Privacy Policy
Privacy Policy
Cellcolabs AB, organisation number 559312-6955, (“Cellcolabs”, “we”, “our” or “us”) values your privacy and is committed to protecting your personal data. Therefore, we strive to ensure that you are fully informed about the use and processing of your personal data in a manner that is readable, transparent, and in compliance with applicable data protection laws and regulations, including, but not limited to, the General Data Protection Regulation (the “GDPR”). This privacy policy (the “Privacy Policy”) outlines our practices regarding the collection, use and protection of your personal data, as well as delineating your rights concerning that data.
As the data controller under the GDPR for the personal data processing activities detailed in this Privacy Policy, Cellcolabs is responsible for the processing of your personal data and providing clear, accurate, and comprehensive information about the processing activities we undertake. We have taken considerable care to ensure this Privacy Policy contains all the information you may need. However, should you have any questions, please do not hesitate to contact us at info@cellcolabs.com. For additional details regarding our use of cookies and similar technologies, please refer to our Cookie Policy.
Cellcolabs regularly reviews and may amend this Privacy Policy from time to time at our sole discretion. We recommend you periodically review this Privacy Policy to stay informed about our personal data practices and understand your position. Should we implement any significant updates to this Privacy Policy that could materially affect you, we will provide you with prior notification of such changes before commencing any new processing activities.
- THE SOURCE OF YOUR PERSONAL DATA
We collect and process various types of personal data depending on your relationship with Cellcolabs. Section 3 of this Privacy Policy provides a detailed description of these practices and further delineates the categories of personal data processed, the purposes for which the personal data are intended, and the legal grounds for such processing.
- HOW AND WHY WE PROCESS YOUR PERSONAL DATA
3.1 Customers and Prospective Customers
Purposes and types of personal data processed
If you are a customer or prospective customer, i.e., if you have placed an order for any of our products or if you have requested a quote for our products, we may collect and process, inter alia, the following types of personal data for the specified purposes stated below:
Personal identification information: We may collect personal data such as your name, business address, shipping/billing address, email address, phone number, and payment information. This information allows us to respond to your inquiries, provide information about our products, process your orders, offer customer support, manage our business relationship, and fulfil our contractual obligations.
Professional data: We may collect information related to your professional role, such as your job title, department, and the organisation you work for. This information helps us understand your role and responsibilities in our business relationship.
Transactional data: We collect information related to our business transactions with the organisation you represent, such as the products you purchase, your payment details, your payment history, and your interactions with our customer support. This information assists us in managing our business relationship with you, understanding your preferences, and improving our services.
Legal grounds
The primary legal ground for processing our customers’ personal data is the performance of the contract between us and the organisation you represent. This processing includes activities essential for the execution of the contract, such as communication, managing business relationships, fulfilling contractual obligations, processing payments, and maintaining accurate business records.
Additionally, we process certain personal data based on our legitimate interests, particularly during the preliminary stages leading up to entering a contract. This includes processing professional data to assess your or your organisation’s business capabilities and suitability for a prospective business relationship.
In specific situations, we may also process your personal data to fulfil our legal obligations, in accordance with requirements set forth by laws such as the Swedish Accounting Act and anti-money laundering regulations.
3.2 Suppliers and Business Partners
Purposes and types of personal data processed
If you represent a supplier or business partner, we may collect and process, inter alia, the following types of personal data for the specified purposes stated below:
Personal identification information: We collect personal data such as your name, business address, shipping/billing address, email address, and phone number. This information allows us to communicate with you, manage our business relationship, and fulfil our contractual obligations.
Professional data: We may collect information related to your professional role, such as your job title, department, and the organisation you work for. This information helps us understand your role and responsibilities in our business relationship.
Transactional data: We collect information related to our business transactions with the organisation you represent, such as the products or services you supply to us, your payment details, and your payment history. This information allows us to manage our contracts, process payments, and maintain accurate business records.
Legal grounds
The primary legal ground for processing personal data of our suppliers and business partners is the performance of the contract between us and you or the organisation you represent. This processing includes activities essential for the execution of the contract, such as communication, managing business relationships, fulfilling contractual obligations, processing payments, and maintaining accurate business records.
Additionally, we process certain personal data based on our legitimate interests, particularly during the preliminary stages leading up to entering a contract. This includes processing professional data to assess your or your organisation’s business capabilities and suitability for a prospective business relationship.
In specific situations, we may also process your personal data to fulfil our legal obligations, in accordance with requirements set forth by laws such as the Swedish Accounting Act and anti-money laundering regulations.
Purposes and types of personal data processed
If you apply for a job with us, we may collect and process, inter alia, the following types of personal data for the specified purposes stated below:
Personal identification information: We collect personal data such as your name, address, email address, phone number, and social security number. This information allows us to manage your job application and facilitate communication throughout the application process.
Professional and employment-related information: We collect information related to your professional experience, including your resume, cover letter, employment history, educational background, professional qualifications, references, and any other information you submit as part of your job application.
Interview records: Should you be invited for an interview, we may retain records of the interview, such as notes taken by the interviewer and any scores or assessments. This helps us make fair and informed decisions about your application.
Legal grounds
Your personal data collected as part of the recruitment process will be stored and processed primarily based on our legitimate interest to manage your application and administer the recruitment process. In accordance with the Swedish Discrimination Act, we are required to retain all your documents related to your application for two years following the filling of the position you applied for. Unless you explicitly request that we retain your data for a longer period, it will be deleted after this timeframe.
Purposes and types of personal data processed
If you visit our website (www.cellcolabs.com), we may collect and process, inter alia, the following types of personal data for the specific purposes stated below:
Personal identification information: If you choose to provide it, we may collect personal data such as your name, email address, and phone number, for example, when you fill out a form to inquire about our products or services. This information allows us to respond to your inquiries and engage in further communication.
Technical data: When you visit our website and have allowed our use of cookies, we automatically collect certain technical data about your device and your interaction with our website. This includes your IP address, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access our website. We use this information to ensure that our website functions properly on your device and to enhance and personalise your online experience.
Usage data: We collect information about how you use our website, such as the pages you view, the links you click, and other actions you take on our website. This helps us understand what parts of our website are most interesting and useful to our visitors, so we can improve our website and provide more relevant content.
Marketing and Communications data: This includes your preferences in receiving marketing from us and your communication preferences. This information allows us to engage with you in accordance with your preferences.
Legal grounds
The primary legal ground for processing the personal data of visitors to our website is either our legitimate interests or your consent.
If you provide us with your name, email address, or phone number, we process this information to communicate with you about your interest in our products or services. We also collect technical and usage data to make sure our website works as intended. These processing activities are based on our legitimate interests to respond to your inquiries, manage your cookie preferences and ensure that our website functions properly.
The processing of personal data for marketing purposes, as well as the utilisation of certain cookies and similar technologies on our website designed to enhance your online experience and understand how users interact with our site, necessitates your consent. Please note that you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
3.5 Bone Marrow Donors
Bone marrow donation entails the collection and processing of personal data concerning you. If you have consented to and successfully completed a bone marrow donation with us, you will have received an Information and Consent Form. This form includes details about the personal data we collect from you, the purposes for which it is processed, and the legal grounds for its processing in accordance with the GDPR.
3.6 CCTV
All entrances and exits to our premises are monitored by CCTV. The primary purposes of our CCTV system are to deter and detect crime, prevent and detect sabotage, and ensure the safety and security of our premises. Our CCTV system monitors in real-time and records footage (without sound). The footage captured retained for a maximum of 72 hours. Access to both live and recorded footage is restricted solely to the Security Chief of Cellcolabs.
We have carefully considered and balanced the legitimate benefits of the CCTV system – crime prevention and premises security – against potential privacy intrusions. The use of CCTV is strictly limited to areas where enhanced security is deemed necessary. We provide clear and visible signage at our premises to inform visitors that CCTV surveillance is in operation.
- HOW LONG WE STORE YOUR PERSONAL DATA
Cellcolabs will store your personal data for as long as it is necessary to fulfil the purposes for which it was collected, or as required to satisfy any other legitimate purposes not incompatible with the original purpose of collection. We will delete personal data that is no longer required for these purposes. However, we may retain specific personal data to comply with legal and regulatory obligations, including any minimum retention periods mandated by law. Upon your request to unsubscribe from direct marketing or other informational communications, your personal data will cease to be processed for these specific purposes.
We take reasonable and appropriate measures to safeguard your personal data against unauthorised access, disclosure, alteration, or destruction. To protect your personal data, we have implemented technical, administrative, and physical security measures, including encryption and the use of secure servers.
- TRANSFER AND DISCLOSURE OF PERSONAL DATA
We may share your personal data with other organisations that process data on our behalf to perform our services. Where appropriate, we have entered into data processing agreements with such organisations to ensure that your personal data is processed securely and confidentially. Additionally, we may share your personal data with third parties who assist us in our marketing efforts. We strictly ensure that these third parties use the personal data solely to market our services according to our instructions.
The personal data we collect from you is processed within a country of the European Union or the European Economic Area (“EU/EEA”). Should there be a necessity to transfer your personal data to a country outside of the EU/EEA, where data protection laws may not offer equivalent protection as the GDPR, we will conduct such transfers in strict compliance with applicable laws and we will take appropriate actions to ensure that the protection of your personal data is not undermined.
We will not share, sell, transfer, or otherwise disclose your personal data to third parties except as described in this Privacy Policy or as required by law, regulation, or a decision from a court or competent authority.
- YOUR RIGHTS
The protection of your personal data is a fundamental right. In accordance with the GDPR, you are afforded specific rights that may be exercised under various circumstances. You are entitled to the rights listed in Sections 7.1–7.8, as detailed below.
7.1 Your right to access
You have the right to demand and receive confirmation on whether or not we process personal data which concerns you. If such personal data is being processed, you have the right to receive information regarding the processing and a copy, free of charge, of the personal data being processed. If you request additional copies, we are entitled to charge you a reasonable administrative fee.
7.2 Your right to rectification
You have the right to request rectification of your personal data if the information is incorrect, including the right to have incomplete personal data completed.
7.3 Your right to erasure (“right to be forgotten”)
You have the right to have your personal data erased without undue delay, and we are obligated to erase personal data in the following situations:
- the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- the processing is based on your consent, and you withdraw that consent, unless there are any other legal grounds for the processing;
- you object to the processing based on a weighing of interests and there are no overriding legitimate grounds for the processing (note however that you always have the right to erasure of your personal data used for direct marketing purposes);
- the personal data has been unlawfully processed; or
- the personal data has to be erased for compliance with a legal obligation under EU or Member State law to which we are subject.
However, please note that the right to erasure does not apply in certain circumstances, such as when processing is necessary for compliance with a legal obligation under EU law or the law of any Member State of the EU to which we are subject, or for the establishment, exercise, or defence of legal claims.
7.4 Your right to restriction
You have the right to restrict our processing of your personal data where one of the following applies:
- the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the data;
- the processing is unlawful, and you oppose the erasure of the personal data, requesting instead a restriction on its use;
- we no longer need the personal data for the purposes of the processing, but you require the data for the establishment, exercise, or defence of legal claims; or
- you have objected to the processing based on a weighing of interests, pending the verification of whether our legitimate grounds to process the data override yours.
A restriction on processing means that the personal data will continue to be stored but Cellcolabs will not process any personal data without your consent, except for the establishment, exercise, or defence of legal claims, or when the processing is necessary for the protection of the rights of another natural or legal person.
7.5 Your right to data portability
You have the right to request access to personal data that you have provided to Cellcolabs in a structured, generally used, and machine-readable format. Furthermore, you have the right to transmit this data to another controller, provided the processing is based on your consent or on the performance of a contract, and the processing is carried out by automated means. Where technically feasible, you have the right to have the personal data transmitted directly from Cellcolabs to another controller.
7.6 Your right to object
You have the right to object, at any time, to the processing of personal data which is based on a legitimate interest. Upon such an objection, Cellcolabs will cease processing the personal data unless Cellcolabs can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defence of legal claims.
Where personal data is processed for direct marketing purposes, you have the right to object at any time to such processing of personal data, and if you do so, we will no longer process your personal data for these purposes.
7.7 Your right to withdraw consent
If you have provided Cellcolabs consent, you may withdraw it at any time. When you withdraw your consent, the processing that the consent referred to will cease to occur and the personal data collected on the basis of your consent will be deleted, if the personal data is not needed for another purpose for which Cellcolabs has the right to process your personal data.
7.8 Your right to lodge a complaint with a supervisory authority
For any inquires related to this Privacy Policy, to exercise any of your data protection rights, or if you have a compliant, please contact us using the details provided below in Section 8. Additionally, you have the right at any time to lodge a complaint with the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten) or the corresponding authority in your country of residence.
- CONTACT INFORMATION
Should you have any questions or concerns regarding our privacy practices or this Privacy Policy, please do not hesitate to contact us at:
Cellcolabs AB
Retzius väg 8
171 65 Solna, Sweden
E-mail: info@cellcolabs.com
We will address your inquiries within the legally mandated timeframes, and in accordance with this Privacy Policy. As detailed in Section 7 above, please note that certain legal exemptions or limitations may apply to the exercise of your rights. Additionally, verification of your identity may be required prior to processing your request. If we are unable to comply with your request, we will explain the reasons for this and inform you of your options.