EU/UK Privacy Statement
B. EU/UK Privacy Statement
We are committed to complying with EU / UK Privacy Law. This EU/UK Privacy Statement explains how We, Aviagen Group ("AVIAGEN" or "We", "us", "our") process Personal Data in carrying out our activities. We process the Personal Data of representatives of our business partners (customers, clients, vendors, suppliers, etc.), individual customers, visitors to our website, visitors to our premises, attendees to our events and programs ("You").
We are a data controller. This means that We are responsible for deciding how We collect and use (process) Personal Data about You. We are required under EU / UK Privacy Law to notify You of the information contained in this Privacy Statement.
1. What Personal Data do we hold about You?
Depending on who You are, We collect different Personal Data from You, for specified purposes and based on a specific legal ground.
Purpose | Personal Data | Data Subjects | Legal Basis |
---|---|---|---|
Conducting our business and operations: including data analysis, business development, forecasting, strategy assessment, resource planning, general business operations, provision of products and services, mergers and acquisitions, restructuring, email distribution, and account management. | Name, email, account/company, work phone, mobile phone, home phone, physical address, mailing address, shipping address. | Customers, clients, vendors, suppliers, consultants, contractors, agents, website users, prospects, leads. | Legitimate interest – so that We can operate our business, assess our overall business performance, and work out which areas to improve and grow. |
Crime detection and prevention: including preventing fraud and investigating suspicious activities. | Name, email, account/company, work phone, mobile phone, birthday (in limited circumstances), government ID (in limited circumstances), personal picture, passport. | Customers, clients | If We are required to comply with an EU/UK law (including National Law): Compliance with a legal obligation. In other cases: Legitimate interest – we are required under the laws or industry standards of various jurisdictions, to carry out regular auditing of our accounts and business practices for crime detection and prevention purposes. |
Compliance with the law and regulatory obligations: legal advice, compliance advice, management of legal matters. | Name, email, account/company, physical address, mailing address, shipping address. | Vendors, suppliers, consultants, contractors, agents, visitors to premises. | If We are required to comply with an EU/UK law (including National Law): Compliance with a legal obligation. In other cases: Legitimate interest – we are often required to process Personal Data as part of our legal, regulatory and compliance obligations in various jurisdictions. |
Compliance processes: including sanctions-related screening, fighting against bribery and other crime, ensuring compliance with crime detection and prevention laws, and risk management. | Work phone, mobile phone, birthday (in limited circumstances), government ID (in Brazil in limited circumstances), personal picture, passport. | Customers, clients, vendors, suppliers, consultants, contractors, agents, prospects, leads, visitors to premises. | If We are required to comply with an EU/UK law (including National Law): Compliance with a legal obligation. In other cases: Legitimate interest – we are required to carry out compliance processes, so that We comply with the legal requirements of various jurisdictions. |
Sales: provision of account insights, management of accounts information internally and sales operations externally, and related purposes. | Name, email, account/company, work phone, mobile phone, home phone, physical address, mailing address, shipping address, birthday. | Customers, clients, prospects, leads. | Legitimate interest – managing and keeping track of our sales. In the rare instances when we are performing direct sales to individual, we will rely on performance of a contract as the legal basis. |
Communication about our products and public relations: promotion of products and services and conducting regional or global marketing initiatives. | Name, email, account/company, work phone, mobile phone, home phone, physical address, mailing address, shipping address, birthday. | Customers, clients, vendors, suppliers, consultants, contractors, agents, website users, prospects, leads. | When We reach out to You about similar services based on our relationship with You: Legitimate interest. When we do not have preexisting relationships with you: We will seek your consent. |
Customer complaints: recording and tracking product complaints and issues and related purposes. | Name, email, account/company, work phone, mobile phone, home phone, physical address, date of birth. | Customers, clients. | Legitimate interest – to make sure our customers are satisfied, and our operations are managed properly. |
Accounts and records: maintenance of accounts, records of business activities, assessment of business performance, financial reporting. | Name, phone number, mailing address, individual email address, social security number or tax ID number (when the vendor is a person but has registered as an LLC), bank account number, bank routing number, bank name. | Customers, clients, vendors, suppliers, consultants, contractors, agents. | Legitimate interest – as part of our business operations, We need to record personal data related to our accounts and records, for payment and financial purposes as well as to comply with legal obligations. |
Training: Customer oriented and detailed training. | Name, email, account/company. | Customers, clients. | Legitimate interest – We process Personal Data as part of an additional service We provide to our customers, i.e., customer-oriented training. |
Events: events which are organized by us. | Name (including guest names), email, phone number, nationality, country, visa requirements, English language skills, company name and address, job title and details, contact at AVIAGEN and choice of AVIAGEN brands, photographs and videos, details relating to participation in activities at the events and dietary requirements. | Event attendees. | For the photographs and videos: Consent. For all other Personal Data collected at our events: Legitimate interest – we process Personal Data so that individuals can attend our events and better understand the products and services that We offer. |
About the legitimate interests specified above, We ensure that We balance any potential impact on You and your rights before we process your Personal Data for the reasons provided. You can obtain further information about how we assess our legitimate interests against any potential impact on You in respect of the specific activities by contacting us. Please also consult the section “Your rights” below.
We also collect information about You or your device each time You visit our website or when We send You an email. This information may be Personal Data in itself or when combined with other information about You. This includes technical information, including the Internet protocol (IP) address used to connect your device to the Internet and browser type and version, as well as information about your visit, including the dates and times You use our website, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), etc., or information on whether You open an email, dates and times You do that, etc.
To do this, We use cookies and other tracking technologies. You can learn more about such technologies and the legal basis we rely upon to deploy such technologies by reading our ONLINE SERVICES PRIVACY STATEMENT, and our COOKIES NOTICE.
It is important that the Personal Data We collect from you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us. You can do so by contacting us at [email protected]. We will endeavor to effect those changes within a reasonable timeframe.
2. Change of purpose
We will only use your Personal Data for the purposes for which We collected it, unless We reasonably consider that We need to use it for another reason and that reason is compatible with the original purpose. If We need to use your Personal Data for an unrelated purpose, We will notify You and We will explain the legal basis which allows us to do so.
3. Which third-parties process your Personal Data? Do we share, disclose, or transfer Personal Data?
To conduct our activities, We may have to share or disclose your Personal Data to third parties, including third-party service providers.
We share your Personal Data with:
a) IT experts who provide services to us (e.g., data storage, website administration);
b) Service providers We work with for the purpose of corporate training (e.g., courses, webinars);
c) Service providers We work with for the purpose of compliance management (e.g., compliance and incident management software);
d) Service providers We work with for the purpose of supply chain management and in the context of fairs, exhibitions, and show (e.g., supply chain platform, trade management solution);
e) Service providers We work with for the purpose of marketing (e.g., marketing platforms);
f) Service providers We work with for the purpose of shipping our products (e.g., shipping companies and freight forwarders); and
g) Other external parties We may cooperate with (e.g., attorneys, accountants, advisors, business analysts).
We do not use other third parties to process your Personal Data or otherwise transfer Personal Data outside of the EEA and/or disclose your Personal Data to recipients other than those identified in this Notice. If We were to do so, We would comply with EU Privacy Law.
4. Transfers
AVIAGEN is a global company. We store your Personal Data in the USA, and we may also transfer your Personal Data worldwide, amongst others when our staff access Personal Data from abroad.
Personal Data and other data may therefore be exported outside of the jurisdiction in which You reside. Under those circumstances, the governments, courts, law enforcement, or regulatory agencies of that country or those countries may be able to obtain access to your Personal Data through foreign laws. You need to be aware that the privacy standards of those countries may be lower than those of the jurisdiction in which You reside.
We will take all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this Privacy Statement. All data You provide to us is stored on our secure servers. Where we transfer our data outside of the EEA, we ensure that adequate safeguards are in place. That includes, where necessary, taking steps to evaluate the risks raised by the transfers in countries that do not offer an adequate level of protection. Please contact us if You want further information on the specific mechanism (i.e., the EU Standard Contractual Clauses, as supplemented by ad hoc addendum, as necessary) used by us when transferring your Personal Data outside of the EEA.
5. Data security
Your Personal Data are treated as confidential.
To safeguard your Personal Data from unauthorized access, collection, use, disclosure copying, modification, disposal, or similar risks, We have put in place appropriate technical and organizational measures.
We use encryption, have in place strict password protocols and physical security measures, and follow industry standards and best practices. We update and test our security technology on an ongoing basis. We restrict access to your Personal Data to those employees and staff who need to know that information. In addition, We train our staff about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our staff’s privacy responsibilities.
6. How long will We retain your Personal Data?
When we process data based upon your consent or upon our legitimate interest, We store your Personal Data if You don’t withdraw your consent or don’t object to the Processing. We also undertake not to retain your Personal Data for longer than necessary. We undertake, absent of any Processing activities, to delete the Personal Data We hold on You within a period of 36 months. However, We may retain your Personal Data under UK, EU, or National Law. Also, We may retain electronic copies of files containing Personal Data created pursuant to automatic archiving or back-up procedures which cannot reasonably be deleted. In these cases, We will ensure that the Personal Data are not further actively processed.
7. Your rights in connection with Personal Data
In certain circumstances, under UK/EU Privacy Law, You have the right to:
a) Request access to your Personal Data. This enables You to receive a copy of the Personal Data We hold about You and to check that We are lawfully Processing it.
b) Request correction of the Personal Data that We hold about You. This enables You to have any incomplete or inaccurate information We hold about You corrected.
c) Request erasure of your Personal Data. This enables You to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where You have exercised your right to object to Processing (see below).
d) Request the restriction of Processing of your Personal Data. This enables You to ask us to suspend the Processing of Personal Data about You, for example, if You want us to establish its accuracy or the reason for Processing it.
e) Request the transfer of your Personal Data to another party (right to data portability).
To exercise your rights as a Data Subject, or make queries or complaints, please contact [email protected].
When You provided your consent to the collection, Processing, and transfer of your Personal Data for a specific purpose, You have the right to withdraw your consent for that specific Processing at any time.
When We process your Personal Data based on our legitimate interest (or those of a third party), You have the right to object to such Processing. To withdraw your consent or object to the Processing, please contact [email protected].
If You are dissatisfied with any aspect of our handling of your Personal Data, You have the right to make a complaint at any time to the relevant Supervisory Authority.
8. Glossary
In this EU/UK Statement:
“Aviagen Group” means each of the Aviagen entities controlling your Personal Data, as applicable, the list of which can be found here on the Contact Us – Privacy Notice page.
“Data Subject” means an identified or identifiable individual.
“EEA” means the European Economic Area.
“EU” means the European Union.
“EU Privacy Law” means Regulation (EU) 2016/679 (General Data Protection Regulation).
“National Law” means the laws of any country that is a member of the EU or EEA.
"Personal Data" means any information relating to an identified or identifiable individual.
"Processing" means any operation performed on Personal Data, manually or by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
"Supervisory Authority" means the relevant data protection authority of the Data Subjects' habitual residence or place of work.
"UK Privacy Law" means Regulation (EU) 2016/679 (General Data Protection Regulation), as it forms part of the law of England and Wales, Scotland, and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018, as well as the Data Protection Act 2018.
“UK” means the United Kingdom.
“USA” means the United States of America.