privacy Policy. In principle you may exercise these rights free of charge. Only where requests are manifestly unfounded or excessive we may charge a reasonable fee.

We aim to respond as quickly as possible to your requests or questions. We might request a proof of identity in advance in order to double-check your request.

Changes to the privacy policy

It is possible that this privacy policy will be altered in the future. We request you to consult the most recent version of our policy online. We will inform you, via our website and possibly other common channels (e.g. e-mail), regarding changes to our policy.

Contact

If you have any questions, comments or complaints in relation to this Privacy Policy or the processing of your personal data by us, please feel free to contact us via caroline.demeulder@inovigate.com or +32 3 345 44 52.


Annex – More information about your rights as a data subject

Right to information and right to access your personal data You may at any time request more information on our processing activities and the personal data that we are keeping from you.
Right to rectification of inaccurate or incomplete personal data of You have the right to require us to, without undue delay, rectify or complete any of your personal data that is inaccurate or incomplete.
Right to deletion of your personal data (‘right to be forgotten’) You may request us to delete (part of) your personal data in the following situations: - when the processing is no longer necessary for achieving the purposes for which they were collected or otherwise processed; or - when the processing was based on your consent and you have decided to withdraw that consent; or
  • when you have other reasonable grounds to object to the processing of your personal data;
  • when we would unlawfully process your personal data; or
  • when your personal data have to be erased in compliance with a legal obligation directed to us.

We note that in some cases, we may refuse to delete your personal data: (i) for exercising the right of freedom of expression and information; (ii) for compliance with a legal obligation; or (iii) for the establishment, exercise or defence of legal claims.

Right to restriction of processing You may request us to (temporarily) restrict the processing of your personal data in the following situations: - when you have contested the accuracy of your personal data, for a period enabling us to verify this accuracy; or - when the processing appears to be unlawful and you request us the restriction of use of your data instead of the deletion of this data; or
  • when we no longer need the personal data for the purposes of the processing, but you need them for the establishment, exercise or defence of legal claims; or
  • pending verification whether our legitimate grounds override yours in the framework of an objection.
Right to object to the processing of your personal data (free of charge) You may under certain circumstances object to the processing of your personal data, when such processing is based on our “legitimate interests”. If we agree, we will no longer process your personal data, unless we have compelling legitimate grounds to do so, or because such a processing is necessary.
Right to data portability In some cases, you have the right to receive all your personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller. This right applies: - in case the processing is based on consent or on the necessity for the performance of a contract; and - in case the processing is carried out by automated means.