Privacy Statement Medline International B.V
- Our vision on privacy
- When this statement applies to you
- What personal data do we collect and use?
- How do we collect your personal data?
- How do we use your personal data?
- With whom do we share your personal data?
- Our legal basis for processing your personal data
- How long do we retain your personal data?
- Your rights
- Security and protection of your personal data
- International transfers of personal data
- What are cookies and how do we use them?
- How to contact us
This privacy statement describes how Medline International and its European Affiliates (We) collect, process, store, protect, transfer and delete personal data. We also explain the activities we process the data for and the legal basis for doing so. We will describe how data is shared with other parties as well as the processing of personal data outside the European Economic Area (EEA). We have also detailed your rights as a data subject and what you need to do in case you want to file a complaint.
Our vison on privacy
This privacy statement describes how we handle your personal data and how we comply with our legal obligations. We ensure that any processing of your personal data is in accordance with the following principles:
- Lawfulness, fairness and transparency: personal data shall be processed lawfully, fairly and in a transparent manner;
- Purpose limitation: personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- Data minimization: personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accuracy: personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- Storage limitation: personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;
- Integrity and confidentiality: personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
When this statement applies to you
This statement applies to you when
- You visit our website (Website user)
- You visit one of our locations (Location visitor)
- We supply products and/or services to you as a customer (Customer)
- You, as a supplier, deliver products and/or services to us (Supplier)
- You apply for a vacant position within Medline (Applicant)
This Privacy Statement does not apply to personal data that we collect in the context of your employment or other working relationship with us.
What Personal Data do we collect and use?
Once an individual accesses our website(s) they become a website user. We collect and use basic information about our Website users through browser cookies, which we use primarily to improve our website experience. We look at how you use our website, how often you visit our website and when the website is used most. In addition, we also use website data to monitor visitor behaviour and to optimise our campaigns in the context of remarketing.
When you subscribe to our newsletter, you can choose to share the following information with us:
- Personal identification information (title, first name, surname and e-mail address);
You may unsubscribe from our newsletter at anytime. E-mail preferences can be managed through the subscription link in any e-mails you receive from us. Other information can be modified by contacting us at the address, email, phone or fax number listed in Appendix 1.
When you visit one of our locations, we will collect your contact details and register you as a visitor.
We collect and use your information in order to communicate with you and to provide you our products and/or services. We limit ourselves to collecting no more information than necessary to achieve our objective. The information we may collect from you and use includes:
- Personal identification information (name, email, phone number, etc.);
- Financial information (VAT and Bank account);
- Additional information necessary to achieve our objective;
We collect and use information about your organization or individuals within your organization in order to communicate with you, deliver products and/or services and pay for them within the context of what we have agreed with you.
The information we may collect from you and use:
- Personal identification information (name, email, phone number, etc.);
- Financial information (VAT and Bank account);
When applying a vacancy through our website, we will collect the information you share with us in your resume, qualifications, references and motivation.
How do we collect your personal data?
You directly provide Medline with most of the data we collect
When you visit our site, we automatically collect your data using cookies based on the cookie settings. When you contact us via the website, we may also collect information from you.
Upon signing in at reception, we directly request you to provide your contact information.
We collect your personal data in the course of our contractual relationship with your organization, and to be able to deliver goods and services.
We collect your personal data in the course of our contractual relationship with your organization, and to process payments.
We collect your personal data directly from you or from recruitment agencies we hire and you have registered with.
How do we use your personal information?
Website user information is used to improve the user experience of our website and to send newsletters, only if you subscribe to it.
Visitor information is used to ensure the safety of our employees, customers, suppliers and visitors.
Customer data is used to:
- Supply products and/or services;
- Facilitate marketing activities;
- Complete financial activities;
- Perform customer analysis;
- Perform due diligence screenings; and
- Fulfill agreements.
Supplier data is used to ensure that our contractual agreements are met and to perform due diligence screenings.
Applicant data is used for recruitment and hiring purposes.
With whom do we share your personal data?
We may share your personal data with the following categories of persons in different ways and for different reasons, as appropriate and in accordance with local laws and regulations:
- All business entities falling under Medline Industries, Inc;
- Where required by law: Tax, audit or other public authorities;
- Third parties such as service providers/distributors who perform services on our behalf;
- Third parties such as outsourced IT providers and files storage providers with whom we have a processing agreement;
- Marketing technology platforms and suppliers.
Our legal basis for processing your data
We have a legitimate interest in providing you with necessary information when you contact us through our website’s contact form. We obtain your consent based on the cookie settings and when you subscribe to our newsletter.
We have a legitimate interest to ensure the security and safety of our premises.
- We have obtained your consent when you subscribed to our newsletter;
- The contract we have entered into with you;
- A legal obligation we might have.
- The contract we have entered into with you
- A legal obligation we might have.
We have a legitimate interest to process your data for recruitment purposes and possible contractual requirements.
THE FORMULATION, CONDUCT OR DEFENCE OF CRIMINAL PROCEEDINGS
We may need to process personal data and, where appropriate and in accordance with local laws and regulations, sensitive personal data in connection with conducting or defending criminal proceedings.
How long do we retain your personal data?
Website user data associated with cookies, user IDs and advertising IDs are stored in Medline’s Google Analytics for twenty-six (26) months before they are automatically deleted.
A website user can unsubscribe from the newsletter at anytime, and their data will be deleted at that time.
Visitor information is retained for three (3) months, unless otherwise required by law or regulation.
Customer data used for commercial prospecting purposes are deleted two (2) years after the last instance of meaningful contact from the client, unless law or regulation requires that we retain it for a longer period of time.
Customer data establishing proof of a right or a contract, or retained to comply with a legal obligation, are deleted five (5) years after the end of the commercial relationship, unless law or regulation requires that we retain it for a longer period of time.
Supplier data establishing proof of a right or a contract, or retained to comply with a legal obligation, are deleted five (5) years after the end of the commercial relationship, unless law or regulation requires that we retain it for a longer period of time.
Applicants that do not receive a job will have their information retained for one (1) month following notice of rejection. Applicants may consent to have their application retained for one (1) year following their initial notice of rejection, unless law or regulation requires that we retain it for a longer period of time.
Medline would like to make sure you are fully aware of your data protection rights. Every user is entitled to the following:
- Right to access information about how we process your Personal Data, including the categories of Personal Data we process, recipients of your Personal Data, and purposes for our processing.
- Right to rectification of inaccurate Personal Data concerning you, as well as, taking into account the purposes of the processing, the right to have incomplete Personal Data completed.
- Right to erasure (deletion) of Personal Data concerning you where: (a) the Personal Data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) you withdraw your consent and there are no other legal grounds for the processing; (c) you exercise your right to object (see below) and there are no compelling legitimate grounds for the processing; (d) the Personal Data have been unlawfully processed; or (e) the Personal Data have to be erased for compliance with a legal obligation applicable to us.
- Right to restriction of processing (i.e., data will be blocked from normal processing but not erased) where: (a) you contest the accuracy of the Personal Data, for a period enabling us to verify the accuracy; (b) the processing is unlawful and you oppose the erasure of the Personal Data and requests the restriction of their use instead; (c) we no longer need the Personal Data for the purposes of the processing but they are required by you for the establishment, exercise or defence of legal claims; (d) you exercise your right to object (see below) pending the determination of whether our legitimate grounds override your rights.
- Where processing is based on your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of the processing prior to such withdrawal.
- Where processing is based on your consent, or on a contract, the right to data portability, i.e. the right to obtain a copy of the data concerning you in a structured, commonly used and machine-readable format and the right to transmit such data to another controller without hinderance from us.
- Right to object to the processing of Personal Data provided that we do not have compelling, legitimate grounds for processing your Personal Data that would override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
How to exercise your rights
If you would like to exercise any of these rights, please contact us at the address, email, phone or fax number listed in Appendix 1.
If you make a request we have one (1) month to respond. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
Right to lodge a complaint with a supervisory authority
You always have the right to lodge a complaint with your local supervisory authority. Details can be found in Appendix 2.
Security and protection of your personal data
We have implemented appropriate technical and organizational measures to ensure the personal data we process is protected from unauthorized access, use, disclosure, alteration or destruction, in accordance with applicable laws and regulations. Unfortunately, no data transmission or storage system can be guaranteed to be completely secure and we cannot fully guarantee the security of personal data.
International transfers of personal data
Medline is an international organisation with affiliates across the world. Medline has committed itself to comply with this privacy statement and the applicable data protection laws and regulations with regard to personal data transferred outside the EEA. The laws in other countries outside the EEA may not be as strict as the laws in Europe. Because of this, Medline has taken measures to protect your privacy and fundamental rights when your personal data is transferred outside the EEA and other countries where no adequacy decisions of the European Commission apply. This means that Medline uses appropriate safeguards such as standard contractual clauses and safe transfer protocols to ensure adequate protection.
What are cookies and how do we use them?
How to contact us
If you would like to contact us, please consult Appendix 1 or visit our website. This privacy statement also applies to Austria, Belgium, France, Germany, Ireland, Italy, Luxembourg, the Netherlands, Portugal, Slovakia, Spain and the United Kingdom (UK). It is possible that countries apply different interpretation to the protection of personal data at a detailed level on the basis of local implementation laws. Therefore, country-specific sections are included in this privacy statement, if applicable. Country specific information is provided in Appendix 3.
In order to keep this privacy statement up to date, we may amend it from time to time. You can always find the most recent version of this statement on our website.
Version 1.2 May 2020
APPENDIX 1 - When to contact us
- To exercise your rights of access, to rectification and to erasure of your personal data that you have provided to us, as well as your rights to restriction and to object to processing and to data portability;
- If you suspect misuse or loss of or unauthorised access to your personal data;
- To withdraw your consent to the processing of your personal data (when consent is the legal ground on which we process your personal data);
You can contact us at the following address:
Medline International B.V.
Nieuwe Stationsstraat 10
6811 KS Arnhem
Phone: +31 (0) 26 – 312 7227
Fax: +31 (0) 26 – 312 7208
E-mail: [email protected]
Updating your e-mail preferences.
When it comes to e-mail messaging preferences, these can only be updated through the subscription link in our e-mails. Changes to contact information can only be handled by our Customer Service.
APPENDIX 2 - How to contact your supervisory authority
Since Medline International B.V. can be regarded as the main establishment of Medline in the E.E.A., the supervisory authority of The Netherlands shall be competent to act as lead supervisory authority for the cross-border processing.
Each (local) supervisory authority are competent to handle a complaint lodged with it or a notification of a possible infringement of the applicable legislation and reglementation regarding data protection, if the subject matter of the complaint/notification relates only to an establishment in its Member State or substantially affects data subjects only in its Member State.
In such a case you must contact the supervisory authority of your Member State.
The following are the European Economic Area countries where we provide services:
Austria, Belgium, France, Germany, Ireland, Italy, Luxemburg, the Netherlands, Portugal, Slovakia, Spain, United Kingdom
Details of the local supervisory authorities you can find here.
APPENDIX 3 - Country-specific variations in our privacy statement
NB: This Appendix will be updated when provisions of local legislation prevail.