Diagnostica Stago UK Ltd, hereinafter “Stago” may, during its activities, process your personal data, in accordance with applicable data protection legislation.
This policy provides you with information on how your personal data may be processed by Stago.
This policy, which is accessible in particular on our website, is updated regularly in order to take into account legislative and regulatory developments, and any change in the Stago organisation or in the processing it performs.
This policy will, where necessary and if the relevant information is not detailed in this policy, be accompanied by a specific information statement for each processing operation carried out on your personal data, which will be made available to you as soon as possible and, in the event that we collect your data directly from you, at the time of this collection.
Stago, when acting as a controller, is responsible for the personal data that you provide to us or that we collect.
In order to protect your privacy and your personal data as effectively as possible, we have appointed a data protection officer. This person, who is the point of contact for the Information Commissioner’s Office (the UK’s data protection supervisory authority), is responsible for ensuring that we process your data in accordance with applicable law.
You can contact our data protection officer at the following address: firstname.lastname@example.org
We are committed to ensuring the highest possible level of protection for the persons whose personal data we process ("data subjects"). The protection of personal data, in particular those of our own employees and staff (current and former), job applicants, those of our suppliers, our customers, our potential customers, and any other third party is important to us.
We will comply with the applicable regulations for all the processing of personal data that we carry out. We are, therefore, committed to respecting the following principles:
These commitments are manifested as follows:
Personal data is information relating to an identified or identifiable natural person, such as an email address, your first and last name, your IP address, etc.
We collect your personal data as part of our sales, after-sales service, distribution and promotion. We also process personal data when we proposing to employ or engage a person to work for or with us and then if they do eventually become employed or engaged by us.
In some cases, we collect your personal data directly from you. In other cases, your personal data is communicated to us by a third party (our customers, our suppliers, etc.).
The personal data that we are likely to process are, for example:
Processing has a wide meaning and includes obtaining, recording, organising, storing, amending, retrieving, disclosing and/or destroying information, or using or doing anything with it. Processing information also includes transmitting or transferring personal information to third parties
The processing of personal data carried out by Stago has an explicit, legitimate and determined purpose.
Your personal data may for example be processed for the following purposes:
The purpose of the processing will be communicated to you on a case-by-case basis, for each type of processing that we carry out on your personal data.
We always ensure, when we process your personal data, that the processing is based on a "legal basis".
We always process your personal data on one of the following:
Stago will keep your personal data only as long as reasonably necessary to fulfil the purposes we collected it for, and in accordance with applicable legislation. Thus, the retention period of your personal data depends on the purpose of the processing to which the personal data is subject, according to the provisions below:
Authorised persons within Stago and, in some cases, third parties who process personal data in order to provide us with services (our “trusted providers” which includes Diagnostica Stago SAS ), may access and process your personal data. We do our best to ensure that the number of such persons accessing and processing your data is kept as small as possible and to maintain the confidentiality and security of your personal data.
We only provide our trusted providers with the information they need in order to provide the service we require them to carry out and do not allow them to use your personal data for other purposes. We require all of our trusted providers with whom we work to maintain the integrity, availability, confidentiality and security of your data. We also ensure that when our relationship with a trusted processor comes to an end, that processor deletes your personal data without delay.
We select our trusted providers with great care, ensuring that they provide sufficient guarantees, particularly in terms of expertise, reliability and resources, to implement the technical and organisational measures to meet the requirements of the applicable legislation, in particular the security of the processing. In this regard, we instruct our trusted providers to process personal data only in accordance with our documented instructions. We also require the trusted providers to ensure that t their staff are committed to confidentiality or are subject to an appropriate legal obligation of confidentiality.
We may ask our trusted processors to provide a service that requires the processing of your personal data, for example in the following cases:
Where applicable, we take appropriate steps to ensure that the use of these trusted providers does not infringe our obligation of confidentiality.
Your data is stored in the UK by Stago and in the EU by our trusted providers.
When transferring data outside of the UK, we ensure that the data is transferred securely and in accordance with applicable law. When the country where the data is transferred does not have an adequacy decision, we use "appropriate safeguards".
These appropriate safeguards are a way to ensure that the protection of your personal data is ensured even when they leave the UK. These appropriate safeguards may, for example, consist of using standard contractual clauses.
Depending on the processing operations to which your data is subject, you may have the following rights:
To exercise these rights, you can contact us at the following address: email@example.com
In order for us to process your request satisfactorily, you will need to prove your identity, by whatever means. If we are not satisfied that what you have provided proves your identity then we may ask you for additional information, including e.g. the secure transmission of a copy of an identity document, signed by you.
We will do our best to meet your demands satisfactorily. Whatever our response, we will get it to you within one month, unless we need to extend the time for our response when we may extend the time for us to respond by up to an additional two months, depending on the complexity of and the number of requests.
We will not charge you for responding to any right set out above if your request is legitimate and not excessive. However, if any requests are unfounded or repetitive, we may require the payment of reasonable fees for dealing with your request which take into account the administrative costs incurred in providing the information, making communications or implementing the measures requested by you.
If you have any questions about this policy or how we process your data, please contact our data protection officer at the following address: firstname.lastname@example.org. You also have the right at any time to lodge a complaint with the Information Commissioner’s Office (ICO) – see www.ico.gov.uk. We would appreciate the opportunity to resolve any concerns before you contact the ICO so please get in touch
Whenever Stago processes or proposes to process your personal data, it will inform you of:
This information will be made available to you as soon as possible and, in the case of collection of your data from you, at the time of collection.
Stago attaches great importance to the protection of your personal data and takes all reasonable precautions to this end. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We ask our trusted providers who process your data on our behalf to do the same.
We are constantly doing our best to protect your personal data. Upon receipt of your data, we apply strict procedures and security measures (technical and organisational) to prevent unauthorised access.
This policy does not form a part of any contract or agreement that we have with you and we amend, update or supplement it from time to time.
This policy was last updated on December 04, 2020.