Privacy Policy

OUR Privacy Policy

Introduction

This GDPR Policy outlines the data protection principles and practices adopted by SYNDEO Medical, a division of MDev BV (hereinafter referred to as "SYNDEO Medical," "we," or "us"). SYNDEO Medical is committed to protecting the privacy and personal data of individuals in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Scope

This policy applies to all personal data collected, processed, and stored by SYNDEO Medical, regardless of the format or medium in which it is obtained or held. It applies to all employees, contractors, partners, and third parties who process personal data on behalf of SYNDEO Medical.

Data Protection Officer (DPO)

SYNDEO Medical has appointed a Data Protection Officer (DPO) responsible for overseeing the implementation and compliance of this GDPR Policy. The DPO can be contacted at the following email address: solutions@syndeomedical.be.

Lawful Basis for Processing Personal Data

SYNDEO Medical will process personal data only when there is a lawful basis for doing so under the GDPR. This includes, but is not limited to, the necessity of processing for the performance of a contract, compliance with a legal obligation, protection of vital interests, consent, or legitimate interests pursued by SYNDEO Medical or a third party.

Rights of Data Subjects

SYNDEO Medical recognizes and respects the rights of data subjects. Individuals have the right to:

5.1. Access: Request access to their personal data held by SYNDEO Medical and receive relevant information about the processing.

5.2. Rectification: Request the correction of inaccurate or incomplete personal data.

5.3. Erasure: Request the deletion of personal data under certain circumstances, such as when it is no longer necessary for the purpose it was collected or when consent is withdrawn.

5.4. Restriction: Request the restriction of processing when certain conditions are met, such as during the verification of the accuracy of personal data.

5.5. Objection: Object to the processing of personal data in specific situations, including direct marketing.

5.6. Portability: Request the transfer of personal data to another organization or receive personal data in a commonly used machine-readable format.

Data Security Measures

SYNDEO Medical implements appropriate technical and organizational measures to ensure the security and confidentiality of personal data. This includes:

6.1. Access Controls: Restricting access to personal data on a need-to-know basis and implementing strong authentication measures.

6.2. Data Minimization: Collecting and processing only the personal data necessary for the intended purpose.

6.3. Encryption: Protecting personal data using encryption techniques during transmission and storage.

6.4. Incident Response: Implementing procedures to respond to and recover from security incidents in a timely manner.

6.5. Employee Training: Providing regular data protection training to all employees.

Data Transfers

SYNDEO Medical may transfer personal data to countries outside the European Economic Area (EEA) only if appropriate safeguards are in place as required by the GDPR. These safeguards may include the use of standard contractual clauses, binding corporate rules, or relying on an adequacy decision by the European Commission.

Data Retention

Personal data will be retained only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law or a legitimate business need.

Third-Party Processors

When engaging third-party processors to process personal data on behalf of SYNDEO Medical, appropriate contracts or agreements will be in place to ensure compliance with the GDPR and the protection of personal data.

Breach Notification

In the event of a personal data breach, SYNDEO Medical will promptly assess the risk and, where required, notify the relevant supervisory authority and affected individuals in accordance with the GDPR.

Compliance and Review

SYNDEO Medical is committed to regularly reviewing and improving its data protection practices to ensure ongoing compliance with the GDPR. This GDPR Policy will be periodically reviewed and updated as necessary.

Contact Information

For any questions or concerns regarding this GDPR Policy or to exercise your rights as a data subject, please contact our Data Protection Officer (DPO) at solutions@syndeomedical.be.