Bioinsider LLC Privacy Policy & GDPR

About Bioinsider LLC
At Bioinsider LLC, we specialize in life science and healthcare virtual meeting production.

This Notice
This privacy notice explains how we collect, share, use and protect information. Our privacy policy is designed to provide transparency so you can make an informed choice about using this site and our other activities. We are always fully committed to protect personal information and have high regard for privacy rights.

What information do we collect?
Bioinsider LLC collects information from you directly through our website when you either download any content regarding our event or products, sign up to receive updates or register to attend an event. These information includes name, job title, organization, email address, phone number and business address. We collect and use personal information in order to provide the best possible service and build long-lasting relationships. This includes informing you about new events, products and other offerings that may be relevant. This information will be provided by you and we will use this only for the purposes stated.

No sensitive personal information is collected, stored, or processed. We adhere to the GDPR legal definitions of personal data which can be found at https://gdpr-info.eu/art-4-gdpr/.

What use is made of this information?
The information that is collected and shared is used to provide the highest quality of service to you and focuses on building your network. We do not sell, share or rent this data to others. We will use the information to create and draw your attention to Bioinsider LLC’s products, editorial material and commercial opportunities that you have requested and that may be of interest to you. We also conduct market research and surveys. We may share with advertisers, affiliates and other commercial companies with whom we have, or might have an association. Unless you state otherwise during the registration or subscription process. When you sign up for one of our events, you agree to be contacted by us or our marketing partners. Bioinsider LLC and all third parties are contractually bound by all laws and regulations pertaining to data protection and online and offline communication. If you do not wish to receive communications from Bioinsider LLC, email us at [email protected].

Bioinsider LLC uses Legitimate Interest as the basis of its GDPR compliance. Bioinsider LLC believes that it has met the requirements of legitimate interest, and has followed the following process as part of the Legitimate Interest Assessment:

The General Data Protection Regulation

1. Bioinsider LLC has conducted an assessment to ensure that we have legitimate business interests in processing the personal data.

2. The processing is necessary in pursuit of those interests

3. The rights of the individuals who are the subjects of the personal data we process have been taken into account and do not override our interests. Our Privacy Policy clearly states that we may process data under this lawful basis. We never share information about individuals who have objected to processing under legitimate interests with our clients.

Independent Resolution
If you are a citizen of the European Union, you may report concerns to the Information Commissioner’s Office in your company. For the United Kingdom, go to https://ico.org.uk/concerns/.

Notice of New Policy Changes
If Bioinsider LLC makes material changes to our data privacy practices, this policy will be updated and posted on our website in order to keep you informed of how we collect, use, manage, disclose, and protect information. The policy effective date will be updated accordingly.

Website
Cookies Bioinsider LLC, may place a “cookie” in the browser files of a user’s computer. The cookie itself does not contain any personally identifying information, except when such information has been supplied by a user. If you have visited our Web site, the information in your “cookie” is used to provide a more personalized experience on the Web site. This cookie identifies you as a unique user by means of a tracking ID. Please note, we cannot link that user ID with personal identifying information and data about you such as your name or e-mail address.

Data Security
We cannot ensure or warrant the security of any information that you transmit to us and you agree that you provide this information and engage in such transmissions at your own risk. Once we receive information from you, we will endeavor to maintain its security on our systems. Bioinsider LLC has established policies and procedures for securely managing information and protecting Data against unauthorized access and we continually assess our data privacy, information management and data security practices. We do this in the following ways: Bioinsider LLC maintains commercially reasonable security measures to protect personal information against unauthorized access and disclosure and that are consistent with our business operations and generally accepted industry standards. These measures include the implementation of technical, physical and administrative security safeguards. BIOINSIDER LLC requires employees to abide by Bioinsider LLC privacy policy.

1. Establishing policies and procedures for securely managing information

2. Limiting employee access to personal information

3. Protecting against unauthorized access to customer data by using data encryption, authentication, and virus detection technology, as required

4. Requiring service providers with whom we do business to comply with relevant data privacy legal and regulatory requirements

5. Monitoring our websites through recognized online privacy and security organizations

6. Requiring employee conformance with Bioinsider LLC privacy policy

7. Assessing our data privacy, information management, and data security practices continually

8. Conducting regular patching and maintenance of all Bioinsider LLC systems to ensure they are protected against current threats and intrusions

Data Retention
Data is retained on our file in accordance with legal requirements, the professional status of the data subject, and the data subject’s choice and preference. Bioinsider LLC conforms to the requirement to ensure that the principles of data minimization (which consists of not collecting more personal information than needed for a particular purpose) and the principle of purpose limitation (collecting personal information for a specific purpose) are followed. Additionally, all Bioinsider LLC employees are trained in the privacy principle of the business.

GDPR
The notice details the Bioinsider LLC position and approach to GDPR, and the steps it has taken to become compliant.

Bioinsider LLC will use Legitimate Interest as the basis of its GDPR compliance.

Bioinsider’s Legitimate Interest justification is based on the following excerpt from the General Data Protection Regulation which outlines where Legitimate Interest can be used:

Under Article 6 1(f)

‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of Personal Data, in particular where the data subject is a child.’

Point (f) of the first subparagraph shall not apply to processing carried out by public authorities in the performance of their tasks. Under Recital 47

‘The legitimate interests of a controller, including those of a controller to which the Personal Data may be disclosed, or of a third party, may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration the reasonable expectations of data subjects based on their relationship with the controller.’

Further, the GDPR states that “the processing of Personal Data for direct marketing purposes may be carried out for a legitimate interest. An organization may wish to rely upon Legitimate Interests where consent is not viable or not preferred and the balance of interests condition can be met.” Bioinsider LLC has thus carried out a Legitimate Interest Assessment.

Our Legitimate Interest Assessment has been a 3-step process:

Legitimate Interest Assessment

1. Identifying a Legitimate Interest

2. Carrying out a Necessity Test

3. Carrying out a Balancing Test

Identifying a Legitimate Interest
Bioinsider LLC has a legitimate interest in processing the personal data of data subjects that are likely to attend or purchase Bioinsider LLC events and information services. The only personal data that is held and stored and processed by Bioinsider LLC is name, business job function, and contact details. Segmentation is done by their past transactional history, if any, and their organization’s industry or research sector. All the services provided by Bioinsider LLC have direct relevance to the data subject.

Necessity Test
The processing is necessary in pursuit of the interests above. Bioinsider LLC has examined alternatives and the only alternative available – unambiguous opt-in – was reviewed and rejected as impossible to implement given the range of our products and services. Of particular note, our events are held all over the world at different times and places, often with significant time gaps. Consent might well then expire between relevant events. Our publishing schedule is similarly uneven across our multiple sectors.

Balancing Test
Bioinsider LLC has conducted a balancing test to ensure that our interests do not override those of data subjects. We believe that the data subjects will have a reasonable expectation of being contacted by Bioinsider LLC because of their job responsibilities. The data we hold and use is always connected to an individual’s business and professional responsibilities. All data subjects are given notice and choice when added to the database. They are informed about the legal basis of our processing, the purpose of this (for use by Bioinsider LLC and its partners for marketing). They will have access to the data we store about them and it will be kept accurate and secure. They will be informed that all marketing activities will be carried out in accordance with local laws and regulations.

Bioinsider LLC Compliance Process
As part of our compliance, we have implemented the following

a) Internal Policies – Policies are written and include: basis for process justification (balancing test for Legitimate Interest); data collection; data retention; data security and breach; cookies.

b) External Policies – Privacy policy; collection notices; cookie policy. Notice will be sent to all contacts and Privacy Policy put on the web site

c) Systems/Process Changes (as needed) – Recording and managing of notice, opt-in/opt-out, accuracy, ability to support right of access, security, portability.

d) Systems/Process Documentation – Data map and flows; include LI assessments written above; record of processing activity

e) Contracts – Contracts with data suppliers, data processors, customers have been updated.

f) Security – Review of process undertaken and documented