Privacy Policy

AZTALAN BIO LLC

PRIVACY POLICY

DATA PROCESSING REGARDING THE OPERATION OF AZTALAN BIO’S WEBSITE

 

1.GENERAL INFORMATION

Data Controller: Aztalan Bio LLC (registered seat: W5289 Valero Way
Johnson Creek, WI 53038).

Data Subject: Data Subject shall mean the visitor of Data Controller’s website (https://www.aztalanbio.com/; hereinafter: “Website”).

Personal Data: means any information relating to the Data Subject.

    1. The purpose of this Privacy Policy is to supply essential information to the Data Subject about the data processing the Data Controller performs with respect to all the relevant data protection regulation.

    1. The Data Controller is committed to the protection of the Data Subject’s personal data and particularly wishes to observe the Data Subject’s fundamental right to informational self-determination.

    1. The Data Controller reserves the right to alter this Privacy Policy and commits to supply information about any such alteration in accordance with the relevant legal regulations as effective.

    1. Data Controller:

  • processes the personal data lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);

  • collects personal data for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’);

  • processes personal data that are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

  • processes accurate and up to date data (’accuracy’);

  • keep personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’);

  • processes the personal data in a manner that ensures appropriate security of the personal data (‘integrity and confidentiality’).

    1. Data Controller’s data processing principles are in harmony with the relevant US data protection regulations as effective, and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – “GDPR”).

    1. Should you have any question regarding the Privacy Policy or the Data Controller’s data processing regarding the Website, please contact our colleague on the following email address: […]

2.DATA PROCESSING

The Data Controller strives to limit its personal data processing activity to what is absolutely necessary. Nonetheless, the processing of some personal data is inevitable. The Data Controller processes the personal data generated during the visit of the Website.

    1. Cookies

Data Subject agrees that the use of the Website constitutes Data Subject’s consent to the use of cookies. If Data Subject’s web browser enables this function, Website may automatically save information about Data Subject’s computer or other devices used for internet browsing and may also place so-called cookies on the device. This section explains what these cookies are and how the Data Controller uses them.

Data Subject may reject cookies on his/her computer, or on other devices used for browsing, or in the settings of the web browser (typically in Tool / Settings / Privacy / Cookies) Data Subject is using to access the Website. Should cookies be rejected, Data Subject will not be able to fully utilise the functionality and services of the Website, and – as a consequence – Data Controller cannot guarantee full, smooth and uninterrupted use of the Website.

A cookie is a file that can be placed on Data Subject’s computer or on other devices used for browsing, when a user visits the Website. Cookies have multiple functions and can be used for various purposes, such as:

  • necessary cookies: their use is essential for navigating the Website and for the functionality of the Website. Without these, the Website, or parts of it, may not appear or may appear incorrectly.

  • functional cookies: the purpose of these cookies is to improve the user experience e.g. by remembering the device the user used for browsing, the language settings, the custom settings;

  • statistics cookies: statistic cookies are collected anonymously; they help to understand how visitors interact with the Website;

  • marketing cookies: these cookies collect detailed information about the user’s browsing habits and are used to deliver advertised content to the user. These cookies are placed on the Website by third party service providers.

Function

Name

Purpose

Cookie expires

The Website uses Google Analytics cookies. These cookies are set by external services and

  • are under the control of the third-party service, not the Data Controller;

  • can be accessed on any website that makes use of the service;

  • can be used to track a user from one site to another;

  • enable Data Contoller to deliver more relevant advertising to users.

You may find more information on Google Analytics cookies at the following Websites

    1. Data processing related to Job Applications

  • Types of personal data processed

The Data Controller only processes personal data that the Data Subject provides when applying for the position including: name, contact details (email address, phone number, mailing address), place and date of birth, educational background, professional experience and skills in the form of curricula vitae. The Data Controller only processes educational documents or former employers’ references if the Data Controller submits them, however, the Data Controller does not require the Data Subject to do so, unless otherwise specified in the job advertisement. The Data Controller also processes email correspondence.

  • Purposes of data processing, legal basis

The Data Subject’s personal data is necessary to examine whether the Data Subject is suitable for the position he/she applied to, in addition, the Data Controller needs the Data Subject’s contact details to reach the Data Subject in connection with the Data Subject’s application. The basis of the data processing is the Data Subject’s consent. By submitting the Data Subject’s application to a position that the Data Controller advertises, the Data Subject unequivocally and expressly declares that he/she has read the present data processing notice and gives consent to Aztalan Bio LLC to process his/her personal data in connection with his/her job application.

  • Rights of Data Subjects

In case the Data Subject wishes so, the Data Controller will retain the Data Subject’s personal data even if he/she has not been chosen to fulfil the advertised position so that the Data Controller could approach the Data Subject with possible job offers in the future. In this case the Data Subject can give his/her consent by clicking on the link in the reply email the Data Controller provides him/her when receiving his/her application or the Data Subject can include it in his/her application.

  • Access related to the personal data processed, transfer of data

The Data Subject’s application arrives at a central email address. Only the personnel involved in the candidate assessment have access to the Data Subject’s personal folder that is stored on the Data Controller’s file server. The Data Controller reserves the right to send the Data Subject’s application to the Data Controller’s affiliated companies. By sending the application, the Data Subject expressly consents to such data transfers.

    1. Data processing related to submission through contact form

  • Limitations of the Data Controller and obligations of the Data Subject

If the Data Subject voluntarily submits data through the contract form, by submitting the data he/she consents to Aztalan Bio obtaining the right to use such data without further compensation and to use it in accordance with its policies, notices and communications. By submitting such information, the Data Subject also represent that his/her use of the submitted materials will not infringe the rights of any other person.


Aztalan Bio has no control over the validity of information submitted and, as such, assumes no responsibility for the accuracy of such information at the time it is submitted. When voluntarily submitting information through the website, the Data Subject is required to provide true and accurate information as it is currently available. Aztalan Bio reserves the right to verify personal data.


The Data Subject further agrees that he/she will not submit any information that is in violation of any law, international convention, the ISP’s network abuse policy, or any generally accepted rules or ethical standards. The Data Subject may not submit any information that would give rise to a claim by a third party or require the consent of a third party where such consent has not been given.

  • Access related to the transfer of personal data

Aztalan Bio may, from time to time, share with its affiliated companies data that was shared by submission through contact form in case the nature of the content of the submission makes this necessary. By using the contact form, the Data Subject expressly consents to such data transfers.

    1. The Data Controller does not use automated decision-making, including profiling.

3.OTHER DATA PROCESSING

    1. The Data Controller may occasionally perform other personal data processing. Information about any data processing not mentioned in this Privacy Policy will be supplied on the data collection.

    1. The Data Subject is informed that the court, the public prosecutor, the criminal investigation authority, the infringements authority, as well as other authorities authorized by legal regulation may request information, data and documents from the Data Controller, who will grant such requests to the extent it is required by the relevant legal regulations. The Data Controller will disclose personal data to the authorities only to the extent it is indispensable for the fulfilment of the authorities’ meticulously detailed request for information as regards the scope and purpose of information.

 

4.DATA PROCESSORS

    1. The Data Controller assigns the following data processor during its data processing activity:

  • Microsoft Corporation (One Microsoft Way, Redmond, Washington): To operate the Website, Data Controller uses Microsoft Azure as hosting service. Microsoft adheres to some of the industry’s strictest privacy standards and offers tools for automating data privacy and protection.

[]

5.DATA SECURITY

    1. The Data Controller treats the Data Subject’s personal data confidentially, therefore Data Controller has adopted the technical and organizational measures necessary to ensure the security of personal data and avoid their accidental or unlawful destruction, loss, alteration, processing or unauthorized access, given the state of the technology, the nature of the stored data and the risks to which they are exposed, whether they come from human action or from the physical or natural environment. The Data Controller selects and operates the IT equipment used to process personal data with respect to the contractual relationship in such a way that the processed data:

  1. is available to authorized persons (availability);

  2. authenticity and authentication are ensured (authenticity of data processing);

  3. integrity can be proven (integrity of data); and

  4. is protected against unauthorized access (confidentiality of data).

6.RIGHTS AND REMEDIES

    1. The Data Subject has a right to:

  • access the personal data: Upon the Data Subject’s request, the Data Controller supplies information about the Data Subject’s data processed by the Data Controller as data controller and/or processed by a data processor on the Data Controller’s behalf if any of the conditions stipulated in Article 15 of GDPR is fulfilled.

  • request the rectification of the personal data: The Data Controller rectifies the Data Subject’s personal data if such data is inaccurate or incomplete while the correct personal data is available to the Data Controller.

  • request the erasure of the personal data (right to be forgotten): The Data Controller erases any and all personal data if any of the conditions stipulated in Article 17 of GDPR is fulfilled.

  • restriction of processing: The Data Subject obtains from the Data Controller the limitation of the data processing if any of the conditions stipulated in Article 18 of GDPR is fulfilled.

  • data portability: The Data Subject receives the personal data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used and machine-readable format, if the processing is based on a consent or contract and it is carried out by automated means.

    1. The Data Controller provides information on action taken on the Data Subject’s request sent to the contract person specified in Section 1.6. without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, considering the complexity and number of the requests. The Data Controller informs the Data Subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the Data Subject makes the request by electronic means, the information will be provided by electronic means where possible, unless otherwise requested by the Data Subject. If the Data Controller does not act on the Data Subject’s request, the Data Controller will inform the Data Subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

    1. Data Subject’s right to remedy:

  • filing a complaint with the authority: Without prejudice to any other administrative or judicial remedy, Data Subject may, in the event of an infringement of his or her rights, file a complaint with relevant authorities.

  • filing a complaint with the court: Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with an authority, Data Subjects may have the right to an effective judicial remedy where he or she considers that his or her rights have been infringed as a result of the processing of his or her personal data in non-compliance with the data protection regulation.