Privacy
Policy
Read our privacy policy
Dansk Lægemiddel Information A/S, Signum Life Science ApS in Denmark and Swedish Pharma Insights AB in Sweden as joint controllers of master data and other data, primarily within the CRM system.
Version: 1.1, 28 February 2019
This Privacy and Cookie Policy describes procedures for collecting, processing and disclosing personal data in the CRM system and derived data that may be incorporated in other systems. The Privacy and Cookie Policy covers Dansk Lægemiddel Information A/S, Signum Life Science ApS in Denmark and Swedish Pharma Insights AB in Sweden (jointly and severally “Lif”)
Please study the policy text carefully.
You/the organisation or company you are employed by or otherwise associated with, are/is a current or potential
- Recipient of electronic marketing
- Corporate customer and its contacts
- Course attendee, participant or tutor on courses/training programmes or events/conferences and the like, including a course attendee on courses conducted by Atrium – Dansk Lægemiddel Information – in association with the University of Copenhagen
- Exhibitor/event organiser/sponsor or venue/site host
- Supplier and/or
- Associate
Dansk Lægemiddel Information A/S, Signum Life Science ApS in Denmark and Swedish Pharma Insights AB in Sweden are the joint data controllers of personal data pertaining to you in the CRM system and derived data, such as in a profiling and marketing context.
There are other processes and systems, such as customer portals, in which only a single one of the entities is the data controller of personal data. The personal data processed in those systems is not subject to this Privacy and Cookie Policy.
Types of data and purposes
Our collection and processing of your personal data are category-dependent. In addition, certain purposes are common to all the categories. These are listed in the last table below.
We also process historical data on the categories below until those data are deleted. You may well be represented in multiple categories concurrently.
When you use our website we place cookies, you can read more here.
1. Recipient of electronic marketing
Personal data
- Name
- E-mail address
- Any fields of special interest
- Activity (telephone calls, e-mails, etc.)
- Subscriptions to communications and newsletters
- Tracking of use and clicks in electronic marketing
Purpose
- Marketing and direct marketing
- Administration and mailing of newsletters and invitations to courses, events, and enrolments for such activities
- Profiling in relation to fields of professional interest and work
- Analysis of behaviour in response to mailed marketing materials
2. Corporate customer and its contacts
Personal data
- Name
- Employer/type of association, position/job title, possibly qualifications and field of work
- Telephone number and e-mail address
- Preferred language (as applicable)
- Activity (telephone calls, e-mails, meetings etc.)
- Enrolments for events
- Contact for a contract
Purpose
- Establishing a customer relationship
- Strengthening a customer relationship
- Marketing and direct marketing
- Profiling in relation to fields of professional interest and work
- Evaluation of relationship
- Ongoing contact
- Billing/invoicing and compliance with documentation requirements of the Danish Bookkeeping Act (if names appear in billing/invoicing data)
3. Course attendee, participant or tutor on courses/training programmes or events/conferences and the like, including a course attendee on courses conducted by Atrium – Dansk Lægemiddel Information – in association with the University of Copenhagen
Personal data
- Name
- Date of birth (as applicable)
- Place of work, position/job title
- Telephone number and e-mail address
- User name for online course platform (if applicable)
- Billing/invoicing address
- Courses/examinations/events completed or enrolled for
- Preferred language (as applicable)
- Activity (telephone calls, e-mails, meetings etc.)
Purpose
- The registration and administration of enrolments for and planning and conducting courses, examinations and events, including billing/invoicing and compliance with documentation requirements of the Danish Bookkeeping Act
- Contact and information for course, tuition and events on offer
- Issuance of course and examination certificates
- Marketing and direct marketing
4. Exhibitor/event organiser/sponsor or venue/site host
Personal data
- Name
- Employer/type of association, position/job title, possibly qualifications and field of work
- Telephone number and e-mail address
- Preferred language (as applicable)
- Activity (telephone calls, e-mails, meetings etc.)
- Events attended/coordinated
Purpose
- Contact and management of exhibition order/requested sponsorship
- Practicalities of planning and conducting events, sending out exhibitor information (list of attendees, ID badges, programme, exhibition layout etc.)
- Billing and compliance with documentation requirements of the Danish Bookkeeping Act
- Evaluation of relationship
5. Supplier and 6. Associate
Personal data
- Name
- Employer/type of association, position/job title, possibly qualifications and field of work
- Telephone number and e-mail address
- Activity (telephone calls, e-mails, meetings etc.)
Purpose
- Contact for purposes of partnership, e.g. consulting services, system suppliers and system support
- Evaluation of relationship
Common purposes for all types of registrants
- Compliance with applicable legislation (e.g. the EU General Data Protection Regulation (GDPR)) and other legitimate purposes, e.g.
– Duty to keep records
– Compliance with the basic principles applicable to processing of personal data and the lawful basis for such processing
– The implementation and maintenance of technical and organisational security precautions, including, but not limited to, preventing unauthorised access to systems and data, preventing the receipt or distribution of malware, blocking denial-of- service attacks and damage to computer systems and electronic communication systems
– Investigation of suspected or known security breaches and reporting to individuals and authorities
– Handling of inquiries and complaints from registrants and others, including confirmation of identity
– Handling of inspections and inquiries from official inspection bodies
– Handling of disputes with registrants and third parties
– Statistical surveys
– Satisfaction surveys
Profiling
Personal data is processed for profiling purposes in that we tailor our marketing activities etc. based on data such as job title and fields of interest.
Sources
Personal data are collected from you (by phone, in person, in writing or via various enrolment forms, e.g. online course enrolment), your employer or other organisation with which you are associated, websites, apps and other social media, partners etc. This data may be supplemented by publicly available data from websites.
Lawful basis for data processing
The lawful basis for our collection, processing and disclosure of your personal data is as follows:
Topic: DLI disclosure to CRM
Situation: If you have previously been registered with Dansk Lægemiddel Information A/S in Denmark, and your consent is required for disclosure to the joint CRM system (i.e. our data collection), then the lawful basis consists of your consent. In other cases, disclosure is based on a balance of interests (for details, see under “All other purposes” below).
Lawful basis: Chapter 6(1) Item 1 of the Danish Act on Processing of Personal Data (superseded by Art. 6(1)(a) of GDPR effective from 25 May 2018)
Topic: Electronic, direct marketing and tracking
Situation: Consent to electronic marketing. We obtain consent for receipt of marketing materials in line with the rules of the Danish Marketing Practices Act.
The legal authority for processing of personal data is the balance of interests (for details, see under “All other purposes” below).
Consent to the storage of data on the end-user’s terminal devices and collection of data already stored on the end-user’s terminal devices, including, e.g. tracking the use of marketing e-mails.
Lawful basis: Art. 6 (1) (f) of GDPR*, Section 10 of the Danish Marketing Practices Act, Section 3 of the Danish Executive Order on the Requirement for Information and Consent when Storing or Accessing Data on End-user Terminal Devices
Topic: Specific consent
Situation: If you have given your consent to processing of your personal data for one or more specific purposes, any collection, processing and disclosure is based on that consent.
Lawful basis: Art. 6 (1) (a) of GDPR*
Topic: Party to contract
Situation: If you are personally party to a contract with one of the three companies, e.g. if you have enrolled for a course as a private individual. Collection, processing and disclosure are necessary for the purposes of executing a contract to which you are a party, or for the purpose of fulfilling arrangements made at your request prior to conclusion of a contract.
Lawful basis: Art. 6 (1) (b) of GDPR*
Topic: All other purposes
Situation: The collection, processing and disclosure of your personal data to the joint data controllers is necessary in order for the three companies, jointly or severally, to pursue a legitimate interest, unless the registrant’s interests or fundamental rights or freedoms, which require protection of personal data, take precedence.
To ensure a balance of interests, we apply the principles that
- we have a commercial relationship with you or your employer or the organisation you are associated with
- the data do not relate to you as a private individual, just as the data involved are not in the nature of private information such as your national ID number, health information or other sensitive personal information.
- registrants perceive the three Lif entities as a single legal entity, even though there are three entities with a joint CRM system.
- it is our informed impression that registrants expect Lif to recognise them, regardless of which legal entity they are in contact with
- in relation to disclosure to the CRM system based on a balance of interests, the purposes for which the data were processed prior and subsequent to disclosure are compatible
- in relation to any disputes that might arise, we, severally and jointly, and a third party may determine and defend legal rights and invoke them.
Lawful basis: Art. 6 (1) (f) of GDPR*
*GDPR is the EU’s General Data Protection Regulation effective from 25 May 2018
Voluntary consent
When we collect personal data from you directly, you are giving us those personal data voluntarily, or in order to enter into a contract with us. You are under no obligation to provide us with these personal data. The consequences of not providing us with the personal data will be that we are unable to fulfil the purposes above, including
- that we are unable to enter into a customer relationship with you or maintain ongoing contact with you or/the organisation or company you are employed by or otherwise associated with
- that we are unable to mail you marketing materials
- that we are unable to make you offers or service propositions to you or the company you are employed by or otherwise associated with
- that you are unable to attend courses or events
Consent
If our data processing is consent-based, you have the right to withdraw your consent; however, this does not affect the processing that preceded withdrawal of your consent, including any consent-based disclosure.
Data processors
- We use an external provider of systems for e-mail marketing, through which e-mails are mailed and processed and tracking data are analysed.
- Dansk Lægemiddel Information A/S in Denmark is the data processor for the CRM system and retains the personal data in Denmark.
- In addition, consultants or IT consultants may gain access to your personal data as data processors.
Transfers to third countries
We do not currently transfer personal data to countries outside the EU/EEA, but reserve the option of doing so in future.
Retention periods
We retain personal data on you for as long as we need
1. to fulfil the stated purposes, and
2. to document
• our right to process your personal data
• your consent for direct marketing (if granted)
• to comply with the rules applicable to processing of personal data and other legislation, such as the Danish Bookkeeping Act both in relation to expiry of statutory limitations on criminal liability and liability for damages (absolute time limits), if relevant. If this is not applicable, we will delete the data before that time limit.
Your rights
Within statutory limitations, you have certain rights, including the right to access personal data, the right to rectification of data, the right to data erasure, the right to restriction of data processing, the right to data portability, the right to object to processing of personal data, including in relation to automated, individual decision-making. You also have the right to complain to a competent supervisory authority, including the Danish Data Protection Agency.
Contact
Please note that the three above-mentioned Lif entities may also have privacy policies jointly and severally governing the processing of personal data.
If you have any questions concerning the processing of your personal data or exercising your rights, you are welcome to contact DLI, which is the joint contact point:
DLI
Dansk Lægemiddel Information A/S
Lersø Parkallé 101
DK-2100 København Ø
Denmark
Data controllers for the CRM system and related data:
Signum Life Science ApS
Lersø Parkallé 101
DK-2100 København Ø
Denmark
Swedish Pharma Insights AB
Nybroviken, Birger Jarlsgatan 2
114 34 Stockholm
Sweden
Dansk Lægemiddel Information A/S
Lersø Parkallé 101
DK-2100 København Ø
Denmark
Separate objection text regarding legitimate interest
Version: 1, Date: February 2018
You have the rights to – by reasons that concern your special situation – to object to processing of personal data where the lawful basis is Art. 6 (1) (e) or (f), including profiling based on these regulations. The data controller may subsequently no longer process your personal data, unless the data controller proves weighty lawful reasons for processing that precede your interests, fundamental rights or freedoms, or the processing is necessary to determine, defend legal rights and/or invoke them.
Separate objection text regarding direct marketing
Version: 1, Date: February 2018
If personal data is processed with a view to direct marketing, you have at any time the right to object to processing of your personal data to such marketing, including objecting to profiling to the extent that it concerns direct marketing. If you object to processing with a view to direct marketing, the personal data may no longer be processed for this purpose.
Privacy Policy
for Signum Life Science ApS in Denmark esp. regarding customer portalsand
Swedish Pharma Insights AB in Sweden esp. regarding customer portals
Version: 1.1, 28 February 2019
This Privacy Policy describes procedures for collecting, processing and disclosing of personal data in Signum Life Science ApS (”Signum”) in Denmark and Swedish Pharma Insights AB (”SPI”) in Sweden respectively. Signum and SPI are each data controllers of data for their processing of personal data respectively. This text is prepared only for them jointly, because both entities process multiple of the same types of personal data on the same registrants. Therefore, you can be covered as registrant by either Signum or SPI, or both entities, dependent on which entity you have contact with.
Please study the policy text carefully.
As registrant, you/the organisation or company you are employed by or otherwise associated with, are/is a current or potential contact person in a company that is customer of either Signum or SPI.
Signum or SPI are data controllers of personal data on you. Personal data can also be covered by another privacy policy e.g. regarding the joint CRM system in the Lif Group. Such personal data is not covered by this privacy policy.
Types of data and purposes
We collect and process personal data on you. We also process historical data on the categories below until those data are deleted.
When you use our website we place cookies. See Cookie Policy.
Contact persons employed or associated with companies that are customers of Signum or SPI
Personal data
- Name and e-mail address
- Personal login to customer portals
- Use of customer portals and other IT systems
Purpose of processing of personal data
- Handling of customer relation, including contact, delivery of products / services, entering into a contract, commercial relationship etc.
- Administration and service/operation of login to customer portals and other operation / security purposes, delivery of service and statistics in relation to IT systems.
- Compliance with applicable legislation (e.g. the EU General Data Protection Regulation (GDPR) and other legitimate purposes, e.g.
– Duty to keep records
– Compliance with the basic principles applicable to processing of personal data and the lawful basis for such processing
– The implementation and maintenance of technical and organisational security precautions, including, but not limited to, preventing unauthorised access to systems and data, preventing the receipt or distribution of malware, blocking denial-of-service attacks and damage to computer systems and electronic communication systems
– Investigation of suspected or known security breaches and reporting to individuals and authorities
– Handling of inquiries and complaints from registrants and others, including confirmation of identity
– Handling of inspections and inquiries from official inspection bodies
– Handling of disputes with registrants and third parties
– Statistical surveys.
Profiling
Personal data is not processed for profiling purposes in relation to the purposes listed above (see separate privacy policy regarding personal data in the CRM system).
Sources
Personal data are collected from you (by phone, in person, in writing or via various enrolment forms etc.), your employer or other organisation with which you are associated, websites, apps and other social media, partners etc. The data may be supplemented by publicly available data from websites.
The lawful basis for collection, processing and disclosure of personal data
The lawfully basis for our collection, processing and disclosure of the personal data is as follows:
Personal data:
The collection, processing and disclosure of your personal data is necessary in order for Signum or SPI to pursue a legitimate interest, unless your interests or fundamental rights or freedoms, which require protection of personal data, take precedence. To ensure a balance of interests, we apply that Signum’s/SPI’s legitimate interests are as follows:
- We have a commercial relationship with you or your employer or the organisation you are associated with
- Data does not relate to your private sphere
- Signum and SPI take an interest in both protection and further development of IT systems used and other processes regarding information security
- Signum and SPI do not expect that you will object to the processing
- In relation to any disputes that might arise, Signum, SPI, and a third party may determine and defend legal rights and invoke them.
Lawful basis:Art. 6 (1) (f) of GDPR*
Personal data:
Signum and SPI disclose your personal data to the CRM system whose data controllers are Dansk Lægemiddel Information A/S, Signum Life Science ApS both with addresses at Lersø Parkallé 101, 2100 Copenhagen Ø and Swedish Pharma Insights AB, Engelbrektsgatan 9-11, 114 32 Stockholm, Sweden.
The processing of your personal data is necessary in order for Signum and SPI or the other entities mentioned to pursue a legitimate interest, unless your interests or fundamental rights or freedoms, which require protection of personal data, take precedence. To ensure a balance of interests, we apply the three entities legitimate interests’ are as follows:
- To have a joint CRM system
- We have a commercial relationship with you or your employer or the organisation you are associated with
- Data does not relate to your private sphere
- Signum and SPI do not expect that you will object to the processing.
Processing of data in the joint CRM system is covered by a separate privacy policy that is available at the top of this page
Lawful basis: Art. 6 (1) (f) of GDPR*
*GDPR is the EU’s General Data Protection Regulation effective from 25 May 2018
Voluntary consent
When we collect personal data from you directly, you are giving us your personal data voluntarily. You are under no obligation to provide us with your personal data. The consequences of not providing us with the personal data will be that we are unable to fulfil the purposes above, including that we are unable to enter into a customer relationship with you or maintain ongoing contact with you or/the organisation or company you are employed by or otherwise associated with and offer you access to our customer portals.
Data processors
At present, our data processors are the following:
- Providers of IT systems and customer portals and their subcontractors who are hosting providers and provide support functions
- Signum is data processor for SPI in relation to SPI’s customer portal etc.
- In addition, consultants or IT consultants may gain access to your personal data as data processors.
Transfers to third countries
At present, we do not transfer personal data to countries outside EU/EEA, but reserve the option of doing so in future.
Retention periods
We retain personal data on you for as long as we need
1. to fulfil the stated purposes, and
2. to document
- our right to process your personal data
- to comply with the rules applicable to processing of personal data and other legislation, such as the Danish Bookkeeping Act both in relation to expiry of statutory limitations on criminal liability and liability for damages (absolute time limits), if relevant. If this is not applicable, we will delete the data before that time limit.
Your rights
Within statutory limitations, you have certain rights, including the right to access personal data, the right to rectification of data, the right to data erasure, the right to restriction of data processing, the right to data portability, the right to raise objections to processing of personal data, including in relation to automated, individual decision-making. You also have the right to complain to a competent supervisory authority, including the Danish Data Protection Agency.
Contact
If you have any questions concerning the processing of your personal data or exercising your rights, you are welcome to contact Signum or SPI.
Signum
Signum Life Science ApS
Lersø Parkallé 101
DK-2100 Copenhagen Ø
Denmark
SPI
Swedish Pharma Insights AB
Nybroviken, Birger Jarlsgatan 2
114 34 Stockholm
Sweden
Separate objection text regarding legitimate interest
Version: 1, Date: February 2018
You have the rights to – by reasons that concern your special situation – to object to processing of personal data where the lawful basis is Art. 6 (1) (e) or (f), including profiling based on these regulations. The data controller may subsequently no longer process your personal data, unless the data controller proves weighty lawful reasons for processing that precede your interests, fundamental rights or freedoms, or the processing is necessary to determine, defend legal rights and/or invoke them.
Privacy Policy for respondents in qualitative and quantitative studies by Signum
For our privacy policy for respondents in qualitative and quantitative studies conducted by Signum please read here (in danish) or here (in english).