BioMed Realty, L.P. / E.U.-U.S. Privacy Shield Policy
The Company is a transnational business headquartered in the United States. Our management structure and business processes cross borders. Some of our technological systems and databases are shared between our U.S. and European offices. This means that our customer and employee data is transferred across borders.
The Company and each of its subsidiaries that may from time to time handle personal information collected from individuals located within European Union member countries comply with the E.U.-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, onward transfer, and retention of personal information from European Union member countries to the United States. The Company has certified to the Department of Commerce that it adheres to the E.U.-U.S. Privacy Shield Principles of:
- Accountability for onward transfer
- Data integrity and purposes limitation
- Recourse, enforcement and liability
The Company is under the jurisdiction as well as the investigatory and enforcement powers of the U.S.Federal Trade Commission for the purposes of the E.U.- U.S.Privacy Shield Framework.
This policy applies to all information collected by the Company from which an individual can be identified ("Personal Information"). The Personal Information we collect includes the employee information described below, as well as certain information including names, email addresses, mailing and billing addresses, and telephone and fax numbers collected from customers, potential customers and end users of our products and services for sales, marketing, order fulfilment and order delivery purposes. Additionally, in our section on Online Information, we also discuss how we gather and use all information gathered online even if it is not Personal Information. The Company will not deviate from this policy even if applicable national laws are less stringent than this policy.
Excluding our employee information discussed below, we collect, process and use your Personal Information only as a part of our business relationship with you and your company, including contract and billing administration; delivering products and services; fulfilling our business obligations to our customers and resellers; communicating with customers and potential customers about marketing and technical information concerning our products and services; notifying our customers and potential customers regarding product launches and important events related to the Company; and other related business activities of which you are informed at the time your Personal Information is collected or as soon thereafter as practicable. The Company only collects personally identifiable information about individuals when such individuals specifically provide such information to us on a voluntary basis, or while requesting information on our products or services. We may disclose Personal Information to our agents, resellers and business partners, or to protect and defend the Company’s rights or property. The Company must reply to lawful requests from public authorities, including meeting national security or law enforcement requirements, for disclosure of Personal Information.
The Company does not sell, lease or rent Personal Information to third parties.
In general, you may visit our websites without providing any Personal Information. You may, however, choose to provide us with Personal Information by completing online forms. At the time of collection, we will inform you of how your Personal Information will be used; apart from such uses, the Company will only use your Personal Information in accordance with the terms of this policy.
Cookies are small files that a site transfers to your computer's hard drive through your web browser(if you allow it) that enables it to recognize your browser and capture and remember certain information.A cookie cannot read data off your hard drive or read cookie files created by other sites.Cookies may do things like allow you to navigate faster through the site, remember your preferences and passwords, and generally improve the user experience.You can turn off the ability to receive cookies by adjusting your browser settings; please note that, if you do so, you may affect the functionality of the website and the information you can access through it.
We collect employee information from prospective and present employees only for legitimate business purposes, including:
- Managing and operating the Company and its functions and activities,
- Communicating with employees, including conducting employee surveys,
- Maintaining a global directory,
- Carrying out obligations under employment contracts and employment, tax and benefits laws, and in connection with other working relationships or arrangements,
- Developing training programs,
- Recruiting and hiring job applicants,
- Assessing qualifications and performance,
- Performing background checks and verifying references, where applicable,
- Managing employee performance,
- Determining employee compensation or payment,
- Managing the employee termination process, and
- Performing other human resources purposes.
Our E.U. employees, at the time of their employment, are notified in detail how their Personal Information will be used. Employee information on health, performance evaluations and disciplinary actions and other sensitive employee matters, whether stored manually or electronically, are accessible by other Company employees only if necessary with respect to legitimate human resource functions or issues. The Company will obtain affirmative consent from an employee before using such employee’s Personal Information for any purpose other than as described above. Employees may decline to provide this consent, and employees may withdraw their consent at any time.
For legitimate human resources purposes, employees may choose to voluntarily disclose Personal Information about family members. If our employees choose to do so, their family members’ Personal Information will be treated, for the purposes of this policy, the same as the employee’s Personal Information. Employee Personal Information is never sold, leased or rented to any third party. Employee Personal Information will never be disclosed to third parties, except as follows:
- To those retained by the Company as agents for the purposes set forth in the paragraph above,
- Where required pursuant to applicable law or regulation, or government or judicial order, or to protect the Company’s rights or property,
- Where authorised in writing by the employee, and
- Where the employee voluntarily provides Personal Information and the context makes it clear such information will be provided to a third party.
Where personal data is transferred from the E.U. to the U.S. in the context of the employment relationship, we will cooperate in investigations by and to comply with the advice of the competent E.U. authorities.
We will always give you an opportunity to choose opt-out before your Personal Information is (a) disclosed to a third party (other than a Company agent doing work at our direction) or (b) to be used for a purpose that is materially different than that for which it was originally collected or subsequently authorised by you. Although we do not ever anticipate providing sensitive Personal Information, such as employee health information, to a non-agent third party or using it for a purpose other than that for which it was collected, we will never do so without first allowing the individual involved to affirmatively and expressly consent (opt-in) to such transfer or use. The only exception for both sensitive and non-sensitive Personal Information would be when we are required to disclose your Personal Information pursuant to applicable law or regulation, government or judicial order, orto meet other national security or law enforcement requirements.
At a minimum, you will always be able to opt-out of receiving marketing materials from the Company. If we determine that applicable law requires that more stringent requirements (opt-in) be applied before you receive marketing material or other communications from us, we will implement the same.
Accountability for Onward Transfer
We will not transfer Personal Information originating in the E.U. to third parties unless such third parties have agreed to provide at least the same level of privacy protection to your Personal Information as required by the of the Privacy Shield Principles. We will only transfer data to our agents, resellers or third party service providers (such as accountants, attorneys, consultants and other service providers) who need the information in order to provide services or to perform activities on behalf of the Company, including in connection with the delivery of services or products, BioMed Realty’s management, or legal responsibilities. We acknowledge our liability for such data transfers to third parties.
To protect Personal Information collected and stored by the Company, we have in place reasonable and appropriate technical and operational security measures to prevent Personal Information from loss, misuse, unauthorised access, disclosure, alteration and destruction.
Data Integrity and Purpose Limitation
We will only collect and retain Personal Information that is relevant to the purposes for which the information is collected, and we will not use it in a way that is incompatible with such purposes unless such use has been subsequently authorised by you. We will take reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete and current. We may occasionally contact you to determine that your data is still accurate and current.
You have the right to access personal data relating to you. If you wish to access, amend or confirm that the Company has personal data relating to you, or if you wish to correct or delete your Personal Information if it is inaccurate, please notify HR at Janice.Kameir@biomedrealty.com or at 858-207-5896. We will respond to your request within a reasonable time.
Employees may review their personal files and any Personal Information concerning them by emailing Janice.Kameir@biomedrealty.com
Recourse, Enforcement and Liability
Since we are committed to protecting your privacy as set forth in this policy, if you think we are not in compliance with our policy or if you have any question or wish to take any other action concerning this policy or your Personal Information, we encourage you to contact IT at David.Hsiao@biomedrealty.com or call 858-207-5956. We will investigate any complaint, take appropriate action and report back to you within 45 days.
If the Personal Information in question was transferred from the E.U. to the U. S. and you are not satisfied with our response, the Company has agreed to participate in the dispute resolution procedures of the panel established by the E.U. data protection authorities (DPAs) to resolve disputes pursuant to the Privacy Shield Principles. A resident of the E.U. whose enquiry has not been satisfactorily addressed may contact the DPA panel or individual DPA using the information provided at http://ec.europa.eu/justice/data-protection/bodies/authorities/third-countries/index_en.htm to resolve disputes pursuant to the Privacy Shield Principles.
The Company commits to cooperate with the DPAs and comply with the advice given by such authorities with regard to human resources data transferred from the E.U. in the context of the employment relationship.
Finally, as a last resort and in limited situations, E.U. individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.\n\nThe services of the DPA panel are provided at no cost to you.
Limitation on Application of Privacy Shield Principles
Adherence by the Company to the Privacy Shield Principles may be limited to the extent (a) required to respond to a legal or ethical obligation, (b) necessary to meet national security, public interest or law enforcement obligations, (c) expressly permitted by an applicable law, rule or regulation and (d) that the Company has limited or no control over the actions of the individuals who have provided information.
Questions or comments regarding this policy should be submitted to the Company by email to David.Hsiao@biomedrealty.com or by mail to BioMed Realty, L.P., 4570 Executive Drive, Suite 400, San Diego, CA 92121, U.S.A.
Changes to this Policy
This policy may be amended from time to time, consistent with the requirements of the Privacy Shield Principles. A notice will be posted on the the Company's website(www.biomedrealty.com) for 60 days whenever this policy is changed in a material way.
Effective Date: 9 / 5 / 2018