Privacy Policy

1. WHO DOES THIS PRIVACY POLICY APPLY TO?

This privacy policy applies to people who,

  • visit biospecialty.com (our Site).
  • Make inquiries about donating biological material for research; or
  • Provide donor screening information.

Under this privacy policy, we do not collect any personal data about your, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data. Nor do we collect any information about criminal convictions and offenses.

(Note that if you donate at one of our facilities, some of the above information relating to your health, gender, sexual orientation and other matters will be collected in order to meet government regulations intended to ensure the safety of the blood supply. We may also collect race/ethnicity, smoking status, medications you have used, and similar types of information in relation to your donation for scientific research purposes. However, before we ask for any type of sensitive personal data, you will be informed and asked to consent to the collection.)

This Site is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

2. WHO WE ARE AND OUR DPO

Biological Specialty Company (BSC) is committed to being responsible custodians of the information you provide us and the information we collect in the course of operating our business. This privacy policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

We have appointed a data protection officer (DPO) for you to contact if you have any questions regarding this privacy policy or our data protection practices. You can contact our DPO at privacy@bioivt.com or via PO BOX 770 Hicksville, NY 11802 (please mark the envelope ‘Data Protection Officer’).

You have the right to make a complaint at any time to a data protection authority about our collection and use of your personal data under GDPR. For more information, please contact your local data protection authority. Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries (including the US and Canada) are available here. We would, however, appreciate the chance to deal with your concerns before you approach a data protection authority so please contact us in the first instance.

3. ABOUT THIS POLICY

By using our Site, you accept the practices described in this Policy.

This Policy is effective on and from July 1, 2020. We may amend this Policy at any time, and whenever we do so we will notify you by posting a revised version on our Site or emailing you. Please review this Policy each time you visit our Site as it may have been updated since your last visit.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us (see Who we are and our DPO). If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

4. VISITORS TO OUR SITES

Personal data we collect: With regard to each of your visits to our Site, we will automatically collect:

  • technical information, including the Internet Protocol (IP) address used to facilitate your connection to the Internet, Identifier for Advertisers (IDFA), Android/Google Advertising ID, International Mobile Equipment Advertisers (IMEI), or another unique identifier, your device functionality (including browser, browser language, time zone setting, browser plug-in types and versions, operating system, hardware and mobile network information);
  • Your device location or other geolocation information, including the zip code, state or country from which you accessed the Services;
  • information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Site (including date and time); services, products, publications and articles you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as clicks) and methods used to browse away from the page.

We also collect, use and share aggregated data such as statistical or demographic data for any lawful purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate information about how you use our Site to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy.

We may use various methods and technologies to store or collect usage information (Tracking Technologies). This helps us to provide you with a good experience when you browse our Site and also allows us to improve our Site. A few of the Tracking Technologies used on the Site, include, but are not limited to, the following (as well as future-developed tracking technology or methods that are not listed here):

Cookies: A cookie is a file placed on a device to uniquely identify your browser or to store information on your Device. Our Site(s) may use HTTP cookies, HTML5 cookies, Flash cookies and other types of cookie technology to store information on local storage. You can read more about how we use cookies in our Cookie Policy at Cookie Policy. You can enable or disable cookies by modifying the settings in your browser. You can find out how to do this, and find more information on cookies, at allaboutcookies.org. Please note that if you have turned off all cookies, some features of the Services may not be available to you or otherwise function as intended.

  • Web Beacons: A Web Beacon is a small tag (which may be invisible to you) that may be placed on our Site’s pages and messages.
  • Embedded Scripts: An embedded script is programming code that is designed to collect information about your interactions with the Site(s), such as the links you click on.
  • ETag, or entity tag: An Etag or entity tag is a feature of the cache in browsers. It is an opaque identifier assigned by a web server to a specific version of a resource found at a URL.
  • Browser Fingerprinting: Collection and analysis of information from your Device, such as, without limitation, your operating system, plug-ins, system fonts and other data, for purposes of identification.
  • Recognition Technologies: Technologies, including application of statistical probability to data sets, which attempt to recognize or make assumptions about users and devices (e.g., that a user of multiple devices is the same user).

Using your personal data: We will use this information for the following legitimate interests (whether ours or a third party’s):

  • improving our Site and ensuring that content is presented in the most effective manner for you and for your device(s);
  • for internal operations (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
  • measuring or understanding the effectiveness of our Site and/or any marketing we serve to you and others, and delivering relevant marketing to you; and/or
  • dealing with any issues you have reported with our Site.

We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to do so by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us (see Who we are and our DPO).

Sharing your personal data: We will only share personal data with third parties:

  • our employees, contractors and agents (but their use shall be limited to the performance of their duties and in line with the reason for processing);
  • other affiliates in the BioIVT Group (acting as controllers or processors) and who are based in the USA, Belgium, the UK and India, and provide IT and system administration services and undertake leadership reporting;
  • when information about you is processed by our third-party IT support provider (acting as a processor) for the purposes of providing IT support to us;
  • with analytics and search engine providers (acting as processors) that assist us in the improvement and optimization of our Site; and/or
  • our third-party website hosting supplier (acting as a processor) to enable them to maintain and host our Site.

To the extent required by law, we require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Retaining your personal data: This information is kept for so long as it is required for the purposes set out in the Policy, or as long as we are legally required or permitted to retain such information. When deciding how long to retain your personal information, we take into account our legal and regulatory obligations, the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information described above and whether we can achieve those purposes through other means. We may also retain your personal information to investigate or defend against potential legal claims in accordance with the limitation periods of countries where legal action may be brought.

Your rights: If you are a resident of California and have questions about your rights with respect to your personal data, please see the section entitled “Notice to California Residents”.

5. MAKING INQUIRIES AND REQUESTING OTHER INFORMATION ABOUT DONATING BIOLOGICAL MATERIALS/PROVIDING DONOR SCREENING INFORMATION
  • If you meet criteria for subsequent donation based on the information you have provided in the online forms, you will be asked to provide written consent for your donation and additional data collection at the time of your biological material donation.
  • These collections and uses are subject to additional legal, ethics and regulatory oversight and will be detailed in the consent form at the time of your biological material donation.

 Personal data we collect when you make enquiries about donating biological materials for research/provide donor screening information:

We may also collect:

  • information about you from social media platforms including when you interact with us on those platforms or access our social media content (the information we may receive is governed by the privacy settings, policies, and/or procedures of the applicable social media platform, and we encourage you to review them); and/or
  • information about your telephone calls to us or our calls to you including your telephone number and caller ID information, activity while connected to the call, the options you select on our automated call system, and your voice. We may record telephone calls for quality control purposes but will only do so after notifying you during that call that your call is being recorded and always in compliance with local laws and regulations.
  • information about you on CCTV cameras if you visit our donor centers (CCTV cameras are used for crime prevention and public safety).

Using your personal data, you provide when you make inquiries about donating biological materials for research/provide donor screening information:

We will use this information you provide for the following legitimate interests,

  • to contact you at your request,
  • to store and contact you in the future for donations (unless you opt-out. See Marketing),
  • to screen for donation eligibility for available research projects,
  • to share with pharmaceutical, life science, academic partners and others for research.

We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us (see Who we are and our DPO).

Sharing your personal data: We share only share your personal data with the following third-parties:

  • our employees, contractors, and agents (but their use shall be limited to the performance of their duties and in line with the reason for processing).
  • other affiliates in the BioIVT Group (acting as controllers or processors) and who are based in the USA, Belgium, the UK, and India, and provide IT and system administration services and undertake leadership reporting.
  • when information about you is processed by our third-party IT support provider (acting as a processor) for the purposes of providing IT support to us.
  • when information about you is processed by our CRM tools which are owned, hosted, and supported by third party software providers (acting as processors).
  • when information about you is processed by our accounting software which is owned, hosted and supported by a third-party software provider (acting as a processor).
  • our third-party website hosting supplier (acting as a processor) to enable them to maintain and host our Site.
  • various third parties (acting as processors) who provide tools and cloud solutions to enable our business to operate (including email, instant messaging, document management and file-sharing) (acting as processors).
  • when your email address is provided to third parties (such as email management providers, sales management providers, and website analytics providers) who we engage from time to time to send marketing emails (on our behalf) to you about our donation opportunities (acting as processors) (see Marketing);
  • when information about you is shared with our regulators and other authorities (acting as processors or controllers) based in the USA, UK and EEA who require reporting of processing activities in certain circumstances;
  • where we are required by law to do so; and/or
  • with our telephone suppliers (which would get to see phone numbers if we call you) and our broadband suppliers (which could see email addresses (but not the content of what you send us, if you encrypt it)) (acting as processors).

To the extent required by law, we require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Retaining your personal data:

When deciding how long to retain your personal information, we take into account our legal and regulatory obligations, the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information described above and whether we can achieve those purposes through other means. We may also retain your personal information to investigate or defend against potential legal claims in accordance with the limitation periods of countries where legal action may be brought.

If you have also visited our Site, please see Visitors to our Site to understand how personal data collected when you visit our Site is used.

6. YOUR RIGHTS

If you are a resident of California and have questions about your rights with respect to your personal data, please see the section entitled “Notice to California Residents”.

In relation to personal data we hold about you, you have the right to:

  • where we process your personal data based on your consent, to withdraw your consent easily and at any time (withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent);
  • get access to your personal data that we hold, and receive information about our processing of it;
  • ask us to correct the record of your personal data maintained by us if it is inaccurate or to complete incomplete personal data;
  • ask us, in certain instances, to erase your personal data or cease processing;
  • object to us processing your personal data for direct marketing purposes (see Marketing);
  • challenge us processing your personal data which has been justified on the basis of our or a third party’s legitimate interests;
  • ask us, in certain instances, to restrict processing personal data to merely storing it;
  • request portability of your personal data in certain limited instances;
  • prevent processing that is likely to cause damage or distress to you and seek compensation from us for any damages caused to you by us breaching applicable data protection laws;
  • be notified of a personal data breach which is likely to result in high risk to your rights and freedoms; and
  • complain to a data protection authority (contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries (including the US and Canada) are available here).

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

If you would like to exercise any of these rights, please contact us (see Who we are and our DPO).We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one calendar month (starting from the day after we receive your request). Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

7. NOTICE TO CALIFORNIA RESIDENTS

This section only applies to users of our services who reside in the State of California.

For purposes of this Notice to California Residents, the term “personal information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include publicly available information that is made available from federal, state, or local government records, nor does it include information collected in a clinical trial conducted in accordance with applicable regulations or guidelines on the protection of human subjects, donor information collected and maintained by us in compliance with the California Confidentiality of Medical Information Act, or anonymized data that cannot be used to identify you.

California privacy rights. California residents have the right to: (i) request additional disclosures about the personal information we collect, use, disclose and sell; (ii) request access to and deletion of your personal information; (iii) opt out of the sale of your personal information; and (iv) obtain a copy of your personal information. We will not discriminate against you for exercising any of these rights, for example, by charging a different price or denying goods or services. However, we may charge a different price or rate or provide a different level or quality of goods or services when that difference is reasonably related to the value provided to us by the data.

Methods for submitting requests. If you wish to exercise any of these rights, please email privacy@bioivt.com with the phrase “California Privacy Rights” in the subject line. You may also send a postcard to us at BioIVT LLC, PO BOX 770 Hicksville, NY 11802 (please mark the envelope ‘Data Protection Officer’) or call us toll-free at (888) 488-3232. We will review your request and respond accordingly. The rights described herein are not absolute, and we reserve all of our rights available to us at law in this regard. Additionally, if we retain your personal information only in de-identified form, we will not attempt to re-identify your data in response to a California privacy rights request.

If you make a request related to personal information about you, you will be required to supply a valid means of identification as a security precaution. We will verify your identity with a reasonably high degree of certainty using the following procedure where feasible: we will match identifying information you provide when making the request to the personal information maintained by us, or use a third-party identity verification service. If it is necessary to collect additional information, we will use the information only for verification purposes and will delete it as soon as practicable after complying with your request. For requests related to particularly sensitive information, we may require additional proof of your identity.

If you make a California privacy rights request through an authorized agent, we will require written proof that the agent is authorized to act on your behalf.

We will process your request within the timeframe provided by applicable law.

 Additional Disclosures.

  • Categories of personal information we collect. In the previous 12 months, BSC has collected the following categories of personal information:
    • Identifiers such as names, dates of birth, and contact information;
    • Information protected by California Civil Code Section 1798.80, subdivision (e), such as names and contact information;
    • Characteristics of protected classifications under California or federal law, such as age, ancestry, and medical condition;
    • Biometric information such as genetic characteristics;
    • Internet or other electronic network activity information;
    • Geolocation data;
    • Audio, electronic, visual, thermal, olfactory, or similar information;
    • Professional or employment-related information; and
    • Inferences drawn from the foregoing information to create profiles reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
  • Sources from which we collect personal information. BSC may collect personal information from you directly. BSC may also receive personal information about you from third parties or through automated means. For additional information on how we may collect personal information, refer to the sections of this Privacy Policy above labeled “Visitors to our Sites,” and “Making Enquiries and Requesting Other Information About Donating Biological Materials/Providing Donor Screening Information.”
  • Purpose for collecting or selling personal information. Your personal information may be collected or used for the purposes described in the sections of this Privacy Policy above labeled “Visitors to our Sites,” and “Making Enquiries and Requesting Other Information About Donating Biological Materials/Providing Donor Screening Information” as well as for other purposes that may be described to you at the time we collect your personal information.
  • Categories of third parties with whom we share your personal information. BSC may share your personal information with the third parties described in the sections of this Privacy Policy above labeled “Visitors to our Sites,” and “Making Enquiries and Requesting Other Information About Donating Biological Materials/Providing Donor Screening Information” as well as with other third parties as may be described to you at the time we collect your personal information.
  • Disclosures of Personal Information.
    • Identifiers such as names, dates of birth, and contact information;
    • Information protected by California Civil Code Section 1798.80, subdivision (e), such as names and contact information,
    • Characteristics of protected classifications under California or federal law such as age, ancestry, and medical condition;
    • Commercial information such as records of products or services purchased;
    • Biometric information such as genetic characteristics;
    • Internet or other electronic network activity information;
    • Geolocation data;
    • Audio, electronic, visual, thermal, olfactory, or similar information;
    • Professional or employment-related information;
    • Education information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act; and
    • Inferences drawn from the foregoing information to create profiles reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
    • In the previous 12 months, BSC has disclosed the following categories of personal information for a business purpose:
8. HOW WE PROTECT YOUR PERSONAL DATA

To help protect the privacy of personal data you transmit, we maintain physical, technical and administrative safeguards and require the same of any third parties we share your personal data with. Any payment transactions will be encrypted. We update and test our security technology on an ongoing basis. In addition, we train our staff about the importance of confidentiality and maintaining the privacy and security of your personal data.

As you will be aware the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Site; any transmission is at your own risk. Once we have received your personal data, we will use physical, technical and administrative safeguards to prevent unauthorized access to your personal data.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable data protection authority of a breach where we are legally required to do so.

9. MARKETING AND NOTIFICATIONS

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. To opt out of marketing communications, see Opting out below.

Donation Notifications: We may, with your opt-in, contact you via SMS text message or email, regarding your eligibility to donate either because the required wait period between biological material donations (e.g. whole blood) has ended, or because we have a special donation program for which we believe you may be qualified. We will not contact you for non-donation related items.

Test Results: We may contact you, when required, to share information resulting from the viral testing done on blood/plasma that you have previously donated. Contacting you to provide you with the viral test information on your previous donation(s) is required by various governmental entities and you may not opt-out of it.

Third-party marketing: We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

Opting out: You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us (see Who we are and our DPO) any time. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, product/service experience or other transactions. Please note that if you ask us not to contact you by email at a certain email address, we will retain a copy of that email address on a “suppression list” in order to comply with your no-contact request.

To opt out from all future communications (with the exception of the requirement to share viral test results) or to submit a request to access, modify, or delete your personal data, please email privacy@bioivt.com.

  1. LINKS TO THIRD-PARTY WEBSITES

Our Site may, from time to time, contain links to and from the websites of third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Where our Site uses interfaces with social media sites such as Facebook, LinkedIn, Twitter and others. If you choose to "like" or share information from our Site through these services, you should review the privacy policy of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your Site visit to your personal data.