Who are we?
EuropeanSpatial Biology Center NV, which is headquartered in Technologielaan 3, 3001 Heverlee (Leuven) - (Belgium) (hereinafter “ESBC”), is a company specialized in research, development, and services related to spatial biology, which is the next frontier in life sciences and beyond. This pioneering field enables the study of the precise cellular architecture of tissues and organs, how cells communicate and cooperate to execute tissue functions, as well as organ development itself. Furthermore, spatial biology allows the interrogation of cells in their native tissue context to disclose important processes in disease, including perturbations in cell-cell interactions. ESBC shall use and deploy, by itself or for other parties active in the industry, its expertise, technology, and applications to find and unravel new mechanisms of homeostatic and disease progression to pave the path to novel treatment modalities and precision medicine.
You use our website (accessible via www.ESBC.science),
You use our products or services,
We conclude a contract with you or your employer, or
You communicate with us.
The provisions below apply to eachuser of our website or each data subject of whom we process personal data.
What personal data do we process, for what purpose and on what legal basis?
We will only process your personal data:
If we have a legal basis to do so.
The legal grounds on which we may rely are as follows:
Contract - A contract with you that we are required to perform or to take steps to perform before entering into a contract with you.
Consent - Your free consent where you are informed of what this consent means before you consent.
Legitimate interest - A legitimate interest that we as an organization pursue, including also to optimize our services.
Legal obligation - A legal obligation that we must comply with. Below we explain which categories of personal data we process, for what purposes we process your personal data and on what legal basis we do so.
Below we explain which categories of personal data we process, for what purposes we process your personal data and on what legal basis we do so.
We may also process the above categories of personal data to protect our legitimate interests or those of third parties, including fraud detection if you compromise or threaten to compromise the security of our systems or those of third parties. In addition, we may process categories of personal data in the context of business transactions (e.g. an acquisition). For this, we rely on our legitimate interest.
We may be legally obliged to process or disclose the above categories of personal data to a competent (judicial) authority or their representatives as a result of their reasonable request or to the police on our own initiative if we have reasonable grounds to believe that your use of our products or services would constitute a criminal offence. We may also be legally obliged to process the above personal data to comply with any other legal obligation incumbent on us, such as accounting obligations.
From whom do we receive your personal data?
In most cases, we receive your personal data directly from you. In other cases, we receive your personal data from one of our partners, such as pharmaceutical companies, hospitals, or other partners. If we act as a processor for our partner(s), we will only process your personal data in accordance with the instructions of our partner(s).
With whom do we share your personal data?
We may share your personal data with third parties to process your personal data for the purposes described above, for example:
To provide you with our products, services, and website (such as a hosting provider); or
To provide you with our marketing emails (such as a marketing company); or
To fulfil our contractual obligations towards our partners.
These third parties may only process your personal data in accordance with our instructions if they act as a processor, or in accordance with the instructions of our partner if we act as a processor. We also ensure that all such third parties are selected with due care and are committed to maintaining the security and integrity of your personal data.
We may be required by law to share your personal data with competent authorities or their agents, judicial authorities, government agencies or bodies, including competent data protection authorities, to comply with a legal obligation as set out above.
We do not share your personal data in any identifiable way with third parties other than those mentioned above without your consent. However, we may send anonymised and/or aggregated data to other third parties who may use this data to improve our services and for marketing purposes.
Where do we process your personal data?
In principle, we process your personal data within the European Economic Area (EEA).
In order to process your personal data for the purposes set out above, we may also transfer your personal data to third parties who process it on our behalf outside the EEA. Any entity outside the EEA that processes your personal data is required to adhere to adequate safeguards in relation to the processing of your personal data. Such safeguards may result from:
an adequacy decision by the European Commission; or
We may transfer anonymised and/or aggregated data to third parties outside the EEA. If such a transfer occurs, we will ensure that safeguards are in place to ensure the security and integrity of your data and any rights relating to your personal data that you might enjoy under applicable law.
How long do we process your personal data?
Your personal data will only be processed for as long as necessary to achieve the above purposes or, if applicable, until your consent is withdrawn.
We will de-identify your personal data when it is no longer needed for the purposes described above, except in the case of:
an overriding interest of ESBC, or another third party, to keep your personal data identifiable; or
a legal or regulatory obligation or a court or administrative order that prevents us from de-identifying your personal data.
How do we secure your personal data?
We will take appropriate technical and organisational measures to protect your personal data against unauthorised access or theft, as well as against accidental loss, manipulation or destruction. You understand, however, that the protection of your personal data is a best-efforts obligation. Access to your personal data by our staff or third-party personnel occurs only on a need-to-know basis and is subject to appropriate confidentiality obligations.
What are your rights?
Based on the General Data Protection Regulation (GDPR), you have the right to access, rectification, deletion, restriction, objection and data portability and under the conditions stipulated in the GDPR.
If the processing of your personal data is based on your consent, you can always withdraw your consent.
To exercise any of your rights, please email us at email@example.com We will notify you when we have received your request. If it appears that your request has been accepted, we will process your request as soon as reasonably possible and no later than thirty (30) calendar days after receiving it.
Contact details and complaints
If you have any questions or complaints concerning the processing of your personal data by us, please contact us by sending an e-mail to firstname.lastname@example.org or by writing to European Spatial Biology Center NV, Technologielaan 3, 3001 Heverlee (Leuven), Belgium.
You always have the right to lodge a complaint with the competent data protection authority.
Drukpersstraat 35, 1000 Brussels
+32 (0)2 274 48 00
+32 (0)2 274 48 35
Version 1.0: January 26, 2023.