Hanita is committed to protecting the privacy of all individuals in respect of whom we hold any personal data, regardless of whether those persons are customers, potential customers, business partners or otherwise and regardless of how we have come to possess the personal data.
Hanita will ensure that all personal data that you submit to us, or which we collect, via various channels, including without limit via your interaction with our website, through written correspondence (including e-mail) and from our distributors, doctors and hospitals, is only used for the purposes set out in this policy and that it shall be held and stored safely and in compliance with the applicable laws.
What is Personal Data?
Our policy is not to require or to receive any information relating to any person’s health, including data relating to dimensions of your eyes and lens requirements or any other information that Israeli law or the GDPR considers to be sensitive or in a special category (“Sensitive Data“), unless that information has been anonymized before being sent to us so that we cannot identify to whom the information relates.
Any Sensitive Data that we identify in our systems will be anonymized so that we cannot connect it to you (“Anonymized Data“) and we will purge all Sensitive Data that we receive or find on our systems at any time.
We will also ensure that we receive no Sensitive Data from clinical trials conducted on our behalf other than where it has been anonymized by the institution conducting the trials or it has been converted into aggregated statistics in which the Sensitive Data relating specifically to an identifiable individual cannot be ascertained.
How We Collect Personal Data
We generally collect personal data from you in the following ways:
- You may be required to complete a form on our website or landing pages in order to receive a service such as a newsletter or in order to receive information and promotional material about products. The form will request personal data from you. This is usually limited to first name, last name and email address or other appropriate contact details.
- You may complete the contact form on our website, requesting us to make contact with you. This form also requires that you provide us with your name and email address and also a phone number and a message. Depending on the nature of your message, it might also include personal data about yourself or about somebody else. Please do not include in your message any Sensitive Data or any personal data of any kind about any other person unless you have their express and fully informed written permission to do so. If you wish to discuss Sensitive Data with us, then state this in the form, but do not provide the Sensitive Data to us through the form. Please note that if we receive from you any personal data relating to somebody else, then we will inform that person that we have received their personal data, specifying the type of personal data and the fact that we received that personal data from you.
- You may provide us with the personal data in your interactions with us through our social media pages, such as on Facebook, LinkedIn, Instagram and Google and others .
- We may have exchanged personal data from you at a trade show, meeting or similar types of events.
- When you order products from us, you will provide us with an address for delivery and details of credit cards or other relevant payment methods.
- We obtain certain information when your web browser accesses our website including your IP address, browser type, operating system, mobile network data, pages viewed and access times.
- You may have approached us directly by email or otherwise in connection with interest in our products or for business purposes and in the course of the communications provided us with personal data. Please ensure that these communications do not contain Sensitive Data of any person unless it is Anonymized Data.
- You may be participating in a clinical trial for our products that is being run for us. In this case, you will provide your contact details and other personal data that will include Sensitive Data to the clinic or hospital running the clinical trial. We will receive from the institution only personal data that is not Sensitive Data, though we will receive a report and results of the clinical trials in which Sensitive Data will have been anonymized and aggregated for statistical purposes. In such cases, all Sensitive Data is provided by you directly to the clinic or hospital and the clinic or hospital is responsible for holding, controlling, processing and securing your Sensitive Data as the Data Controller of that Sensitive Data and we take no responsibility for the control and processing of the Sensitive Date.
We collect statistical information regarding use of our website. This includes information about your browsing actions and patterns on the website, which we may use in order to provide you with a more personal experience. We also aggregate all statistical information regarding the browsing actions and patterns of all visitors to our website and this aggregated statistical information does not identify you.
How we Process your Personal data
“Processing” personal data means performing any operation or set of operations on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of the personal data.
The personal data that you provide to us or that we receive from other sources will be kept confidential. We will only hold, use and disclose your personal data in a manner that is fully compliant with Israeli law and the GDPR and in accordance with our legitimate business purposes, which include:
- If you conduct or may conduct business with Hanita, for example you are a Hanita distributor, sales representative, agent, hospital, doctor or other health care worker, then we will only use your personal data as is specifically required in order to communicate with you in connection with the relevant business. This might include:
- promoting new products and services to you
- responding to inquiries
- providing offers
- making introductions to other relevant persons
- advise you of news and industry updates
- advise you of events and promotions
- other relevant business correspondence
- delivering products you have ordered
- for our internal business purposes, developing new products, enhancing the website, improving our services, identifying usage trends and visiting patterns, determining the effectiveness of our promotions, evaluating third party performance (such as distributors and health care workers) and meeting contractual obligations
- administrative purposes, such as sending you important information regarding our website, changes to our terms of business or policies, or other administrative information.
- To provide you with services that you may have specifically ordered from our website or from a trade show or from any other form of communication, such as newsletters and direct mailing campaigns. We will ensure that you only receive the services in connection with the specific form you completed or in connection with the specific approval that we received from you. On any occasion that we send to you a newsletter or other direct mail campaign communication that is addressed to an email address that is connected specifically to you (even if a work email address), then we will include with it an easy to identify process to opt out of receiving similar future communications (e.g. checking an appropriate opt out box).
- To release personal data to regulatory or law enforcement agencies, if we are required or permitted to do so.
- If we receive any Sensitive Data, then our sole use of that data will be to anonymize it, where possible and to delete it from our systems.
We will not process your personal data for any other reason than those stated above, unless we first receive your express prior written consent or we are legally required to. The legal basis for processing your personal data is made up of one or more of the following reasons:
- Your consent.
- Providing our goods and services and conducting our business in the manner that we described above.
- Compliance with applicable laws, regulations or other legal process. If we process your personal data in order to comply with a law, regulation or other legal process, then we will notify you of this in writing.
- The processing is necessary for the purposes of our (or a third party’s) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your personal data protected.
How we share your Personal data
As Hanita personnel are generally located in Israel, when they access the personal data from the third party servers, the personal data is effectively also transferred out of the EU to Israel and part or all of that personal data may be stored in Israel, such as when it is downloaded onto the Hanita employee’s hard drive.
New business owners
If we or our business merges with or is acquired by another business or company, we will share your personal data with the new owners of the business or company and their advisors. If this happens, we will notify you of such event in advance, subject to restrictions in transferring commercially sensitive information.
How long we will hold your information
To the extent permissible by applicable law, we will retain your personal data for such period plus 12 further months as is necessary to satisfy or to fulfill the following:
- the purposes for which that personal data was provided;
- an identifiable and ongoing business need, including record keeping;
- a requirement to retain records that may be relevant to any notified regulatory investigations or active legal proceedings;
- comply with any applicable law, regulation, legal process, including, without limitation, court orders and/or compulsory disclosures required by governmental authorities;
- fulfill legitimate interests of Hanita that are not outweighed by your right to privacy.
- to make our website easier for you to use
- to help stop our online-forms from being used to send spam-email
- to monitor usage so we can spot trends and make improvements
- to identify individuals
- to store personal information
We have put in place reasonable administrative, organizational and technical safeguards and security measures to protect personal data from unauthorized access, disclosure, destruction or alteration, accidental loss, misuse or damage. We regularly review and monitor such safeguards and security measures and update them when we deem it to be required. However, no measures can provide an absolute guarantee against unauthorized access.
You should understand that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data while it is being transmitted to our website or sent to us by email via third party networks. Once we have received your information, we will use the procedures and security features described above to reduce the possibility of unauthorized access.
Your Rights in Connection with Your Personal Data Held by Us.
You have certain rights in relation to personal data about you that we hold. Details of these rights and how to exercise them are set out below. We will require evidence of your identity before we are able to act on any request with respect to exercising any rights. For convenience, please address any requests to us regarding your rights below by email to [email protected]
Right of Access
You have the right at any time to ask us for a copy of the personal data about you that we hold. Israeli law and GDPR provides certain instances where we may refuse your request for a copy of your personal data, or certain parts of the personal data that we hold. If we refuse your request or any element of it, we will provide you with our written reasons for doing so as soon as possible.
Right of Correction or Completion
If personal data we hold about you is not accurate, out of date or incomplete, you have a right to have the data rectified, updated or completed.
Right of Erasure
You have the right to request that personal data we hold about you is erased if:
- your personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
- you wish to withdraw your consent on which the processing of your personal data was based and there is no other basis justifying such processing;
- you consider and can establish that your personal data has been unlawfully processed; or
- your personal data must be deleted in accordance with a legal obligation.
Right to object to or restrict processing
You have the right to object to our processing of your personal data and you also have the right to object to use of your personal data for direct marketing purposes.
Right of Data Portability
You have a right to receive any personal data that we hold about you in a structured, commonly used and machine-readable format, provided that:
- the personal data is data that you have provided to us previously; and
- the personal data is processed by us using automated means.
Please note that if you are requesting the personal data to be transferred to a third party’s system, we cannot guarantee technical compatibility with that system.
To the extent that we are processing your personal data based on your consent, you have the right to withdraw your consent at any time.
If you are unhappy about our use of your personal data, please do notify us, providing the reasons and we will endeavor to rectify the problem.
You may address any complaints to our representative ([email protected]).
If you are based in the EU, you may also lodge a complaint with any Data Protecton Authority set up to supervise and enforce the GDPR (“DPA“). There is a DPA in each EU member state and you may report to any DPA, although generally you will report to the DPA set up in the member state in which you are located. Here is a list of all DPAs and their contact details: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm However, we do take your rights with respect to your personal data very seriously and will appreciate the chance to resolve any issues that you may have before you address a DPA.
Further Information on Data Protection and Personal Privacy
If you have any further inquiries or if you would like to contact us about our processing of your personal data, including exercising your rights as outlined above, please contact us by email. You may contact our representative by email at [email protected]
If and when you contact us, we will ask you to verify your identity.