This Policy informs you how Osimis processes your personal data collected in the context of the provision of its website (https://www.osimis.io/).
We could summarise this privacy policy as follows:
Osimis mainly processes your data for the preparation of quotations relating to our products and services, for the management of customer files, the management of supplier files or prospect files, to provide our customer and IT support, to carry out our commercial development (in particular through trade fairs and commercial events), to confirm an order, an appointment or other transactions to you, for the recruitment of personnel, for the improvement of the performance of its services (audience of our website, satisfaction surveys, ...), for the storage of photographs of you, processed mainly in the context of our internal and external communications (e.g. in the case of testimonials published on our website) as well as the implementation of technical and organisational measures for the security of your data;
Your personal data is normally held within the European Economic Area (EEA). Where we work with third parties who are located outside the EEA, we have provided the necessary safeguards to ensure that your data is adequately secured and that you can exercise your rights.
Osimis complies with the General Data Protection Regulation (known as GDPR). The chapters below describe in detail why Osimis uses your data, for how long, to whom we pass it on and what security measures are in place.
If you have any questions about this policy, you can contact us at the following email address gdpr@osimis.io.
The responsible for the processing of personal data is Osimis, a limited liability company under Belgian law, whose registered office is located at Quai Banning 6, 4000 Liège and which is registered with the Crossroads Bank for Enterprises under number BE 0637.982.658.
Osimis has appointed a data protection officer, who ensures compliance with the RGPD, provides advice and is the contact point for the data protection authority. He can be contacted for any question concerning the processing of your personal data via dpo@osimis.io.
Within the framework of its website, OSIMIS collects, depending on the case, the following personal data (i.e. information concerning an identified or identifiable individual):
Identification data, such as your name, first name, date of birth, place of birth, gender, age ...
Contact data (address, telephone, mobile phone, etc.)
Personal characteristics
Your professional activity
Financial data
Images (photos, videos)
Sound recordings (especially during video conference meetings)
Data on complaints, questions, remarks
Electronic identification data (IP addresses, cookies, etc.)
Osimis collects and uses your data for :
Specific, explicit, legitimate purposes, and will not use the data for further purposes that are not compatible with the original purposes.
The performance of a contract you have entered into with it, or for the performance of pre-contractual measures taken at your request.
Compliance with a legal obligation imposed on it.
For legitimate interests. In this case, we will check that your interests, freedoms and fundamental rights do not prevail over the interests of Osimis.
Osimis may use your data where you have given your consent. Where we process your data on the basis of your consent, you have the right to withdraw that consent at any time.
We process your data in accordance with the applicable legislation, in a manner that is adequate and limited to what is necessary for the intended purpose.
The purposes are as follows:
5.1. Commercial management and management of existing customers
Development and maintenance of Osimis commercial relationships with hospitals, AI suppliers, medical device suppliers. Preparation of quotations. Prospecting for new customers.Legal basis: execution of pre-contractual measures.Duration of data retention: for the duration of the (pre)contractual relationship.
5.2. IT assistance and support for our customers
Assistance, maintenance and support of our software solutions to ensure service levels (SLA) using incident and problem management methods.
Legal basis: performance of a contract.
Duration of data retention: for the duration of the contractual relationship unless otherwise instructed by the customer.
5.3. Security and IT management
Osimis deals with data and must therefore ensure that it is adequately secured. This includes, for example, monitoring of information systems, creation of communication traces, access logs, access management, backup management and archiving.
Legal basis :
Osimis legal obligation to protect data and to ensure adequate security of personal data.
legitimate interests of Osimis to protect all data.
Duration of data retention :
Communication and access traces are kept for 12 months.
The backup data follows a 6-month rotation cycle.
Logical access: until the end of the contractual relationship.
5.4. Financial and accounting management
Your data is used for invoicing the services offered, accounting and financial management.
Legal basis for this processing: performance of a service contract.
Data retention period: between 7 and 10 years depending on our legal obligations.
5.5. Recruitment management
Osimis processes your application data in order to meet its recruitment needs. Legal basis for this processing: execution of pre-contractual measures.
Data retention period: 1 year except in the case of disputes.
5.6. Litigation management
Osimis may in some cases have to deal with disputes.
Legal basis: legitimate interests of Osimis to manage disputes.
Data retention period: for the duration of the dispute.
5.7. Statistics, analysis and satisfaction surveys
Osimis analyses its performance, finances and internal processes in order to increase the quality and efficiency of its services. Osimis also conducts customer satisfaction surveys.
The legal basis :
For satisfaction surveys: consent.
For internal analysis, performance and statistics: legitimate interest.
The data that are subject to these analyses are anonymised prior to analysis or, if anonymisation is not possible, the data are pseudonymised.
Data retention period:
Data is kept for the duration of the analysis if it is no longer needed. Results are kept for 15 years.
The data from the satisfaction surveys are kept for 3 years, which is necessary to ensure the preservation of our ISO 13485 certification.
5.8. Managing information requests
Osimis handles your various information requests concerning: planning of demonstrations by video conference, collaborations with future partners or investors, ....
Legal basis: (pre)contractual performance.
Data retention period: Questions and answers are kept in our CRM system for 5 years for follow-up purposes.
5.9. Social media
Osimis uses social media (Facebook, Twitter, LinkedIn, YouTube) to transmit information. The general conditions of the providers of these social networks apply. Osimis will not publish photos, videos of you on social networks if you have not given your consent. Social networks are also used by Osimis to contact you in the context of customer prospecting and recruitment campaigns
Legal basis: consent for contact via social networks.
Data retention period: as appropriate and as communicated to you upon consent.
5.10. Use of cookies on our website
Osimis uses cookies. You can find more information in the cookie policy.
Depending on the processing we may share your data with :
The customer support team;
The IT support and development team;
The business team;
The management of Osimis;
External consultants;
IT systems and applications providers as well as providers of artificial intelligence components;
Our internal and external auditors (especially in the context of our certifications);
Web analysis tools, such as Google. You can find more information about this in our of cookies policy;
Third party service providers involved in the operation and maintenance of our information system (these service providers only have access to the personal data necessary for the performance of their tasks).
With your consent, we share data with :
Social media platforms;
Third parties for whom you have given your explicit consent to share your personal data with them (e.g. newsletters, brochures, satisfaction surveys).
Sometimes we are required to pass on personal data about you. This is the case when a law, a regulation or a legal procedure (such as a court decision) obliges us to do so, for example:
Law Enforcement Authorities in the event of a finding or suspicion that an offence has been committed against you in accordance with or as required by the applicable Law;
The courts and tribunals of the judicial order in the event of a dispute concerning you;
Government entities authorised to access and/or obtain your personal data in accordance with applicable law;
Our legal advisors and/or barristers, e.g. in connection with corporate reorganisations and litigation. In the event of a corporate reorganisation (e.g. mergers or acquisitions) or financing, we may transfer some of your personal data (in a format that prevents such data from being linked to you) to a third party involved in the transaction (e.g. a buyer or investor) in accordance with applicable data protection law.
In general we try as far as possible to store data within the European Economic Area (as is the case with our website), however some data may be transferred to servers outside the European Economic Area on our behalf and at our direction. By providing your personal data to Osimis, in particular by using its website, you consent to the transfer of such data abroad.
Where your data is transferred to a country outside the European Economic Area ("EEA"), and where the level of data protection in that country is not considered adequate by the European Commission, we will provide the necessary safeguards to protect your data (we use the European Commission's standard contractual clauses) with security measures to ensure that your data is adequately protected.
We undertake to reply within one month of receiving your request. For the deadline to start, the request must be complete. An application will never be considered complete without proof of your identity.
If you have a large or multiple application, this one-month period can be extended by a further two months.
To exercise your rights, you must contact our service via email gdpr@osimis.io.
8.1. Right to information
You have the right to receive clear, transparent and understandable information about how we use your personal data and how to exercise your rights. That is why we provide you with the most comprehensive information in this policy.
8.2. Right of access to your data
You have a right of access to the personal data we hold about you.
8.3. Right to rectification, limitation and deletion of your data
You have the right to request correction of your data if it is incorrect. You have the right to request the restriction of the processing of your data. This means asking to stop processing your data, but not to delete it. In some cases you have the right to request the deletion of your data except where we are subject to legal obligations.
8.4. Right to portability of your data
You have the right to receive the personal data you have provided to Osimis (processed by automated means), in a readable format where it is based on consent.
8.5. Right to object to the use of your data for other purposes
You have the right to object at any time, on grounds relating to your particular situation, to the use of your data where we are using it for our legitimate interest. We will then cease processing your data unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or where the data is necessary for the establishment, exercise or defence of legal claims.
8.6. Right to lodge a complaint with a supervisory authority
If you consider that the provisions of this policy are not being respected or if you have other reasons to complain about matters relating to the protection of your personal data, you may contact the Data Protection Authority directly (contact@apd-gba.be - Rue de la Presse 35, 1000 Brussels).
Your personal data are protected in particular:
Through organisational measures;
By logical access controls to our Information System;
By physical access controls to the premises;
By a security service;
Through backup systems;
Through the management and monitoring of computer traces;
Through encryption and pseudonymisation mechanisms;
Through redundant data centers;
Through strict contractual clauses with our subcontractors.
This policy may be updated by Osimis to better inform you about the processing of your personal data.
You can always find the latest version on the Osimis website.
Date of entry into force: may 16,2022
Update date: september 29 ,2022