Privacy policy

Privacy policy for personal data

Overview

This Policy describes how FIND collects, manages, uses, and protects Personal Data in compliance with applicable privacy laws and regulations, including the EU General Data Protection Regulation (“GDPR”). The regulations cover all aspects of Personal Data and the obligations on FIND to clearly identify what personal data FIND has, where it is obtained, why FIND has it, how FIND may use it, how Personal Data is stored and with whom it may be shared and under what circumstances.
NB: FIND does not knowingly collect or store personal data provided by anyone under 13 years of age.

Personal Data types

In essence, “Personal Data” is any information relating to an identifiable individual or from which an individual can be identified. In general, with certain exceptions described later, FIND collects Personal Data that is limited to the kind of information that can be found on a typical business card: first name, last name, job title, employer/company name, work address, work email, and work phone number. In certain cases, mainly in the context of the FIND Technology Scouting activities, additional professional information may be collected as an adjunct to the Personal Data, such as company-specific financial and operational information, but this is not considered as Personal Data per se by FIND, and is usually subject to a separate Non- disclosure Agreement and is not directly subject to this Privacy Policy.

Sources of Personal Data

Usually, FIND accesses Personal Data from a variety of sources, including; a) direct personal contacts between FIND staff and private individuals; b) responses to mail information requests directed to FIND’s site or directly to FIND’s staff to receive any of the content FIND offers such as publications, newsletters, webcasts, video, white papers, online seminars, conferences and events; c) communications relating to the FIND Technology Scouting process (see above), and; d) registration and participation of the Data Subject at a FIND sponsored seminar or congress.

Use of Personal Data, including sharing with third parties (“Use”)

FIND uses the Personal Data for distribution of information relating to FIND’s mission in Global Health, including publications, newsletters, webcasts, video, white papers, online seminars, conferences, and events. FIND also uses Personal Data to inform the community of near-term partnering opportunities with FIND, under selected “Calls for Proposals” or “Expression of Interest” vehicles. FIND may share your personal data to deliver content from the FIND site, and third-party services that might be of interest, including sponsored content and events, for business operations, and to comply with valid legal processes.

Safeguards of Personal Data

In general, all Personal Data is held in confidence and is never provided to any 3rd party outside of FIND, without the express authorisation of the Personal Data owner (or “Data Subject”), or as otherwise set out under this Policy. Personal Data is stored on a FIND server in Switzerland, or in another GDPR compliant jurisdiction. The Personal Data held by FIND is kept on hard copy files and in password protected electronic files and record systems. Access at FIND is restricted to a “need-to-know” basis.

FIND’s staff have been made aware of the importance of Personal Data and FIND’s obligations under the GDPR and other relevant data protection legislation.

These obligations mean that the Personal Data is always securely processed and transmitted, protected against unlawful processing and accidental loss and uncontrolled change, amongst other requirements. FIND’s IT systems are protected by a firewall at the perimeter, as well as by anti-virus, anti-malware and content filtering software. FIND systems are backed up to a storage facility on the premises with an additional tape-based back-up solution. FIND’s IT performs a monthly offsite deposit/rotation of the tapes to a secure bank safe.

The legal basis for processing Personal Data

The GDPR requires data collectors, such as FIND, to have a legal basis to use the Personal Data of EU residents. The legal basis for processing Personal Data is “Legitimate Interests” and the Personal Data owner’s consent or as otherwise required or permitted by law. Also, Personal Data may be shared when authorized by law or when it is necessary to comply with a valid legal process.

Data transfers outside the EU

This section shall apply to any Personal Data collected by FIND from EU residents.
If FIND shares your personal data with any other third party as described in this Privacy Policy and the Personal Data in question will be transferred to a State which is not a Member State of either the European Union or the EEA, or deemed adequate by the European Commission, FIND (as a data controller/data exporter) will only conduct such transfer (to a data processor/data importer) if there are suitable safeguards in place, such as binding corporate rules, standard contractual clauses, approved Codes of Conduct, or approved certification mechanism. For more information, please contact FIND (see contact details below).

Retention of Personal Data

FIND retains any Personal Data for the duration of the appropriate business relationship. The Personal Data is held only if necessary, as required, and as consented to by the Data Subject. As an organization operating and governed by Swiss law, FIND is obliged to keep a record of all operational relevant information for a period of ten (10) years. Personal Data falls within this definition. FIND will, however, only use personal information as set forth under this Policy (see “Use” above) and will immediately cease any usage upon notification from the Data Subject as set forth under “Rights and Preferences”.

Personal Data owner’s rights and preferences

Under the GDPR, an individual has certain rights in relation to Personal Data. In addition to the right to be informed about the personal data we hold and the use we make of it (as described in this Privacy Notice), the Data Subject is entitled to:

  • Access the Personal Data relating to him that FIND holds
  • Correct inaccurate or incomplete Personal Data relating to him that FIND holds
  • Request deletion of the Personal Data FIND holds (in certain circumstances – see “Retention Period” above)
  • Restrict processing of Personal Data (in certain circumstances)
  • Obtain and reuse Personal Data that FIND holds (in certain circumstances)
  • Object to processing of Personal Data (in certain circumstances)

For further information on these rights and on “Your Rights” under the regulations in particular[1], please contact us (see contact details below).

How can we help? Questions, concerns, or complaints

If you have any questions, concerns, or complaints about FIND’s Personal Data practices or this Privacy Policy, we encourage you to get in touch with us. Also, if you believe you have suffered harm due to a breach of your rights by FIND under this Privacy Policy, and FIND has not handled your complaint in a reasonably sufficient manner, any EU resident may also file a complaint with the applicable supervisory authority.

Contact information: legal@finddx.org

[1] https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/my-rights_en