PRIVACY POLICY
Effective from the 26 of october of 2021. Version 1.0.
Welcome!
This is the Privacy Policy (“Policy”) that will guide the relationship established between you (“users”) and Timpel through to the use of our website and related to your personal data and information that may be collected or created from this use.
This Policy explains, in a clear and accessible way, how your information and personal data will be collected, used, shared, and stored by our systems.
If you have any questions or if you need to talk about any subject related to this Policy, contact us through the e-mail timpelsecurity@timpelmedical.com.
This Policy is divided as shown to make it easily understood:
1 GLOSSARY
2 WHICH INFORMATION TIMPEL ACCESSES AND COLLECTS
In order for you to have access to the website and so that you can use and enjoy its functions, you will not need to previously register with the application.
The only user personal data collected are those referring to the contact form available at the page’s footnote and filled in by you, whatever it may be, name, e-mail, telephone, company, and contact message.
Regarding the information created when the user accesses the website, Timpel collects records of application access automatically, which include the IP address, with date and time, used to log in to Timpel’s website. These data are mandatorily collected, according to Article 6(1)f of the European General Data Protection Regulation (“GDPR”), but they will only be given to third parties if you authorize it, in case of a lawsuit or if other legal obligations require us to do so.
3 HOW WE USE YOUR INFORMATION
Every data and information about you are treated as confidential and we will only use it as far as admissible and for the purposes described in this document, mostly so that you can enjoy Timpel’s website to its fullest, always aiming at improving your user experience.
Therefore, we can use your data exclusively to:
Occasionally, we can use data for purposes not described in this Policy, but these will be within your legitimate expectations. The occasional use of your data for purposes that are not in compliance with this prerogative will only occur with your previous authorization.
All data collected will be erased from our servers as soon as you request it by means of a free and easy procedure, or whenever the data is no longer necessary or relevant for us to offer our services, except when there is any other reason to maintain them, such as any legal obligation to retain or need to preserve data for the protection of Timpel’s rights.
Your personal data and information will be retained for the period needed for the provision of services by Timpel and to meet the purposes described in this Privacy Policy, unless a different retention period is required or permitted by the applicable law. When we no longer need your information for administrative or legal reasons, we will erase it.
We will only retain your personal data for the reasonably necessary period of time considering the circumstances described in this Policy. The retention periods vary according to the data categories, considering legal and regulatory requirements, statute of limitations for legal proceedings, good practices, and the legal base on which we process your personal data.
4 INFORMATION SHARING
Timpel may, under the respective legal conditions, share all the information it accesses or collects with its affiliates, service providers, or other companies, or trustworthy people in Brazil or in the United States and the Netherlands. The transfer will only be done to countries or international organizations that ensure the appropriate degree of data protection.
Timpel reserves the right to provide your data and information, including your interactions, if requested to do so in court, an act required so that the company is following national laws, or if you expressly authorize.
Timpel may share aggregate information that are not personally identified or identifiable. For example, Timpel can publicly share anonymized information to show trends about the general use of our services.
5 HOLDERS’ RIGHTS
As a data subject, you can always choose not to disclose your data, but keep in mind that some data and information may be required for the use of some functions in our website, such as contacting you to see if you are interested in acquiring one of our products and services. Regardless, you will always have rights related to privacy and protection of your personal data.
Therefore, we summarized all the rights that you have under the GDPR, respectively, which you can exercise your rights before Timpel, which are:
It might be necessary to request your specific information to help us confirm your identity and ensure your right to access your personal data (or to exercise your rights). This is a security measure to ensure that your personal data are not disclosed to any person that does not have the right to access them. We can also contact you to obtain more information regarding your request in order to speed up our response. We try to reply to all requests within five (5) working days. Occasionally, it may take more than five (5) working days if your request is particularly complex or if you have made multiple requests. In this case, we will contact you and keep you updated about the progress of your request.
Requests that are repetitive, that require unproportionate technical effort (for example, development of a new system or a fundamental change of an existing practice), that put in jeopardy other users’ privacy, or that are impractical (for example, requests referring to information locates in backup systems) may be refused.
If you have any questions about these issues and about how you can exercise your rights, feel free to contact us through the e-mail: timpelsecurity@timpelmedical.com.
6 INFORMATION SECURITY
All your data are confidential and only those with the proper authorization can access them. Any use of these data must be in compliance with this Policy. Timpel will undertake all reasonable market efforts to ensure the security of our systems and of your data, employing technical and organizational measures capable of protecting personal data and information from non-authorized accesses and from situations of destruction, loss, alterations, communications, or diffusion of such data.
To ensure this security, we will adopt solutions that take into consideration the appropriate techniques; application costs; nature, scope, context, and purposes of the treatment; and risks to the user’s rights and liberties.
Your personal information will, whenever possible, be encrypted, if this does not hinder its use on the website. At any moment you can request a copy of your data stored in our systems. We will retain data and information only as long as they are necessary or relevant for the purposes described in his Policy, or in case of periods that have been pre-determined by law, or as long as they are needed for the maintenance of Timpel’s lawful interests.
Timpel considers your privacy something extremely important and will do whatever is in its power to protect it. However, we cannot ensure that all data and information about you in our platform and application will be free of unauthorized accesses. You may also protect your data before all Timpel channels, taking care to end the navigation in the platform properly.
Timpel agrees, still, to notify you within an appropriate time frame in case of any type of security breach of your personal data that may pose a high risk to your personal rights and liberties.
7 PRIVACY POLICY UPDATES
Timpel reserves the right to change this Policy as often as needed, aiming at providing more security and convenience to you and to improve your experience. That is why it is very important to access our Policy periodically. In order to facilitate the access to information, we indicate in the beginning of the document the last update date and Policy version.
By using the service after occasional changes, you agree with the new terms. If you disagree with any of the changes, you must present your opinion to the customer service immediately, if you wish to do so.
8 APPLICABLE LAWS
Moreover, to the extent applicable, this document is governed and must be interpreted by means of the GDPR. The GDPR applies to the processing of personal data (a) where the controller is established in the European Union, regardless of whether the processing takes place in the European Union or not; (b) where the data subjects are located in the European Union and the processing activities are related to (i) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the European Union; or (ii) the monitoring of their behaviour as far as their behaviour takes place within the European Union.