GDPR Privacy Addendum – DYSIS Medical

GDPR Privacy Addendum

We take your privacy very seriously. Please read our policy below, which explains how we handle any data that you might submit to us.

The General Data Protection Regulation (GDPR) defines personal data as any information relating to an identified or identifiable natural person. Personal Data as defined in the Privacy Policy has a same/similar meaning.

Please see the Privacy Policy for the categories of Personal Data we collect, how we process that Personal Data, the recipients of your Personal Data, and how long we store your Personal Data.

Legal Basis for Processing Personal Data under GDPR

We may process the Personal Data we collect/receive under the following legal bases:

  • In some cases we will only process your information where you have given your consent. For example, if you sign up for email communications, provide your phone number for phone communication, or where you may be providing special categories of personal data. Please note that we may have a different legal basis for processing (e.g., legitimate interest) so that consent is not needed. When our use and sharing is not readily apparent when you provide your information, we will provide additional information at the time we collect the information regarding our purposes and use of the information.
  • Legitimate interest. We can process your personal data if (i) we have a genuine and legitimate reason; and (ii) are not harming any of your rights and interests. We will use your personal data in order to help us provide you with our services and to give you the most appropriate information, products and services and to provide you with the best experience when dealing with us. Whenever we process your personal data for our legitimate interests, we will consider and balance any potential impact on you and your rights under data protection law.
  • As required by law. Where we are required to comply with our legal obligations, or to establish and defend our legal rights, or to prevent and detect crimes such as fraud.

In any case, we will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

 

Your Rights under the GDPR

DYSIS undertakes to respect the confidentiality of your Personal Data and to guarantee you can exercise your rights. You have the right under this Privacy Policy, and by law if you are an EU Citizen within the EEA, to:

  • Request access to your Personal Data. The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you. This also enables you to receive a copy of the Personal Data we hold about you.
  • Request correction of the Personal Data that we hold about you. You have the right to have any incomplete or inaccurate information we hold about you corrected.
  • Object to processing of your Personal Data. This right exists where we are relying on a legitimate interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to our processing of your Personal Data on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
  • Request erasure of your Personal Data. You have the right to ask us to delete or remove Personal Data when there is no good reason for Us to continue processing it.
  • Request the transfer of your Personal Data. We will provide to you, or to a third-party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw your consent. You have the right to withdraw your consent on using your Personal Data. If withdraw your consent, we may not be able to provide you with access to certain specific functionalities of the Service.

 

Exercising of Your GDPR Data Protection Rights

You may exercise your rights of access, rectification, cancellation and opposition by contacting us:

 

EEA data controller:

DYSIS Medical Ltd.
Gyleview House,
3 Redheughs Rigg,
Edinburgh, EH12 9DQ
United Kingdom

 

Outside of EEA data controller:

DYSIS Medical Inc.
24 Superior Drive
Natick, MA 01760
United States

Data protection officer contact information

Attn: Chief Financial Officer
DYSIS Medical Inc.

24 Superior Drive
Natick, MA 01760

844-397-4763

info@dysismedical.com

 

Please note that we may ask you to verify your identity before responding to such requests. If you make a request, we will try our best to respond to you as soon as possible.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, if you are in the European Economic Area (EEA), please contact your local data protection authority in the EEA.

 

Storing and protecting your information

We may store, collect, transfer and process your Personal Data in a country other than you country of residence. These countries are the United States and the European Union. The data protection and other laws of countries to which your information may be transferred may be different in your country. By submitting your Personal Data, you agree to any transfer, storing or processing.

Your Personal Data is transferred by us to another country only if it is required or permitted under applicable data protection law and provided that there are appropriate safeguards in place to protect your Personal Data. To ensure your Personal Data is treated in accordance with this Privacy Policy, we use Data Protection Agreements between us and all other recipients of your data that include, where applicable, the Standard Contractual Clauses adopted by the European Commission (the “Standard Contractual Clauses”). The European Commission has determined that the transfer of Personal Data pursuant to the Standard Contractual Clauses provides for an adequate level of protection of your Personal Data. Under these Standard Contractual Clauses, you have the same rights as if your data was not transferred to such third party. You may request a copy of the Data Protection Agreement by contacting us through the contact methods below.

We have implemented reasonable measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration and disclosure. Details of these measures can be obtained on request. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. Our security measures are regularly reviewed.