Privacy Policy

MEDICOVER INTEGRATED CLINICAL SERVICES, WEBSITE PRIVACY POLICY
VERSION 2.0/JAN/2024

I. GENERAL INFORMATION

The pages on the website (“the Website”) are published and operated by BELRO MEDICAL SA, a public limited company registered under the laws of Belgium under no. 0453.278.228, trading under the registered trade name “MEDICOVER INTEGRATED CLINICAL SERVICES” (herewith ‘’MICS” or “Controller”) having its place of business at Waterloo Office Park, Building M, Drève Richelle 161, 1410 Waterloo, Belgium.

MICS respects your right to privacy and will process personal information you provide only in accordance with the General Data Protection Regulation (EU) 2016/679 (hereinafter GDPR/ General Data Protection Regulation) and other applicable privacy laws.

This Privacy Policy is applicable starting from October 2020 and has the role to inform you about the processing activities on this Website.
The terms used in this Privacy Policy have the meaning of the definitions mentioned in the General Data Protection Regulation.

II. THE INFORMATION COLLECTED AND HOW IT IS USED

MICS will not collect any information about individuals, except where it is specifically and knowingly provided by them.

Along with the information provided by the data subjects when contacting MICS for any purposes, such as: career opportunity, login on Labone platform sending requests, complaints, offer request for entities, MICS may use cookies to collect some basic information as: your browser type, IP address, internet service provider’s domain name, which pages you accessed on the Website, and when.
Details of cookies that MICS uses on the Website can be found on the Cookie Policy.
………….
MICS uses this information to provide the information you need and also to maintain the quality of the Website and to analyse the use of the Website in order to help guide improvements. Personally Identifiable Information (PII) is not automatically collected.

II.1. THE PERSONAL DATA CATEGORIES PROCESSED

We ask that you submit as little, preferably no, sensitive data to us via the contact form.
MICS may process the following personal data about the visitors of the Website:
• When using the details to contact us, we may process your name, surname, e-mail address, phone number, postal address, depending on how you decide to contact us. We also may process any other personal information you disclose to us when contacting us.
• When accessing the login button, we may process your credentials to log into the Clinical Trials Laboratory Management System (LabOne).
• When taking up a career opportunity we may process your name, surname, e-mail address and other information included in the resume, in case as a potential candidate you include your resume in the email sent.
• When browsing our Website we may for security purposes collect certain personal data, such as: your name, surname, e-mail address, phone number, postal address, e-mail address, your browser type, IP address, internet service provider’s domain name, which pages you accessed on the Website.

II.2. LAWFUL BASIS AND PURPOSES OF THE PROCESSING

The purposes for which and scope to which MICS may process the above-mentioned personal data and the lawful basis to process the information are the following:
• When contacting us, we may process data subject’s personal data based on MICS’s legitimate interest in receiving and answer the request.
The personal data collected is strictly the data that the data subject will disclose to MICS when using MICS’s contact details and it will be used in order to answer the request.
• When accessing the login button on the LabOne access page, MICS will process the data subject’s personal data in order to fulfil its obligation under the execution of the contract between the data subject and MICS.

The personal data used is strictly limited to the scope of accessing and using the LabOne platform.
• When contacting MICS in order to apply for a career opportunity, MICS will process the data subject’s personal data based on his/her consent. Therefore if a data subject does not want that its personal data, including the information from the resume to be processed by MICS, the data subject needs to refrain from sending such personal data to MICS.
The personal data received by MICS from a data subject regarding a career opportunity will be processed according to the applicable legislation in order to asses if the data subject is a candidate for the position chosen within MICS.
• When browsing our Website there is certain personal information as mentioned above, processed by MICS for security reasons. MICS has a legal obligation to ensure the security of the website and of the personal data processed through the Website.
• Finally, MICS may process the data subject’s personal data for purposes other than the above if we have obtained the data subject’s prior consent. In that case, we will adequately inform the data subject in advance of the intended purpose of processing.

II.3. THIRD-PARTY USE OF INFORMATION

The personal data collected through the Website can be disclosed on a need-to-know basis to:
• Data subject and its legal representatives;
• Representatives of MICS and entities of the Group from which MICS is part of;
• MICS’s Processors from a variety of domains: marketing agencies, software as a service providers, data center providers;.
• Other contractual partners of MICS involved in carrying out MICS activities, such as: legal consultants, fiscal consultants, professional organisations, if the case may be market research.
• Juridical and public authorities, international organisations that have a legal basis for requesting personal information.
Except as described above, MICS will not disclose, sell or rent your personal information to any third party unless you have consented to this. If you do consent but later change your mind, you may contact MICS to ask for any such activity to stop, by sending an e-mail at: dataprivacy@mics.medicover.com or a letter at Belro Medical S.A, Dreve Richelle 161 – Bldg. M 1410 Waterloo Belgium
However, if a third party acquires all (or substantially all) of MICS’s business and/or assets, MICS may disclose your personal information to that third party in connection with the acquisition. MICS may also disclose your personal information where required to do so by applicable law, by a governmental body or by a law enforcement agency.
Finally, MICS may also collect anonymised details about visitors to the Website for the purposes of aggregate statistics or reporting purposes. However, no single individual will be identifiable from the anonymised details collected for these purposes.

II.4 THE PERIOD OF PERSONAL DATA PROCESSING

MICS as the Controller will process your personal data for the time necessary to achieve the purposes of processing and subsequently in accordance with our internal policies, as well as to comply with applicable legal obligations, including, but not limited to, the provisions regarding the archiving obligation, securing the personal data. The data will also be stored in accordance with MICS’s internal policies that set data retention periods.
It is possible that, following the fulfilment of the legal archiving deadlines, MICS as the Controller may order the anonymization of the data, thus depriving them of personal character and to continue the processing of the anonymous data for statistical purposes.

III. INTERNATIONAL TRANSFERS

MICS may transfer personal information that is collected from you to third-party data processors located in countries that are outside of the European Economic Area in connection with the above purposes, such as: MICS subsidiaries and units located in Ukraine, Russia, Georgia, Belarus, Serbia, Republic of Moldova, Please be aware that countries which are outside the European Economic Area may not offer the same level of data protection as Belgium.
In case you have further questions regarding international transfer of personal data, please contact by using the contact details mentioned in the Section V of this Website privacy policy.

IV. SECURITY

We ensure the security, integrity and confidentiality of your personal data. Appropriate technical and organizational security procedures are in place to prevent unauthorized access, unlawful use, loss and unauthorized alteration.

However, even with the best measures, this risk can never be completely eliminated. Whilst MICS takes appropriate technical and organisational measures to safeguard the personal information that you provide, no transmission over the Internet can ever be guaranteed secure. Consequently, please note that the security of any personal information that you transfer over the Internet to MICS cannot be guaranteed.

MCS cannot be held liable for damages resulting from insufficient security measures taken by third parties.

V. YOUR RIGHTS

According to the GDPR you have the following rights:
1. The right to information – the right to receive a minimum content of information regarding the processing activities performed by the Controller, in accordance with the legal requirements;
2. The right of access by the data subject – the right to obtain from the Controller, upon request and under the conditions established by law, confirmation that the data concerning him/her are or are not processed by the Controller and details on processing activities;
3. The right to rectification – the right to obtain from the Controller the rectification of inaccurate personal data concerning the data subject, respectively to obtain the completion of personal data that are incomplete, including by providing an additional statement;
4. The right to the deletion of data (”the right to be forgotten”) – the right to obtain from the Controller the deletion of personal data concerning the data subject, without undue delay, in cases provided by law;
5. The right to restriction of processing – the right to obtain from the Controller the restriction of the processing, insofar the conditions provided by law are met;
6. The right to data portability, namely (i) the right to receive personal data in a structured, commonly used and easy to read format, and (ii) the right to have such data transmitted by MICS to another Data Controller, provided that the conditions by law are met;
7. The right to object – the right to object at any time, for well-founded and legitimate reasons related to his particular situation, to processing of personal data concerning him/her, unless there are legal provisions to the contrary. With regard to direct marketing activities, data subjects have the right to object to such processing at any time;
8. The right not to be subject to an automatic individual decision – the right not to be subject to a decision based solely on automatic processing, including profiling, which produces legal effects which concern or affect it in a similar way to a significant extent;
9. The right to address the Belgium Data Protection Authority (https://www.dataprotectionauthority.be/citizen) for the exercise and defence of any rights guaranteed by the relevant legislation, without prejudice to the possibility of the address of justice;
10. The right to withdraw consent when there is processing based on it. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent before its withdrawal.

To exercise your rights, please send an email or letter to our DPO. If you have a complaint, question or problem with the way we use your personal data, you can also contact our DPO.

DPO Belro Medical S.A..
Dreve Richelle 161 – Bldg. M
1410 Waterloo Belgium
dataprivacy@mics.medicover.com

If you contact us to exercise your rights we will respond within 30 calendar days. If your request is complex or our services need to process many requests, the deadline is extended by 60 days. We will notify you in that case. Whether or not you can exercise your rights depends on the processing and the legal basis.

Always make sure it is exactly clear which right you want to exercise and by what means (e.g. e-mail, post, oral, etc.) you wish to receive the information. In some cases we need more information to be sure that we are helping the right person.

If you are not satisfied with our response to your request, question or complaint, you can always file a complaint with the Data Protection Authority. However, we kindly ask you to always communicate any complaints to us first, so that we can find a solution as soon as possible.

The contact details of the Belgian Data Protection Authority are:
Data Protection Authority
Drukpersstraat 35
1000 Brussels
E-mail: contact@apd-gba.be

VI. THIRD-PARTY SITES

The Website may contain links to other websites operated by other parties, Affiliates of Medicover Group. Please note that this privacy policy applies only to the personal information that MICS collects through the Website and MICS cannot be responsible for personal information that third parties may collect, store and use through their website. You should always carefully read the privacy policy of each website you visit.

VIII. CONTACT

For information on our data protection policy, contact our Data Protection Officer:
By e-mail: dataprivacy@mics.medicover.com
By letter: DPO Belro Medical S.A., Dreve Richelle 161 – Bldg. M 1410 Waterloo Belgium

IX. DISCLAIMER

MICS’ liability shall be limited to direct damages, excluding all indirect damages such as, but not limited to, the loss of personal data, financial or commercial damages, loss of profits, increase in general expenses, disruption of schedules.
MICS’ liability shall be limited to the amount for which MICS is insured.