Privacy Policy

a) Personal data Personal data means any information relating to an identified or identifiable natural person ('data subject'). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

c) Processing Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f) Pseudonymization Pseudonmization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller or controller responsible for the processing Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

h) Processor Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

j) Third party Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

k) Consent Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

a) Right of confirmation Each data subject shall have the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation, he or she may, at any time, contact any employee of the controller.

b) Right of access Each data subject shall have the right granted by the European legislator to obtain from the controller free information about his or her personal data stored at any time and a copy of this information. Furthermore, the European directives and regulations grant the data subject access to the following information: • the purposes of the processing • the categories of personal data concerned • the recipients or categories of recipients to whom the personal data have been or will be disclosed • where possible, the envisaged period for which the personal data will be stored • the existence of the right to request rectification or erasure of personal data • the existence of the right to lodge a complaint with a supervisory authority • where the personal data are not collected from the data subject: any available information as to their source • the existence of automated decision-making, including profiling

c) Right to rectification Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

d) Right to erasure (Right to be forgotten) Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, where one of the following grounds applies and as long as the processing is not necessary: • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed. • The data subject withdraws consent to which the processing is based, and where there is no other legal ground for the processing. • The data subject objects to the processing. • The personal data have been unlawfully processed. • The personal data must be erased for compliance with a legal obligation.

e) Right of restriction of processing Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies: • The accuracy of the personal data is contested by the data subject. • The processing is unlawful and the data subject opposes the erasure of the personal data. • The controller no longer needs the personal data for the purposes of the processing. • The data subject has objected to processing pending the verification.

f) Right to data portability Each data subject shall have the right granted by the European legislator, to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

g) Right to object Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her. Aprevis shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

h) Automated individual decision-making, including profiling Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her.

i) Right to withdraw data protection consent Each data subject shall have the right granted by the European legislator to withdraw his or her consent to processing of his or her personal data at any time.