Dear business partner,
In our internal data protection guidelines, we have set out requirements for the processing of personal data. These comply with the requirements of the European Data Protection Guideline and ensure compliance with the principles of applicable national and international data protection laws. This enables us to set a valid data protection and data security standard in our company.
You can contact our company’s Data Protection Officer at: firstname.lastname@example.org or +351 231 249 283
We process personal data that we receive from you in the course of our business relationship. This includes data that we have received directly from you, e.g., in the context of inquiries, orders, offers, order confirmations, contracts or through personal contact with our employees. In addition, we process personal data which we may obtain from publicly accessible sources (e.g., commercial and association registers, Internet) or which is legitimately transmitted to us by other partners of CHEM4PHARMA, LDA to the extent necessary for the provision of our services.
We may collect and process the following categories of personal information:
Contact master data (e.g., name, address, contact details)
Order data (e.g., in the context of processing orders)
Documentation data (e.g., call notes)
Data on the initiation and implementation of our business relationships
We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and applicable national and international Data Protection laws. The legal basis on which we process your data are:
- To fulfill contractual obligations (Article 6 (1) (b) GDPR)
The processing of data takes place to fulfill a contract with you or for the execution of pre-contractual activities that take place on the basis of an inquiry. The purposes of data processing depend in detail on the specific business relationship.
- To balance interests (Article 6 (1) (f) GDPR)
If necessary, we process your data beyond the actual performance of the contract to protect our legitimate interests or those of third parties. This is done for the following purposes, among others:
General business management
Testing, optimization and development of products and services
Assertion of legal claims and defense in legal disputes
Ensuring IT security
Prevention and investigation of criminal offences
Our interest in the respective processing arises from the specific purposes and apart from that is of an economic nature (efficient performance of tasks, distribution, avoidance of legal risks). As far as the specific purpose allows, we process your data in pseudonymized or anonymized form.
-On the basis of your consent (Article 6 (1) (a) GDPR)
If you have given us your consent to process personal data for specific purposes, the respective consent is the legal basis for the processing stated there.
This applies in particular to:
Transmission of data to third parties
You can revoke your consent at any time. This also applies to the revocation of declarations of consent that you have given us before the validity of the GDPR, i.e., before 25 May 2018. The revocation of consent is only valid for future processing.
- Due to legal requirements (Article 6 (1) (c) GDPR)
We are subject to various legal obligations. The purposes of this processing include, among others:
Enforcement of our general terms and conditions
Administration of our business
Processing for the fulfillment of legal storage or documentation obligations
Your data can be access within CHEM4PHARMA, LDA’s company if this is necessary to fulfill our contractual and legal obligations or if the internal organization requires disclosure of said data (e.g., financial accounting, purchasing, development, production and logistics). At CHEM4PHARMA, LDA, appropriate legal requirements have been established to protect your personal data.
Access to your personal data will not be given to third parties (entities outside CHEM4PHRMA, LDA company) unless you have given us your prior consent, or if a legal basis exists. A legal obligation may be applied in particular with the following recipients:
Public authorities and regulating authorities
Jurisprudence/law enforcement agencies
Lawyers and notaries
In addition, we may employ various service providers (contractors according to Article 28 GDPR), which we contractually commit to the requirements of the GDPR and whose compliance we monitor. These include companies in the areas of IT services, printing services, telecommunications, contract manufacturing, consulting or sales and marketing. Order data processors may only use personal data in accordance with our instructions and for a specific purpose.
Exempted from this is the transfer to service partners, such as logistics service providers or forwarding agencies, insofar as the transmission of information is required for their order. They receive the data required for delivery for their own use. We limit ourselves to the transmission of the data necessary for delivery.
We only transfer your data to countries outside the European Economic Area (third countries) if:
It is necessary for the production of our products and services, as well as for the execution of our orders
it is required by law
you have given us your consent
If we transfer your data to a third country or an international organization, this is always done in accordance with the provisions of the GDPR. In addition, in accordance with the principle of data minimization, we only transmit data that is limited to the minimum amount necessary.
In some cases, we may use service providers whose headquarters, parent company or subcontractor is located in a third country. Your data will only be transferred if the European Commission has decided that an adequate level of protection exists in a third country (Article 45 GDPR), if suitable safeguards are provided (e.g., standard contractual clauses adopted by the European Commission) and enforceable rights and effective measures are available to you as the party concerned.
CHEM4PHARMA, LDA will take appropriate technical and organizational measures to protect your personal data against loss or unlawful use.
As part of our business relationship, you must provide the personal data required to establish and execute the relevant business relationship and fulfill the associated contractual obligations or we are required by law to collect it. Without this data we will generally not be able to enter into a business relationship with you and to fulfill the resulting obligations.
In principle, we do not use fully automated decision making according to Article 22 GDPR for the establishment and implementation of the business relationship. Should we use these procedures in individual cases, we will inform you separately insofar as this is required by law.
In accordance with Article 15 GDPR you can require information about your personal data processed by us. If your details are not (or are no longer) accurate you can request a correction (Article 16 GDPR). If your details are incomplete, you may request a completion. If we have passed on your details to third parties, we will inform these third parties about your correction.
Furthermore, according to Article 17 GDPR you can request the deletion of your personal data if:
Your personal data is no longer required for the purposes for which it was collected
You revoke your consent and there is no other legal basis for retaining it
You object to the processing and there are no overriding reasons for processing that are worthy of protection
Your personal data has been processed unlawfully
Your personal data must be deleted to comply with legal requirements
Please note that the legal obligations of the person responsible can lead to the fact that your data cannot be deleted or it will be only after expiration of a period of time.
In addition, you have a right to limitation of processing in accordance with Article 18 GDPR, the right of objection under Article 21 GDPR and the right to data transferability under Article 20 GDPR.
Right of objection on a case-by-case basis:
You have the right to object to the processing of personal data at any time for reasons arising from your particular situation on the basis of Article 6(1)(f) GDPR (data processing on the basis of a balance of interests), including profiling within the meaning of Article 4(4) GDPR based on this provision. If you object, we will no longer process your personal data, unless we can prove compelling reasons worthy of protection for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
We are not responsible for the privacy policies or content of those websites.