2. What PERSONAL DATA is collected and Processed by Pharmetheus?
2.1 Company representatives
Pharmetheus collects and processes information about you that we need to contact you in your role as a company representative. Pharmetheus collects the following information about company representatives: name, position, postal address, company and department, e-mail address, phone number and information provided by you (e.g. email correspondence or information filled out in a form). We collect this personal data directly from you or from the company that your represent.
Pharmetheus collects data about you for recruitment purposes. Pharmetheus collects the following information for recruitment purposes: name, e-mail address, phone number, information included in your CV and cover letter as well as any other information provided by you. This information is collected either directly from you or from third parties such as LinkedIn or recruitment agencies.
3. Our processing of your personal data
3.1 Company representatives
We use personal data to manage our business relationship with you (“Business relationship purposes”). The processing is based on Pharmetheus’ legitimate interest in maintaining and managing its business relationships. The data will be stored as long as we have a business relationship with you or the company you represent.
We use your contact information to market our services through, for example, newsletters, publications and events (“Marketing purposes”). The legal basis for other marketing activities (reaching out to you with newsletters etc.) is Pharmetheus legitimate interest in marketing its products and services. The data is stored as long as we have a business relationship or until you, where applicable, opt out.
We process data regarding transactions between you or the company/organization you represent and Pharmetheus (“Compliance purposes”). The legal basis is for complying with a legal obligation, e.g. Pharmetheus’ legal obligations due to the Swedish Accounting Act (Sw. bokföringslagen). The data is stored as long as prescribed by law, i.e. seven years for receipts and financial information.
We may use personal data for the establishment, exercise or defence of legal claims (“Legal purposes”). The legal basis is Pharmetheus’ legitimate interest in establishing, exercising or defending any legal claims. Information that is relevant for any legal claim is kept for up to ten years in accordance with the Swedish Act on Limitation (Sw. preskriptionslagen)
3.2 Job applicants
We use data you provide us with to process your job application (“Recruitment purposes”). The legal basis is Pharmetheus’ legitimate interest in recruiting employees with adequate skillsets. The data is stored as long as necessary to assess if you are suitable for employment at Pharmetheus.
For the establishment, exercise or defence of legal claims in relation to recruitment (“Legal purposes”). The legal basis is Pharmetheus’ legitimate interest in establishing, exercising or defending any legal claims related to recruitment. We will not store your data for more than 25 months after we recruited someone for a position that you applied for.
4. Who do WE SHARE your personal data with?
We share your data with trusted third parties where necessary for the purposes of the processing. Personal data is shared with the following parties:
Professional advisors or auditors
In addition to the above, if we intend to transfer all or part of our business, personal data may be disclosed to a potential buyer.
5. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
5.1 Pharmetheus strives to process your personal data within the European Union (EU) or the European Economic Area (EEA). Except for the situations described below, Pharmetheus will not transfer your personal data to any country outside the EU/EEA. If personal data is transferred to any country outside of the EU/EEA, Pharmetheus will ensure that such data is stored and handled in a secure manner. Further Pharmetheus will comply will all requirements that apply to transfers of personal data to countries outside of the EU/EEA pursuant to applicable data protection legislation.
5.3 Pharmetheus uses Amazon Web Services for storing data on servers in Ireland. Through Pharmetheus’ use of Amazon Web Services your personal data is transferred to the United States. The United States are not covered by an adequacy decision by the European Commission, however Pharmetheus has secured that your rights are protected when your personal data is transferred to the United States by entering into the European Commission’s Standard Contractual Clauses with Amazon Web Services. Further information on the Standard Contractual Clauses and other safety measures is available on the Swedish Authority for Privacy Protection’s website. You are also welcome to contact us via the contact details set out in section 10 below, if you have any questions relating to our processing of your personal data.
6. Your rights
Pursuant to the GDPR, you have a number of rights in relation to your personal data. A summary of the rights you have as a data subject follows below. If you at any time wish to exercise your rights, please contact us via the contact information set out in section 10 below.
6.1 Right to rectification. Pharmetheus will, upon your request as well as on its own initiative, correct, anonymise, delete or supplement information that is found to be incorrect, incomplete or misleading.
6.2 Right of access. You have the right to receive information about whether we process personal data about you and in such cases receive a copy of the personal data including information on the purposes of the processing, categories of personal data processed, categories of recipients of the personal data, retention periods, your rights regarding the processing, the existence of automated decision-making (including profiling), information on the appropriate safeguards relating to the transfer of your personal data to countries outside the EU/EEA and, if the personal data has not been collected from you, from where the data is collected.
6.3 Right to be forgotten. Under certain circumstances you have the right to request deletion of your personal data without undue delay. You have this right when (i) the personal data is no longer necessary for the purposes for which they were processed, (ii) the processing of your data relies on your consent as a legal basis and you withdraw your consent and there is no other legal basis for the processing, (iii) you have objected to the processing of your personal data for direct marketing purposes or to processing based on legitimate interest as legal basis and we cannot show definitive reasons for the processing which outweigh your interests, rights and freedoms, (iv) the processing does not take place to establish, exercise or defend legal claims, (v) the personal data has been unlawfully processed or (vi) the personal data has to be erased for compliance with a legal obligation.
6.4 Right to object. You have the right to object at any time to the processing of personal data based on legitimate interest as legal basis, including e.g. profiling. In addition, you always have the right to object to the processing of your personal data for direct marketing purposes. We will then cease to process the personal data, unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or if the processing takes place for the establishment, exercise or defense of legal claims.
6.5 Right to restriction of processing. Under certain circumstances you have the right to request that we restrict the processing of your personal data. Such is the case when (i) you consider that the personal data is not correct and you are awaiting our verification of the accuracy of the personal data, (ii) the processing is unlawful and you, instead of deleting the personal data, wish the processing to be restricted, (iii) we no longer need the personal data for the purposes of the processing but you need them to establish, exercise or defend legal claims or (iv) when you have objected to processing based on a legitimate interest and you are waiting for a verification on whether our legitimate reasons outweigh yours.
6.6 Right to data portability. When personal data you have provided to us is processed by automated means and based on your consent or on a contract with you as legal basis, you have the right to obtain your personal data in a commonly used and machine-readable format and request that such personal data is transmitted to another controller.
6.7 Right to lodge complaints. You have the right to file complaints regarding our processing of your personal data with the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten),
address: Box 8114, SE-104 20 Stockholm.
7. Protection of your personal data
10. Contact information
Pharmetheus’ contact information:
Company reg. number: 556895-6352
Postal address: Uppsala Science Park, Dag Hammarskjölds väg 36B, 752 37 Uppsala, Sweden
Phone number: +46(0) 18 51 33 28
E-mail address: email@example.com
Contact information of Pharmetheus’ data protection officer: firstname.lastname@example.org