Privacy Policy for Scanpharm A/S

  1. General Terms 
    1. This Privacy Policy (’’Policy’’) applies to all the information you provide to us, and/or we collect about you, either as part of a customer relationship, as a user of our products, including inquiries of adverse reactions and complaints, and for recruitment purposes. In this Policy you can read more about what kind of information we collect, how we handle your information and how long we store the information about you etc. You should read this Policy and contact us if there is any information in the Policy that you cannot accept. On our website (www.scanpharm.dk) you will always be able to access the current version of the Policy.
  2. Data Controller
    1. The data controller responsible for Processing your Personal Data is: 

Scanpharm A/S 

Topstykket 12

3460 Birkerød

Denmark

+45 45822022

scanpharm@scanpharm.dk

CVR-number 16279099 

(Hereinafter ”The Company”)

    1. The overall legal framework for our Processing of personal data is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of personal data and on the free movement of such data and on the repeal of Directive 95/46 / EC and related regulations. In addition, the act which is adopted on the basis of proposal for the act on supplementary provisions to the Regulation on the protection of natural persons with regard to the Processing of personal data and on the free movement of such data submitted on 25 October 2017.
    2. All questions regarding this Policy, the Processing of your information and suspicion of non-compliance shall be directed to Louise Wenneke at lw@scanpharm.dk or +45 45999220.
  1. Definitions
    1. Below are the definitions of some of the most important Personal Data terms: 
Personal data Any information relating to an identified or identifiable natural person. This means any information, that directly or indirectly, alone or in combination, can be used to identify a natural person. 
Data controller The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
Processing

Processor 

Any activity or line of activities which involve use of Personal Data, including collection, registration, organization, storage, alteration, combination, restriction, erasure or destruction, disclosure by transmission, dissemination or otherwise making available to person, public authorities, companies etc. outside the Company. 

The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the data controller.

Special Categories of Personal Data Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, data concerning health, data concerning a natural person’s sex life or sexual orientation and biometric data for the purpose of uniquely identifying a natural person (sensitive information).
General Data Protection Regulation The European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC with related regulations.
The Data Protection Act The act that is adopted on the basis of proposal for the act on supplementary provisions to the Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (L68) (Data Protection Act) of 25 October 2017.
  1. Purpose of Processing your Personal Data 
    1. Depending on whether you are a customer (or working for a customer) with us, user of our products or interested in employment with us, we may be required to process your Personal Data or it may be necessary for us to process your Personal Data to such extent that we can provide you with the services that you require and that we can comply with the obligations that we are subject to as a business. This applies both to handling your possible purchase of services, inquiries about any adverse reactions and complaints and inquiries about employment.
  2. The Personal Data that we process about you 
    1. The Personal Data we collect directly from you:   
      1. 5.1.1.When you are a customer (or working for a customer) with us, we may collect the following general Personal Data from you: name, address, postal code, city, telephone number and/or email address.
      2. 5.1.2.When you direct general questions to our general business email: scanpharm@scanpharm.dk, we collect general Personal Data from you, as may appear from your inquiry, e.g. name, address, postal code, city, telephone number and/or email address.
      3. 5.1.3.When you contact us for the purpose of employment, including unsolicited employment applications, we collect general Personal Data from you, as may appear from your inquiry, e.g. name, address, postal code, city, telephone number and/or email address.
      4. 5.1.4.In general, we do not collect any Special Categories of Personal Data (sensitive information) about you, but in cases where your inquiry relates to adverse reactions and/or complaints about any of the medicine we market, we may collect information about health. In that context we can also collect social security number (in Danish: “CPR-nummer”).
    2. The Personal Data we collect from third parties:
      1. 5.2.1.In some cases, it is necessary for us to collect Personal Data about you from others. This may for example be from doctors who address us about adverse reactions inflicted on you from medicine that we have marketed. We collect this information in order to ensure an adequate monitoring of adverse reactions in order to comply with special legislation. 
  3. How we process your Personal Data
      1. We use your Personal Data for a variety of purposes, depending on whether you are a customer (or working for a customer) with us, contact us in relation to adverse reactions and/or complaints about any of the medicine we market or contact us for employment purpose.
      2. If you are a customer (or working for a customer) with us, we will use your Personal Data in order to: 
  • Submit order confirmation and/or invoices to you; and/or
  • answer your questions and comply with your requests.
      1. If your inquiry relates to adverse reactions and/or complaints regarding medicine, that we market, we will use your Personal Data in order to: 
  • to ensure an adequate monitoring of adverse reactions.
      1. If your inquiry relates to employment, we will use your Personal Data in order to:
  • answer your inquiry and any questions you may have; and/or
  • evaluate the possibility of employment.
  1. What is our legal basis for processing information about you?
    1. When you become a customer (or work for a customer) with us or enter into any form of agreement with us, we will process your Personal Data for that particular purpose. We can also process your general Personal Data if you have an inquiry or similar that precedes your decision to enter into an agreement with us. The legal basis for Processing your Personal Data is the General Data Protection Regulation article 6(1)(b), as Processing of your information is necessary in order for us to comply with our agreement with your or for us to handle requests and similar prior to you entering into an agreement with us.  
    2. If you provide or have provided general Personal Data, including your social security number (in Danish: “CPR-nummer”) in relation to an inquiry regarding adverse reactions and/or complaints about medicine that we market, then the basis for our Processing of your data is the General Data Protection Regulation article 6(1)(f).
    3. If you provide or have provided Special Categories of Personal Data (sensitive information) to us, such as information about your health, then the basis for our Processing is the General Data Protection Regulation article 9(2)(i). The Processing of the sensitive information in relation to the adverse reactions and/or complaints about medicine we market is necessary for the public interest in relation to public health, such as protection against serious cross-border health threats or to ensure high standards of quality and safety in healthcare and medical products and medical devices.
    4. If you provide general Personal Data in connection with employment, the basis for our Processing is your request for us to process your application (including CV) prior to the conclusion of an employment contract and your consent.
    5. In some cases we are legally obliged to process Personal Data about you. For example, it may be necessary for documentation of transaction traces and the like in accordance with the rules in the Danish Accounting Act (In Danish: “Bogføringsloven”). Among other things we are required to keep financial records for five years from the end of the financial year to which the financial records relate. 
  2. Sharing of your Personal Data
    1. We may share your Personal Data with the suppliers and collaborators who assist us, for example, in carrying out your order, or who assist us with our IT operations, adverse reactions monitoring, etc. This means that we can share your information with, for example, our technical support, our support for adverse reactions monitoring and our bank. 
    2. We also have the opportunity to share your information with our affiliated companies to the extent that this is legal. 
    3. In addition to the above, we share your information to the extent that we are obliged to do so, for example as a result of a requirement to report to public authorities such as the Danish tax authorities. 
  3. Storing and deleting your Personal Data
    1. 9.1.We store your Personal Data in accordance with the principles set forth below: 
    2. 9.2.If you are a customer (or work for a customer) with us, we will store your Personal Data up to 11 years from the end of the financial year to which your inquiry relates, but in some cases up to 11 years from the end of the relevant customer relationship, e.g. contract termination. 
    3. If your inquiry is related to adverse reactions and/or complaints about medicine that we market, we will keep your Personal Data for at least 11 years after the termination of the relevant marketing authorization.
    4. If you are applying for employment and your inquiry does not result in employment with us, we will store your Personal Data up to six months after you have been notified of rejection; however longer storage can be agreed with you. 
  4. Your rights 
    1. 10.1.Access
      1. 10.1.1.You have the right to obtain access to the Personal Data that we process about you. By writing to us (at the above address – see section 2.1) you can request access to the Personal Data that we have registered about you, including the purposes for which the information was collected. We will comply with your request for access as soon as possible. 
    2. 10.2.Rectification and erasure  
      1. 10.2.1.You have the right to request rectification, additional Processing, erasure or blocking of the Personal Data that we process about you. We will comply with your request as soon as possible, to the extent necessary. If we for some reason cannot meet your request, we will contact you.
    3. 10.3.Restrictions to Processing 
      1. 10.3.1.Under certain circumstances you have the right to restrict the Processing of your personal information. Please contact us if you wish to restrict the Processing of your Personal Data. 
    4. 10.4.Data portability
      1. 10.4.1.You are – under certain circumstances – entitled to receive your Personal Data (only information about yourself as you yourself have provided) in a structured, commonly used and machine readable format (data portability). Please contact us if you want to exercise your right for data portability.
      2. 10.4.2.Right to object
      3. 10.4.3.You are entitled to object to the Processing of your Personal Data in cases where the Processing is based on Article 6(1)(e) (task carried out in the public interest or in the exercise of official authority) or Article 6(1)(f) (legitimate interests). It is stated in this Policy to what extent we treat your information for such purposes. You can exercise the right of objection at any time by contacting us.
    5. 10.5.Withdrawal of consent  
      1. 10.5.1.If the Processing of your Personal Data is based on your consent, you are entitled to withdraw your consent at any time. Your withdrawal does not affect the legality of the Processing that was carried out before withdrawing your consent. Please contact us if you wish to withdraw your consent.
    6. 10.6.You can write to lw@scanpharm.dk to make use of one or more of the above rights.
    7. 10.7.There may be conditions or restrictions attached to the exercise of the above rights. You may not, for example, be entitled to data portability in the particular case – it depends on the circumstances of the particular Processing activity.
  5. Consequences of not providing Personal Data 
    1. 11.1.If you are required to provide information about yourself to us, it will appear in the places where we collect the information. If you do not want to provide the Personal Data that we ask for, it may have the consequence that we cannot provide the services you request, complete your orders, etc.
  6. Security
    1. 12.1.Our Processing of Personal Data is subject to our IT and Security Policy. Our IT and Security Policy also contains rules for implementing risk assessment and impact assessment of existing, as well as new or modified Processing activities. We have implemented internal rules and procedures for maintaining appropriate security from the time we collect Personal Data until deletion, as well as entrusted Processing of Personal Data only to Data Processors, which maintain an equivalent appropriate level of security.
    2. 12.2.We may entrust Processing of Personal Data to the following Data Processor(s):

IT3 A/S, Bannebjergvej 16, 3230 Græsted, Danmark, CVR-number 20768703; in connection with servicing of IT and server systems.

  1. Complaint to supervisory authority
    1. 13.1.If you are dissatisfied with our Processing of your Personal Data you can complain to the Danish Data Protection Agency: 

Datatilsynet, Borgergade 28, 5th floor, 1300 København K., Denmark, phone: +45 33193200, e-mail: dt@datatilsynet.dk

  1. Updates to this Policy
    1. 14.1.The Company is required to comply with the basic principles of the protection of Personal Data and data protection. Therefore, we regularly review this Policy to keep it updated and in accordance with applicable principles and regulation. This Policy is subject to change without notice. Significant changes to the Policy will be published on our website together with an updated version of the Policy.
    2. 14.2.Any changes we may make to this Policy in the future will be published on this page and may be notified to you by email. 
Print Friendly, PDF & Email