Authentication Management Solution

MyProfile

Data Privacy Notice

1. We respect your privacy

We would like to inform you about the processing of your Personal Data as part of the MyProfile Authentication Management Solution .

Getinge AB, a limited liability company incorporated under the laws of Sweden under company registration number 556408-5032 with address at Lindholmspiren 7, SE-417 56 Gothenburg, Sweden. ("Getinge" or “we”) is the controller for the processing of your personal data as described in this Privacy Notice.

The protection of your personal data is of great importance to Getinge. Getinge will always process your personal data in accordance with applicable data protection laws and regulations.

If you have any questions, please contact Getinge’s data protection officer at data.protection@getinge.com.

2. Categories of personal data, purposes of the processing and legal basis

Getinge needs to base its processing of personal data on a legal basis in relation to each purpose of the processing. For example, a legal basis could be that the processing is necessary (a) for compliance with a legal obligation; (b) for the performance of a contract to which you are a party, or; (c) for the purposes of Getinge’s or a third party’s legitimate interests where such interests override your interests of having your personal data processed.

Getinge processes your personal data for the purpose specified below.

Purpose	Type of processing	Categories of personal data
The purpose of this processing activity is to enable Getinge to control and manage access to Getinge applications and solutions, improve security, manage permissions and roles, and gain better visibility into the number of users accessing our solutions. The registration process allows users to request access to applications or solutions via MyProfile using dedicated forms. Requests are then approved or rejected by application managers, and if access is granted, specific permissions are defined (limited access to all or part of an application or solution). The processing activity applies to external users (customers, distributors, business partners) who wish to access Getinge solutions. MyProfile collects and processes personal data for profile registration on the MyProfile website. MyProfile also uses this personal data for application performance (improvement and usage statistics).	Collection, processing	Categories of personal data processed: First name, last name, E-mail address - professional e-mail address preferred Company name, Country Telephone number – (Landline / mobile) - professional phone number preferred Fax number Mandatory fields necessary to ensure user identity unicity.

Purpose

Type of processing

Categories of personal data

The purpose of this processing activity is to enable Getinge to control and manage access to Getinge applications and solutions, improve security, manage permissions and roles, and gain better visibility into the number of users accessing our solutions. The registration process allows users to request access to applications or solutions via MyProfile using dedicated forms.

Requests are then approved or rejected by application managers, and if access is granted, specific permissions are defined (limited access to all or part of an application or solution).

The processing activity applies to external users (customers, distributors, business partners) who wish to access Getinge solutions. MyProfile collects and processes personal data for profile registration on the MyProfile website. MyProfile also uses this personal data for application performance (improvement and usage statistics).

Collection, processing

Categories of personal data processed:

*First name, last name,
*E-mail address - professional e-mail address preferred
*Company name, Country
Telephone number – (Landline / mobile) - professional phone number preferred
Fax number

*Mandatory fields necessary to ensure user identity unicity.

Legal basis	Retention period
This processing of your personal data is based on Getinge’s legitimate interest in being able to guarantee the security of its systems and solutions by controlling and managing requests, authorizations, roles and permissions.	Your personal data is kept into MyProfile as long as is necessary to provide you with an access to the applications. If an account is no longer used or deactivated, the personal data is kept in our systems during 5 years for security control purposes. Once this retention period has been reached, your personal data will be totally removed from our systems. If a user is deactivated in MyProfile, he or she no longer has access to applications provided by Getinge and third parties using MyProfile. If an account is not used (inactive) for at least 3 months, the user's password is automatically deactivated (the user no longer has access to MyProfile applications). The user concerned must request a password reset to reactivate the account.

Legal basis

Retention period

This processing of your personal data is based on Getinge’s legitimate interest in being able to guarantee the security of its systems and solutions by controlling and managing requests, authorizations, roles and permissions.

Your personal data is kept into MyProfile as long as is necessary to provide you with an access to the applications.

If an account is no longer used or deactivated, the personal data is kept in our systems during 5 years for security control purposes.

Once this retention period has been reached, your personal data will be totally removed from our systems.

If a user is deactivated in MyProfile, he or she no longer has access to applications provided by Getinge and third parties using MyProfile. If an account is not used (inactive) for at least 3 months, the user's password is automatically deactivated (the user no longer has access to MyProfile applications).

The user concerned must request a password reset to reactivate the account.

If necessary, Getinge will process personal data for the establishment, exercise and/or defense of legal claims. In such case, the data will be kept until the legal claim is finally settled and thereafter for the statute of limitation period. This processing is based on Getinge’s legitimate interest to establish, exercise and defend legal claims.

3. From where is your personal data collected?

Your personal data is directly collected from you or may be collected by an application manager on your behalf.

4. With whom does Getinge share your personal data?

In order to fulfill the purposes of the processing, Getinge may, if necessary, share your personal data with the following recipients:

Data shared internally within the Group (Getinge recipient)

Company managers/owners
- To manage user profiles (activation/deactivation)
Application managers/owners (of their related apps)
- To manage user permissions and roles
MyProfile admins (Getinge Support teams)
- To administrate the overall MyProfile application.

Your personal data may also be shared with courts and authorities for the purposes described above.

5. Will Getinge transfer your personal data outside the EU/EEA?

Getinge will not transfer your personal data to countries outside the EU/EEA.

6. Your rights

Below you will find a summary of rights that may apply. You may ask questions about how your personal data is processed as well as exercise your rights free of charge by using the Data Subject request form

Please note that Getinge will assess in each single case if a request to exercise your rights is valid. The below rights are not absolute and exceptions may apply.

Right to access
You have the right to obtain a copy of your personal data undergoing processing and to receive additional information about the processing.
Right to rectification
You have the right to obtain rectification if your personal data should be inaccurate or have your personal data completed if it is incomplete.
Right to erasure
You have the right to request that Getinge erases your personal data if one of the following applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you make a valid objection to the processing of your personal data;
- the personal data have been unlawfully processed; or
- the personal data have to be erased for compliance with a legal obligation.
Right to restriction
You have the right to request restriction of processing where one of the following applies:
- the accuracy of the personal data is contested;
- the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead;
- Getinge no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; or
- you have objected to the processing and the objection is awaiting to be verified.
Right to data portability
Under certain circumstances you have the right to extract your personal data in a machine-readable format or transmit it to another controller.
Right to object
You have the right to object to the processing of your personal data at any time if the processing is based on Getinge’s legitimate interest.

In addition to the above, you always have the right to lodge a complaint to the supervisory authority regarding the processing of your personal data.