Privacy notice
Univercells
Privacy Notice
Please read this Privacy Notice of Univercells carefully. By using this website, you agree to and accept all of the terms and conditions set herein.
1. Introduction
1.1. With this privacy notice, we wish to inform you on how and why we Process your Personal Data and which rights you have under the European General Data Protection Regulation (« GDPR ») and other local laws on Privacy and the Processing of Personal Data (« Applicable Laws »).
1.2. You will see defined terms in this privacy notice. If not defined within this privacy notice, these terms have the meaning provided for in the Applicable Laws.
2. Processing of Personal Data
2.1. The group of entities listed below, forming the Univercells Group, Process[1] Personal Data[2] about you, your employees, directors, agents or other representatives (« Data Subject(s) » or « you ») in the manner described below.
2.2. We are committed to protecting your privacy and your Personal Data and to respecting your rights. This notice explains how we Process your Data, in accordance with the Applicable Laws.
2.3. If you are an entity, please inform your employees, directors, agents and other representatives of our Processing of their Personal Data. Every time you transfer Personal Data to us in the context of our business relationship, you guarantee to us that it is lawful for you to do so, that you have appropriately informed the respective individual of such Processing and that no transfer of Personal Data to Univercells will put us in breach of the Applicable Laws.
3. Univercells as Data Controller
3.1. The Univercells Group entities will, each for their respective activities with or towards you as well as their respective contacts with you, as described further below, qualify as the Data Controller for their Processing of your Personal Data, which means that they determine why and how your Data is Processed. Such entity will be the first responsible to make sure your Data is Processed in a lawful, transparent, and secure manner. For certain activities (marked with an *) they may do so as a joint data controller together with Univercells SA, which provides centralised services to the Group. This means that the group entity determines why and how your Data is Processed together with Univercells SA to maintain harmonised processes throughout the Group. Both entities will then jointly make sure your Data is Processed in a lawful, transparent, and secure manner in line with specific joint controller arrangements agreed between the Univercells Group entities.
- Univercells SA, with registered office in 6041 Charleroi (Belgium), rue Auguste Piccard 48 and with company number 0502.742.28 (Register of Legal Entities Hainaut/division Charleroi), https://www.univercells.com/, info@univercells.com;
- Univercells Technologies SA with registered office in 1400 Nivelles (Belgium), Chemin de la Vieille-Cour 56/1, and with company number 0741.506.996 (Register of Legal Entities Brabant Wallon), https://www.univercellstech.com/, customer@univercellstech.com;
- Univercells Vaccines SA with registered office in 1400 Nivelles (Belgium), rue de la Maîtrise 11, and with company number 0744.643.858 (Register of Legal Entities Brabant Wallon),
- Unizima SA with registered office in 6040 Charleroi (Belgium), Zoning de Jumet, avenue Centrale 52, and with company number 0744.643.759 (Register of Legal Entities Hainaut/division Charleroi), https://unizima.com/, hello@unizima.com ;
- Exothera SA with registered office in 1400 Nivelles (Belgium), rue de la Maîtrise 11, and with company number 0744.643.660 (Register of Legal Entities Brabant Wallon), https://exothera.world/, info@exothera.world;
3.2. We have set-up a privacy point of contact which you can reach by sending an email to privacy_gdpr@univercells.com
4. How and why we Process your Personal Data
4.1. We may Process your Personal Data for various purposes. Below, we describe for each purpose, the type of activities we perform, the categories of Data Subjects to whom such Processing relates to, the categories of Personal Data we Process, as well as the applicable legal basis and retention period.
Client management:
Type of activities | Category of Personal Data | Legal Basis |
Sales & Customer Management
|
Identification data
Professional data Business contact data |
Legitimate Interest (Performance of business for clients). |
Marketing & Communication to existing customers (e.g. promotion of similar offerings, satisfaction reviews, information on events) | Identification data
Professional data Business contact data Marketing data |
Legitimate interest (Customer satisfaction and customer retention) |
CDMO Services (UEXO, UVAC, UNZI) | Identification Data
Business contact data Private contact data Professional Data |
Legitimate Interest (Performance of business for clients)
|
Facilities & Lab Support Services (UEXO)
|
Identification data
Professional data Business contact data Possibly data related to health [in the event of illness]; data related to trade union memberships. |
Legitimate Interest (Performance of business for clients)
|
Facilities Infra (UNVC)
|
Identification data
Professional data Business contact data Possibly data related to health [in the event of illness]; data related to trade union memberships. |
Legitimate Interest (Performance of business for clients)
|
Labs Rental & Utilities (UVAC) | Identification data
Professional data Business contact data Possibly data related to health [in the event of illness]; data related to trade union memberships. |
Legitimate Interest (Performance of business for clients)
|
Supplier management:
Type of activities | Category of Personal Data | Legal Basis |
Supply Chain Management
Procurement Planning Logistics |
Identification Data
Business contact information
Professional information
|
Legitimate Interest (Supply Chain Management)
Performance of the contract |
Management of disputes:
Type of activities | Category of Personal Data | Legal Basis |
Management of litigation and disputes (*) | Identification data
Business contact information Professional information Data relevant to the dispute at hand Possibly criminal data or sensitive data exchanged in the context of a dispute |
Legitimate interest (Legal defence)
Necessity for the Establishment, Exercise or Defence of legal claims |
Security:
Type of activities | Category of Personal Data | Legal Basis |
Video surveillance (in so far access would be granted to labs)
Badging system management (in so far a badge would be granted) |
Image data
Badge logs / location data Identification data |
Our legitimate interest (Security) |
Protecting the interests of our company and organisation (including our financial and legal interests, our compliance with applicable legal requirements, the continuity and growth of our business, etc.)
Type of activities | Category of Personal Data | Legal Basis |
Business development (*), including
– marketing intelligence & analysis – licensing |
Identification Data
Business contact information Professional information Education / Qualification |
Legitimate interest (Business growth & continuity) |
Merger & Acquisitions (*) | Identification Data
Business contact information Professional information Education / Qualification |
Legitimate Interest (Business growth and continuity) |
Legal Services, including Corporate Legal Support and Management of IP and other Assets (*) | Identification Data
Business contact information Professional information |
Legitimate Interest (Business growth and continuity / Protection of the Organisation and safeguarding its interest). |
Finance, including
– Accounting & Audit – FP&A & Corporate finance – Cost Controlling |
Identification Data
Business contact information Professional information |
Legitimate interest (Finance) |
Quality & R&D:
Type of activities | Category of Personal Data | Legal Basis |
Quality Services / R&D for biomedical research excluding clinical trials or processing of patient data (*) | Identification Data
Business contact information Professional information Private contact information Education information Performance information |
Necessity to comply with our legal obligations (quality requirement)
or Our legitimate interest (Quality management & control / Growth of Business and Business Continuity) |
(Direct) Marketing:
Type of activities | Category of Personal Data | Legal Basis |
Marketing & Communication towards prospects
|
Identification data
Professional data Business contact data Marketing data |
Consent |
Analytics and performance management (through cookies) | Cookie data | Consent (except essential technical cookies) as further described in the Cookie Notice on our Websites |
4.3. We may also Process your Personal Data (e.g. as a contractor, consultant or partner) in the context of our HR management, as further detailed below.
Administration of intermediaries:
Type of activities | Category of Personal Data | Legal Basis |
HR Payroll & Benefits(*)
– workforce administration – payroll processing & administration – benefits administration – fleet management & leasing |
Identification Data
Business contact information Professional information Private contact information Education & qualification information Financial information Family composition & marital status (including name of spouse & children, if any) Driver details Mobile / IT usage Possibly data related to health [in the event of illness], data related to trade union memberships, national identification number and criminal data (seizure of salary, traffic violations) |
Necessity to perform our contract with you
or Necessity to comply with our legal obligations |
Management of intermediaries
Type of activities | Category of Personal Data | Legal Basis |
HR Management(*), including:
– Contract Management – Intermediaries & Manager Support – Talent Management – Learning & Development – Support Ad Hoc HR Activities – Person of Trust – Internal Communication – HR Wellbeing
|
Identification Data
Business contact information Professional information (including employment history and references) Private contact information [Optional] Education information References Family composition & marital status (including name of spouse & children, if any) Financial information Performance data Attendance data |
Our legitimate interest (Talent Retention & Improvement of HR processes) |
Gifts & tokens of appreciation(*) | Identification Data
Business contact data Private contact data (home address) Professional Data |
Our legitimate interest (Stakeholder Satisfaction & Retention) |
HR Services (*) – Access to a software for the organization of deliveries, management, order processing and/or payments (only for UTECH) | Identification Data
Business contact data Professional Data |
Necessity to perform our contract with you
Our legitimate interest
|
Legal Services – Corporate Housekeeping (*) (Directors, Shareholders) | Identification data
Business contact information Professional information Travel information National Identification Number ID Card or Passport Visa information |
Legal obligation
resp. Legitimate interest (corporate housekeeping) resp. Consent (for (ID Card, Passport or Visa Information) |
Space hosting & Resource management:
Type of activities | Category of Personal Data | Legal Basis |
Space Hosting (only for UNVC)
The provision of office space and related amenities (internet, electricity, …) to related group HR. |
Identification Data
Business contact data Private contact data Professional Data Location Data and Usage of Facilities |
Necessity to perform our contract with you
or Our legitimate interest (Space Hosting) |
HR – Interim Management
|
Identification Data
Business contact information Professional Data Possibly data related to health [in the event of illness] data related to trade union memberships. |
Legitimate Interest (Performance of business for (internal) clients within the group as a shared service centre) |
HR – Resource Sharing
|
Identification data
Professional data Business contact data Possibly data related to health [in the event of illness]; data related to trade union memberships. |
Legitimate Interest (Performance of business for (internal) clients within the group as a shared service centre) |
Marketing and (Internal) Communication:
Type of activities | Category of Personal Data | Legal Basis |
Marketing – Images of HR for marketing communication (*) | Image data
Identification Data Business contact data |
Consent |
Health & Safety:
Type of activities | Category of Personal Data | Legal Basis |
Health and safety(*), including:
– Management of work accidents – (Temporary) EHC management activities (fulfilment of all EHC obligations, prevention advisor ad interim) |
Identification data
Professional data Business contact data Education data / Professional data Location Data Physical characteristics and data relating to working equipment and protective gear requirements Possibly health or genetic data or other sensitive data necessary to process a work accident or in the context of EHC procedures National Identification Number |
Necessity to protect your vital interest
or Our legitimate interest (Health and Safety) or Your consent
|
4.4. In addition to the Data categories listed above, we may use other types of Data relating to you that you may have voluntarily provided to us, that were provided to us in the context of our business relations or that we have deducted or generated from Data that were already in our possession.
5. We may collect your data in different ways:
5.1. We may collect Data that you have voluntarily provided to us (for by applying or registering for an event, visiting our booth at a congress, attending a meeting with one of our team members, by giving us your business card, responding to a survey or participating in a Website feature) or through the company or organisation you work for.
5.2. It may also be possible that we receive or indirectly collect Data about you, for example, from our business partners or from public sources such as social networks or public websites.
6. Sharing your Personal Data with others:
6.1. Within Univercells we restrict access to your data to employees and any person acting under our authority on a need-to-know basis, who respect our confidentiality rules and comply with our instructions.
6.2. Any person having access to your Personal Data (e.g. our Marketing & Communication team, our Sales team, our Procurement team, our IT team) and acting under our authority Processes your Data in respect of the instructions that we have given them and has committed him or herself to respect our confidentiality rules.
6.3. Univercells may call on intragroup or external Processors for the Processing of your Personal Data (e.g. intragroup service providers, external IT service providers, external mailing providers). In this case, we only call on Processors providing sufficient guarantees on the lawfulness, transparency and the security of the Processing of your Data.
6.4. We may also need to transfer your Data to other Recipients (both intragroup and external) if we believe in good faith that this is necessary, at all times taking into account our obligations under the Applicable Laws. We could transfer your Data to, for example:
- Attorneys or courts to safeguard the rights and interests of our organization, our people, our customers and partners or the public in general;
- Public or enforcement authorities to comply with a legal obligation or procedure;
- External or internal service providers;
- Potential investors or counsels in the context of a reorganisation or an M&A transaction;
- Our (statutory) auditors to perform an audit.
6.5. We may also share your Data with authorized distributors, business partners to communicate with you or to respond to your queries.
6.6. We are an international organisation, operating globally and may therefore transfer your Personal Data outside the European Economic Area (EEA). Transfers from our entities in the European Economic Area to entities outside the EEA are covered by intercompany data transfer agreements in line with Applicable Laws. When your personal data is shared by us with or transferred by or to a third party outside the EEA, when required, we will enter into the appropriate data transfer agreements or otherwise make sure appropriate safeguards are in place.
7. Minimizing and securing your Personal Data – Data retention & deletion
7.1. At all times we aim to minimize the Personal Data we process, to make sure we only use your Data when and in so far, we need it. Where possible we also pseudonymise or key-code your Data so that you cannot be directly identified.
7.2. We only keep your data where and in so far as we need it, in line with the mandatory retention terms and the provisions of our Data Retention Policy. Once we are no longer required to keep your Personal Data or have an appropriate basis to continue the Processing, we will either delete or anonymise your Data.
8. We respect your rights
8.1. We have implemented reasonable, risk-based technical and organisational measures to ensure that your Data is protected from loss or disclosure, unauthorised use, modification or destruction.
8.2. Under the Applicable laws You have certain rights in relation to the Personal Data we hold about you, including:
- the right of information about and access to your Personal Data;
- the right to rectify or erase certain Personal Data;
- the right to restrict or to object to certain processing;
- the right to data portability;
- the right to withdraw your consent, where the processing is based on consent.
8.3. You can request the exercise of your rights by contacting us using the contact details below.
8.4. In order to guarantee the security of your Data and to avoid any misuse, before responding to your request, we will ask you to provide us with an acceptable proof of your identity and will verify the legitimacy of your request and whether all the conditions have been satisfied.
9. Contact us
9.1. If you have any questions or concerns about the way we collect, store and use your Data, do not hesitate to direct them to our centralised privacy point of contact:
- By email: privacy_gdpr@univercells.com
- By phone: T +32 (0)2 318 83 48
- By mail: Univercells SA, Avenue de Tervueren 270, 1150 Woluwe-Saint-Pierre, Belgium
9.2. We will deploy our best efforts to find a quick and fair solution to any concern that you may submit to us.
9.3. In addition, if you have reasons to believe that the Processing of your Personal Data by Univercells infringes the Applicable Laws, you have the right, at all times, to lodge a complaint with a supervisory authority. You can reach the Belgian Data Protection Authority through: dataprotectionauthority.be