Information we collect and why
The purpose of this Policy is to explain the types of information that Blackrock Microsystems collects, what we do with that information, and with whom Blackrock Microsystems shares this information. Anyone who provides personally identifiable information (“Personal Information“) or any other information to Blackrock Microsystems consents to the collection, use and disclosure of such information under the terms of this Policy.
Blackrock Microsystems Privacy Notice – European Union (GDPR)
Information on Data Protection for Customers, Suppliers and other Data Subjects
Blackrock Microsystems takes the privacy of your information seriously. We are committed to ensuring that information relating to you and from which you can be identified (known as “personal data”) is protected in accordance with our legal obligations under the EU General Data Protection Regulation (“GDPR”) and other applicable national data protection laws. With this Privacy Notice, we would like to give you an overview of the processing of your personal data by us and your rights under data protection law. Which data exactly are processed and the manner in which they are used is principally determined by the services requested or agreed.
1. Who is responsible for data processing?
Responsibility lies with:
Blackrock Microsystems LLC
630 Komas Drive, Suite 200
Salt Lake City, UT 84108-1229
2. How can I contact the European legal representative?
You can reach our European legal representative under:
3. What kind of personal data do we hold?
We may have received personal data directly from you, from our business partners (such as the legal entity for whom you work) or other third parties (such as health care facilities).
We collect different kinds of personal data on you, for example:
- Name and contact details (email address and/or postal address, telephone number(s)),
- Function (e.g. title, position, name of company, as well as for health care professionals field(s) of expertise, education, publications, congress activities, participation in clinical studies and organizations),
- Payment details (e.g. bank details, credit card details, VAT no. or other tax ID),
- Information on your preferences, including communication channels and frequency,
- Data provided to us e.g. by filling out forms, during events in which you participate or by answering questions of a survey,
- Data relating to our products or services,
- Information on a scientific and medical cooperation with us.
If you would like to provide personal data on other persons (e.g. colleagues of yours) to us you are obliged to provide such persons with a copy of this Privacy Notice either directly or via your employer.
4. For which purpose do we process your personal data and why is this justified?
We process personal data in accordance with the provisions of the GDPR and other applicable national data protection laws.
- As a result of your consent, Art. 6 (1) (a) GDPR
To the extent you have consented to the processing of personal data by us for certain purposes (such as marketing, mailing newsletters), such processing is legitimate based on your consent. Consent once given may be revoked at any time. This also applies to the revocation of declarations of consent given to us before the effective date of the GDPR, i.e. before 25 May 2018. Revocation of consent has an effect only for the future and does not affect the legitimacy of the data processed until revocation.
- In order to comply with contractual obligations, Art. 6 (1) (b) GDPR
Personal data are processed for the purpose of providing services in connection with the performance of our agreements with our customers or for performing pre-contractual measures as a result of queries. The purposes of data processing are primarily determined by the specific agreements regarding services or products (such as purchase of medical devices, repair or maintenance services, participation in events) and may, among other things, include administration of contracts. For further details on the purposes of data processing, please refer to the respective contractual documents.
- Within the scope of the balancing of interests, Art. 6 (1) (f) GDPR
To the extent necessary, we will process your personal data beyond the scope of the actual performance of the contract so as to protect justified interests of our own and of third parties. Please note that, when processing your personal data on this basis, we always seek to maintain a balance between our legitimate interests and your privacy. Examples:
- Tracking of side effects (pharmacovigilance purposes)
- Improvement of our products and services
- Commercialisation of products
- Advertising or marketing and opinion research unless you have objected to the use of your data
- Lodging of legal claims and defence in case of legal disputes
- Ensuring IT security and IT operations
- Prevention and investigation of criminal acts
- Measures for business management and advanced development of services and products.
- On the basis of statutory regulations, Art. 6 (1) (c) GDPR
Moreover, we, as a medical device manufacturer, are subject to various legal obligations, i.e. statutory requirements (such as the EU Medical Device Regulation) which require us to process your personal data in certain cases.
5. Who will receive my data?
Within Blackrock Microsystems, those departments will be granted access to your data which require them in order to comply with our contractual and statutory obligations. We do not transfer personal data within the Blackrock Microsystems group or to other third parties. Regulatory authorities responsible for medical device approval and product safety may receive personal data from us. Service providers and agents appointed by us may receive the data. These are companies in the categories of IT services, logistics, printing services, telecommunication, consultation as well as sales and marketing. Your personal data may also be accessed by or transferred to any national and/or international regulatory, enforcement, public body or court.
In any case, personal data will only be transferred to recipients outside Blackrock Microsystems if this is required by law, you have given your consent or we have entered into data processing agreements, if applicable.
6. Will the data be transferred to a third country or an international organization?
Data transfers to bodies in states outside the European Union (so-called third countries) will take place to the extent
- you have given your consent, and/or
- we ensure that appropriate safeguards are implemented to provide an adequate level of data protection such as standard contractual clauses approved by the European Commission or adequacy decision by the European Commission.
7. For how long will my data be stored?
We process and store your personal data as long as this is required to meet our contractual and statutory obligations. If the data are no longer required for the performance of contractual or statutory obligations, these will be erased on a regular basis unless – temporary – further processing is necessary for the following purposes:
- Compliance with obligations of retention under commercial or tax law. In general, the time limit specified for respective retention or documentation is 6 to 10 years.
- Preservation of evidence under the statutory regulations regarding the statute of limitations. These statutes of limitations may be up to 30 years, the regular statute of limitation being three years.
8. What are my rights under to data protection law?
Every data subject has the right of access pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR, the right to object pursuant to Art. 21 GDPR and the right to data portability pursuant to Art. 20 GDPR. Moreover, there is a right to appeal to a competent data protection supervisory authority (Art. 77 GDPR).
Your consent to the processing of personal data granted to us may be revoked at any time by informing us accordingly. This also applies for the revocation of declarations of consent given to us before the effective date of the GDPR, i.e. before 25 May 2018. Please keep in mind that such revocation will be effective only for the future with no impact on processing carried out before the date of revocation.
9. Am I obliged to provide data?
Within the scope of our business relationship, you are obliged to provide such personal data which are required for commencing, executing and terminating a business relationship and for compliance with the associated contractual obligations. Without these data, we will generally not be able to enter into agreements with you, to perform under such an agreement or to terminate it.
|Information about your right to object pursuant to Art. 21 GDPR|
Right to object based on individual cases
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6 (1) (f) GDPR (data-processing on the basis of the balancing of interests).
If you do object, we will no longer process your personal data unless we have compelling justified reasons for such processing which take precedence over your interests, rights and freedom or, alternatively, such processing serves to assert, exercise or defend legal claims.
Right to object to processing for the purpose of direct marketing
In individual cases, we will process your personal data for the purpose of direct marketing. You have the right to object at any time against the processing of your personal data for the purposes of such marketing; this also applies for profiling to the extent it is connected to such direct marketing.
If you do object to processing for the purposes of direct marketing, we will refrain from using your personal data for such purposes in the future.
Recipient of an objection
Any objection may be submitted informally under the heading “objection” indicating your name, your address and your date of birth and should be addressed to:
Blackrock Microsystems LLC
This Policy applies to those individuals who browse and use our Site (“Visitors“).
The contents of our pages were created with great care. For the accuracy, completeness and timeliness of content, we cannot take any responsibility. As a service provider we are responsible according for our own content on these pages under the general laws. However, we are not obligated as a service provider to monitor transmitted or stored foreign information or to investigate circumstances that indicate illegal activity. Obligations to remove or block the use of information under the general laws remain unaffected. However, a relevant liability is only possible from the date of knowledge of a specific infringement. Upon notification of such violations, we will immediately remove this content.
As a service to our Visitors, Blackrock Microsystems provides hyperlinks to valuable resources that are related to the products and services that we provide. These hyperlinks, which are highlighted words or pictures within a hypertext document that may, when clicked, take you to another place within the document, to another document altogether, or to a third-party Website not controlled by Blackrock Microsystems. Such hyperlinked, third-party Websites may collect and disclose information in a manner that is different from this Site. Blackrock Microsystems is not responsible for the collection, use, or disclosure of information collected through these third-party Websites, and Blackrock Microsystems expressly disclaims any and all liability related to such collection, use, or disclosure. Blackrock Microsystems does not collect any Personal Information from any persons who click on these hyperlinks located on the Site.
The trademarks and logos displayed on this website are the property of Blackrock Microsystems in the United States and/or other countries. All other trademarks are property of their respective owners.
As is true of most websites, we gather certain information automatically through analytics programs such as Google Analytics and Pardot, and store it in log files. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information, which does not identify individual users beyond their IP address, to analyze trends, to administer the website, to track users’ movements around the website and to gather demographic information about our user base as a whole.