Privacy Policy
1. General
This privacy policy (the “Privacy Policy”) describes how Pharmetheus AB, corp. reg. no. 556895-6352, Kungsängstull 4, 753 19 Uppsala, Sweden (“Pharmetheus”, “we”, “us” ), processes personal data about you as a company representative for customers, partners or suppliers of Pharmetheus, as a visitor to www.pharmetheus.com or when you apply for a job position within Pharmetheus. We process personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
We process personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. What personal data do we process?
2.1 Company representatives
We collect and processes information necessary to manage our business relationship with you, including:
- Name, position, company, and department
- Contact details (address, email, phone number)
- Information you provide to us (e.g., correspondence, forms)
- Communication and engagement history
2.2 Recruitment
For recruitment, we process:
- Name, email, phone number
- CV/resume, cover letter, references
- Other information provided by you or obtained from third parties such as LinkedIn or recruitment agencies
2.3 Website visitors
When you visit our website, we may process:
- Technical and usage data (IP address, browser type, device information)
- Cookie-related identifiers (see our Cookie Policy)
3. Our processing of your personal data
3.1 Company representatives (CRM & Marketing)
Purpose: We process your contact details to manage business relationships and to share information relevant to our services, including event invitations, workshops, and other marketing communications. You may opt out of marketing communications at any time via the unsubscribe link in our emails or by contacting us. If you opt out, we will no longer send you marketing materials, but we may still contact you where necessary to manage our ongoing business relationship.
Platform: We use HubSpot CRM and Marketing Hub to manage interactions and communication.
Legal basis: Legitimate interest (developing and maintaining B2B relationships). Consent (for newsletters and other non-essential marketing).
Retention: Data is kept for the duration of the relationship and up to three years after last contact or activity.
3.2 Newsletter
Purpose: If you subscribe to our newsletter, we process your contact details (name, email address, organization) to provide you with news and other marketing communications.
Platform: We use HubSpot to manage interactions and communication.
Legal basis: Consent (for newsletters and other non-essential marketing). You may withdraw your consent at any time by unsubscribing via the link in our emails.
Retention: We retain subscription data until you unsubscribe or for up to three years after last contact or activity.
Note: If you unsubscribe, we will stop sending you newsletter communications. However, if you are also a company representative, we may still contact you under section 3.1 where necessary for our ongoing business relationship.
Retention: We retain subscription data until you unsubscribe or for up to three years after last contact or activity.
3.3 Website
Purpose: To present our services and operate a secure, functional website.
Platform: Technical/usage data, cookies and similar technologies.
Legal basis: Legitimate interest (website functionality, promotion). Consent (for non-essential cookies, see our Cookie Policy).
Retention: Technical data in line with cookie lifetimes; content reviewed regularly.
3.4 Events & webinars
Purpose: When you register for a Pharmetheus webinar or event, we process your personal data to manage the registration, to send you relevant event communications, and to deliver the event/webinar.
Legal basis: The legal basis for this processing is the performance of a contract formed when you register.
Platform: We use HubSpot and GoTo Webinar to manage registration, communications, and webinar delivery.
3.5 Social media (LinkedIn)
Purpose: To share news and updates about Pharmetheus and to engage with the professional community.
Data processed: Personal data you make available through your profile and interactions (e.g., name, job title, employer, profile photo, comments, or messages). We also receive aggregated statistics from LinkedIn about the reach and engagement of our content.
Legal basis: Legitimate interest (promotion of our services and maintaining professional engagement).
Retention: We do not export or store personal data from LinkedIn beyond what is visible through your interactions. For details on how LinkedIn itself processes personal data, please refer to LinkedIn’s privacy policy.
3.6 Recruitment
Purpose: To evaluate and manage job applications and maintain a talent pool.
Data processed: CVs, cover letters, references.
Legal basis: Legitimate interest (recruitment). Consent (for retention beyond the recruitment process).
Retention: If not hired, data is kept up to 25 months unless you consent to longer retention.
3.7 Acting as a data processor
When Pharmetheus supports client projects, we may act as a data processor on behalf of our clients. In such cases, we process personal data only on documented instructions from our clients, under Data Processing Agreements (DPAs). Standard Contractual Clauses (SCCs) are applied for third-country transfers where required.
3.8 Statutory retention & legal claims
Accounting/financial records: retained for 7 years in accordance with the Swedish Accounting Act (Bokföringslagen).
Legal claims: Information relevant to the establishment, exercise or defence of legal claims may be retained for up to 10 years under the Swedish Act on Limitation (Preskriptionslagen).
4. Who we share your personal data with?
We share your data with trusted third parties where necessary, including:
- IT and hosting providers, website operators, CRM/marketing platforms
- Professional advisors or auditors
- Partners/Subcontractors for delivering our services
- Authorities where required by law
- In the event of a business transfer, personal data may be shared with a prospective buyer in accordance with the law
We do not sell personal data and we do not share personal data with third parties for their own marketing purposes.
5. Transfer of personal data to third countries
Pharmetheus strives to process personal data within the EU/EEA. Where transfers occur outside the EU/EEA, we rely on:
- Adequacy decisions (e.g., EU–US Data Privacy Framework), or
- Standard Contractual Clauses (SCCs) approved by the European Commission.
6. Your rights
You have the following rights under the GDPR. To exercise any right, contact dpo@pharmetheus.com. We may need to verify your identity. We normally respond within one month (extendable by up to two months for complex requests).
6.1 Withdraw consent
Where processing is based on consent, you may withdraw it at any time (this does not affect processing carried out before withdrawal).
6.2 Rectification
You may request that we correct or complete inaccurate or incomplete personal data; we also update or correct such data proactively where necessary.
6.3 Access
You may request confirmation of whether we process your personal data and obtain a copy, along with information about purposes, categories, recipients, retention, your rights, any transfers outside the EU/EEA and their safeguards, and—where data was not collected from you—the source.
6.4 Erasure (“right to be forgotten”)
You may request deletion in the situations foreseen by GDPR, including when: (i) data is no longer needed for the stated purposes; (ii) processing is based on consent and you withdraw it; (iii) you object to direct marketing or to processing based on legitimate interests and there are no overriding interests; (iv) processing is unlawful; or (v) deletion is required by law. (Legal-claims or legal-obligation exceptions may apply.)
6.5 Objection
You may object at any time to processing based on legitimate interests (including related profiling). We will stop unless we demonstrate compelling legitimate grounds or the processing is for legal claims. You may always object to direct marketing; we will then stop such processing.
6.6 Restriction
You may request restriction while we: (i) verify accuracy you contest; (ii) address unlawful processing where you prefer restriction over deletion; (iii) retain data for your legal claims; or (iv) assess an objection based on legitimate interests.
6.7 Data portability
For personal data you provided to us, where processing is automated and based on consent or contract, you may request it in a commonly used, machine-readable format and ask us to transmit it to another controller where technically feasible.
6.8 Complaint to a supervisory authority
You may lodge a complaint with the Swedish Authority for Privacy Protection (IMY): www.imy.se, imy@imy.se, Box 8114, 104 20 Stockholm, Sweden. You may also complain to the authority in your EU/EEA country of residence or work.
6.9 Fees and scope
Requests are handled free of charge, except where they are manifestly unfounded or excessive, in which case we may charge a reasonable fee or decline to act (as permitted by law).
6.10 Automated decision-making
We do not make decisions solely by automated means that produce legal effects concerning you or similarly significantly affect you. (If this changes, we will update this Policy accordingly.)
7. Protection of your personal data
We use appropriate technical and organizational measures to protect personal data, including encryption, access controls, secure storage and staff training.
8. Cookies
Pharmetheus uses cookies and similar technologies on www.pharmetheus.com to provide functionality and improve our services. See our Cookie Policy for details and settings.
9. Changes to this Privacy Policy
We review and update this Privacy Policy as needed. Significant changes will be announced via our website or other suitable means.
10. Contact information
Pharmetheus AB
Company reg. number: 556895-6352
Address: Kungsängstull 4, 753 19 Uppsala, Sweden
Phone: +46 (0)18 51 33 28
Email: info@pharmetheus.com
Data Protection Officer: dpo@pharmetheus.com