PRIVACY POLICY FOR TATAA BIOCENTER
TATAA respects your privacy
TATAA Biocenter AB (“TATAA”, “we”, “us”, “our”) respects your privacy and is committed to processing your personal data with a high level of security and in accordance with applicable data protection legislation. This privacy policy describes how we process your personal data if you are a representative of our customer, supplier or partner, a potential customer, supplier or partner, or a visitor of our website www.tataa.com.
If you have any questions about our privacy protection, you are always welcome to contact us. Our contact details are available under the section ”Contact Information” below.
TATAA IS THE controller
TATAA Biocenter AB, Swedish registration number 556640-7143, is the controller of your personal data and is therefore responsible for ensuring that your personal data is processed correctly and securely in accordance with applicable legislation.
OUR PROCESSING OF YOUR PERSONAL DATA
We collect personal data either directly from you or through the company you represent. We also gather technical data using cookies on our website.
Communication and Inquiries
When you contact us directly, we may collect your name, email address, phone number, title or position, employer, and any other personal data you choose to share with us via email or communication forms, such as those found on our website (tataa.com). We process this information to communicate with you and respond to your inquiries or quotation requests. The legal basis for this processing is our legitimate interest in providing customer support and maintaining communication. Your personal data will be retained for as long as necessary to handle your inquiries. If you or your company becomes our customer or supplier, we may retain the data for the duration of that relationship and for a period consistent with legal statutes of limitations.
Contract Administration
We may also collect personal data such as your name, email, phone number, title, position, employer, and your signature, either directly from you or from your company. This data is used to manage and administer our agreements and ongoing relationships with customers, suppliers, or partners. The processing is based on our legitimate interest in fulfilling our contractual obligations. This information is retained for the length of the contractual relationship and for a legally prescribed period afterward to cover any potential claims.
Web Shop (Shopify) Access
To provide access to our online product store hosted on Shopify, we collect authentication and technical information. This includes your email and password, IP address, unique device ID, browser type, and details about your logins, such as the date, time, and visited pages. This data is used to create and manage your account so you can place orders. Our legal basis for this processing is our legitimate interest in delivering our products. Your personal data will be deleted when your account is removed.
Legal Compliance
We are sometimes required by law to process certain personal data, such as your name, email, title or position, and employer. This occurs in relation to legal obligations including accounting, tax compliance, and product safety. The legal basis is compliance with statutory obligations, and the data is retained for as long as is required by law.
Legal Claims and Disputes
In situations involving the protection of our legal interests or the establishment and defence of legal claims, we may process personal data such as your name, contact details, job title, employer, and related communications. This processing is based on our legitimate interest in safeguarding our legal rights, including for cases such as non-payment. The data is stored as long as is necessary in accordance with legal requirements, including limitation periods.
Marketing and Events
We may process your name, email address, phone number, job title, and employer details, either directly from you or through your company, to send you marketing materials, newsletters, and invitations to events and meetings. The legal basis for this processing is our legitimate interest in promoting our brand and services. Personal data collected for marketing purposes is deleted 24 months after our last contact with your company.
Customer Satisfaction Surveys
When you participate in our customer satisfaction surveys, we may collect your name, email address, phone number, and the feedback you provide. This information is used to evaluate and improve our services and marketing strategies. The legal basis for this processing is our legitimate interest in business development. Data from surveys is retained only for as long as it is needed for evaluation purposes, after which it is deleted.
Facility Visits
If you visit our premises, we may collect your name, title or position, employer, and the date and time of your visit. This data helps us maintain site security and safety, support compliance efforts, facilitate audits, and manage emergencies, such as evacuations. The legal basis for processing is our legitimate interest in ensuring facility security and regulatory compliance. Your data is deleted between 6 and 12 months following your visit.
Data Collection from Website Visitors
We also collect data about your interaction with our website through the use of cookies and similar tracking technologies.
Functional Cookies
Cookies that are essential for the operation of our website may collect technical information such as your IP address, unique device ID, and browser type. This data is used to ensure that our website functions properly. The legal basis for this processing is our legitimate interest in maintaining a functioning website. Data collected through these cookies is retained for 24 months after your visit.
Analytics and Marketing Cookies
With your consent, we use cookies to analyse how the website is used, personalize your experience, and send you targeted marketing content. These cookies may collect the same types of technical data as functional cookies. Data collected through analytics and marketing cookies is retained for 24 months after your visit, and the legal basis for this processing is your consent.
Our channels in social media
We process personal data accessed via our social media channels for the purposes of promoting us, our products and services, and to interact with existing customers, potential customers and partners. The processing is necessary for our legitimate interest in marketing ourselves and our products and services, and interacting with existing customers, potential customers and partners (legitimate interest). The personal data is processed for as long as necessary to fulfil the purposes of the processing. For information on the platforms’ processing of personal data in connection with your visit to our social media channels such as Facebook, Instagram, YouTube, and LinkedIn, please refer to the respective platform’s privacy policy.
WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
We do not disclose personal data to third parties, except when necessary to fulfil a legal obligation or to fulfil the purposes for which we process your personal data.
Situations when your personal data may be disclosed to third parties are listed in the table below.
|
Third party |
Reason for third party disclosure |
|
Other companies within our company group |
Personal data may need to be disclosed to other companies within our group as central functions such as analysis, marketing and finance are managed jointly within the company group we are part of |
|
Suppliers and partners |
We may disclose your personal data to suppliers and/or partners, if the suppliers and/or partners need your personal data to fulfil their undertakings toward us, e.g. cloud service providers, customer support, analytics, email delivery and marketing |
|
Professional advisors |
We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services that they render to us |
|
Authorities |
Personal data may be disclosed to authorities when necessary for compliance with our legal obligations |
|
Sale |
If we intend to transfer all or part of our business, personal data may be disclosed to a potential buyer |
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
If your personal data is transferred to a country outside the EU/EEA, we will take necessary measures to ensure that the transfer of your personal data is legal and that your personal data is processed securely by applying appropriate safeguards. These safeguards may include ensuring that the European Commission has decided that the country outside the EU/EEA to which your personal data are transferred has an adequate level of protection (so called adequacy decision) or by entering the European Commission’s standard contract clauses with the recipient. If you would like a copy of the safeguards we have implemented or information on where these safeguards are available, please contact us by using the contact details provided below.
YOUR RIGHTS
A summary of the rights you have as a data subject under the GDPR follows below.
Right to withdraw your consent
When the processing of your personal data is based on your consent as a legal basis, you have the right to withdraw your consent at any time by contacting us via the contact information listed at the bottom of this privacy policy.
Right of access
You have the right to receive information about whether we process personal data about you and in such cases receive a copy of the personal data including information on the purposes of the processing, categories of personal data processed, categories of recipients of the personal data, retention periods, your rights regarding the processing, the existence of automated decision-making (including profiling), information on the appropriate safeguards relating to the transfer of your personal data to countries outside the EU/EEA and, if the personal data has not been collected from you, from where the data is collected.
Right to rectification
If the personal data we process about you is inaccurate, incomplete or outdated, you have the right to ask us to rectify or complete such personal data without undue delay.
Right to be forgotten
You often have the right to request deletion of your personal data without undue delay. Such is the case when (i) the personal data is no longer necessary for the purposes for which they were processed, (ii) you withdraw your consent and there is no other legal basis for the processing, (iii) you have objected to the processing of your personal data for direct marketing purposes or to processing based on legitimate interest as legal basis and we cannot show definitive reasons for the processing which outweigh your interests, rights and freedoms, (iv) the processing does not take place to establish, exercise or defend legal claims, (v) the personal data has been unlawfully processed or (vi) the personal data has to be erased for compliance with a legal obligation.
Right to object
You have the right to object at any time to the processing of personal data based on legitimate interest as legal basis, including e.g. profiling. In addition, you always have the right to object to the processing of your personal data for direct marketing purposes. We will then cease to process the personal data, unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or if the processing takes place for the establishment, exercise or defense of legal claims.
Right to restriction of processing
Under certain circumstances you have the right to request that we restrict the processing of your personal data. Such is the case when (i) you consider that the personal data is not correct and you are awaiting our verification of the accuracy of the personal data, (ii) the processing is unlawful and you, instead of deleting the personal data, wish the processing to be restricted, (iii) we no longer need the personal data for the purposes of the processing but you need them to establish, exercise or defend legal claims or (iv) when you have objected to processing based on a legitimate interest and you are waiting for a verification on whether our legitimate reasons outweigh yours.
Right to data portability
When personal data you have provided us is processed by automated means and based on your consent or on a contract with you as legal basis, you have the right to obtain your personal data in a commonly used and machine-readable format and request that such personal data is transmitted to another controller.
Right to lodge complaints
You have the right to file complaints regarding our processing of your personal data with the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten), Box 8114, SE-104 20 Stockholm.
Cookies
We use cookies and other similar tracking technologies to help make our website functional by enabling certain functions. We use cookies in accordance with this privacy policy and the information provided under the cookie settings.
CHANGES TO THIS POLICY
We reserve the right to change this Privacy Policy at any time. In the event of changes to this Privacy Policy, we will publish the amended Privacy Policy here on tataa.com with information on when the changes will come into effect. Further, we may also notify amendments by other appropriate means.
Contact INFORMATION
Do not hesitate to contact us if you have any questions about this privacy policy, the processing of your personal data or if you wish to exercise your rights under this privacy policy or applicable legislation.
TATAA Biocenter AB
Reg.no: 556640-7143
Postal address: Sofierogatan 3 A, 412 51 Gothenburg, Sweden
Email: info@tataa.com