Online Portal Privacy Notice

Biosite Systems Limited (“We”) are committed to protecting and respecting your privacy. By using this online portal you are accepting and consenting to the practices described in this policy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

As you utilise this online portal, the majority of the information collected is controlled by the portal owner, we operate and manage the online portal on behalf of the portal owner. The portal owner will have their own privacy policy which you should read to understand their views and practices regarding data you submit through the online portal.

In order to ensure the reliability and quality of the online portal, we monitor your use of the online portal as a legitimate interest. We only collect the minimal information (as set out below) necessary to:

• correct faults with the service; and
• identify aspects of the service which could be improved.

Where practical, we anonymise or statistically aggregate the information we collect.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purpose of data protection legislation, the data controller for the data described in this policy is Biosite Systems Limited, a limited company registered in England and Wales, with its registered office at Lancaster House, Drayton Road, Shirley, Solihull, West Midlands, England, B90 4NG. Its company number is 07308880.

Information the portal owner can collect about you

The Biosite online portal is configured by the portal owner to collect and process your data as defined in the portal owner’s privacy policy.

Personal data collected and processed by Biosite is stored at rest and in transit using AES256 encryption.

The portal owner can assign personal data access levels to each data to limit access to, and processing of, each record. Please refer to the portal owner’s privacy policy for information on how they process your data.

The portal owner can configure personal data retention settings for data to automatically delete personal data once no longer required. Please refer to the portal owner’s privacy policy for information on how long they retain your data.

Personal data

The portal owner may choose to capture personal data about you. We store this data on the portal owner’s behalf, but do not otherwise process your data. All data is segregated by the portal owner, so your data will never be shared with another portal owner.

Facial data

The portal owner may choose to capture a photo of you to store against your profile. We store this data on the portal owner’s behalf, but do not otherwise process your data. All data is segregated by the portal owner, so your data will never be shared with another portal owner.

Biosite Mobile App and Location Data

The portal owner may choose to enable the geofencing feature to enforce expected usage of the Biosite Mobile App.

When enabled by the portal owner, configured geofence data will be downloaded from the portal owner’s portal to your mobile device and geofence location checks will be performed during the following actions:

• Recording operative access events

The portal owner will require you to allow the Biosite Mobile App to access high precision location data from your mobile device to perform these geofence location checks.

Your location data will be collected and processed by the Biosite Mobile App for the sole purpose of calculating whether your mobile device is currently located within the configured geofenced area.

The processing of your location data will only occur within the Biosite Mobile App and only during specified actions. Your location data is never transmitted off the device.

We collect and process this data on the portal owner’s behalf, but do not otherwise process your data. All data is segregated by the portal owner, so your data will never be shared with another portal owner.

Sensitive and Special Category

The portal owner may choose to capture special category personal data, including but not limited to: racial or ethnic origin, religious or philosophical beliefs, biometric data, data concerning health, data concerning sexual orientation.

We store this data on the portal owner’s behalf, but do not otherwise process your data. All data is segregated by the portal owner, so your data will never be shared with another portal owner.

Facial recognition

The portal owner may choose to use facial recognition as a method to identify you. Facial image data is processed by Biosite to create a unique template to be used for biometric identification. Facial image data is irrevocably discarded once this facial template is created.

This facial template cannot be used to reverse construct the original facial image.

This facial template data is processed by our systems to perform biometric identification.

We store this data on the portal owner’s behalf, but do not otherwise process your data. All data is segregated by the portal owner, so your data will never be shared with another portal owner.

Fingerprint recognition

The portal owner may choose to use fingerprint recognition as a method to identify you. Fingerprint image data is processed by Biosite to create a unique template to be used for biometric identification. Fingerprint image data is irrevocably discarded once this fingerprint template is created.

This fingerprint template cannot be used to reverse construct the original fingerprint image.

This fingerprint template data is processed by our systems to perform biometric identification.

We store this data on the portal owner’s behalf, but do not otherwise process your data. All data is segregated by the portal owner, so your data will never be shared with another portal owner.

Information Biosite collects from you

We will collect and process the following data about you:

• Information you submit to us through feedback mechanisms (for example, online forms or e-mail).
• When you are logged in, your unique user identifier, which is linked to your portal login.
• Your browser “user-agent”, which may include information on the web browser you are using and your operating system.
• Features you interact with while using the online portal.
• Errors that occur during your browsing session.
• A short log of events that occurred in the run up to an error occurring.

For clarity, we do not collect data you submit to the service, or receive from it, as part of our monitoring activities. Only the act of submitting or receiving is recorded. For example, we may record that you entered information into a particular form field, but not the information itself, or, we may record that you ran a particular report, but not the resulting details of the report.

Data submitted through, or received from, the service is owned and controlled by the portal owner.

Uses made of the information

We use information held about you in the following ways:

• Feedback you give to us. We will use this information:
  • to improve the goods or services;
  • to investigate and correct faults;
  • to provide you with information regarding relevant improvements to the goods and services (for example, we may notify you if a feature you suggested becomes available).
• Information we collect about you. We will use this information:
  • to administer the service and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to improve the service to ensure that content is presented in the most effective manner for you and for your computer;
  • as part of our efforts to keep the service safe and secure.

Retention of your information

• Feedback you give to us. We will keep this information for a maximum of one year.
• Information we collect about you. We will keep this information for a maximum of 90 days.

Disclosure of your information

We will share your personal information with:

• any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006; and
• analytics providers who supply us with services for collecting and analysing feedback and usage information.

We will disclose your personal information to third parties:

• In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
• If we are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or terms and conditions of supply and other agreements; or to protect the rights, property, or safety of us, our customers, or others.

Where we store your personal data

We take your safety and security very seriously and we are committed to protecting your personal information. All information you provide to us is stored on secure servers. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our service, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us; any transmission is at your own risk. Our systems are configured to transmit data using best practice encryption. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. Biosite is committed to storing your Personal Information within the UK and / or European Economic Area.

Your rights

Where processing of your personal data is based on consent, you can withdraw that consent at any time. You have the following rights. You can exercise these rights at any time by emailing us at privacy@biositesystems.com. You have the right:

• to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes;
• to ask us not to process your personal data where it is processed on the basis of legitimate interests provided that there are no compelling reasons for that processing;
• to ask us not to process your personal data for scientific or historical research purposes, where relevant, unless the processing is necessary in the public interest; to request from us access to personal information held about you;
• to ask for the information we hold about you to be rectified if it is inaccurate or incomplete;
• to ask for data to be erased provided that the personal data is no longer necessary for the purposes for which it was collected, you withdraw consent (if the legal basis for processing is consent), you exercise your right to object, set out below, and there are no overriding legitimate ground for processing, the data is unlawfully processed or the data needs to be erased to comply with a legal obligation;
• to ask for the processing of that information to be restricted if the accuracy of that data is contested, the processing is unlawful, the personal data is no longer necessary for the purposes for which it was collected or you exercise your right to object (pending verification of whether there are legitimate grounds for processing); and
• to ask for data portability if the processing is carried out by automated means and the legal basis for processing is consent or contract.

The Regulator

Should you have any issues, concerns or problems in relation to your data, or wish to notify us of data which is inaccurate, please let us know by writing to us at privacy@biositesystems.com. If you are not satisfied with the processing of your data you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) which is the supervisory authority for data protection in the UK. We request that you first bring any complaint to our attention before contacting the ICO so that we may take appropriate action to resolve the issue.

Links

This portal may, from time to time, contain links to and from external websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Access to information

Data protection legislation gives you the right to access, rectify or erase information held about you. Your right of access can be exercised in accordance with the data protection legislation. You can make an access request by writing to privacy@biositesystems.com. Any access request will be processed as required by law. We will provide you with a copy of any personal data undergoing processing free of charge. For any further copies requested by you, we reserve the right to charge a reasonable fee based on administrative costs.

Changes to our privacy policy

Any changes we make to our privacy policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy policy.

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to Biosite Systems Limited, Lancaster House, Drayton Road, Shirley, Solihull, West Midlands, England, B90 4NG; via emailing privacy@biositesystems.com or by telephoning our customer service line on 0121 374 2939. Furthermore, you can contact the Biosite Data Protection Officer at privacy.globalsolutions@assaabloy.com if your issue remains unresolved or to file a complaint

Last Updated 25/09/2024