1. Introduction
This privacy policy explains how we handle your personal data when you visit our website, www.rspsystems.com, or engage with us by applying for jobs, writing emails to company addresses or signing up to our newsletter, and other business collaboration that requires us to process your personal data.
When you engage with us, we may gather personal data about you. This privacy policy will inform you of the processes in which we gather personal data, the categories of personal data gathered, how they are processed, and when they are deleted. Furthermore, it will describe whom we share your data with, as well as your rights in this regard.
If you have any questions about this privacy policy or want to exercise your rights, you can contact us at:
RSP Systems A/S
Sivlandvænget 27C
DK 5260 Odense S
+45 7199 2818
gdpr@rspsystems.com
2. What personal data do we collect and for which purposes?
We collect personal data about you when you engage in the business-related processes that are explained in the following sections.
Our purpose for collecting your personal data is to verify your identity, deliver our newsletter, or other services you may have requested, as well as to improve, test and develop our website and our devices. We also collect your personal data during recruiting processes and where it is required or permitted by law for us to do so.
2.1 Website
When you visit our website, we may collect personal data such as information about your behavior on our site and other relevant contact information for us to respond to any request that you may make through our website.
Through the collection of such information, we can detect how visitors use our website, which allows us to ensure that we provide the best service possible through the website.
Our website contains cookies. Please see our cookie policy (EU version) for further information on this subject.
2.2 Job Applications
Job applications should be sent to jobs@rspsystems.com exclusively for the correct handling of any personal data.
If you apply for a job at our company, we will collect the personal data you include, such as:
- Name
- Contact information, i.e., phone number, address, e-mail address,
- CV, education, employment history etc. that you may provide us with
If any application documents contain Social Security number, they will be whited out before the documents are saved.
We use the personal data to assess your suitability for the position in question, and communicate with you regarding the specific job application.
If deemed relevant, RSP Systems may request permission from you to contact former employers along with the relevant contact information of these and will only do so with you consent.
We store all applications for a maximum period of 4 months after having received these. At the expiration of the 4-month period, we delete the applications. If we wish to store your application for a longer period, we will ask for your written consent. If we do not hear from you in due time, we will delete your application at the 4-month mark.
RSP Systems makes use of third-party suppliers for the processing of certain data, e.g., recruitment agencies or for tests applicants may take. The parties in question process data solely on our behalf, based on instructions and contracts, and must not use data for their own purposes.
If a recruitment agency is involved in the recruitment process, it will be clearly stated in the job advertisement that all applications must be sent to them if an interested party wishes to apply. If the decision to engage a recruitment agency is taken at a later stage, all applicants will be informed, and their permission requested before their application is sent to the recruitment agency.
The recruitment agency may store all applications for a maximum of 6 months.
2.3 CVs collected as a part of clinical study conduct
To comply with GCP (Good Clinical Practice), MDR (Medical Device Reporting) and ISO 14155, we store investigators’ CVs for documentation. Access is highly restricted, and all processing comply with MDR and ISO 14155, including deletion.
2.4 Emails and business cards
When you send an email or give a business card to an employee at RSP Systems, we receive personal data such as your name, job title and email address. As the information is freely given, we consider it a consent for us to process the data due to a balance of interest within two different purposes:
- Business Collaboration: We process this data solely for business collaboration and to document communication. The data may be shared internally if deemed relevant, but onlygeneral personal data and for business collaboration only. Never sensitive data or for different purposes.
- Customer Inquiries: As this data may be sensitive, these emails are never shared, unless anonymized or if specific consent is given.
If the email contains sensitive data e.g., health information, the email is deleted immediately following reply.
2.5 Business Collaboration
When RSP Systems is collaborating or considering collaboration with other companies, we administer strictly business-related contact information. We process the names, work titles, work email addresses and work phone numbers of the company representatives in the interest of potential or ongoing collaboration and partnership. The legal basis for our processing is the GDPR, article 6, clause 1f: “legitimate interest”.
Only relevant employees have access, and all information is reviewed when entered to ensure due diligence concerning data minimization and accuracy.
When we enter into collaboration with companies and consultants, we gather the necessary information to uphold this collaboration including information needed for payment. The legal basis for our processing is either contract or legitimate interest depending on the collaboration.
In the case of sole proprietorships payment necessitates processing of sensitive personal information such as bank information and social security numbers. This information is only stored in our payroll system which has highly restricted access.
According to the Danish Accounting Act (Bogføringsloven), we are required to store social security numbers for 5 years after last payment. All other sensitive personal information is deleted when collaboration ends.
2.6 Focus Groups and Usability Studies
For the purpose of testing and further developing our device, focus groups and usability studies are performed with voluntary participants.
If you sign up to participate in a focus group or a usability study, we will collect your name, your e-mail address, other relevant contact information and your date of birth.
Personal data collected in connection hereto will exclusively be processed for the purpose of recruiting participants to focus groups and usability studies.
If you sign up to participate in a focus group or a usability study, you will also be asked to provide us with your explicit written consent to the processing of genetic data and data concerning health. You may only participate in a focus group or usability study if such consent is obtained. The consent form contains further information on the usage and retention of the personal data collected.
3. Who do we share personal data with and where do we transfer data to?
We make use of third-party suppliers for storage and processing of certain data, as well as sharing personal data with recruitment agencies, investigators, newsletter delivery systems and other relevant third parties. The parties in question process data solely under our instructions and contracts for corporations as well as Data Processor Agreements and may not use data for their own purposes.
To fulfill your requests, develop our device and conduct tests and trials, we may need to transfer your personal data outside the jurisdiction in which you provide it and thus also to entities countries outside the EU/EEA. All such entities have entered into agreements based on the Data Privacy Framework or other relevant standards to ensure that we comply with our legal obligation to have a lawful basis for transferring personal data.
3.1 Confidentiality and Security
To keep your personal data confidential and secure, thus we have implemented appropriate safeguards, policies, and technical measures to protect your personal data.
All employees, consultants, investigators, and partners, who have access to or are associated with the processing of personal data, are obliged to process all personal data according to the appropriate level of sensitivity and confidentiality.
4. Complaints and Rights
You have certain rights in relation to the personal data we process about you. You are entitled to:
- access your personal data or be provided with a copy thereof,
- rectification of personal data, if it is inaccurate or incomplete,
- erasure of personal data, unless we are required by law to keep it,
- restrict the processing of personal data (under certain circumstances),
- data portability,
- object to the processing of your personal data,
- withdraw your consent, and
- lodge a complaint with the Danish Data Protection Agency or any other relevant supervisory authority.
If you wish to exercise your rights, please contact us gdpr@rspsystems.com