Privacy Statement Medline International B.V


Content:

Introduction

This privacy statement describes how Medline International and its European Affiliates (We) collect, process, store, protect, transfer and delete personal data. We also explain for which activities we process the data and on what legal basis we do so. The sharing of data with other parties will be described, as well as the processing of personal data outside the EU. The security of personal data is dealt with together with the retention terms. We have also detailed your rights as a data subject and what you need to do in case you want to file a complaint.

Our vison on privacy

This privacy statement describes how we handle your personal data and how we comply with our legal obligations. We ensure that any processing of your personal data is in accordance with the following principles:

  • lawfulness, fairness and transparency: personal data shall be processed lawfully, fairly and in a transparent manner;
  • purpose limitation: personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
  • data minimization: personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • accuracy: personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  • storage limitation: personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;
  • integrity and confidentiality: personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss.

When this statement applies to you

This statement applies to you when:

  • You visit our website (Website user)
  • You visit one of our locations (Location visitor)
  • We supply products and/or services to you as a customer (Customer)
  • You, as a supplier, supply products and/or services to us (Supplier)
  • You apply for a vacant position within Medline (Applicant)

This Privacy Statement does not apply to personal information that we collect in the context of your employment or other working relationship with us.

What Personal Data do we collect and use?

WEBSITE USER

We collect and use basic information about our Website users, which we use primarily to improve our website experience. We look at how you use our website, how often you visit our website and when the website is used most. In addition, we also use website data to monitor visitor behaviour and to optimise our campaigns in the context of remarketing.

As soon as you subscribe to our newsletter, you can choose to share the following information with us:

  • Contact details;
  • Country;

It is always possible to unsubscribe from the newsletter. E-mail preferences can be managed through the subscription link in our e-mails. Other information can be modified by reaching out to our Customer Service department

LOCATION VISITOR

When you visit one of our locations we register you as a visitor  by collecting your contact details.

CUSTOMER

We collect and use information about you to provide our products and/or services to you. When collecting data, we limit ourselves to the information necessary to achieve our objective. This is usually the personal information we may collect and use:

  • Contact information;
  • Financial information (VAT and Bank account);

SUPPLIER

We collect and use information about your organization or individuals within your organization in order to communicate with you, receive products and/or services and pay for them within the context of what we have agreed with you.

This is usually the personal information we may collect and use:

  • Contact information;
  • Financial information (VAT and Bank account);

APPLICANT

If you apply for a vacancy on our site, we will collect the following personal details:

all information you share with us in your resume, qualifications, references and motivation.

How do we collect your personal data?

WEBSITE USER

We automatically collect your data using cookies when you visit our website, based on the cookie settings in our cookie bar. When you contact us via the website, we may also collect information from you.

LOCATION VISITOR

We directly request you to provide your contact information upon signing in at reception.

CUSTOMER

We collect your personal information in the course of our contractual relationship with your organization, also to be able to deliver goods.

SUPPLIER

We collect your personal information in the course of our contractual relationship with your organization, also to be able to do payments.

APPLICANT

We collect your personal data directly from you or from recruitment agencies we hire and you have registered with.

How do we use your personal information?

WEBSITE USER

Website user information to improve the user experience of our website and send newsletter if requested. 

LOCATION VISITOR

To ensure the safety of the visitors in the building.

CUSTOMER

We use customer data for the following purposes:

  • Supply of products and/or services;
  • Marketing activities;
  • Financial activities;
  • Customer analysis;
  • To perform due diligence screening;
  • Close an agreement.

SUPPLIER

The purpose for using Supplier data is to ensure that our contractual agreements can be met or to perform a due diligence screening.

APPLICANT

We collect your personal data solely for recruitment purposes.

With whom do we share your personal data?

We may share your personal information with the following categories of persons in different ways and for different reasons, as appropriate and in accordance with local laws and regulations:

  • All business entities falling under Medline Industries Inc;
  • Where required by law: Tax, audit or other authorities;
  • Third parties such as service providers/distributors who perform services on our behalf;
  • Third parties such as outsourced IT providers and files storage providers with whom we have a processing agreement;
  • Marketing technology platforms and suppliers.

This list is not exhaustive.

Our legal basis for processing your data

WEBSITE USER

We have a legitimate interest to provide you with the necessary communication  for the purpose we pursue.

We obtain your consent based on the cookie settings in our cookie bar.

LOCATION VISITOR

We have a legitimate interest to ensure the security and safety of our premises.

CUSTOMER

  • We have obtained consent from you in case you subscribed for a newsletter
  • The contract we have entered into with you
  • A legal obligation we might have.

SUPPLIER

  • The contract we have entered into with you
  • A legal obligation we might have.

APPLICANT

We have a legitimate interest to process your data for recruitment purposes and possible contractual requirements. In case we store your data we only do that on the basis of your consent.

THE FORMULATION, CONDUCT OR DEFENCE OF CRIMINAL PROCEEDINGS

We may sometimes need to process personal information and, where appropriate and in accordance with local laws and regulations, sensitive personal information in connection with conducting or defending criminal proceedings.

How long do we retain your personal data?

We will retain your personal data for as long as necessary to fulfill the purposes we collected it for, including any legal requirement. At the end of the retention period, we will delete your personal data in a manner designed to ensure that it cannot be reconstructed.

WEBSITE USER

The retention period at user level and at event levels associated with cookies, user IDs and advertising IDs are stored in Medline’s Google Analytics for 26 months before they are automatically deleted. 

A website user can unsubscribe from the newsletter.

LOCATION VISITOR

We retain the information for 30 days.

CUSTOMER

If we have not had any meaningful contact with you during a period of 5 years, we will delete your data, unless law or regulation requires that we retain it for a longer period of time.

SUPPLIER

If we have not had any meaningful contact with you for a period of 5 years, we will delete your data, unless law or regulation requires that we retain it for a longer period of time.

APPLICANT

If your application does not lead to a job, we will destroy your file after one month of rejection, unless you have given us your consent to keep it for one more year.

Your rights

You have the following rights with regard to your personal data.

  • Right to access information about how we process your personal data, including the categories of personal data we process, recipients of your personal Data, and purposes for our processing.
  • Right to rectification of inaccurate Personal Data concerning you, as well as, taking into account the purposes of the processing, the right to have incomplete Personal Data completed.
  • Right to erasure (deletion) of Personal Data concerning you where: (a) the Personal Data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) you withdraw your consent and there are no other legal grounds for the processing; (c) you exercise your right to object (see below) and there are no compelling legitimate grounds for the processing; (d) the Personal Information have been unlawfully processed; or (e) the Personal Data have to be erased for compliance with a legal obligation applicable to us.
  • Right to restriction of processing (i.e., data will be blocked from normal processing but not erased) where: (a) you contest the accuracy of the Personal Data, for a period enabling us to verify the accuracy; (b) the processing is unlawful and you oppose the erasure of the Personal Data and requests the restriction of their use instead; (c) we no longer need the Personal Data for the purposes of the processing but they are required by you for the establishment, exercise or defence of legal claims; (d) you exercise your right to object (see below) pending the verification whether our legitimate grounds override those of you.
  • Where processing is based on your consent, the right to withdraw consent at any time, without affecting the lawfulness of the processing prior to such withdrawal. Please note that even after you have chosen to withdraw your consent we may be able to continue to process your Personal Data in some limited circumstances.
  • Where processing is based on your consent, or on a contract, the right to data portability, i.e. the right to obtain a copy of the data concerning you in a structured, commonly used and machine-readable format and the right to transmit such data to another controller without hindrance from us.

Right to object to the processing of Personal Data based on our legitimate interests, provided that there are no compelling legitimate grounds for the processing that would override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims

How to exercise your rights

By contacting us, we will handle your request within the required timeframe that stands for it

Right to lodge a complaint with a supervisory authority

You always have the right to lodge a  complaint with  your local supervisory authority. Details can be found in Appendix 2.

Security and protection of your personal data

We have implemented appropriate technical and organizational measures to ensure the personal data we process is protected from unauthorized access, use, disclosure, alteration or destruction, in accordance with applicable laws and regulations. Unfortunately, no data transmission or storage system can be guaranteed to be completely secure and we cannot fully guarantee the security of personal data.

International transfers of personal data

Medline is an international organisation with affliliates across the world Medline has committed itself to comply with this privacy statement and the European Data Protection Laws with regard to information transferred outside the European Economic Area (EEA). The laws in other countries outside the EEA may not be as strict as the laws in Europe. Because of this, Medline has taken measures to protect your privacy and fundamental rights when your personal data is transferred outside the EEA and other countries where no adequacy decisions of the European Commission apply.
This means that Medline uses appropriate safeguards such as standard contractual clauses and safe transfer protocols to ensure adequate protection.

What are cookies and how do we use them?

Medline’s Websites use cookies and other techniques to facilitate its use and to offer additional functions. A cookie is a text file (small amount of data, which often includes a unique identifier) which the web server copies onto your computer. One of the main purposes of cookies is to help you navigate the websites and to remember entries made. Stored settings may thus be recalled on subsequent visits to make it easier for you to use your personalised pages. Medline’s Website uses different types of cookies. Some cookies are placed by third party services that appear on our pages. You will always be able to accept or decline cookies. If you want to check what type of cookies you accept when you visit our websites, you can view this via the cookie bar. We show you what type of cookies we use, which cookies we use and why we use them and how you can delete/adjust cookies. Declining cookies may mean that you will not be able to fully experience the interactive features of the Websites. In particular, it will disable applications that technically rely on the use of cookies. You consent to our cookies if you continue to use our websites.

How to contact us

We are Medline International B.V. If you would like to know how to contact us, please consult Appendix 1 or visit our website. Next to The Netherlands, this privacy statement also applies to Austria, Belgium, France, Germany, Ireland, Italy, Portugal, Slovakia, Spain and the United Kingdom (UK). It is possible that countries apply different interpretation to the protection of personal data at a detailed level on the basis of local implementation laws. Therefore, country-specific sections are included in this privacy statement if applicable. This country-specific information is stated in Appendix 3.

In order to keep this privacy statement up to date, we may amend it from time to time. You can always find the most recent version of this statement on our website.

Version 1.0 September 2019


 

APPENDIX 1 - When you can contact us

  • To access, modify or withdraw your personal information that you have provided us with;
  • If you suspect misuse or loss of or unauthorised access to your personal information;
  • To withdraw your consent to the processing of your personal data (when consent is the legal ground on which we process your personal data);
  • If you have any comments or suggestions regarding this Privacy Policy.

You can contact us at the following address:

Medline International B.V.
Nieuwe Stationsstraat 10
6811 KS Arnhem
The Netherlands
Phone: +31 (0) 26 – 312 7227
Fax: +31 (0) 26 – 312 7208
E-mail: [email protected]

Updating your e-mail preferences.

When it comes to e-mail messaging preferences, these can only be updated through the subscription link in our e-mails. Changes to contact information can only be handled by our Customer Service.

APPENDIX 2 - How to contact your supervisory authority

Since Medline International B.V. can be regarded as the main establishment of Medline in the E.E.A., the supervisory authority of The Netherlands shall be competent to act as lead supervisory authority for the cross-border processing.

By derogation from this, each (local) supervisory authority shall be competent to handle a complaint lodged with it or a notification of a possible infringement of the GDPR, if the subject matter of the complaint/notification relates only to an establishment in its Member State or substantially affects data subjects only in its Member State.

In such a case you must contact the supervisory authority of your Member State.

E.E.A. Countries in which you use our services or to which we provide services:

Austria, Belgium, France, Germany, Ireland, Italy, The Netherlands, Portugal, Slovakia, Spain, United Kingdom

Details of the local supervisory authorities you can find here 

APPENDIX 3 - Country-specific variations in our privacy statement

NB: This Appendix will be updated when provisions of local legislation prevail.  

Copyright © 2018 Medline Industries, Inc. All rights reserved.