NOTICE OF PERSONAL DATA PROCESSING
Novo Nordisk A/S is required by law to protect your personal data. This Notice explains how we process (e.g. collect, use, store, and share) your personal data. We will process any personal data about you in accordance with this Notice and with applicable law.
1. WHO ARE WE?
The company responsible for processing your personal data is:
Novo Nordisk A/S
Novo Allé
2880 Bagsværd, Denmark
+45 44448888
Privacy@novonordisk.com
You can always contact Novo Nordisk A/S or the Novo Nordisk Data Privacy Officer at privacy@novonordisk.com with questions or concerns about how we process your personal data.
2. HOW DO WE COLLECT PERSONAL DATA ABOUT YOU?
We get your personal data from the following sources:
• From you directly
3. WHY DO WE PROCESS YOUR PERSONAL DATA?
We process personal data about you for the following purposes:
• To provide the website services to you;
• To respond to your questions or request for information; and
• To verify that you are a relevant party to utilise this platform
You are not required to provide us with your personal data. If you do not want Novo Nordisk to use your personal data, we will not be able to respond to your information inquiry or verify your OPEN membership.
4. WHAT PERSONAL DATA DO WE PROCESS ABOUT YOU?
For the purposes described above in Section 3, we may process the following types of personal data:
• Contact information (name and email address);
• Relevant employment information
5. WHY ARE WE ALLOWED BY LAW TO PROCESS YOUR PERSONAL DATA?
Our processing of your personal data requires a legal basis. By law, we are allowed to process your personal data described above in Section 4 based on the following legal bases:
• The processing is necessary for our legitimate interests. The legitimate interests are ensuring that the platform is accessed only by relevant and qualified parties
6. HOW DO WE SHARE YOUR PERSONAL DATA?
We may share your personal data with:
• Suppliers or vendors that assist our company (e.g., consultants, IT service providers, financial institutions, law firms, license partners)
7. WHEN DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE THE EU/EAA?
For the purposes described above in Section 3, we transfer your personal data to countries outside the European Economic Area (EEA). The level of data protection in certain countries outside the EEA does not conform to the level of data protection for personal data currently applied and enforced within the EEA.
We therefore use the following safeguards, as required by law, to protect your personal data in case of such transfers:
• The transfer is to a Novo Nordisk entity covered by Novo Nordisk’s Binding Corporate Rules, available at https://www.novonordisk.com/about-novo-nordisk/corporate-governance/personal-data-protection.html.
• The destination countries are deemed by the EU Commission to have an adequate level of protection of personal data
• We have entered into Standard Contractual Clauses for the Transfer of Personal Data to Third Countries. You can get a copy of the Clauses by contacting us as described in Section 1;
• The EU-US Privacy Shield Framework for transfers to Privacy Shield-certified and US-based companies and organisations. More information and a list of Privacy Shield-certified companies and organisations are available at https://www.privacyshield.gov/welcome.
8. HOW LONG WILL WE KEEP YOUR PERSONAL DATA?
We will keep your personal data for the following period of time:
• For as long as you are a participant of the OPEN network and platform, or until you request for your membership to be removed from the platform
9. WHAT ARE YOUR RIGHTS?
In general, you have the following rights:
• You can get an overview of what personal data we have about you
• You can get a copy of your personal data in a structured, commonly used and machine-readable format
• You can get an update or correction to your personal data
• You can have your personal data deleted or destroyed
• You can have us stop or limit processing of your personal data
• If you have given consent for us to process your personal data (see Section 5), you can withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried out before you withdrew your consent
• You can submit a complaint about how we process your personal data to a Data Protection Authority.
Under applicable law, there may be limits on these rights depending on the specific circumstances of the processing activity. Contact us as described in Section 1 with questions or requests relating to these rights.
