Privacy Statement Medline International B.V
- Our vision on privacy
- When this statement applies to you
- What personal data do we collect and use?
- How do we collect your personal data?
- How do we use your personal information?
- With whom do we share your personal data?
- Our legal basis for processing your data
- How long do we retain your personal data?
- Your rights
- Security and protection of your personal data
- International transfers of personal data
- What are cookies and how do we use them?
- How to contact us
This privacy statement describes how Medline International and its European Affiliates (We) collect, process, store, protect, transfer and delete personal data. We also explain for which activities we process the data and on what legal basis we do so. The sharing of data with other parties will be described, as well as the processing of personal data outside the EU. The security of personal data is dealt with together with the retention terms. We have also detailed your rights as a data subject and what you need to do in case you want to file a complaint.
This privacy statement describes how we handle your personal data and how we comply with our legal obligations. We ensure that any processing of your personal data is in accordance with the following principles:
- lawfulness, fairness and transparency: personal data shall be processed lawfully, fairly and in a transparent manner;
- purpose limitation: personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- data minimization: personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accuracy: personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- storage limitation: personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;
- integrity and confidentiality: personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss.
This statement applies to you when:
- You visit our website (Website user)
- You visit one of our locations (Location visitor)
- We supply products and/or services to you as a customer (Customer)
- You, as a supplier, supply products and/or services to us (Supplier)
- You apply for a vacant position within Medline (Applicant)
This Privacy Statement does not apply to personal information that we collect in the context of your employment or other working relationship with us.
We collect and use basic information about our Website users, which we use primarily to improve our website experience. We look at how you use our website, how often you visit our website and when the website is used most. In addition, we also use website data to monitor visitor behaviour and to optimise our campaigns in the context of remarketing.
As soon as you subscribe to our newsletter, you can choose to share the following information with us:
- Contact details;
It is always possible to unsubscribe from the newsletter. E-mail preferences can be managed through the subscription link in our e-mails. Other information can be modified by reaching out to our Customer Service department
When you visit one of our locations we register you as a visitor by collecting your contact details.
We collect and use information about you to provide our products and/or services to you. When collecting data, we limit ourselves to the information necessary to achieve our objective. This is usually the personal information we may collect and use:
- Contact information;
- Financial information (VAT and Bank account);
We collect and use information about your organization or individuals within your organization in order to communicate with you, receive products and/or services and pay for them within the context of what we have agreed with you.
This is usually the personal information we may collect and use:
- Contact information;
- Financial information (VAT and Bank account);
If you apply for a vacancy on our site, we will collect the following personal details:
all information you share with us in your resume, qualifications, references and motivation.
We automatically collect your data using cookies when you visit our website, based on the cookie settings in our cookie bar. When you contact us via the website, we may also collect information from you.
We directly request you to provide your contact information upon signing in at reception.
We collect your personal information in the course of our contractual relationship with your organization, also to be able to deliver goods.
We collect your personal information in the course of our contractual relationship with your organization, also to be able to do payments.
We collect your personal data directly from you or from recruitment agencies we hire and you have registered with.
Website user information to improve the user experience of our website and send newsletter if requested.
To ensure the safety of the visitors in the building.
We use customer data for the following purposes:
- Supply of products and/or services;
- Marketing activities;
- Financial activities;
- Customer analysis;
- To perform due diligence screening;
- Close an agreement.
The purpose for using Supplier data is to ensure that our contractual agreements can be met or to perform a due diligence screening.
We collect your personal data solely for recruitment purposes.
We may share your personal information with the following categories of persons in different ways and for different reasons, as appropriate and in accordance with local laws and regulations:
- All business entities falling under Medline Industries Inc;
- Where required by law: Tax, audit or other authorities;
- Third parties such as service providers/distributors who perform services on our behalf;
- Third parties such as outsourced IT providers and files storage providers with whom we have a processing agreement;
- Marketing technology platforms and suppliers.
This list is not exhaustive.
We have a legitimate interest to provide you with the necessary communication for the purpose we pursue.
We obtain your consent based on the cookie settings in our cookie bar.
We have a legitimate interest to ensure the security and safety of our premises.
- We have obtained consent from you in case you subscribed for a newsletter
- The contract we have entered into with you
- A legal obligation we might have.
- The contract we have entered into with you
- A legal obligation we might have.
We have a legitimate interest to process your data for recruitment purposes and possible contractual requirements. In case we store your data we only do that on the basis of your consent.
THE FORMULATION, CONDUCT OR DEFENCE OF CRIMINAL PROCEEDINGS
We may sometimes need to process personal information and, where appropriate and in accordance with local laws and regulations, sensitive personal information in connection with conducting or defending criminal proceedings.
We will retain your personal data for as long as necessary to fulfill the purposes we collected it for, including any legal requirement. At the end of the retention period, we will delete your personal data in a manner designed to ensure that it cannot be reconstructed.
The retention period at user level and at event levels associated with cookies, user IDs and advertising IDs are stored in Medline’s Google Analytics for 26 months before they are automatically deleted.
A website user can unsubscribe from the newsletter.
We retain the information for 30 days.
If we have not had any meaningful contact with you during a period of 5 years, we will delete your data, unless law or regulation requires that we retain it for a longer period of time.
If we have not had any meaningful contact with you for a period of 5 years, we will delete your data, unless law or regulation requires that we retain it for a longer period of time.
If your application does not lead to a job, we will destroy your file after one month of rejection, unless you have given us your consent to keep it for one more year.
You have the following rights with regard to your personal data.
- Right to access information about how we process your personal data, including the categories of personal data we process, recipients of your personal Data, and purposes for our processing.
- Right to rectification of inaccurate Personal Data concerning you, as well as, taking into account the purposes of the processing, the right to have incomplete Personal Data completed.
- Right to erasure (deletion) of Personal Data concerning you where: (a) the Personal Data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) you withdraw your consent and there are no other legal grounds for the processing; (c) you exercise your right to object (see below) and there are no compelling legitimate grounds for the processing; (d) the Personal Information have been unlawfully processed; or (e) the Personal Data have to be erased for compliance with a legal obligation applicable to us.
- Right to restriction of processing (i.e., data will be blocked from normal processing but not erased) where: (a) you contest the accuracy of the Personal Data, for a period enabling us to verify the accuracy; (b) the processing is unlawful and you oppose the erasure of the Personal Data and requests the restriction of their use instead; (c) we no longer need the Personal Data for the purposes of the processing but they are required by you for the establishment, exercise or defence of legal claims; (d) you exercise your right to object (see below) pending the verification whether our legitimate grounds override those of you.
- Where processing is based on your consent, the right to withdraw consent at any time, without affecting the lawfulness of the processing prior to such withdrawal. Please note that even after you have chosen to withdraw your consent we may be able to continue to process your Personal Data in some limited circumstances.
- Where processing is based on your consent, or on a contract, the right to data portability, i.e. the right to obtain a copy of the data concerning you in a structured, commonly used and machine-readable format and the right to transmit such data to another controller without hindrance from us.
Right to object to the processing of Personal Data based on our legitimate interests, provided that there are no compelling legitimate grounds for the processing that would override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims
How to exercise your rights
By contacting us, we will handle your request within the required timeframe that stands for it
Right to lodge a complaint with a supervisory authority
You always have the right to lodge a complaint with your local supervisory authority. Details can be found in Appendix 2.
We have implemented appropriate technical and organizational measures to ensure the personal data we process is protected from unauthorized access, use, disclosure, alteration or destruction, in accordance with applicable laws and regulations. Unfortunately, no data transmission or storage system can be guaranteed to be completely secure and we cannot fully guarantee the security of personal data.
Medline is an international organisation with affliliates across the world Medline has committed itself to comply with this privacy statement and the European Data Protection Laws with regard to information transferred outside the European Economic Area (EEA). The laws in other countries outside the EEA may not be as strict as the laws in Europe. Because of this, Medline has taken measures to protect your privacy and fundamental rights when your personal data is transferred outside the EEA and other countries where no adequacy decisions of the European Commission apply.
This means that Medline uses appropriate safeguards such as standard contractual clauses and safe transfer protocols to ensure adequate protection.
We are Medline International B.V. If you would like to know how to contact us, please consult Appendix 1 or visit our website. Next to The Netherlands, this privacy statement also applies to Austria, Belgium, France, Germany, Ireland, Italy, Portugal, Slovakia, Spain and the United Kingdom (UK). It is possible that countries apply different interpretation to the protection of personal data at a detailed level on the basis of local implementation laws. Therefore, country-specific sections are included in this privacy statement if applicable. This country-specific information is stated in Appendix 3.
In order to keep this privacy statement up to date, we may amend it from time to time. You can always find the most recent version of this statement on our website.
Version 1.0 September 2019
APPENDIX 1 - When you can contact us
- To access, modify or withdraw your personal information that you have provided us with;
- If you suspect misuse or loss of or unauthorised access to your personal information;
- To withdraw your consent to the processing of your personal data (when consent is the legal ground on which we process your personal data);
You can contact us at the following address:
Medline International B.V.
Nieuwe Stationsstraat 10
6811 KS Arnhem
Phone: +31 (0) 26 – 312 7227
Fax: +31 (0) 26 – 312 7208
E-mail: [email protected]
Updating your e-mail preferences.
When it comes to e-mail messaging preferences, these can only be updated through the subscription link in our e-mails. Changes to contact information can only be handled by our Customer Service.
APPENDIX 2 - How to contact your supervisory authority
Since Medline International B.V. can be regarded as the main establishment of Medline in the E.E.A., the supervisory authority of The Netherlands shall be competent to act as lead supervisory authority for the cross-border processing.
By derogation from this, each (local) supervisory authority shall be competent to handle a complaint lodged with it or a notification of a possible infringement of the GDPR, if the subject matter of the complaint/notification relates only to an establishment in its Member State or substantially affects data subjects only in its Member State.
In such a case you must contact the supervisory authority of your Member State.
E.E.A. Countries in which you use our services or to which we provide services:
Austria, Belgium, France, Germany, Ireland, Italy, The Netherlands, Portugal, Slovakia, Spain, United Kingdom
Details of the local supervisory authorities you can find here
APPENDIX 3 - Country-specific variations in our privacy statement
NB: This Appendix will be updated when provisions of local legislation prevail.