SEARCH:
Print

Privacy Policy - Healthcare Professionals

This privacy policy explains how Bavarian Nordic A/S (Denmark) and our affiliates, Bavarian Nordic GmbH (Germany), Bavarian Nordic AG (Switzerland) and Bavarian Nordic Inc. (United Stated) (“Bavarian Nordic”, “us”, “we” or “our”) collect and handle your personal data when we interact with you as a healthcare professional.

The Privacy Policy is intended to meet our duties of Transparency under applicable data protection legislation, in particular the Regulation (EU) 2016/679 (“GDPR”) and the Swiss Data Protection Act (“FDPA”).

1. DATA CONTROLLER

The main legal entity responsible for the processing of your personal data is:

Bavarian Nordic A/S
CVR: 16271187
Philip Heymans Alle 3
DK-2900 Hellerup
Denmark

If you have inquiries and/or questions to our processing of your personal data, please contact us at data.request@bavarian-nordic.com

2. CATEGORIES OF PERSONAL DATA

Depending on the exact interaction we have with you, we may collect and process the following categories of personal data about you:

Category of personal information collected What this means

Identity Data

First name, last name, title, gender, General Medical Council (GMC) number (or equivalent).

Contact Data

Your email address, telephone number, fax number and work address.

Professional Data

Your job role, area of specialty/expertise.

Marketing and Communications Data

Your preferences in receiving marketing communication from us and our third-party service providers and your communication preferences.

Financial Data

Your fees, reimbursements, bank account details, contract terms and participation in HCP activities/services.

Website usage data

Your IP address, browser information and use of the specific website.

 

No Special Categories of Personal Data
We do not collect or process any “Special Categoriesof Personal Data” about you.

3. From where we collect personal data

We collect and process personal data that you have provided in communications with us. In addition, we may collect and process personal data from your use of our websites or from the following sources:

  • From publicly available publications, for example local medical registers or associations websites, or social media
  • From vendors or service providers, for example providers of healthcare provider databases
  • From Affiliates

4. Purpose and legal basis

In the following we have described the purposes and legal bases for our processing of your personal data:

Purpose

Category(ies) of personal data involved

Our legal basis for processing this data

HCP relation management (CRM)

Identity Data

Contact Data

Professional Data

Marketing and Communications Data

Legitimate Interests.

Our legitimate interests are to keep a good relationship with you.

Performance of a contract, including payment of fees

Identity Data

Contact Data

Professional Data

Financial Data

Performance of contracts or taking necessary steps prior to entering into a contract with you.

HCP analysis

Identity Data

Contact Data

Marketing and Communications Data

Legitimate Interests.

Our legitimate interests are to better understand your preferences and provide you with relevant information and updates.

Direct marketing

Identity Data

Contact Data

Marketing and Communications Data

Consent

We will obtain your consent prior to sending marketing material to you by email.

Compliance with HCP disclosure and reporting obligations, and for internal compliance auditing/monitoring purposes

Identity Data

Contact Data

Professional Data

Financial Data

Legal obligation

We have a legal obligation to comply with legislation on HCP disclosure and reporting as applicable in some countries.

Legitimate Interests

Our legitimate interests are to ensure compliance with applicable ethical codes or to perform internal compliance audits/monitoring.

 

5. Sharing og your personal data

We may share your personal data with the following recipients:

  • Our Affiliates (listed in the beginning of this Privacy Policy)
  • Service Providers, including cloud-services and hosting and IT providers
  • Professional advisers, including lawyers and auditors
  • Regulators and other authorities, namely relevant health and tax authorities

6. Transfers to countries outside the EU/EEA and Switzerland

As a starting point, your personal data will only be processed and stored within the EU, namely in Denmark, unless otherwise stated or evident (for example if the contracting party is Bavarian Nordic Inc., US).

To the extent your personal data is transferred to countries outside the EU/EEA and Switzerland, we will only transfer the personal data after having provided one of the following safeguards:

  • Adequacy decision by the EU Commission.
  • EU Commission’s Standard Contractual Clauses

In some cases, we may rely on your consent for the transfer of your personal data to countries outside the EU, or if one of the limited and relevant exceptions third country transfers in the GDPR apply. You can contact us for more information on the relevant safeguards or legal basis.

7. How long will we store your personal data

We will not store your personal data for longer than necessary.

The retention period will be determined on whether we have a legal obligation to store such personal data for either compliance or bookkeeping purposes, or whether a continuous storage is relevant to ensure our contractual obligations towards you or to pursue our legitimate interests.

8. Your rights

You have the following rights in connection with our processing of your personal data. Please note that some of the rights may be subject to exceptions and limitations.

  • Request access to and to receive a copy of your personal data.
  • Right to have your personal data rectified.
  • Right to have your personal data deleted.
  • Right to have the processing of your personal data limited.
  • Right to data portability.
  • Right to object to the processing of your personal data.
  • Right to not be subject to automated decision making, including profiling.
  • Right to withdraw your consent.
  • Right to complain to the relevant supervisory authorities.

How to exercise your rights
If you want to exercise any of the rights described above, please contact us as provided for in Section 1.

Complaints
If you would like to make a complaint regarding this Privacy Policy or our practices in relation to your personal data, please contact us as provided for in Section 1. We will reply to your complaint as soon as we can.

If you feel that your complaint has not been adequately resolved, please note that the GDPR gives you the right to contact your local data protection supervisory authority, as listed here. The data protection supervisory authority for Switzerland is the Office of the Federal Data Protection and Information Commissioner.

9. Obligation to provide personal data adconsequences for failing to do so

You are not required to provide us with your personal data.

Where we need to process your personal data, either to comply with law or to perform the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract with you.

10. Automated decision-making

Your personal data will not be used for automated decision-making, including profiling.

11. Changes to this privacy policy

Changes to this privacy policy will be posted on our webpage here: www.bavarian-nordic.com/privacy. We encourage you to visit our webpage regularly to keep yourselves updated on any such changes.