Privacy Policy – Pharmetheus

1. General

This privacy policy (the “Privacy Policy”) describes how Pharmetheus AB, corp. reg. no. 556895-6352, Uppsala Science Park, Dag Hammarskjölds väg 36 B, SE-752 37 Uppsala, Sweden (“Pharmetheus”), processes personal data about you as a company representative for customers, partners or suppliers of Pharmetheus. This Privacy Policy further describes how Pharmetheus processes personal data about you when you visit our website, www.pharmetheus.com or when you apply for a job position within Pharmetheus.

2. What PERSONAL DATA is collected and Processed by Pharmetheus?

2.1 Company representatives
Pharmetheus collects and processes information about you that we need to contact you in your role as a company representative. Pharmetheus collects the following information about company representatives: name, position, postal address, company and department, e-mail address, phone number and information provided by you (e.g. email correspondence or information filled out in a form). We collect this personal data directly from you or from the company that your represent.

2.2 Recruitment
Pharmetheus collects data about you for recruitment purposes. Pharmetheus collects the following information for recruitment purposes: name, e-mail address, phone number, information included in your CV and cover letter as well as any other information provided by you. This information is collected either directly from you or from third parties such as LinkedIn or recruitment agencies.

3. Our processing of your personal data

3.1 Company representatives
We use personal data to manage our business relationship with you (“Business relationship purposes”). The processing is based on Pharmetheus’ legitimate interest in maintaining and managing its business relationships. The data will be stored as long as we have a business relationship with you or the company you represent.

We use your contact information to market our services through, for example, newsletters, publications and events (“Marketing purposes”). The legal basis for other marketing activities (reaching out to you with newsletters etc.) is Pharmetheus legitimate interest in marketing its products and services. The data is stored as long as we have a business relationship or until you, where applicable, opt out.

We process data regarding transactions between you or the company/organization you represent and Pharmetheus (“Compliance purposes”). The legal basis is for complying with a legal obligation, e.g. Pharmetheus’ legal obligations due to the Swedish Accounting Act (Sw. bokföringslagen). The data is stored as long as prescribed by law, i.e. seven years for receipts and financial information.

We may use personal data for the establishment, exercise or defence of legal claims (“Legal purposes”). The legal basis is Pharmetheus’ legitimate interest in establishing, exercising or defending any legal claims. Information that is relevant for any legal claim is kept for up to ten years in accordance with the Swedish Act on Limitation (Sw. preskriptionslagen)

3.2 Job applicants

We use data you provide us with to process your job application (“Recruitment purposes”). The legal basis is Pharmetheus’ legitimate interest in recruiting employees with adequate skillsets. The data is stored as long as necessary to assess if you are suitable for employment at Pharmetheus.

For the establishment, exercise or defence of legal claims in relation to recruitment (“Legal purposes”). The legal basis is Pharmetheus’ legitimate interest in establishing, exercising or defending any legal claims related to recruitment. We will not store your data for more than 25 months after we recruited someone for a position that you applied for.

4. Who do WE SHARE your personal data with?

We share your data with trusted third parties where necessary for the purposes of the processing. Personal data is shared with the following parties:
IT-providers
Professional advisors or auditors
Partners
Subcontractors
Governmental authorities
In addition to the above, if we intend to transfer all or part of our business, personal data may be disclosed to a potential buyer.

5. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

5.1 Pharmetheus strives to process your personal data within the European Union (EU) or the European Economic Area (EEA). Except for the situations described below, Pharmetheus will not transfer your personal data to any country outside the EU/EEA. If personal data is transferred to any country outside of the EU/EEA, Pharmetheus will ensure that such data is stored and handled in a secure manner. Further Pharmetheus will comply will all requirements that apply to transfers of personal data to countries outside of the EU/EEA pursuant to applicable data protection legislation.

5.2 Pharmetheus does not disclose personal data to third parties, except as described in this Privacy Policy or when it is required by law or to fulfil Pharmetheus’ commitments to you as a customer or business partner of Pharmetheus. Your personal data will not be transferred or sold to any third party for marketing purposes.

5.3 Pharmetheus uses Amazon Web Services for storing data on servers in Ireland. Through Pharmetheus’ use of Amazon Web Services your personal data is transferred to the United States. The United States are not covered by an adequacy decision by the European Commission, however Pharmetheus has secured that your rights are protected when your personal data is transferred to the United States by entering into the European Commission’s Standard Contractual Clauses with Amazon Web Services. Further information on the Standard Contractual Clauses and other safety measures is available on the Swedish Authority for Privacy Protection’s website. You are also welcome to contact us via the contact details set out in section 10 below, if you have any questions relating to our processing of your personal data.

6. Your rights
Pursuant to the GDPR, you have a number of rights in relation to your personal data. A summary of the rights you have as a data subject follows below. If you at any time wish to exercise your rights, please contact us via the contact information set out in section 10 below.

6.1 Right to withdraw your consent. When the processing of your personal data is based on your consent as a legal basis, you have the right to withdraw your consent at any time by contacting us via the contact information listed at the bottom of this privacy policy.

6.1 Right to rectification. Pharmetheus will, upon your request as well as on its own initiative, correct, anonymise, delete or supplement information that is found to be incorrect, incomplete or misleading.

6.2 Right of access. You have the right to receive information about whether we process personal data about you and in such cases receive a copy of the personal data including information on the purposes of the processing, categories of personal data processed, categories of recipients of the personal data, retention periods, your rights regarding the processing, the existence of automated decision-making (including profiling), information on the appropriate safeguards relating to the transfer of your personal data to countries outside the EU/EEA and, if the personal data has not been collected from you, from where the data is collected.

6.3 Right to be forgotten. Under certain circumstances you have the right to request deletion of your personal data without undue delay. You have this right when (i) the personal data is no longer necessary for the purposes for which they were processed, (ii) the processing of your data relies on your consent as a legal basis and you withdraw your consent and there is no other legal basis for the processing, (iii) you have objected to the processing of your personal data for direct marketing purposes or to processing based on legitimate interest as legal basis and we cannot show definitive reasons for the processing which outweigh your interests, rights and freedoms, (iv) the processing does not take place to establish, exercise or defend legal claims, (v) the personal data has been unlawfully processed or (vi) the personal data has to be erased for compliance with a legal obligation.

6.4 Right to object. You have the right to object at any time to the processing of personal data based on legitimate interest as legal basis, including e.g. profiling. In addition, you always have the right to object to the processing of your personal data for direct marketing purposes. We will then cease to process the personal data, unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or if the processing takes place for the establishment, exercise or defense of legal claims.

6.5 Right to restriction of processing. Under certain circumstances you have the right to request that we restrict the processing of your personal data. Such is the case when (i) you consider that the personal data is not correct and you are awaiting our verification of the accuracy of the personal data, (ii) the processing is unlawful and you, instead of deleting the personal data, wish the processing to be restricted, (iii) we no longer need the personal data for the purposes of the processing but you need them to establish, exercise or defend legal claims or (iv) when you have objected to processing based on a legitimate interest and you are waiting for a verification on whether our legitimate reasons outweigh yours.

6.6 Right to data portability. When personal data you have provided to us is processed by automated means and based on your consent or on a contract with you as legal basis, you have the right to obtain your personal data in a commonly used and machine-readable format and request that such personal data is transmitted to another controller.

6.7 Right to lodge complaints. You have the right to file complaints regarding our processing of your personal data with the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten),
website: www.imy.se,
email: imy@imy.se
address: Box 8114, SE-104 20 Stockholm.

7. Protection of your personal data
We use a wide range of security measures to protect your personal data against unauthorized access, modification and deletion. We will not disclose your personal data to anyone else other than what is set out in this Privacy Policy.

8. Cookies
Pharmetheus uses cookies and similar techniques to provide certain functions at the website www.pharmetheus.com and to gather information about visits on our website to improve the website and our services. For more information, see our cookie policy.

9. Changes to this Privacy Policy
Pharmetheus reserves the right to amend this Privacy Policy at any time. If the amendments are substantial, Pharmetheus will notify you by e-mail, and if Pharmetheus does not have your e-mail, Pharmetheus will attempt to notify you by other means.

10. Contact information
Do not hesitate to contact us if you have any questions regarding this Privacy Policy, our use of your personal data or if you want to exercise any of your rights according to this Privacy Policy.

Pharmetheus’ contact information:
Company reg. number: 556895-6352
Postal address: Uppsala Science Park, Dag Hammarskjölds väg 36B, 752 37 Uppsala, Sweden
Phone number: +46(0) 18 51 33 28
E-mail address: info@pharmetheus.com
Contact information of Pharmetheus’ data protection officer: dpo@pharmetheus.com

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_pk_id.*	1 year 27 days	Matamo set this cookie to store a unique user ID.
_pk_ses.*	30 minutes	Matomo set this cookie to store a unique session ID for gathering information on how the users use the website.
CONSENT	2 years	YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.

Cookie	Duration	Description
__cflb	23 hours	This cookie is used by Cloudflare for load balancing.
_pk_id.1.2941	1 year 27 days	Description is currently not available.
_pk_ses.1.2941	30 minutes	Description is currently not available.