This notice is effective as of May 2018
Our Approach to Privacy
ABRITES LTD. and all its affiliates (together “Abrites”) recognize that when we handle information about any individual, we must do so responsibly, with due care to individual privacy, complying with laws on data privacy and confidentiality.
The Policy explains in general terms how we seek to comply with data privacy laws and regulations, including but not limited to Regulation (EU) 2016/679 (General Data Protection Regulation/GDPR).
ABRITES in its capacity of personal data controller, has enacted internal policies, procedures and training programs designed to support compliance with these laws and this Policy.
Our policies, procedures and training programs are reviewed on a regular basis, and managed by a team of privacy professionals with senior executive oversight.
What Types of Personal Information Does ABRITES Handle and for What Purposes?
When selling through its partners ABRITES collects, process’ and analyzes consumers’ e-mail addresses only - for the purposes of sending the activation links. Abrites considers these consumers as customers of the partner.
When selling directly to consumers, ABRITES collects, process’ and analyzes consumers' data as follows: first name, family name, delivery address, address for VAT purposes (if any), phone number for contact, e-mail address.
ABRITES collects these data for the purposes of:
1. identifying the consumer;
2. sending the activation links by e-mail;
3. delivering devices via courier;
4. activation of/providing the service ordered;
5. warranty support;
6. performance of the obligations under the consumer’s contract;
7. for statistical purposes in order to improve the services offered;
These categories of personal data are collected and processes in the consumers’ interest and after their explicit consent.
We do not collect any consumers' data like: age, date of birth, sex, bank accounts information, personal documents (number, date of issue, validity, copies), marital status, medical/health information, professional qualifications and/or any kind of other personal data.
This would be in excess of the above mentioned purposes and we kindly ask you not to specify any such information before ABRITES.
In case you specify personal information in excess, ABRITES will delete it immediately and no records will be kept.
Employee and Human Resource Data
ABRITES collects personal information from applicants to open positions within the company, including private contact details, professional qualifications and previous employment history to inform employment decisions.
ABRITES conducts various background checks on applicants, including where law allows on criminal history and professional disbarment.
Once employed, ABRITES collects information on staff for human resource, performance, payroll and tax purposes.
ABRITES processes similar information relating to consultants contracted on a freelance basis, if any.
ABRITES collects named information about visitors to company websites where this is voluntarily provided to meet a request from those individuals, for example where a client contact requests information on a company service or where someone wants to apply for a vacant position with the company.
Through the use of cookie-based technologies, ABRITES may collect various data linked to virtual identities allocated to visitors when they access our websites.
This data is used for various purposes, including site analytics and first party marketing (see Online Issues below). In certain cases, these virtual identities are linked to the real world identities of visitors when they provide their named information as described above.
This allows ABRITES to tailor marketing messages to those individuals, inclusive of information that is likely to be of interest to them.
Internal and External Disclosures of Personal Information
Personal information will be shared within ABRITES, companies working as agents of ABRITES and third parties only on a “need to know” basis to meet stated legitimate business purposes. Access to databases and folders containing personal information is restricted to appropriate staff.
ABRITES does not trade or sell personal information.
Under some circumstances, ABRITES may be required by law enforcement or judicial authorities to disclose certain personal information as part of investigations or for litigation purposes.
ABRITES may disclose personal information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of ABRITES’ assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding.
Companies working as agents of ABRITES are required to sign “processor” and/or confidentiality agreements whereby they will commit to only process personal information consistent with contracted purposes and apply appropriate organizational and technical security safeguards.
International Transfers of Personal Information
ABRITES is a global company serving an industry that is increasingly globalized in its approach to clinical research. Personal information will be shared across international borders as required to service global projects.
ABRITES hosts personal information in databases in one location only - in its HQ in Bulgaria.
In certain circumstances, ABRITES and client personal information will be hosted within vendor platforms located in the Internet cloud.
ABRITES recognizes that many countries globally have regulations restricting the flow of personal information across international borders.
ABRITES has put in place measures to ensure that adequate protection is provided to such data where legally mandated.
Notice and Consent
At the point of data collection, ABRITES will provide notice to individuals in a clear and conspicuous language about how their information will be processed, disclosed and transferred; what choices they have in relation to how their data are handled; what informational rights they have under data privacy law or under this Policy; and who to contact with any questions or complaints.
These privacy notices are tailored to specific situations of data collection. In providing such notice, ABRITES meets its obligations to be transparent and fair with individuals as is required by data privacy laws.
Dependent on the medium, notice may be given in person, by email, post, telephone, or by posting on our website.
In many situations, including where mandated by data privacy law, and also where it is a matter of good practice, ABRITES will seek consent of individuals to collect, use and disclose their data consistent with the relevant privacy notice.
However, in certain cases where law allows, particularly where gaining consent will involve a disproportionate effort and the privacy risks are low, ABRITES will proceed to process personal information absent of consent. Also, ABRITES will use and disclose personal information without consent where required by law and judicial order.
Consistent with GDPR, laws on confidentiality and data privacy regulations, ABRITES will collect necessary informed consents of study subjects on behalf of its clients. ABRITES will suggest template consent language to its clients, including necessary content as dictated by local law.
Data Quality and Record Retention
In general, our privacy notices provide individuals easy means of validating, correcting errors and updating information.
ABRITES retains personal information according to purpose and regulatory requirement, as directed by our corporate retention schedules.
In jurisdictions with data privacy laws, and where contractual commitments require, ABRITES ensures that individuals can exercise all relevant informational rights with respect to their personal information processed by the company, including but not limited to the right of access and correction, to prevent direct marketing, block processing and erase data. In all other respects, where no overriding interest prevails, ABRITES will endeavor to allow the following informational rights under this Policy as a matter of good practice:
- to allow access to copies of personal information within a reasonable timeframe;
- to correct personal information where inaccurate;
- to allow study investigators to opt out of future solicitations to participate in studies; and
- to withdraw a previously provided consent to processing of personal information.
Study subjects must contact their investigator at site, who will be able to make the necessary link to subject identity.
The company maintains a comprehensive information security policy that seeks to apply technical and organizational security measures that protect personal information against unauthorized access or loss.
Consistent with regulatory requirements, ABRITES also maintains a detailed Security Breach Policy, which establishes a procedural response to dealing with any breach of personal information, including making any necessary notifications to individuals or governmental authorities.
ABRITES Web pages may contain links to websites outside of the company.
Linked websites are not under the control of or endorsed by ABRITES.
This Policy does not apply to linked websites outside the ABRITES organization.
A cookie is a data file that is placed by a website operator on the hard drive of a visitor to their site.
Cookies with the following functions are enabled to the computers of visitors to ABRITES websites: to allow the site to deliver the service requested by the visitor; to remember repeat visitors; to improve the user experience of the site; to allow the company to perform site analytics; and to help tailor marketing messages to the visitor based on previous browsing.
Company cookies are enabled and controlled by the ABRITES Web team, which is established on Bulgarian territory.
The online relationship with ABRITES may be managed by using settings available on most internet browsers.
For example, most browsers will allow a visitor to choose which cookies can be placed on his/her computer, to delete or disable cookies, and to set Do Not Track as a function.
Please note that disabling cookies may prevent a visitor from using certain features on ABRITES websites.
Children's Online Privacy Protection
ABRITES does not collect information through our websites from individuals who are known to be under the age of 18, and no part of our online presence is directed to anyone less than 18 years.
Inquiries, Complaints and Requests to Exercise Rights
All communications, queries, requests to exercise informational rights (e.g., access to data) or complaints should be addressed to the attention of the Legal Counsel, ABRITES, 147 Cherni vrah Avenue, Sofia 1407, Bulgaria.
Legal Status of Policy and Policy Changes
For instance, the Policy may need to change as new legislation is introduced or as it is amended. The updated Policy will be posted on http://abrites.com/.
We recommend that the Policy is reviewed from time to time.