LOGEX Privacy Statement Global

01 Introduction
02 Which types of personal data do we process and for which purposes?
03 How long do we keep your data?
04 With whom do we share your data?
05 How do we protect your data?
06 What are your rights?
07 Links to other websites
08 Cookies
09 Changes to this Privacy Statement
10 Contact

01 Introduction

This Privacy Statement sets out how LOGEX International Healthcare Analytics B.V. and its group companies use and protect any personal data of the visitors to its website, (prospective) customers, its (future) suppliers, and job applicants (“you“).

The processing of personal data relating to our employees and other internal staff is addressed in a separate employee privacy statement.

Reference in this statement to “LOGEX”, “we” or “us” shall mean LOGEX International Healthcare Analytics B.V. and any of its group companies.

Below we explain what personal data we process as the data controller and how we ensure that your personal data is collected and processed in accordance with applicable data protection laws, including the EU General Data Protection Regulation (Regulation (EU) 2016/679) and, where applicable, the UK General Data Protection Regulation as incorporated into UK law under the Data Protection Act 2018 (“UK GDPR”).

Please note that this Privacy Statement does not apply to our processing of personal data as a data processor on behalf of our customers. If you want more information about that, you can contact us at info@logex.com and we would be happy to answer any questions you may have.

For purposes of this Privacy Statement, “personal data” means any information that relates to you and identifies you personally, either alone or in combination with other information available to us.

We process personal data only where we have a lawful basis under the GDPR. Depending on the context, processing may be necessary to perform a contract or to take steps at your request prior to entering into a contract, to comply with a legal obligation, or for our legitimate interests, provided that such interests are not overridden by your interests or fundamental rights and freedoms. Where required, we rely on your consent, which can be withdrawn at any time.

Where more than one lawful basis may apply, the applicable legal basis depends on the specific processing activity and the context of our relationship with you. Further information about the lawful basis applicable to a particular processing activity can be obtained by contacting us using the details below.

Our legitimate interests typically include responding to enquiries, maintaining and managing business relationships, improving our services, ensuring information security, preventing misuse and protecting or exercising our legal rights.

Via our website you can contact us or request that we contact you by filling out a form. Through this form we collect the information you provide, including your name, company, contact details (such as email address and phone number) and any additional information you choose to include.

You can also contact us by phone or email using the contact details listed on our website. In that case, we process your name, company and any information necessary to respond to your enquiry.

We use this data to answer your questions, comments or complaints, to follow up with you and to manage our business communications.

Legal basis: taking steps at your request and/or performance of a contract; and our legitimate interests in communication, service improvement and business administration.

If you are a customer or supplier, we process limited personal data in the context of our business relationship, such as contact details, role information and, where applicable, payment or billing details.

If you use our customer portal, we process the information you provide during registration, such as your name, company, email address, phone number, job title, username and password. We also log portal usage, support requests and interactions for functional, security and support purposes.

We may use your business contact details to keep you informed about our products and services and, where applicable, to send newsletters or other communications.

Legal basis: performance of a contract; compliance with legal obligations (such as accounting and tax law); and our legitimate interests in business operations, customer support, security and service improvement.

When you apply for a job or traineeship via our website you will be asked to provide certain personal information such as your CV, diplomas and your marks. If you provide us with a link to your LinkedIn profile, we will also add the profile information to your application. You may be asked to provide further information in follow-up correspondence with us.

In some cases we process data about you from other sources, for example information from the references you provide. We also process information about how you go through the application process, such as the interview partners you receive and their impressions and evaluations of you.

For some vacancies, we use third parties, such as head hunters and recruitment companies, to find suitable candidates. In that case, these third parties share your information with us.

We process this data to assess your suitability for the relevant positions with us and therefore for our legitimate interests of being able to administer and manage our recruitment process and to make sure the right people end up in the right positions.

Furthermore, we process your data to determine your employment terms, handle requests to reimburse your expenses and for internal control and security purposes..

If necessary, we can also process any of your information above for our legitimate interest of protecting our legal rights, for example in connection with legal claims, and when we have a legal obligation to process your information. We may also transfer your data in the event of a company reorganization, merger, or sale.

Legal basis: our legitimate interests in administering an effective recruitment process; and, where applicable, taking steps prior to entering into an employment contract or complying with legal obligations.

In addition to the processing activities described above, LOGEX processes personal data as a controller for medical and scientific research purposes. This includes conducting analyses, generating insights, producing aggregated reports and benchmarks, and performing retrospective database research aimed at improving healthcare, medical knowledge and public health outcomes.

This processing applies exclusively to situations in which LOGEX determines the purposes and means of the processing. Where LOGEX processes personal data solely on behalf of healthcare providers acting as controllers, such processing falls outside the scope of this Privacy Statement.

In the context of medical and scientific research, LOGEX may act as an independent controller or as a joint controller together with research partners, such as academic institutions, universities or (university) hospitals. Where LOGEX acts as a joint controller, the respective responsibilities of the parties are allocated in a joint controller arrangement in accordance with Article 26 GDPR, including responsibilities relating to transparency and the handling of data subject rights.

For research purposes, LOGEX may process personal data such as demographic information (for example age or date of birth) and data concerning health, treatment, medication use and medical history. This may include special categories of personal data within the meaning of Article 9 GDPR. In principle, this concerns retrospective data that has already been collected in the context of medical treatment.

LOGEX applies data minimisation and privacy‑by‑design principles and processes personal data in pseudonymised form where possible.

Legal basis: processing for medical and scientific research purposes is based on one or more of the following legal bases, as applicable to the specific research project:

legitimate interests (Article 6(1)(f) GDPR), with appropriate safeguards;
processing necessary for scientific research purposes (Article 9(2)(j) GDPR);
explicit informed consent (Articles 6(1)(a) and 9(2)(a) GDPR), where required by applicable law or by the research design.

We retain personal data for as long as necessary for the purposes described above, unless a longer retention period is required or permitted by law or necessary to establish, exercise or defend legal claims.

Typical retention periods include:

contact and enquiry data: up to two years after the last interaction;
customer and supplier data: for the duration of the contractual relationship and up to seven years thereafter;
customer portal data: for as long as the account is active and a limited period thereafter;
recruitment data: for the duration of the recruitment process and limited periods thereafter.

Personal data processed for medical or scientific research purposes is retained only for as long as necessary to achieve the research objectives, taking into account legal, regulatory and ethical requirements. After completion of the research, personal data is deleted or irreversibly anonymised, unless further retention is required or permitted by law.

Where necessary, we share personal data with third parties to perform services on our behalf or to comply with legal obligations.

Categories of recipients

Recipients may include IT and hosting providers, communication and customer support platforms, recruitment service providers and professional advisers. These parties act as processors under our instructions or as independent controllers, depending on the circumstances.

Research‑specific data sharing

In the context of medical or scientific research, personal data may be shared with researchers affiliated with academic institutions, universities or (university) hospitals participating in the research. Such data is shared only where necessary and typically in pseudonymised or anonymised form.

Personal data is not disclosed to financial sponsors of research activities, such as pharmaceutical companies, even where such parties are involved in or support the research.

International transfers

Where personal data is transferred outside the European Economic Area or the United Kingdom, LOGEX ensures that appropriate safeguards are in place in accordance with applicable data protection laws.

You are entitled to ask us for an overview of your information or ask for a copy. You may also ask us to correct or erase certain personal data, restrict its processing, or ask us to transfer some of this information to other organisations. In some cases, you may also object to the processing of your data and, where we have asked for your consent to process your data, you can withdraw this consent at any time.

These rights may be limited in some situations. For example, where we can demonstrate that we have a legal requirement to process your data. In some instances, this may mean that we are able to retain data even if you withdraw your consent.

Where we require personal data to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage our contractual relationship, or to meet obligations placed on us. In all other cases, provision of requested personal data is optional.

If you have any questions or wish to exercise any of these rights, please contact us using the details below. When addressing us, please always provide your name, address and/or email address as well as information about your request.

LOGEX does not make decisions producing legal or similarly significant effects based solely on automated processing.

Rights in the context of scientific research

In the context of scientific research, certain data subject rights may be restricted where permitted by applicable law, insofar as the exercise of those rights would render impossible or seriously impair the achievement of the research purposes. Any such restrictions are applied in accordance with Article 89 GDPR and, where applicable, the Data Protection Act 2018, and only insofar as necessary to safeguard the achievement of the scientific research purposes.

In the context of medical and scientific research, personal data may also be retained for longer periods than those applicable to other processing activities where this is necessary for scientific research or archiving purposes in the public interest

We use cookies to ensure the proper functioning of our website and to analyse website usage.

When you visit our website, we use cookies and similar technologies to ensure the proper functioning of the website and to analyse website usage. Where cookies are not strictly necessary, we rely on your consent in accordance with applicable cookie laws, including the EU ePrivacy rules and the UK Privacy and Electronic Communications Regulations (PECR). You can manage or withdraw your cookie preferences at any time via our cookie settings.

For more information about our use of cookies, please view our Cookie Policy.

Contact

If you have questions or wish to exercise your rights, please contact us at info@logex.com.
We have a Data Protection Officer at LOGEX. This officer monitors the implementation of and compliance with the General Data Protection Regulation (GDPR). If you are dissatisfied with the way your question or complaint was handled by us, or you want to contact the Data Protection Officer for another reason, you may contact this officer at privacy@logex.com.

If you have unresolved concerns, you have the right to lodge a complaint with your local supervisory authority.

Privacy Statement

Introduction

Supporting content

Which types of personal data do we process and for which purposes?

How long do we keep your data?

With whom do we share your data?

How do we protect your data?

What are your rights?

Links to other websites

Cookies

Changes to this Privacy Statement

Contact

Last updated:

Get clarity and control to make better decisions.