HansaBioMed Life Sciences

Privacy Policy

How we collect, use, and protect your personal data

Last updated: 2026-03-17

1. Data Controller

HansaBioMed Life Sciences OÜ
Registry code: 11078260
VAT: EE101867663

Email: info@hansabiomed.eu

We are the controller of your personal data as described in this Privacy Policy and process your data in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Estonian Personal Data Protection Act.

2. Personal Data We Collect

We collect and process the following categories of personal data:

2.1 Account & Order Data

  • Full name, company name, job title
  • Email address, phone number
  • Billing and shipping addresses
  • VAT/tax identification number
  • Order history, invoices, and payment references

2.2 Communication Data

  • Inquiries sent via contact forms, email, or phone
  • Quote requests and technical support correspondence
  • Job applications (CV, cover letter, qualifications)

2.3 Technical Data

  • IP address, browser type and version
  • Device information and operating system
  • Pages visited, referring URL, date/time of access
  • Cookies and similar technologies (see Section 7)

3. Purposes and Legal Basis

Purpose Legal Basis (GDPR)
Processing and fulfilling orders Performance of contract (Art. 6(1)(b))
Managing your client account Performance of contract (Art. 6(1)(b))
Issuing invoices, accounting, tax obligations Legal obligation (Art. 6(1)(c))
Responding to inquiries and support requests Legitimate interest (Art. 6(1)(f))
Sending order updates and shipping notifications Performance of contract (Art. 6(1)(b))
Sending newsletters and product announcements Consent (Art. 6(1)(a))
Website analytics and performance improvement Consent (Art. 6(1)(a)) via cookies
Processing job applications Pre-contractual measures (Art. 6(1)(b))
Fraud prevention and security Legitimate interest (Art. 6(1)(f))

4. Data Sharing & Recipients

We do not sell your personal data. We may share data with the following categories of recipients only as necessary:

  • Shipping carriers (DHL, FedEx, UPS, TNT) — name, address, phone, and email for delivery
  • Payment processors — for secure transaction processing
  • IT service providers — hosting, email, and CRM systems (EU-based or with adequate safeguards)
  • Accounting and legal advisors — for compliance with tax and legal obligations
  • Public authorities — when required by law (e.g. tax authorities, customs)

All third-party processors are bound by data processing agreements in accordance with GDPR Art. 28.

5. International Data Transfers

Your data is primarily stored and processed within the European Economic Area (EEA). If data is transferred outside the EEA (e.g. to a shipping carrier or cloud provider), we ensure appropriate safeguards are in place, such as:

  • EU Standard Contractual Clauses (SCCs)
  • EU adequacy decisions for the recipient country
  • Binding corporate rules of the recipient organisation

6. Data Retention

We retain personal data only for as long as necessary for the purposes stated above:

  • Client account data & orders: Duration of the business relationship + 7 years (Estonian accounting law)
  • Invoices and financial records: 7 years (Estonian Accounting Act)
  • Contact form inquiries: 2 years after last communication
  • Job applications: 6 months after conclusion of the recruitment process (or longer with consent)
  • Analytics and cookies data: According to cookie consent preferences (see Section 7)
  • Newsletter subscriptions: Until you unsubscribe

7. Cookies

Our website uses cookies to ensure proper functionality and, with your consent, to analyse usage and improve your experience.

Categories of Cookies

  • Strictly Necessary: Essential for the website to function (session management, CSRF protection, cookie consent preferences). These cannot be disabled.
  • Analytics & Performance: Help us understand how visitors interact with our website by collecting anonymous usage data (e.g. Google Analytics). Only activated with your consent.
  • Marketing: Used to deliver relevant advertisements and measure campaign effectiveness. Only activated with your consent.

You can manage your cookie preferences at any time by clicking the cookie icon in the bottom-left corner of any page, or via the “Cookie Settings” link in the footer. You may also configure your browser to block or delete cookies, though this may affect website functionality.

8. Your Rights Under GDPR

As a data subject, you have the following rights free of charge:

Right of Access

Obtain a copy of your personal data we hold

Right to Rectification

Correct inaccurate or incomplete data

Right to Erasure

Request deletion of your data (“right to be forgotten”)

Right to Restriction

Restrict processing in certain circumstances

Right to Data Portability

Receive your data in a structured, machine-readable format

Right to Object

Object to processing based on legitimate interest

Right to Withdraw Consent

Withdraw consent at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at info@hansabiomed.eu. We will respond within 30 days.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon): www.aki.ee.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include:

  • Encrypted data transmission (TLS/SSL)
  • Secure server infrastructure within the EU
  • Access controls and authentication systems
  • Regular security reviews and updates

10. Third-Party Links

Our website may contain links to third-party websites (e.g. distributor websites, carrier tracking pages). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal data.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The updated version will be posted on this page with a revised “Last updated” date. We encourage you to review this page periodically.

12. Contact

For any questions or requests regarding this Privacy Policy or the processing of your personal data, please contact us:

HansaBioMed Life Sciences OÜ

Email: info@hansabiomed.eu