Privacy policy

This Privacy Policy describes how LEO Pharma (“we” or “us”) processes your personal data when you register for one of our services on our website, are in contact with us, or use our website.

The data controller is LEO Pharma A/S, Industriparken 55, 2750 Ballerup, CVR No. 56759514 (“LEO Pharma”).

 

Use of your personal data

 

1. Administering and enabling use of our services

Personal data will be processed for the purpose of providing you with the service you have registered for. For some services, specific information on the purpose of the processing will be made available in connection with the collection of personal data when registering to the service. 

We process the following personal data about you:

  • Information you provide to us for the purpose of registering with us, including your name, e-mail address, address, profession and workplace;
  • Information relating to transactions carried out between you and us on or in relation to this website.

We process your personal data for the purposes above when the processing is necessary for:

  • The performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract (GDPR, art. 6.1.b);
  • Pursuit of our legitimate interests in communicating with you, handling your enquiries in relation to our services, and improving our services (GDPR, art. 6.1.f).

 

We collect the personal data directly from you.

LEO Pharma may share your personal data with:

  • Suppliers and vendors that we work with to assist our company, meaning service providers, technical support, supply services, and financial institutions;
  • LEO Pharma Affiliates, meaning any affiliate, company, corporation, firm, partnership or other entity controlling or controlled by LEO Pharma;
  • Public authorities.

Personal data will be retained as long as necessary for providing you with the given service. For services involving remuneration, your personal data will be retained for up to five years after the current year in accordance with bookkeeping regulations, e.g. Section 10 in the Danish Bookkeeping Act.

2. Marketing

Personal data will be processed for marketing-related purposes, including sending relevant information regarding our products and services (direct marketing), and for targeting our communication with you. We will not send you direct marketing, unless you have given your consent. You may revoke your consent at any time and discontinue the use of the service.

We process the following personal data about you:

  • E-mail address;
  • Name;
  • Address;
  • Telephone number;
  • Profession;
  • Workplace.

 

We process your personal data for the purposes above when the processing is necessary for:

  • Pursuit of our legitimate interests in sending you direct marketing, and targeting our communication with you (GDPR, art. 6.1.f).

We collect the personal data directly from you.

LEO Pharma may share your personal data with:

  • Suppliers and vendors that we work with to assist our company, meaning service providers, technical support, supply services, and financial institutions.

Personal data will be retained as long as necessary for providing you with the given service. If you withdraw your consent, we will delete your personal data two years after the date of your withdrawal in accordance with guidance from the Consumer Ombudsman.

3. Cookies

When you use our website, cookies are used to collect personal data about your behavior for the purpose of optimizing our website and our services, generating statistics and for marketing. LEO Pharma also uses web analysis tools, such as Google Analytics provided by Google, and LEO Pharma and the provider of such third party cookies act as joint data controllers. You can read more about this and locate a link to the privacy policies of such third party providers in the cookie overview, which can be accessed through LEO Pharma’s Cookie Policy. You may read more about the use of cookies in LEO Pharma's Cookie Policy, which can be found by clicking on the cookie-icon at the bottom left of this website.

We process the following personal data about you:

  • Information about your computer and about your visits to and use of our website, including your IP address, browser type, geographical location, length of visit and number of page views. Such information will be collected via cookies.


We process your personal data for the purposes above when the processing is necessary for:

  • Profiling and tracking of your use of our website for marketing-related purposes will be based on your consent (GDPR article 6.1.a). You may withdraw or change your consent at any time by clicking on the cookie-icon at the bottom left of this website;
  • Pursuit of our legitimate interests in providing you with an interesting website that works optimally (GDPR article 6.1.f).


We collect the personal data directly from you.

LEO Pharma may share your personal data with:

  • Third party providers setting cookies on our website;
  • Suppliers and vendors that we work with to assist our company, meaning service providers, technical support, supply services, and financial institutions.


Personal data will be retained as long as necessary for providing you with the given service. The retention times for cookies depend on the type of cookie. You may read more about the retention times in the cookie overview in our Cookie Policy, which can be found by clicking on the cookie-icon at the bottom left of the website.

4. Pharmacovigilance and reporting of Adverse Events

As a pharmaceutical company, LEO Pharma is under legal obligations to collect information about Adverse Events and Other Experiences related to information about the safety of our products. When you, your doctor or a third party provide us with information on Adverse Events, experienced with the use of our products, we record and process the information in order to meet our pharmacovigilance obligations. If needed, we will revert to the reporter and request additional information about the experience. These obligations allow Marketing Authorisation Holders and public authorities to learn from experiences in order to minimize the risks for patients.

We process the following personal data about you:

  • Information on the Adverse Event (i.e. any untoward medicinal occurrence in a patient using a medicinal product) or Other Experience(s) (i.e. events which describe the circumstances around the use of a drug which potentially could cause drug related problems or which could potentially give new knowledge of a drug. e.g. pregnancy exposure or medication errors);
  • Patient age and/or sex, date of birth, patient initials
  • Results of tests and procedures relevant to the investigation of the patient;
  • If applicable, date and reported cause of death;
  • Information on the primary source(s) which allow the relevant affiliate or partner of LEO to request additional information as needed;
  • Relevant medical history and concurrent conditions;
  • The name of the medicinal product(s) and the active substance(s);
  • Concomitant medicinal products, and past-medical drug therapy for the patient;
  • If you are a reporter of Adverse Events/Other Experiences, we will only process the following personal data: Name, contact information, place of work and profession.


We process your personal data for the purposes above when the processing is necessary for:

  • Complying with a legal obligation to collect and report information related to pharmacovigilance and safety of our products (GDPR, art. 6.1.c, and art. 9.2.i).

We collect the personal data from either (i) an individual reporting the Adverse Event, which is often a healthcare professional, (ii) a hospital or site, or (iii) companies handling pharmacovigilance activities on our behalf.

LEO Pharma may share your personal data with:

  • Public authorities;
  • Suppliers and vendors that we work with to assist our company, meaning service providers, technical support, supply services, and financial institutions.

Records and reports will be retained for a minimum of 10 years after the marketing authorization has ceased to exist pursuant to art. 12(2) in the EU Commission’s Implementing Regulation (EU) No 520/2012 on the performance of pharmacovigilance activities.

5. Corporate Governance

Personal data on board members, directors and/or shareholders will be processed for the purpose of making official registrations with public authorities, i.e. the Danish Business Authority and the Danish Registration Court.

We process the following personal data about you:

  • Information about your name, address, place of birth and nationality;
  • Confirmation of identity in the form of a scanned copy of a passport, driver's license, health insurance card and/or a birth certificate. If beneficial owners are not Danish, or do not have permanent residence in Denmark, it may be necessary to collect additional data.


We process your personal data for the purposes above when the processing is necessary for:

  • Complying with a legal obligation (GDPR, art. 6.1.c).
    Pursuit of our legitimate interests in processing your personal data in relation to corporate governance matters, including communicating with you and the relevant authorities (GDPR, art. 6.1.f).


We collect the personal data directly from you.

LEO Pharma may share your personal data with:

  • Suppliers and vendors that we work with to assist our company, meaning service providers, technical support, supply services, and financial institutions;
  • LEO Pharma Affiliates, meaning any affiliate, company, corporation, firm, partnership or other entity controlling or controlled by LEO Pharma;
  • Public authorities.


Personal data will be retained as long as necessary for the purposes above, including in accordance with legal obligations to retain such personal data. In general, we will not keep your data for more than five years after the expiry of the business relationship. 

6. Social media

Personal data will be collected from LEO Pharma’s pages on social media, such as Facebook and LinkedIn. The purpose of the processing is to administer our pages and communicate with users, including potential patients. Personal data will also be collected for marketing-related purposes, and we will use aggregated information on the users of our social media pages to conduct statistics and segmentation in order to target our campaigns. If you choose to share personal data related to adverse events, we will process that information in order to comply with our legal obligations to report such information to authorities (please see more information under section below).

We process the following personal data about you:

  • Information manifestly made public by you, including your name, e-mail address, profession, workplace, interests, pages you like or follow, preferences, friends, health information in the form of adverse events, racial or ethnic origin, political opinions, etc.


We process your personal data for the purposes above when the processing is necessary for:

  • Processing information manifestly made public by you for the purpose of communicating with you, and for marketing-related purposes as described above (GDPR, art. 6.1.f and art. 9.2.e).


We collect the personal data directly from you.

LEO Pharma may share your personal data with:

  • Suppliers and vendors that we work with to assist our company, meaning service providers, technical support, supply services, and financial institutions;
  • LEO Pharma Affiliates, meaning any affiliate, company, corporation, firm, partnership or other entity controlling or controlled by LEO Pharma;
  • Public authorities.


LEO Pharma uses the analytical tool “Page Insights” provided by Facebook to understand how users interact with our pages on Facebook. The processing of personal data in “Page Insights” is subject to joint controllership between LEO Pharma and Facebook. You can read more about the processing of personal data related to the use of “Page Insights” here, which includes more information about the extent of our responsibility for such processing.

Personal data will be retained as long as necessary for handling your requests on social media, answer your enquiries, or to undertake marketing-related initiatives on the basis of the information provided by you on social media. Please refer to section below for more information on retention of personal data in relation to adverse events.

7. Engagement with health care professionals

When health care professionals (“HCPs”) engage with a supplier assisting LEO Pharma with services, such as, but not limited to, consultancy, speaker activities, advisory boards and when providing donations, grants and/or sponsorships, personal data will be processed for the purpose of complying with local laws and industry standards, including assessments of fair market value, legitimate business needs and disclosure of information on transfer of value.

We process the following personal data about you:

  • Name, contact details, medical expertise and qualifications, assessment of fair market value, details on activity/services provided by you as well as any remuneration for services or grant, donation and sponsorship provided by LEO Pharma directly or indirectly to you.


We process your personal data for the purposes above when the processing is necessary for:

  • Complying with legal obligations and obligations on disclosure of transfer of value (GDPR, art. 6.1.c). Such disclosure will be based on your consent (GDPR, art. 6.1.a), if disclosure is not a legal obligation.
  • Pursuit of our legitimate interests in assessing the activity/services and legitimate business need and adherence to local law and industry standards, and assessing fair market value (GDPR article 6.1.f).

 
We collect the personal data from suppliers assisting LEO Pharma with services/engagements involving HCPs.

LEO Pharma may share your personal data with:

  • Suppliers and vendors that we work with to assist our company, meaning service providers, technical support, supply services, and financial institutions;
  • LEO Pharma Affiliates, meaning any affiliate, company, corporation, firm, partnership or other entity controlling or controlled by LEO Pharma;
  • Public authorities;
  • Local industry associations.


Personal data will be retained for 6 years after a transfer of value has been made to you in order to comply with global standards for pharmaceutical companies. 

Transfers of personal data to countries outside the EU/EEA

 

In order to provide some of our services, we may transfer your personal data to a supplier, vendor or LEO Pharma Affiliates located in countries outside of the EU/EEA. Such transfers will only take place on the basis of appropriate safeguards, such as the European Commission’s Model Contracts for the Transfer of Personal Data to Third Countries, which can be found here, or a decision by the European Commission deeming the third country to have an adequate level of protection of personal data.

If you want more information about whether your personal data will be transferred to a country outside the EU/EEA, please contact us by email at dataprivacy@leo-pharma.com.

Security of your personal data

 

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

 

Passwords

 

If you are given a password to access some of the services and/or content of the website, you undertake to use it in a diligent manner and keep it secret at all times. You will consequently be responsible for keeping it safe and confidential.

Your rights

 

You have the following rights:

  • You are entitled to request access to, rectification or erasure of your personal data.
  • You are also entitled to oppose the processing of your personal data and to request restriction of the processing of your personal data.
  • You have in particular an unconditional right to oppose the processing of your personal data for direct marketing purposes.
  • If the processing of your personal data is based on your consent, you are entitled to revoke such consent at any time. Revocation of your consent will not affect the lawfulness of the processing carried out prior to your revocation of consent.
  • You are entitled to receive personal data which you have provided to us in a structured, commonly used and machine-readable format (data portability).
  • You can always lodge a complaint with a data protection authority, for example the Danish Data Protection Agency.

Further, you have a right to object to the following processing:

  • You have a right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on art. 6.1.e or art. 6.1.f, including profiling based on those provisions.
  • When your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data for such marketing.


You may exercise these rights by writing to the below mentioned e-mail address.

Contact information

 

If you have any requests or questions about this privacy policy or our processing of your personal data, please e-mail us at leo.corporate@leo-pharma.com.
 
If you have any questions about our processing of your personal data, you are always welcome to contact our Data Protection Officer. You can contact our Data Protection Officer in the following ways:

  • By e-mail:dataprivacy@leo-pharma.com
  • On the phone: +45 4494 5888
  • By letter: LEO Pharma A/S, Industriparken 55, 2750 Denmark, c/o Data Protection Officer


 Last updated: 12 May 2020