BIOMAR PERSONAL DATA POLICY (GDPR)

BIOMAR PERSONAL DATA POLICY (GDPR)

BioMar is committed to respecting the privacy of its employees and business partners. We adhere to strict standards when processing personal information. All data collected and held by BioMar will be processed fairly, transparently, carefully and in compliance with the applicable data privacy laws. BioMar Group takes the obligation to process personal data in accordance with all applicable legislation as well as high ethical standards. The protection of personal data and the rights and integrity of individuals is of vital importance to BioMar Group. This Data Privacy Policy sets out how BioMar Group processes and protects personal data in order to safeguard our ethical principles and comply with applicable data protection legislation at all times.

BIOMAR PERSONAL DATA POLICY (GDPR) - Item 1

General principles

To ensure a high standard for processing personal data, BioMar Group adheres to the following general principles in relation to the processing of personal data:

Lawfulness and fairness
Personal data is processed in a lawful and fair manner and in accordance with the Data Subjects’ rights as defined in legislation applying to entire BioMar Group as well as to the local company. The EU/EAA data protection rules apply to the companies within BioMar Group as minimum requirements.

If local legislation and EU/EEA data protection rules are conflicting, the local legislation will apply.

Purpose limitation
Personal data is only collected for specified, explicit and legitimate business purposes. Further, personal data will solely be used for the purposes for which the data was originally collected for and which the data subject has accepted.

Transparency
When collecting personal data from Data Subjects or via third parties, it is ensured that the Data Subject(s) in question will be provided with the information required by applicable law. Furthermore, Data Subjects are at all times entitled to request information on which personal data is collected about them.

Data minimisation
In BioMar, we only process personal data strictly required to operate the business. We do not process any data related to data subject(s) which is not strictly related to business transactions. Any personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

Accuracy
Any personal data processed is being kept accurate and, where necessary, up-to-date

Storage limitation and retention
Personal data is only processed in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data is collected and processed. BioMar Group has in place retention procedures and policies to ensure personal data is deleted in a correct manner.

Any data subject can request personal data to be deleted and the company is obliged to follow the request unless the data is required for legal or justified business purposes. In case of any dispute regarding handling of personal data the data in question must be kept unaltered.

Confidentiality
Any personal data that is processed is regarded as confidential information. BioMar Group guarantees confidentiality by ensuring its employees are aware of the confidential nature of personal data and by educating its employees on how and by whom defined categories of personal data may be processed.

Personal data are never transferred to non-authorized employees or external cooperation partners unless active and specific consent has been given.

Security Standards
BioMar Group has in place technical and organisational security measures to protect personal data against accidental or unlawful destruction, loss or alteration and against unauthorised disclosure, abuse or other processing in violation of applicable law.

To safeguard high standards in terms of data security BioMar Group complies with a comprehensive information policy/IT security policy.

Transfer of data and use of data processors

BioMar Group sets a high standard for the processing obligations of suppliers. Therefore, we ensure that all data processing agreements complying with the requirements in our global processor agreements standards are in place with any processors and/or sub-processors used for personal data.

BioMar Group only transfer personal data to a country not governed by the EU/EEA data protection rules to the extent the Data Subject has consented to such transfer or if other legal means for transferring data can be identified.

Personal data breach

In the event BioMar identifies or is informed that the security of the processing of personal data has been compromised or is likely to be compromised, or there in any other way has been an unauthorised or accidental disclosure of or access to personal data, we will immediately inform the relevant Data Subjects whose data has or may have been compromised as well as relevant authorities. Any personal data breach is handled in accordance with a data breach procedure.

Data Protection Manager

To ensure compliance with data protection regulation BioMar Group has appointed a Data Protection Manager. The Data Protection Manager oversees compliance with data protection rules, safeguard training of relevant BioMar Group employees, initiate audits and handle all questions with respect to personal data.

Audits

The global data policy is integrated in the management systems and audited by external auditors. BioMar Group runs data audits with the view of managing and mitigating risks in all companies belonging to BioMar Group. The audits will be conducted by the Data Protection Manager.