1.1.This Privacy Notice describes how Sivantos GmbH (hereinafter "Sivantos", "we", "us", "our") collects and processes your personal data when you participate in the Signia Panel (hereinafter the “Panel”).We will only process Your personal data in accordance with this Privacy Notice and the General Data Protection Regulation (EU 2016/679) (hereinafter "GDPR").


2.1.Sivantos is the data controller of your personal data when processing your personal data for the below-mentioned purposes. 
For our contact details please see below.  

Sivantos GmbH
Business registration no. in Denmark: 15771100
Address: Henri-Dunant-Str. 100
91058 Erlangen
E-mail address: dpo@wsa.com   


3.1.We process the following personal data which we have received directly from you as we have direct business relationship with you:  
a)First and Last name 
b)E-mail address
c)Year of birth  
e)Level of education 
g)Job title 


4.1.When you participate in the Panel, we will process certain personal data about you for the purpose of requesting your feedback, ideas and input to help us develop solutions that best meet our customers’ needs. 

4.2.We do not use your information for purposes other than the listed above, unless we have made your information anonymous and ensured that it cannot be traced back to you as an individual.

4.3.Data collection and data processing is necessary and is based on your consent pursuant to Art. 6 (1)(a) GDPR that you have provided us before your participation in the Panel. 


5.1.In accordance with the purposes described above, we may disclose your personal data to the following categories of recipients:  
a)Our affiliates;
b)Business partners.

5.2.Furthermore, we may use data processors which process personal data on our behalf, e.g. storage providers and mailing providers. 


6.1.The recipients of your personal data are mainly based in the European Union.

6.2.Some of the recipients mentioned in Section 5 of this Privacy Notice, may be located outside your country of domicile, including the United States of America, whose data protection laws may differ from those in the country in which you are located. In such cases, we will ensure that appropriate safeguards are in place to protect your personal data by implementing appropriate legal mechanisms, such as EU Standard Contractual Clauses.


7.1.Personal data about you will be retained for the duration of your participation in the Panel. We will contact you via email on an annual basis to ask whether you wish to continue your participation for each consecutive year.

7.2.Following the fulfilment of the purposes your personal information will be deleted. We reserve the right to retain your personal data for an extended period if deemed necessary to establish, exercise or defend a legal claim or in order to meet our legal obligations. 


8.1.To help protect the privacy of your data and personally information through, we maintain technical and administrative safeguards. We update and test our security technology on an ongoing basis. In addition, we have limited access to your personal data to those employees who have a relevant and reasonably required need to access your personal data to perform their work and have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.  In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.


9.1.If you wish to exercise the below mentioned rights, please contact dpo@wsa.com

9.2.As a data subject you have the following rights: 

a)Right of access: You have the right to request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it (Art. 15 in the GDPR). 

b)Right to rectification: You have the right to request correction of your personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected (Art. 16 in the GDPR). 

c)Right to be forgotten: You may have the right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. To the extent that continued processing of your personal data is necessary, for example in order for us to comply with our legal obligations or for legal requirements to be established, enforced or defended, we are not required to delete your personal data (Art. 17 in the GDPR). 

d)Right to restrict processing: You may have the right to request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it (Art. 18 in the GDPR). 

e)Right to object: You have the right to object to our processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground (Art. 21 in the GDPR).  

f)Right to data portability: You have the right to receive the registered personal data in a structured, commonly used and machine-readable format and, in certain cases, to have it transferred from one data controller to another without hindrance (also known as data portability) (Art. 20 in the GDPR). 

g)Right to withdraw consent: You may at any time and for any reason withdraw one or more of your consents by sending a written notification to Sivantos by email to dpo@wsa.com. A withdrawal of the consent will not affect the lawfulness of processing, including disclosure, before the withdrawal. 


10.1.We take our privacy obligations seriously. If You lodge a complaint with us about a concern that we have breached an applicable law, we will respond to You as soon as possible and in any case within 30 days.

10.2.If you are dissatisfied with the way we process your personal data, you can lodge a complaint to the Danish Data Protection Agency, to the data protection authorities in the country you are located or where you consider a breach of data protection law has occurred (Art. 77 in the GDPR).

10.3.You will find Data Protection Agencies’ contact information at https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm 


11.1. In case we change this Privacy Notice, we would send you the updated version of the Notice via email and ask to agree to new terms and conditions. If we don’t hear from you within 30 days, we would consider that you wish to withdraw your consent and consequently terminate your participation in the Panel.