Contact us
SEARCH:
Bavarian Nordic
Print

Privacy Policy - Consultants, Vendors, Customers and Business Partners

This privacy policy explains how Bavarian Nordic A/S (“Bavarian Nordic”) collects and handles your personal information when you interact with us as a private consultant, vendor, customer or business partner or as a natural person working for any of these.

1. DATA CONTROLLER

The legal entity responsible for the processing of your personal information is:

Bavarian Nordic A/S
CVR: 16271187
Philip Heymans Alle 3
DK-2900 Hellerup
Denmark

If you have inquiries and/or questions to our processing of your personal information, please contact us at data.request@bavarian-nordic.com

2. CATEGORIES OF PERSONAL INFORMATION

Depending on the exact interaction we have with you, we may collect and process the following categories of personal information about you:

Consultants:

  • Work contact detail (such as name, work mobile phone, job title)
  • Contract terms and signature
  • Billing details and payments
  • Information about ordering and performance of services
  • Work product
  • CVs and other qualification records (only applicable to some)
  • Training documentations (primarily GxP related and only applicable to some)
  • References (only applicable to some)
  • Criminal records (only applicable to some)
  • Relation management information

Other vendors than consultants:

  • Work contact detail (such as name, work mobile phone, job title)
  • Contract terms and signature
  • Billing details and payments
  • Information about ordering, sales and delivering of products and services
  • Driver license number (only applicable to some chauffeur vendors)
  • CVs and other qualification records (only applicable to some)
  • Training documentations (primarily GxP related and only applicable to some)
  • Criminal records (only applicable to some)
  • Relation management information

Customers:

  • Work contact detail (such as name, work mobile phone, job title)
  • Contract terms and signature
  • Billing details and payments
  • Information about ordering, purchasing and delivering of products
  • Relation management information

Business partners:

  • Work contact detail (such as name, work mobile phone, job title)
  • Contract terms and signature
  • Billing details and payments
  • Relation management information

3. SOURCES

When we collect personal information from other sources than you, those sources may be:

  • Your employer with whom we interact.
  • References
  • Relevant authorities

4. USE OF PERSONAL INFORMATION

We may use your personal information for the following purposes:

  • Making business transactions between us and you or between us and the consultant firm, vendor, customer or partner for whom you work
  • Compliance with security, safety and product quality requirements

5. LEGAL BASIS

We may process your personal information based on the following legal bases:

  • Processing is necessary for the performance of a contract to which you are party or in order to take steps, at the request of you, prior to entering into a contract (Art. 6 (1) litra a of the GDPR – Performance of the consultancy, vendor, customer of partner contract we have with you.
  • Processing is necessary for compliance with a legal obligation to which Bavarian Nordic is subject (Art. 6 (1) litra c of the GDPR) – GxP regulation and applicable security legislation.
  • Processing is necessary for the purposes of the legitimate interests pursued by Bavarian Nordic (Art. 6 (1) litra f of the GDPR) – Site security and safety requirements and conducting business.
  • With respect to criminal records, you have given your consent to the processing of this information for the purposes referring to in the informed consent form signed by you (Art. 6 (1) litra a of the GDPR).

6. SHARING OF YOUR PERSONAL INFORMATION

We may share your personal information on a strict need-to-know basis with:

  • Other group companies
  • Relevant authorities
  • Other business relevant third parties.

7. TRANSFERS TO COUNTRIES OUTSIDE THE EU/EEA

As the clear main rule, your personal information will only be processed and stored in Denmark and Germany.

If it becomes necessary to transfer all or some of your personal information to countries outside the EU/EEA that are not deemed to provide an adequate level of protection of your personal information compared to the EU/EEA, we will only transfer the personal information after having provided appropriate safeguard, such as the use of EU Standard Contractual Clauses.

You may obtain a copy of any such safeguards by contacting us as provided for in Section 1.

8. RETENTION OF YOUR PERSONAL INFORMAITON

It is our policy not to keep personal information for longer than necessary. Where personal data is kept, the period will be determined based on applicable law.

Your personal information will be deleted in accordance with the Bavarian Nordic Personal Data Retention Procedure. It follows, inter alia, from this procedure that criminal records will be deleted immediately after it has been shown to us.

For further information, please contact us as provided for in Section 1.

9. YOUR RIGHTS

In general, you have the following rights to:

  • Request access to and rectification or erasure of your personal information.
  • Object to the processing of your personal information and have the processing of your personal information restricted.
  • Object to the processing of your personal information for direct marketing purposes.
  • If processing of your personal information is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried out before you withdrew your consent.
  • Receive your personal information in a structured, commonly used and machine-readable format (data portability).
  • Not be subject to automated individual decision-making, including profiling.

Your rights may be subject to statutory limitations and conditions. It is therefore not certain that Bavarian Nordic has to comply with your request.

You also have the right to lodge a complaint with the Danish Data Protection Authority. The Danish Data Protection Authority has the following contact details:

Datatilsynet
Borgergade 28, 5
1300 København K
Telephone number: +45 33 19 32 00
Email: dt@datatilsynet.dk
www.datatilsynet.dk

10. OBLIGATION TO PROVIDE PERSONAL INFORMATION AND CONSEQUENCES FOR FAILING TO DO SO

The provision of some of your personal information may be a contractual requirement that you and/or your employer have with Bavarian Nordic or a requirement necessary to conclude a contract with Bavarian Nordic. Failure to provide the personal information may thus constitute a material breach of contract or mean a contract cannot be concluded, which may have negative legal and financial consequences for you and/or your employer.

11. AUTOMATED DECISION-MAKING

Your personal information will not be used for automated decision-making, including profiling.

12. CHANGES TO THIS PRIVACY POLICY

Changes to this privacy policy will be posted on our webpage here: www.bavarian-nordic.com/privacy. We encourage you to visit our webpage regularly to keep yourselves updated on any such changes.