Last Updated: September 23, 2025 | Effective Date: September 23, 2025

Privacy Policy

SEEDBiomed ("we," "our," "us," or "the Controller") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.seedbiomed.com and use our services in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other applicable data protection laws.

1. Controller Information

Data Controller: SEEDBiomed Research Organization
Contact: privacy@seedbiomed.com
Website: www.seedbiomed.com

🛡️ Data Protection Officer (DPO):
Email: dpo@seedbiomed.com
The DPO is available to address any questions or concerns regarding data protection and your privacy rights under GDPR.

2. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds under GDPR:

Processing Activity	Legal Basis	GDPR Article 6 Reference
Newsletter subscription	Consent	Article 6(1)(a)
Contact form inquiries	Consent	Article 6(1)(a)
Website analytics	Legitimate interest	Article 6(1)(f)
Security monitoring	Legitimate interest	Article 6(1)(f)
Legal compliance	Legal obligation	Article 6(1)(c)
Research collaboration	Consent	Article 6(1)(a)

3. Personal Data We Collect

3.1 Data You Provide Directly

Personal information you voluntarily provide includes:

Identity Data: First name, last name, academic title
Contact Data: Email address, phone number, postal address
Professional Data: Institution, job title, research interests
Communication Data: Inquiry details, feedback, correspondence
Marketing Data: Newsletter preferences, consent records

3.2 Data We Collect Automatically

Technical Data: IP address, browser type and version, device information
Usage Data: Pages visited, time spent, click patterns, referrer URL
Cookie Data: Cookie preferences and identifiers

4. Your Rights Under GDPR (Articles 12-23)

🔍 Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and, if so, to access that data and receive specific information about our processing activities.

✏️ Right to Rectification (Article 16)

You have the right to obtain correction of inaccurate personal data and to have incomplete personal data completed.

🗑️ Right to Erasure (Article 17)

You have the right to obtain erasure of your personal data under specific circumstances, including when data is no longer necessary or you withdraw consent.

⏸️ Right to Restrict Processing (Article 18)

You have the right to restrict processing of your personal data in certain circumstances, such as when accuracy is contested.

📤 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used format and to transmit it to another controller.

🚫 Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes, including profiling.

🤖 Right Regarding Automated Decision-Making (Article 22)

You have the right not to be subject to automated decision-making, including profiling, that produces legal or similarly significant effects.

↩️ Right to Withdraw Consent (Article 7(3))

Where processing is based on consent, you have the right to withdraw that consent at any time without affecting prior lawful processing.

4.1 How to Exercise Your Rights

To exercise any of these rights, you may:

Email us at: privacy@seedbiomed.com
Contact our DPO at: dpo@seedbiomed.com
Use our online Data Subject Rights form: Submit Request

Response Time: We will respond to your request within one month. In complex cases, we may extend this by two additional months and will inform you of the extension within the first month.

5. Data Retention Periods (GDPR Article 5(1)(e))

We retain personal data only for as long as necessary for the purposes for which it was collected:

Data Type	Retention Period	Legal Basis
Newsletter subscribers	Until unsubscription	Consent duration
Contact inquiries	3 years	Legitimate interest
Website analytics (anonymized)	26 months	Google Analytics standard
Research collaboration data	Duration of project + 5 years	Academic research requirements
Legal compliance records	As required by law	Legal obligation
Cookies	13 months maximum	GDPR/ePrivacy compliance

6. International Data Transfers (GDPR Chapter V)

Some of our service providers are located outside the European Economic Area (EEA). When we transfer personal data internationally, we ensure appropriate safeguards are in place:

Adequacy Decisions: Transfers to countries deemed adequate by the European Commission
Standard Contractual Clauses: EU-approved contractual terms ensuring GDPR-level protection
Binding Corporate Rules: For intra-group transfers
Certification Schemes: Approved data protection certification programs

6.1 Third Country Transfers

We currently transfer data to the following regions with these safeguards:

United States: Standard Contractual Clauses with cloud providers
United Kingdom: Adequacy decision in effect

7. Data Processing Principles (GDPR Article 5)

We adhere to GDPR's fundamental processing principles:

Lawfulness, Fairness, and Transparency: Processing is legal, fair, and transparent to you
Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes
Data Minimization: We collect only data that is adequate, relevant, and limited to what is necessary
Accuracy: Personal data is accurate and kept up to date
Storage Limitation: Data is kept in identifiable form only as long as necessary
Integrity and Confidentiality: Appropriate security measures protect your data
Accountability: We can demonstrate compliance with these principles

8. Data Protection Impact Assessments (GDPR Article 35)

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in high risks to your rights and freedoms. This includes:

Systematic monitoring of publicly accessible areas
Large-scale processing of sensitive data
Innovative use of new technologies

9. Data Breach Notification (GDPR Articles 33-34)

In the event of a data breach that poses risks to your rights and freedoms:

We will notify the relevant supervisory authority within 72 hours
We will inform affected individuals without undue delay if the breach poses high risks
We maintain a record of all data breaches for supervisory authority review

10. Supervisory Authority and Complaints (GDPR Article 77)

If you believe your data protection rights have been violated, you may lodge a complaint with:

Netherlands (our primary supervisory authority):
Autoriteit Persoonsgegevens
Website: autoriteitpersoonsgegevens.nl
Email: info@autoriteitpersoonsgegevens.nl
Your local Data Protection Authority:
Find contact details at: EDPB Members

11. Consent Management (GDPR Article 7)

Where we rely on your consent for processing:

Consent is freely given, specific, informed, and unambiguous
You may withdraw consent at any time
Withdrawal is as easy as giving consent
We maintain records of when and how consent was obtained
Children under 16 require parental consent (or lower age as set by member states)

12. Automated Decision-Making and Profiling (GDPR Article 22)

We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you. If this changes, we will:

Provide explicit notice in this privacy policy
Inform you of the logic involved
Explain the significance and envisaged consequences
Provide rights to human intervention and contestation

13. Updates to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. Material changes will be communicated through:

Prominent notice on our website
Email notification to newsletter subscribers
Direct notification for significant changes affecting your rights

14. Contact Information

🔒 Data Protection Contacts

General Privacy Inquiries:
Email: privacy@seedbiomed.com

Data Protection Officer:
Email: dpo@seedbiomed.com

Data Subject Rights Requests:
Online Form: Submit Request
Email: rights@seedbiomed.com

SEEDBiomed Research Organization
Website: www.seedbiomed.com

Response Commitment: We will respond to your inquiry within one month (extendable to three months for complex requests).

15. Governing Law and Jurisdiction

This Privacy Policy is governed by:

Regulation (EU) 2016/679 (General Data Protection Regulation)
Dutch Data Protection Act (Uitvoeringswet AVG)
ePrivacy Directive and national implementations
The laws of the Netherlands

SEEDBiomed Privacy Policy