About the process of personal data
We want to inform you about how AcuCort AB (publ) uses your personal data and what rights you have. You will find the information in the privacy policy below.
Data Protection Officer, DPO
Do not hesitate to contact AcuCort if you have any questions about this privacy policy, the processing of your personal data or if you wish to exercise any of your rights under this privacy policy. The easiest way is to send an e-mail to AcuCort’s Data Protection Officer:
Email address: dpo@acucort.se
This Privacy Policy was published on August 5, 2024.
General
This privacy policy (the “Privacy Policy”) describes how AcuCort AB (publ), corporate identity number 556715-5113, Medicon Village, Scheeletorget 1, SE-223 81 Lund, Sweden (”the Company”), processes personal data about you as a representative for a company that is a customer of the Company, a potential customer/partner of the Company, a partner (including supplier) of the Company, an individual reporting an adverse event or a complaint or a reporter reporting an adverse event on behalf of an individual. This Privacy Policy further describes how the Company processes personal data about you when you visit our website, www.acucort.com, as well as if you apply for a job position or consulting assignment within the Company (i.e. during a recruitment process) including you who sign up to receive our newsletter/press releases/financial reports.
Data controller and data processing officer
As a personal data controller, the Company is responsible for ensuring that all personal data is processed properly and in accordance with applicable data protection legislation.
The Company has appointed a data protection officer. The data protection officer’s responsibility is, inter alia, to monitor that the Company’s processing of personal data is made in accordance with applicable data protection legislation.
What personal data is collected?
Company representatives:
The Company collects and processes information about you that we need to contact you in your role as a company representative such as name, position, postal address, e-mail address and telephone number.
Website visitors:
The Company collects data about you that we need to improve, streamline, simplify and develop our website, such as IP address, cookies or similar information.
Recruitment:
The Company collects data about you that we need to recruit the right person for a job position at the Company or contract a consultant. Information collected for recruitment purposes is name, postal address, e-mail address, telephone number and information included in your CV and other personal data that you have provided to us.
Newsletters/press releases/financial reports:
The Company collects personal data about you that we need to be able to send our newsletters/press releases/financial reports to you. We only collect your name and e-mail address for this purpose.
Individuals who experienced an adverse event or file a complaint and reporters of adverse events:
The Company collects certain data about you relating to a reported adverse event (pharmacovigilance) or complaint. The Company is legally obliged to process the personal data included in an adverse event report and any personal data provided to the Company related to adverse events or other activities related to pharmacovigilance will be used solely for these purposes. This is to be able to trace, evaluate and record any such reported event, as is our legal obligation. Since our legal obligation extends to ensure follow-up and traceability of reported adverse events, we collect personal data both regarding the person subject to an adverse event, as well as the person making the report.
The data is collected either from the individual who experienced an adverse event or from the person reporting it (e.g., a healthcare professional).
The data collected may include name and date of birth, gender, contact details and profession of the reporting individual, information and dosage of the product that caused the adverse event, information regarding other medicines taken at the time of the adverse event, information and details of the adverse event suffered including treatment and lab reports, use of therapeutic medicines as well as other medical history.
Some of the data collected relating to your health, genetics, biometric information, sexual life or ethnicity may be considered as sensitive personal data.
If adverse events are reported directly to AcuCort’s service provider, data is handled in accordance with the privacy policy of the service provider.
Our processing of your personal data
For company representatives of current customers
Personal data about you can be transmitted to us directly from you or from the company that you represent as the company which you represent is doing business with our company. The personal data we collect and process about you, the purpose of the processing of personal data and the legal basis for such processing is set forth in the table below.
Category of personal data | Purpose | Legal basis |
· Name · Position · Telephone number · E-mail address |
Enable contacts with the company’s representative regarding for example deliveries. | The processing is necessary to fulfil the contract with the customer, i.e. the company that you represent. |
· Name · Position · Telephone number · E-mail address |
To fulfil statutory obligations for example security requirements. | The processing is necessary for the company’s legal obligations. |
· Name · Position · Telephone number · E-mail address |
Enable marketing and customer analyses. | The processing is necessary for the company’s legitimate interest to market its goods/services to the company that you are representing (legitimate interests). |
For company representatives of potential customers/partners/investors
If we consider the company you represent as a potential customer/partner of the Company, we may collect information about you in your capacity as a company representative. Such information is collected from public or official sources, such as your company’s website or the official records of the Swedish Companies Registration Office. The personal data we collect and process about you, the purpose of the processing of personal data and the legal basis for such processing is set forth in the table below.
Category of personal data | Purpose | Legal basis |
· Name · Position · Telephone number · E-mail address · Postal address |
Enable marketing and contact with a representative of the potential customer/partner. | The processing is necessary for the company’s legitimate interest to market its goods/services to the company that you are representing and to initiate contact between the company and the potential customer/partner via the company representative (legitimate interests). |
For company representatives of partners
Data about you may be transmitted to us directly from you or from the company you represent when the company that you represent enters a collaboration with AcuCort. The personal data we collect and process about you, the purpose of the processing of personal data and the legal basis for such processing is set forth in the table below.
Category of personal data | Purpose | Legal basis |
· Name · Position · Telephone number · E-mail address · Postal address |
To enable contact between the company and the partner’s representative regarding the parties’ business cooperation. | The processing is necessary to fulfil the contract with the customer, i.e. the customer that you represent. |
· Name · Position · Telephone number · E-mail address · Postal address |
To fulfil statutory obligations, for example security requirements. | The processing is necessary for the company to fulfil its legal obligations. |
For our website visitors
Category of personal data | Purpose | Legal basis |
· Technical information (IP-address, cookies or similar) |
To be able to develop and improve our website (www.acucort.se) and to adapt it based on how it is used. | The processing is necessary for the company’s interest to improve, streamline, simplify and develop its website and to attract more customers/partners and to increase the number of returning customers/partners (legitimate interests). |
For you who are applying for a job position or looking for a consulting assignment with the Company
Category of personal data | Purpose | Legal basis |
· Name · Postal address · Telephone number · E-mail address · CV, and other personal data that you have chosen to provide to us
|
To be able to select the most suitable candidate for a position in a recruitment process and to ensure that the person in question has the required competence. | The processing is necessary for the company’s legitimate interest in hiring the right personnel and to ensure that only employees with relevant competence work for the company (legitimate interests). |
For recipients of newsletters / press releases / financial reports
Category of personal data | Purpose | Legal basis |
· Name · E-mail address
|
To be able to send you our newsletter/press releases/financial reports. | The processing is based on your consent. Please note that you may withdraw your consent at any time.
As an alternative legal basis to the above; the processing is necessary for the company’s legitimate interest to market its goods/services (legitimate interests). |
For the individual who experienced an adverse event, files a complaint or from the person reporting it (e.g., a healthcare professional)
Category of personal data | Purpose | Legal basis |
Reporters | ||
· Name · Postal address · Phone number · Place of work · Occupational data |
To be able to trace and follow up adverse event reports reported to us relating to our products.
|
The Company’s legal obligations relating to pharmacovigilance, and other related, legislation.
Article 6.1 (c) GDPR
|
Individual experiencing an adverse event | ||
Personal data in the adverse event report, which may include:
· Name · Date of birth · Gender · Contact details · Details of the adverse event, including treatment and lab results · Information regarding the product that caused the adverse event, including dosage · Use of other therapeutic medicines · Other medical history
|
To be able to monitor the safety of our products and to record, trace, evaluate and compare adverse events reported to us relating to our products.
|
The Company’s legal obligations relating to pharmacovigilance, and other related, legislation.
Article 9.2 (i) GDPR Article 6.1 (c) GDPR |
Individual making a complaint | ||
Personal data relating to the complaint, which may include:
· Name · Date of birth · Gender · Contact details · Details of the complaint · Information regarding the product that caused the complaint |
To be able to comply with legal obligations in the context of product complaints reported to us. |
The Company’s legal obligations.
Article 9.2 (i) GDPR Article 6.1 (c) GDPR |
How long do we keep your personal data?
Your personal data is kept for as long as there is a need or legal requirement to keep the data to fulfil the purposes for which the data was collected in accordance with this Privacy Policy.
Personal data connected to reports about adverse events are retained for a minimum of 10 years after the marketing authorization for the product has expired.
Who do we share your personal data with?
We may disclose personal data to a third party as set out in the table below.
Third party | Reason to disclose personal data to third party |
Supplier of cloud service. | The company stores its information on a cloud service, which means that your personal data might be disclosed to that cloud service provider. |
Governmental authorities. | Personal data may be disclosed to governmental authorities, such as European Medicines Agency or any national or international medical products agency, when required to fulfil legal obligations. |
Service providers carrying out pharmacovigilance and quality assurance tasks on behalf of AcuCort
|
Data may be provided to a service provider in cases where they assist us in the pharmacovigilance process and are duly committed to confidentiality obligations. |
Transfer of personal data to third countries
The Company strives to process your personal data within the European Union (EU) or the European Economic Area (EEA). The Company will not transfer your personal data to any country outside EU/EEA except for the situations described below.
The Company may transfer personal data to third countries under the following circumstances:
a) where the Commission has decided that the third country, territory, international organization or one or more specified sectors within a third country ensure an adequate level of protection; or
b) if appropriate safeguards is provided according to the EU and/or national legislation such as the use of the standard contractual clauses drafted by the EU Commission.
In the absence of the abovementioned circumstances, a transfer may take place in case any of the derogations mentioned by the EU and/or national legislation has been met such as:
a) an explicit consent has been provided for the transfer; or
b) the transfer is necessary for the establishment or exercise of any of the Company’s rights; or
c) the Company is obliged by law or an international convention to provide the data.
If personal data is transferred to any country outside of the EU/EEA, the Company will ensure that such data is stored and handled in a secure manner. Further the Company will comply with all requirements that apply to transfers of personal data to countries outside of the EU/EEA pursuant to applicable data protection legislation.
The Company does not disclose personal data to third parties, except as described in this Privacy Policy or when it is required by law or to fulfil the Company’s commitments to you as a customer. Your personal data will not be transferred or sold to any third party for marketing purposes.
The Company uses We Connect IT AB for storing data at servers. Through the Company’s use of We Connect IT AB your personal data may be transferred to third country. The personal data that the Company collects about you through your use of the Company’s website may be transferred to Google in the United States, through Google Analytics. Your rights are safeguarded when transferred to the U.S. through Google’s and Amazon Web Service’s adherence to the EU-US Privacy Shield. More information is available at www.privacyshield.gov.
Your rights
As a personal data controller, the Company is responsible for ensuring that all personal data is processed properly and in accordance with applicable data protection legislation.
The Company will, upon your request as well as on its own initiative, correct, anonymize, delete or supplement information that is found to be incorrect, incomplete or misleading.
You are entitled to request and correct or delete your personal data by the Company (for example, if such deletion is required by applicable law), request limitation of continued processing of your personal data and a right to object to the treatment under the conditions permitted by applicable privacy laws (for example, if you question whether your personal information is correct or if your treatment is legal). The Company will inform each recipient of which personal data has been disclosed in accordance with the section “Who Disposes of Personal Data” above about any corrections or deletion of data as well as the limitation of processing of data taken under this section “Your Rights”.
You are entitled to withdraw your consent at any time. When you withdraw your consent, we will stop processing your personal data that we have processed with your consent as our legal basis. We will also delete such personal data that we have processed with your consent as our legal basis, provided that we do not need to keep such personal data for any other purpose. Please contact us if you wish to withdraw your consent. For our contact information, please see section “Contact information”.
You are entitled to data portability, that is, a right to, under certain conditions, extract and transfer your personal data in a structured, widely used and machine-readable format to another personal data controller.
You have the right to receive free of charge a transcript, through a written signed application, from the Company regarding the personal data that are registered about you, the purpose of such a processing and the recipients to which the personal data have been provided or will be provided. You also have the right to receive information about the estimation of time during which the personal data will be kept or the criteria for determining such a period. You also have the right to obtain information in the transcript about your other rights as set forth in this section “Your Rights”.
Should you be dissatisfied with our processing of your personal data, please let us know, and we will do our best to meet your complaints. You also have a right to submit a complaint with the Swedish Integritetsskyddsmyndigheten (IMY), Swedish Authority for Privacy Protection.
Protection of your personal data
You should always feel secure when you provide your personal data to us. The Company has therefore implemented the security measures needed to protect your personal data against unauthorized access, modification and deletion. We will not disclose your personal data to anyone else other than what is set out in this Privacy Policy.
Cookies
The Company uses cookies and similar techniques to provide certain functions at the website www.acucort.se and to improve our website and to deliver a better and more personal service. The information is stored as a file containing encrypted login-data. The Company is using cookies in accordance with the Company’s cookie policy, please visit www.acucort.com.
Changes
The Company reserves the right to amend this Privacy Policy at any time. If the amendments are substantial, the Company inform you by e-mail, provided that the Company has your e-mail address, or, by other means (if possible).
Contact information
Do not hesitate to contact us if you have any questions regarding this Privacy Policy, our use of your personal data or if you want to exercise any of your rights according to this Privacy Policy.
The Company’s contact information:
Corporate identity number: 556715-5113
Address: Medicon Village, Scheeletorget 1, SE-223 81 Lund Sweden
Telephone number: +46 (0)70 365 5400
E-mail address: info@acucort.se
Data Protection Officer:
E-mail address: dpo@acucort.se