Last revised in December 2023
At One2Treat, we value the confidence of those who have entrusted us with their personal data. One2Treat has developed practices to periodically review and monitor the use of personal information in order to ensure that our data processing practices comply with the internationally recognized standards of personal data protection. Such international standards include, but are not limited to, the EU General Data Protection Regulation 2016/679 of 27 April 2016 (‘GDPR’).
1. Scope
What you will find in this Privacy statement.
· To whom is this Privacy statement addressed?
· Who is responsible for the protection of your data?
· Purposes and legal grounds for processing your data.
· Categories of personal data we may collect.
· To whom may we disclose your personal data?
· Transfers of personal data to countries outside of the EEA.
· Automated decision-making.
· How long we retain your personal data and how we protect it.
· Your rights regarding the processing of your personal data.
· About the use of our websites.
· How to contact us.
· Changes to this Privacy statement.
2. To whom is this Privacy statement addressed?
This Privacy statement is addressed toOne2Treat clients and partners. It is about how One2Treat is collecting, using, and disclosing their data and personal information.
3. Who is responsible for the protection of your data?
When processing personal data for its own purposes One2TreatSA, 1 Rue Emile Francqui, 1435 Mont-Saint-Guibert, Belgium is responsible for your data as the “data controller”.
One2Treat, s.a. and its affiliates also act as “data processors” on behalf of their clients when processing data in the context of trial design, analysis and various biostatistical services.
4. Purposes and legal grounds for processing your data
During its relationship with current and prospective clients or other stakeholders, One2Treat collects personal data. One2Treat may also collect contact information indirectly through data broker services. This personal data is processed on basis of our legitimate interest.
One2Treat may also process your contact information to communicate with you via email regarding our services and events which may be of interest to you if this is in accordance with your marketing preferences and to which you consented.
In the context of a contractual service agreement, One2Treat also processes personal data for providing specific services like data management and analysis.
5. Categories of personal data that we may collect
· Identification and contact data that allows us to communicate with you, such as first name, last name, gender, job title, phone number, company name, email address, ZIP/Postal code and city.
· Relationship Information that helps us do business with you, such as the types of services that may interest you, contact preferences, languages, marketing preferences.
· Transaction Information about how you interact with us, including inquiries, client account information, order and contract information, billing and financial data, details for taxes, transaction and correspondence history.
· Any information that you voluntarily share with us such as feedback, opinions, contact details or other information provided via any of our helplines.
· Information about how you use and interact with our websites. Device information such as IP address, referring website, One2Treat pages your device visited and the time that your device visited our website.
· Vendor screening information, such as professional qualifications, licenses and certificates, work permits, government identification documents, potential conflicts of interest, and ultimate beneficial ownership, each as permitted or required by applicable law.
· User related data onOne2Treat systems such as usernames and (hashed) passwords, recovery email addresses and security logs.
6. To whom may we disclose your personal data?
The personal information that One2Treat obtains in the course of its business activities, including via its website, will be available to the staff of One2Treat.
We may disclose your personal data to third party service providers who provide us with application development, hosting, maintenance, and other services. These third parties may have access to or process personal data about you as part of providing those services for us.
We limit the personal data provided to these service providers to that which is reasonably necessary for them to perform their functions, and we require them to ensure the confidentiality of such information.
We reserve the right to disclose your personal data as required by law or when we believe that disclosure is necessary to protect the security or integrity of One2Treat, or to protect the legitimate interests, rights, property, or safety of One2Treat, its employees, users, or others, or to comply with a judicial proceeding, court order, or governmental or regulatory request or any other legal process served on us.
7. Transfers of personal data to countries outside of the EEA
Please note that some of the recipients of your personal data referenced above may be based in countries outside of the European Union whose laws may not provide the same level of data protection. In such cases, we will ensure that there are adequate safeguards in place to protect your personal data that comply with our legal obligations. The adequate safeguard might be a data transfer agreement with the recipient based on standard contractual clauses approved by the European Commission for transfers of personal data to third countries.
Further details of the transfers described above, and the adequate safeguards used by One2Treat in respect of such transfers can be obtained by contacting us through the contact information set forth below.
8. Automated decision-making
Automated decisions are defined as decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved. As a rule, your personal data will not be used for automated decision-making.
9. How long we retain your personal data and how we protect it
We will retain your information no longer than necessary for the requested services or as required by law. In case of a litigation, we will keep the information until the end of the investigation period or as required by law.
One2Treat makes reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organizational, technical, and administrative measures designed to protect Personal Data within our organization against unauthorized access, destruction, loss, alteration or misuse.
10. Your rights regarding the processing of your personal data
You can contact us regarding the processing of your personal data, or for exercising your rights to:
· Obtain confirmation that we are processing your personal data and request a copy of the personal data we hold about you.
· Ask that we update the personal data we hold about you or correct such personal data that you think is incorrect or incomplete.
· Ask that we delete personal data that we hold about you or restrict the way in which we use such personal data if you believe that there is no (longer a) lawful ground for us to process it.
· Withdraw consent to our processing of your personal data (to the extent such processing is based on consent).
· Receive a copy of the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit such personal data to another party (to the extent the processing is based on consent or a contract).
· Object to our processing of your personal data for which we use legitimate interest as a legal basis, in which case we will cease the processing unless we have compelling legitimate grounds for the processing.
You have also the right to object at any time to the processing of personal data for direct marketing. If you do not want to continue receiving any direct marketing from us, you can contact us (see below) or use the unsubscribe function available in any such communication.
In that event, the personal data shall no longer be processed for such purposes.
In order to exercise any of your rights, you can send us a request, indicating the right you wish to exercise by e-mailing us at dataprivacy@one2treat.com .
You may also use these contact details if you wish to make a complaint to us relating to the protection of your personal data.
If you are unhappy with the way we have handled your personal data or any Privacy query or request that you have raised with us, you have a right to complain to the Data Protection Authority(“DPA”) in your jurisdiction. If you would like to be directed to the appropriate DPA, please contact us.
11. About the use of our website
One2Treat website uses interfaces with social media platforms such as LinkedIn, Twitter, and others. If you have an account on these social media sites, these sites may make a connection between your visit and your personal information. Before you choose to “like” or share your information through these services we recommend that you review their Privacy policies.
One2Treat does not knowingly allow any third party to collect personal information about your online activities overtime and across different websites when you use the One2Treat website.
However, our website may contain links to websites of entities that are not affiliated with One2Treat. Such websites are not under control of One2Treat. This statement does not cover third-party websites. We recommend that you review the Privacy policy of each linked website that you may choose to go onto. For further information please consult our Cookie Notice.
No part of the One2Treat website is designed to attract minors, nor to intentionally collect or use information about children known to be under 16 years old.
12. How to contact us
You can contact us by mail on dataprivacy@one2treat.com .
Depending on your relations with us you may also write to one of our locations:
One2Treat s.a.
1 Rue Emile Francqui
1435 Mont-Saint-Guibert
Belgium
13. Changes to this Privacy statement
One2Treat reserves the right to modify or amend this Privacy statement. For instance, we may need to change this Privacy statement as new Privacy legislation is introduced or as existing regulations are amended. To let you know when we make changes to this Privacy statement, we will amend the revision date at the top of this statement. The new modified or amended Privacy statement will apply from that revision date. Please check back periodically for updates to this Privacy statement.