Personal Data Protection Declaration
BOSTON SANTE, INC. is aware of continuously arising importance of privacy, esp. protection and security of personal data of our customers, clients, partners, employees and actually all personal data subjects all over the world. As a global organization, whose international trade, product development or managerial structures extend beyond borders. We are making continuous efforts to ensure and further develop personal data protection, and to exceed minimal requirements set by legal regulations while applying consistent and transparent enforcement rules. The purpose of this regulation is to inform the public about our procedures and possibilities of participation in making decisions in which ways their personal data will be processed and used by electronic or non-electronic tools.
The basic scope of personal data and privacy protection is represented by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). These legal regulations are complemented and specified by laws of the member states as well as by internal rules of the company, which are gradually implemented to fulfill the aim of the company to reinforce rights of the personal data subjects and protection of their privacy.
Which personal data are we processing?
Personal data means any and all data related to an identifiable person that can be directly or indirectly identified by these data. Our company, in accordance with the principle of minimizing personal data, is gradually implementing rules to process only those personal data that are needed for pursuing its activities or required by law. Personal data are identification data such as name, surname, degree, birth certificate number, date of birth, place of residence, IN, tax number, and also contact data such as address, telephone number, fax, and e-mail address. We only process data provided in excess of the legal regulation with your consent.
Why are we processing your personal data?
If a legal obligation, public interest or protection of vitally important interests of a subject does not require it (Article 6 GDPR), the personal data processing is voluntary. We are processing your data given to us primarily for purposes of providing our services, for our internal needs, and for marketing or business purposes. If you decide to reject processing or to erase your personal data, you can do it in written at this e-mail address email@example.com. We guarantee to erase your personal data within one month, unless there is another legal requirement.
To whom the data could be provided?
We will not share any data with third parties in the future without proper notification. If we share the data with third parties, the third parties will be bound by a data protection compliance agreement. Internationally, our company may share personal data in cooperation with third parties only when bound by data protection compliance memorandum to respect the GDPR. In some occasions there may be legally imposed obligation to provide your personal data to public authorities. Even in such cases, we will request the entire documentation to protect your interests.
How we guarantee the security of your personal data?
All personal data are processed and kept safely for the time necessary for the purposes for which they were collected. We will keep our commitments and protect your rights according to the GDPR for the whole period. We use modern computing techniques capable to protect your personal data avoiding their destruction, alteration, loss, unauthorized access or processing or other misuse.
Giving a consent
With the exception of cases set by law, we are processing personal data solely with your consent.
Under the personal data protection according to GDPR you have these rights:
1. In accordance with the Transparency Principle, the Company has the information obligation to provide you Controller’s contact information, the processing purpose, the period for which the data will be gathered, the intention of transfer the data to third countries and inform about rights below. The company will provide these data to you automatically when your contest with processing will be given.
2. Another right is the access to your personal data. Compared to the previous ones, they are provided on a request. You have the right to request the information if the company processed your data, which category of personal data is being processed and the period for which the data is processed. Upon a request you will be allowed to have an access or copy of processed data free of charge.
3. Another GDPR principle is the accuracy of personal data. The company will take reasonable measures to process accurate and updated data. The company has the obligation to verify that it is processing accurate data, otherwise it has to delete or repair it. Even in this case, the company has the information obligation. You have the right to complete your personal data via an electronic form or a statement addressed to the company.
4. GDPR gives you the right to be forgotten or the right to be erased. This right gives you the option to require the company to erase your data and doesn’t keep them anymore unless there is another legal impediment - for example because of the public interest or legal obligation that requires processing. If there is such an exception, the company has to inform you within one month.
5. You have the right to request restrictions to process your data. In case of inaccurate data, the company must restrict its processing during verification period. Other cases include their illegal handling and inappropriate processing, except when it is in your interest to erase the data. The last reason is to file a complaint of processing, for as long as the company considers your objections.
6. You have the right to data portability. This right allows you to move or transfer your personal data between controllers.
7. As mentioned above, GDPR gives you the right to make a protest against the personal data processing anytime. You will be notified of this right during the first communication with our company. In case of making a protest, the company will stop processing your data until legitimate reasons for the processing will be established.
8. And last but not least, GDPR gives you the right not to be the subject of any decision based solely on the automated processing of your personal data.
We know that personal data protection is a sensitive issue. Please do not hesitate to contact us at our e-mail address with any questions or request for explanation: