1. INTRODUCTION
At D.O.R.C. Dutch Ophthalmic Research Center (International) B.V., including our affiliates (jointly and separately referred to as DORC, our, us, we), we consider it important to process personal data in a careful, secure and transparent manner. In the context of our business activities, we may process your personal data. This Privacy Statement provides you with information about our use of personal data, our purpose for the processing your personal data, how we obtain your personal data, how long we retain your personal data, how we protect your personal data and what your rights are as a data subject towards us.

This Privacy Statement may be updated from time to time. When there is an update, we will inform you thereof in this Privacy Statement. We will notify you separately of any significant changes to this Privacy Statement.

The definitions as stated in the General Data Protection Regulation (EU 2016/679) Article 4 shall apply to this Privacy Statement, unless otherwise stated herein. When we refer to "devices" in this Privacy Statement, it refers to computers, smartphones, tablets and all other electronic devices via which you may use to visit our website.

 

2. TO WHOM DOES THIS PRIVACY STATEMENT APPLY?
In the context of our business activities, we may process personal data of the following categories of individuals:

i. Business contacts: this category includes any (former) customers or suppliers, prospects, or other business relations. 
ii. Website visitors: this category includes all individuals who visit our website(s).
iii. Visitors of our premises: this includes all individuals who visit our premises.
iv. Workers: this includes all persons who carry out work for us including but not limited to applicants, employees, temporary workers, seconded employees, self-employed workers, stagiaires, contractors.
v. Other persons: this category includes any other individuals of whom we also process personal data in the context of our business activities.

3. WHICH OF YOUR PERSONAL DATA DO WE PROCESS?
We may process the following information about you:

i. Business contacts and Workers:

• Your name, title, gender, job title, address, email address, (mobile) phone number, fax number.
• Company details.
• Financial details such as bank account information.
• Information in or derived from your communications with us (e.g. the content of email or telephone communications).
• If necessary, in case of any form of risk, information we gather by performing screenings.
• If necessary, due to guidelines of the Royal Military Police (KMAR), we process your license plate and ID number.
• If you are one of our sponsored surgeons, the information we need to book flights and hotels for you.
• Other personal data necessary to comply with an order of a competent authority, or a statutory obligation.
• Other personal data provided by you.


ii. Website visitors   

• Any personal data that you submit via our contact form, such as name, email address, company name, (mobile) phone number, address, country and information you provide in the message box.
• Any personal data that is processed via the cookies or other technologies similar to cookies, that are placed upon your device, when you use our website. Further details on our use of cookies are available below in this Privacy Statement. 
• Your IP address(es).
• If applicable, your personal user name and password to access our secured portal via our website.
• Your subscriptions to any newsletters, email updates and reports.


iii. Visitors of our premises    

• Visitor registration (your name, time of arrival and time of leaving)
• Video images via camera surveillance.
• Other personal data provided by you.

 iv. Other persons   

• Name, title, gender, address, email address and (mobile) phone number.
• If necessary, in case of any form of risk, information we gather by performing screenings.
• If necessary due to guidelines of the Royal Military Police (KMAR), your license plate and ID number.
• Other personal data provided by you. 

4. WHY DO WE COLLECT YOUR PERSONAL DATA?

We may process your personal data for the following purposes:
• To provide our products and services to you;
• To fulfill contractual obligations;
• To optimize our products and services;
• To maintain contact with you;
• To provide access to our premises, and for safety and security purposes;
• For (direct) marketing and promotional purposes;
• For screening purposes in case of any form of risk;
• To perform audits;
• To prevent and handle complaints, disputes and other legal matters; and/or
• To monitor and enforce company regulations and comply with statutory obligations.

5. OUR LEGAL GROUND(S) FOR USING YOUR PERSONAL DATA
We rely upon one or more of the following legal grounds for processing your personal data:
• Consent
You have given us your consent to process your personal data for one or more specific purposes. For example, we rely on this ground to send you our newsletter after you have given us your consent to do so. You can withdraw your consent at any time by contacting us or, in case of withdrawing from our newsletter, make use of the option to opt-out in any direct marketing email we send to you. If you withdraw your consent, this will not affect the lawfulness of our use of your personal data prior to your withdrawal.
• Performance of a contract
Processing is necessary for the performance of a contract to which you are a part off or in order to take steps at your request prior to entering into a contract. For example, when you are a sponsored surgeon, we will process your personal data to e.g. complete remuneration.
• Legal obligation
Processing is necessary for compliance with a legal obligation to which we are subject. For example, we may be required to process your personal data based on an order of a competent governmental authority. 
• Legitimate interests
Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of you. For example, we may rely on our legitimate interest to perform a screening as part of a due diligence.
 

6. HOW DO WE OBTAIN YOUR PERSONAL DATA?

In the context of our business activities, we may obtain your personal data from the following various sources:
• Directly from you;
• (Other) business contacts of us;
• Third parties engaged by us;
• Video recordings when you visit our premises; and/or
• Other third parties in incidental cases.

If we obtain your personal data elsewhere than from you directly, we will inform you thereof and from where the information’s are obtained.

7. HOW DO WE USE COOKIES?
Our website www.dorcglobal.com is managed by us in cooperation with the service providers Synetic and OneTrust. In so far as we collect your personal data using cookies, we process these personal data in accordance with this Privacy Statement.

7.1. What are cookies and what do they do?
Cookies are small files containing letters and numbers that are placed on your device when you visit our website. Because a cookie is stored on your device, the website server can recognize your device. Personal data that we process via cookies are for instance visited webpages, IP-addresses, cookie content, referrer URL, used peripheral equipment and software settings.

A cookie has a certain validity period which starts on the moment it is stored on the device you use and may be renewed by a new website visited by you. After the validity period has lapsed, the cookies will be deleted.

7.2. Accepting and changing cookie consent
Cookies that may impact your privacy and for which your consent is required by law, will only be placed on your device if you have provided us with your consent. Your cookie consent preferences are to be provided by you via our cookie banner that is shown at your (initial) visit to our website. You can always change your cookie consent preferences afterwards either via (a) our Cookie Settings or (b) by changing it in your browser settings. Please be referred to your browser provider for guidelines on how to make changes to your browser settings regarding cookies.

If you decide to block cookies, you may experience a loss of functionality of our website or your ability to access it. Furthermore, please note that it is not possible to retain your cookie settings between different browsers and devices, so you will need to manage these settings per browser and device that you use.

7.3. Categories on cookies we use
The following four categories of cookies may be used via our website:

i. necessary cookies;
ii. preference cookies (optional);
iii. statistics cookies (optional); and
iv. marketing cookies (optional).

Necessary cookies are essential for the proper layout and navigation of our website and for us to remember whether cookies have been allowed or refused by you. These are our own cookies and can only be read out by us. The data we collect via these cookies are not shared with third parties, except where there is a legal obligation for us to do so.

Preference cookies enable our website to remember information that changes the way our website behaves or looks, like your preferred language or the region that you are in. At the moment we do not make use of these type of cookies.

Statistic cookies help us understand how visitors interact with our website by collecting and reporting information anonymously whereas marketing cookies are used by us to track visitors across websites. We use this knowledge to improve our marketing activities and the quality, effectivity and user-friendliness of our website. To do this we use the service of Google Analytics (Google Inc.) that places cookies via our website. We have set the Google Analytics cookies to ‘privacy friendly’ so that we comply with the guidelines of the national data protection agency of the Netherlands. The means that your IP address is anonymized and the option for sharing data is disabled. This way these cookies only have a slight impact on your privacy, and they can therefore be placed without consent.

Marketing cookies will further enable us to place cookies when using our social media functionalities through our website. If you click on the LinkedIn button, it is possible that this social media provider place cookies from their own website. YouTube makes it possible for you to watch videos placed on our website and by the YouTube button access our dedicated YouTube page. YouTube will place cookies on your device if you have given your consent to marketing cookies. We have no say regarding these types of cookies relating to social medias, the data that is collected with these cookies and the objectives for which the social media providers use the cookies. We recommend that you check the relevant privacy statement or policy of the social media providers for this information. In view of the this, we cannot accept any responsibility or liability for these marketing cookies and how the relevant social media providers deal with the collected information.

Please also be referred to our Cookie Policy where you can find information about the purpose of the cookies, the validity period of the cookies and the categories of recipients. Our use of cookies is fully anonymized. Moreover, Google offers the option of disabling data collection within the framework of Google Analytics, by means of the Google Analytics Opt-out Browser Add-on. Click here to use this option and click here for more general information about how Google uses cookies and about Google’s privacy policy. We are not responsible for Google’s privacy and/or cookie policy.

Some of the cookies placed via our website are third-party cookies. These cookies are placed by the relevant third-party provider, as indicated in our Cookie Policy. We do not control the propagation of these cookies and we cannot block cookies from those providers placed via third-party websites. We also have limited knowledge and control over these cookies, the data recorded using these cookies, and the purposes these are used for. The third-party providers will use the gathered information for their own purposes. Please be referred to the relevant third-party cookie provider's website for more information about these cookies.

8. HOW LONG DO WE RETAIN YOUR PERSONAL DATA?
We retain the personal data that are collected in the context of our business activities for no longer than necessary for the purpose of the processing. This means in principle that:
a) we will process the personal data for no longer than needed for the purpose and for a maximum of two years after termination of our business relationship, if not agreed otherwise;
b) where the processing is based upon your consent, you may withdraw your consent at any time, and we will then no longer process your personal data, other than as far as necessary for DORC to demonstrate that the previous processing activities were based on valid consent. Your consent to cookies at our website will be deleted after 12 months;
c) we will keep the records of visitor registration for three months after your visit.

Please be referred to our Cookie Policy for information about the retention periods that apply to the cookies and similar technologies used via our website.

9. WHO WILL PROCESS YOUR PERSONAL DATA?
Your personal data may be processed by the following categories of parties:
• Persons authorized to do this and employed by DORC, who are involved in the processing of your personal data, on a need to know basis.
• Other partners, such as travel agencies. We may share your personal data with these partners, who will act as data controllers jointly with DORC or on their own.
• Persons authorized to do this and employed by or working on behalf of a data processor engaged by DORC, on a need-to-know basis. When we use services of a party who processes your personal data on our behalf, acting as a data processor, we have concluded appropriate data processor agreements in line with applicable data protection laws.
• Authorities if legally required, necessary to protect the data controller's rights, or in a health or safety emergency.

10. AUTOMATED DECISION-MAKING INCLUDING PROFILING
In the context of our business activities, no form of automated decision-making – including profiling – is used by us. Via our website, various cookies may be used.

11. HOW DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA?
We may transfer your personal data between DORC entities and to selected third parties. The DORC entities and selected third parties may be located outside of the Economic European Area (EEA). Where applicable, we have taken appropriate safeguards to secure the transfer of your personal data to a country located outside the EEA, if that country does not provide an adequate level of protection according to the applicable data protection laws, including standard contractual clauses approved by the European Commission. You can contact us if you would like to receive more information on the measures we have taken to safeguard your personal data in this respect.

12. HOW DO WE PROTECT YOUR PERSONAL DATA?
We are committed to ensure the protection of your personal data and privacy. In order to prevent unauthorized access or disclosure, we have put appropriate physical, technical and organizational measures in place to safeguard the information we collect and process. The IT security framework used within DORC is based on the ISO/IEC 27001:2017 information security standard. DORC is not ISO/IEC 27001:2017 certified.

13. WHAT ARE YOUR RIGHTS?
As a data subject, you have certain rights concerning our processing of your personal data, listed below:
• Request access to your personal data
You have the right to ask us if we are processing your personal data, and, if so, provide you with a copy of that personal data.
• Request correction of your personal data
You have the right to rectify your personal data, if you believe that the personal data, we have about you is incomplete or inaccurate. If we have shared your personal data with others, we will also inform them of the correction(s) where possible.
• Request erasure of your personal data
You have the right to ask us to delete or remove your personal data in some circumstances. If we have shared your personal data with others, we will inform them of the erasure where possible.
• Request to restrict our processing of your personal data
You have the right to ask us to block or suppress the processing of your personal data in certain circumstances, such as where you contest the accuracy of that personal data or you object to us processing your personal data. If we have shared your personal data with others, we will inform them of the restriction where possible.
• Request to exercise your right to data portability
You have the right to obtain personal data you have provided to us in a structured, commonly used and machine-readable format in certain circumstances. This way you can use your personal data elsewhere or you can also ask us to transfer your personal data to a third party.
• Object to the processing of your personal data
You have the right to ask us to stop processing your personal data, if we are relying on legitimate interests to process your personal data, except if we can demonstrate compelling legal grounds for processing.
• Withdraw your consent
You have the right to withdraw your consent, if we rely on your consent as a legal basis for the processing of your personal data. This will not affect the lawfulness of our prior processing of your personal data.
• Lodge a complaint with the supervisory authority
You have the right to lodge a complaint with your national supervisory authority, if you have a concern about the way we handle your personal data.

14. RELATED DORC DATA PRIVACY DOCUMENTS
The following DORC data privacy documents relate to this Policy (listed at random order):
•    Cookie Policy(to be found on our website)
•    Personal Data Protection Policy
•    Personal Data Retention Policy
•    Personal Data Retention Schedule
•    Data Subject Rights Response Procedure
•    Personal Data Breach Response and Notification Procedure
•    Personal Data Privacy Impact Assessment Procedure

15. OUR CONTACT DETAILS
Please contact us if you have any questions relating to this Privacy Statement via our online contact form that you can find on our website. Or you can contact us by one of the below means:
          
D.O.R.C. Dutch Ophthalmic Research Center (International) B.V.
Attn.: Data Protection Officer
Scheijdelveweg 2, 3214 VN Zuidland
The Netherlands

Tel. : +31-181-458080
Email : privacy@dorc.eu

Or if you wish to opt-out of future communications:

D.O.R.C. Dutch Ophthalmic Research Center (International) B.V.
Attn.: Marketing Department
Scheijdelveweg 2 3214 VN Zuidland
The Netherlands

Tel. : +31-181-458080
Email : sales@dorc.eu