Privacy notice

Univercells 
Privacy Notice

 

Please read this Privacy Notice of Univercells carefully. By using this website, you agree to and accept all of the terms and conditions set herein.

1. Introduction

1.1. With this privacy notice, we wish to inform you on how and why we Process your Personal Data and which rights you have under the European General Data Protection Regulation (« GDPR ») and other local laws on Privacy and the Processing of Personal Data (« Applicable Laws »).

1.2. You will see defined terms in this privacy notice. If not defined within this privacy notice, these terms have the meaning provided for in the Applicable Laws.

2. Processing of Personal Data

2.1. The group of entities listed below, forming the Univercells Group, Process[1] Personal Data[2] about you, your employees, directors, agents or other representatives (« Data Subject(s) » or « you ») in the manner described below.

2.2. We are committed to protecting your privacy and your Personal Data and to respecting your rights. This notice explains how we Process your Data, in accordance with the Applicable Laws.

2.3. If you are an entity, please inform your employees, directors, agents and other representatives of our Processing of their Personal Data. Every time you transfer Personal Data to us in the context of our business relationship, you guarantee to us that it is lawful for you to do so, that you have appropriately informed the respective individual of such Processing and that no transfer of Personal Data to Univercells will put us in breach of the Applicable Laws.

3. Univercells as Data Controller

3.1. The Univercells Group entities will, each for their respective activities with or towards you as well as their respective contacts with you, as described further below, qualify as the Data Controller for their Processing of your Personal Data, which means that they determine why and how your Data is Processed. Such entity will be the first responsible to make sure your Data is Processed in a lawful, transparent, and secure manner. For certain activities (marked with an *) they may do so as a joint data controller together with Univercells SA, which provides centralised services to the Group. This means that the group entity determines why and how your Data is Processed together with Univercells SA to maintain harmonised processes throughout the Group. Both entities will then jointly make sure your Data is Processed in a lawful, transparent, and secure manner in line with specific joint controller arrangements agreed between the Univercells Group entities.

  • Univercells SA, with registered office in 6041 Charleroi (Belgium), rue Auguste Piccard 48 and with company number 0502.742.28 (Register of Legal Entities Hainaut/division Charleroi), https://www.univercells.com/, info@univercells.com;
  • Univercells Technologies SA with registered office in 1400 Nivelles (Belgium), Chemin de la Vieille-Cour 56/1, and with company number 0741.506.996 (Register of Legal Entities Brabant Wallon), https://www.univercellstech.com/, customer@univercellstech.com;
  • Univercells Vaccines SA with registered office in 1400 Nivelles (Belgium), rue de la Maîtrise 11, and with company number 0744.643.858 (Register of Legal Entities Brabant Wallon),
  • Unizima SA with registered office in 6040 Charleroi (Belgium), Zoning de Jumet, avenue Centrale 52, and with company number 0744.643.759 (Register of Legal Entities Hainaut/division Charleroi), https://unizima.com/, hello@unizima.com ;
  • Exothera SA with registered office in 1400 Nivelles (Belgium), rue de la Maîtrise 11, and with company number 0744.643.660 (Register of Legal Entities Brabant Wallon), https://exothera.world/, info@exothera.world;

3.2. We have set-up a privacy point of contact which you can reach by sending an email to privacy_gdpr@univercells.com

4. How and why we Process your Personal Data

4.1. We may Process your Personal Data for various purposes. Below, we describe for each purpose, the type of activities we perform, the categories of Data Subjects to whom such Processing relates to, the categories of Personal Data we Process, as well as the applicable legal basis and retention period.

Client management: 

Type of activities

Category of Personal Data

Legal Basis

Sales & Customer Management

 

Identification data

Professional data

Business contact data

Legitimate Interest (Performance of business for clients).

Marketing & Communication to existing customers (e.g. promotion of similar offerings, satisfaction reviews, information on events)

Identification data

Professional data

Business contact data

Marketing data

Legitimate interest (Customer satisfaction and customer retention)

CDMO Services (UEXO, UVAC, UNZI)

Identification Data

Business contact data

Private contact data

Professional Data

Legitimate Interest (Performance of business for clients)

 

Facilities & Lab Support Services (UEXO)

 

Identification data

Professional data

Business contact data

Possibly data related to health [in the event of illness]; data related to trade union memberships.

Legitimate Interest (Performance of business for clients)

 

Facilities Infra (UNVC)

 

Identification data

Professional data

Business contact data

Possibly data related to health [in the event of illness]; data related to trade union memberships.

Legitimate Interest (Performance of business for clients)

 

Labs Rental & Utilities (UVAC)

Identification data

Professional data

Business contact data

Possibly data related to health [in the event of illness]; data related to trade union memberships.

Legitimate Interest (Performance of business for clients)

 

 

Supplier management: 

Type of activities

Category of Personal Data

Legal Basis

Supply Chain Management

Procurement

Planning

Logistics

 

Identification Data

 

Business contact information

 

Professional information

 

 

 

Legitimate Interest (Supply Chain Management)

 

Performance of the contract

 

Management of disputes: 

Type of activities

Category of Personal Data

Legal Basis

Management of litigation and disputes (*)

Identification data

Business contact information

Professional information

Data relevant to the dispute at hand

Possibly criminal data or sensitive data exchanged in the context of a dispute

Legitimate interest (Legal defence)

Necessity for the Establishment, Exercise or Defence of legal claims

 

Security:

Type of activities

Category of Personal Data

Legal Basis

Video surveillance (in so far access would be granted to labs)

Badging system management (in so far a badge would be granted)

Image data

Badge logs / location data

Identification data

Our legitimate interest (Security)

 

Protecting the interests of our company and organisation (including our financial and legal interests, our compliance with applicable legal requirements, the continuity and growth of our business, etc.)

Type of activities

Category of Personal Data

Legal Basis

Business development (*), including

–       marketing intelligence & analysis

–       licensing

Identification Data

Business contact information

Professional information

Education / Qualification

Legitimate interest (Business growth & continuity)

Merger & Acquisitions (*)

Identification Data

Business contact information

Professional information

Education / Qualification

Legitimate Interest (Business growth and continuity)

Legal Services, including Corporate Legal Support and Management of IP and other Assets (*)

Identification Data

Business contact information

Professional information

Legitimate Interest (Business growth and continuity / Protection of the Organisation and safeguarding its interest).

Finance, including

–       Accounting & Audit

–       FP&A & Corporate finance

–       Cost Controlling

Identification Data

Business contact information

Professional information

Legitimate interest (Finance)

 

Quality & R&D:

Type of activities

Category of Personal Data

Legal Basis

Quality Services / R&D for biomedical research excluding clinical trials or processing of patient data (*)

Identification Data

Business contact information

Professional information

Private contact information

Education information

Performance information

Necessity to comply with our legal obligations (quality requirement)

or

Our legitimate interest (Quality management & control / Growth of Business and Business Continuity)

 

(Direct) Marketing: 

Type of activities

Category of Personal Data

Legal Basis

Marketing & Communication towards prospects

 

 

Identification data

Professional data

Business contact data

Marketing data

Consent

Analytics and performance management (through cookies)

Cookie data

Consent (except essential technical cookies) as further described in the Cookie Notice on our Websites

 

4.3. We may also Process your Personal Data (e.g. as a contractor, consultant or partner) in the context of our HR management, as further detailed below.

Administration of intermediaries: 

Type of activities

Category of Personal Data

Legal Basis

HR Payroll & Benefits(*)

–           workforce administration

–           payroll processing & administration

–           benefits administration

–           fleet management & leasing

Identification Data

Business contact information

Professional information

Private contact information

Education & qualification information

Financial information

Family composition & marital status (including name of spouse & children, if any)

Driver details

Mobile / IT usage

Possibly data related to health [in the event of illness], data related to trade union memberships, national identification number and criminal data (seizure of salary, traffic violations)

Necessity to perform our contract with you

or

Necessity to comply with our legal obligations

 

Management of intermediaries

Type of activities

Category of Personal Data

Legal Basis

HR Management(*), including:

–       Contract Management

–       Intermediaries & Manager Support

–       Talent Management

–       Learning & Development

–       Support Ad Hoc HR Activities

–       Person of Trust

–       Internal Communication

–       HR Wellbeing

 

Identification Data

Business contact information

Professional information (including employment history and references)

Private contact information [Optional]

Education information

References

Family composition & marital status (including name of spouse & children, if any)

Financial information

Performance data

Attendance data

Our legitimate interest (Talent Retention & Improvement of HR processes)

Gifts & tokens of appreciation(*)

Identification Data

Business contact data

Private contact data (home address)

Professional Data

Our legitimate interest (Stakeholder Satisfaction & Retention)

HR Services (*) – Access to a software for the organization of deliveries, management, order processing and/or payments (only for UTECH)

Identification Data

Business contact data

Professional Data

Necessity to perform our contract with you

Our legitimate interest

 

Legal Services – Corporate Housekeeping (*) (Directors, Shareholders)

Identification data

Business contact information

Professional information

Travel information

National Identification Number

ID Card or Passport

Visa information

Legal obligation

resp.

Legitimate interest (corporate housekeeping)

resp.

Consent (for (ID Card, Passport or Visa Information)

 

Space hosting & Resource management: 

Type of activities

Category of Personal Data

Legal Basis

Space Hosting (only for UNVC)

The provision of office space and related amenities (internet, electricity, …) to related group HR.

Identification Data

Business contact data

Private contact data

Professional Data

Location Data and Usage of Facilities

Necessity to perform our contract with you

or

Our legitimate interest (Space Hosting)

HR – Interim Management

 

Identification Data

Business contact information

Professional Data

Possibly data related to health [in the event of illness] data related to trade union memberships.

Legitimate Interest (Performance of business for (internal) clients within the group as a shared service centre)

HR – Resource Sharing

 

Identification data

Professional data

Business contact data

Possibly data related to health [in the event of illness]; data related to trade union memberships.

Legitimate Interest (Performance of business for (internal) clients within the group as a shared service centre)

 

Marketing and (Internal) Communication: 

Type of activities

Category of Personal Data

Legal Basis

Marketing – Images of HR for marketing communication (*)

Image data

Identification Data

Business contact data

Consent

 

Health & Safety:

Type of activities

Category of Personal Data

Legal Basis

Health and safety(*), including:

–       Management of work accidents

–       (Temporary) EHC management activities (fulfilment of all EHC obligations, prevention advisor ad interim)

Identification data

Professional data

Business contact data

Education data / Professional data

Location Data

Physical characteristics and data relating to working equipment and protective gear requirements

Possibly health or genetic data or other sensitive data necessary to process a work accident or in the context of EHC procedures

National Identification Number

Necessity to protect your vital interest

or

Our legitimate interest (Health and Safety)

or

Your consent

 

 

 

4.4. In addition to the Data categories listed above, we may use other types of Data relating to you that you may have voluntarily provided to us, that were provided to us in the context of our business relations or that we have deducted or generated from Data that were already in our possession.

 

5. We may collect your data in different ways: 

5.1. We may collect Data that you have voluntarily provided to us (for by applying or registering for an event, visiting our booth at a congress, attending a meeting with one of our team members, by giving us your business card, responding to a survey or participating in a Website feature) or through the company or organisation you work for.

5.2. It may also be possible that we receive or indirectly collect Data about you, for example, from our business partners or from public sources such as social networks or public websites.

6. Sharing your Personal Data with others: 

6.1. Within Univercells we restrict access to your data to employees and any person acting under our authority on a need-to-know basis, who respect our confidentiality rules and comply with our instructions.

6.2. Any person having access to your Personal Data (e.g. our Marketing & Communication team, our Sales team, our Procurement team, our IT team) and acting under our authority Processes your Data in respect of the instructions that we have given them and has committed him or herself to respect our confidentiality rules.

6.3. Univercells may call on intragroup or external Processors for the Processing of your Personal Data (e.g. intragroup service providers, external IT service providers, external mailing providers). In this case, we only call on Processors providing sufficient guarantees on the lawfulness, transparency and the security of the Processing of your Data.

6.4. We may also need to transfer your Data to other Recipients (both intragroup and external) if we believe in good faith that this is necessary, at all times taking into account our obligations under the Applicable Laws. We could transfer your Data to, for example:

  • Attorneys or courts to safeguard the rights and interests of our organization, our people, our customers and partners or the public in general;
  • Public or enforcement authorities to comply with a legal obligation or procedure;
  • External or internal service providers;
  • Potential investors or counsels in the context of a reorganisation or an M&A transaction;
  • Our (statutory) auditors to perform an audit.

6.5. We may also share your Data with authorized distributors, business partners to communicate with you or to respond to your queries.

6.6. We are an international organisation, operating globally and may therefore transfer your Personal Data outside the European Economic Area (EEA). Transfers from our entities in the European Economic Area to entities outside the EEA are covered by intercompany data transfer agreements in line with Applicable Laws. When your personal data is shared by us with or transferred by or to a third party outside the EEA, when required, we will enter into the appropriate data transfer agreements or otherwise make sure appropriate safeguards are in place.

7. Minimizing and securing your Personal Data – Data retention & deletion

7.1. At all times we aim to minimize the Personal Data we process, to make sure we only use your Data when and in so far, we need it. Where possible we also pseudonymise or key-code your Data so that you cannot be directly identified.

7.2. We only keep your data where and in so far as we need it, in line with the mandatory retention terms and the provisions of our Data Retention Policy. Once we are no longer required to keep your Personal Data or have an appropriate basis to continue the Processing, we will either delete or anonymise your Data.

8. We respect your rights

8.1. We have implemented reasonable, risk-based technical and organisational measures to ensure that your Data is protected from loss or disclosure, unauthorised use, modification or destruction.

8.2. Under the Applicable laws You have certain rights in relation to the Personal Data we hold about you, including:

  • the right of information about and access to your Personal Data;
  • the right to rectify or erase certain Personal Data;
  • the right to restrict or to object to certain processing;
  • the right to data portability;
  • the right to withdraw your consent, where the processing is based on consent.

8.3. You can request the exercise of your rights by contacting us using the contact details below.

8.4. In order to guarantee the security of your Data and to avoid any misuse, before responding to your request, we will ask you to provide us with an acceptable proof of your identity and will verify the legitimacy of your request and whether all the conditions have been satisfied.

9. Contact us

9.1. If you have any questions or concerns about the way we collect, store and use your Data, do not hesitate to direct them to our centralised privacy point of contact:

  • By email: privacy_gdpr@univercells.com
  • By phone: T +32 (0)2 318 83 48
  • By mail: Univercells SA, Avenue de Tervueren 270, 1150 Woluwe-Saint-Pierre, Belgium

9.2. We will deploy our best efforts to find a quick and fair solution to any concern that you may submit to us.

9.3. In addition, if you have reasons to believe that the Processing of your Personal Data by Univercells infringes the Applicable Laws, you have the right, at all times, to lodge a complaint with a supervisory authority. You can reach the Belgian Data Protection Authority through: dataprotectionauthority.be