This notice on processing of personal data is addressed to:
- the healthcare professionals with whom we create or maintain a
relationship;
- our customers or prospects who are natural
persons (such as self-employed pharmacists);
- the
representatives or contact persons of our customers or prospects who
are legal entities (such as wholesale pharmacists) or
representatives from health care providers such as e.g. health
insurance companies.
Novo Nordisk Egypt and Novo Nordisk A/S is required by law to
protect your personal data. This notice on processing of personal data
explains how we collect, process, use, store and share your personal
data. We will only process your personal data in accordance with this
notice and in accordance with applicable law.
2. WHO ARE WE?
The companies responsible for collecting and processing your
personal data is:
Novo Nordisk Egypt
The 47th building ǀ Plot 47, City Center,
1st District ǀ 5th Settlement ǀ New Cairo
[Company registration no.11188]
“NN [AFFILIATE]”
and
Novo Nordisk A/S
Novo Alle 1
2880 Bagsværd
Company registration no. 24256790
“NN A/S”
together referred to as “we” or “us” )
You can always contact the Novo Nordisk Egypt Data Protection
Responsible at EGPRIVACY@novonordisk.com
with questions or concerns about how we process your personal data.
2. HOW DO WE COLLECT PERSONAL DATA ABOUT YOU?
As part of the services you hereby grant us your consent and
exclusive permission to collect and process your personal data from
the following sources:
- from you directly,
- from publicly available
publications, websites, or social media,
- from
vendors/providers that have prior received your consent to process
your information,
- from your usage and consumption of Novo
Nordisk provided digital services and communications such as
web-sites and emails.
3. WHY DO WE PROCESS YOUR PERSONAL DATA?
We always process your personal data for a specific purpose(s) and
only process the type of personal data which is relevant to achieve
that purpose(s). Personal data is collected only to the extent
required. Under no circumstances are the collected data sold on to
third parties for any reason.
Our processing of your personal data requires a legal basis. We will
not process your personal data if we do not have a proper
justification foreseen in the law for that purpose.
General. We process
your personal data for the following general purposes as this is
necessary for our legitimate interests and it does not unduly affect
your interests or fundamental rights or freedoms:
- for statistical purposes and to optimize the services we
provide to you;
- to manage our IT resources, including
infrastructure management and business continuity and to optimise
and track our activities (e.g. measuring interactions or sales,
number of appointments/calls) as well as answering your requests and
provide you with efficient support;
- to invite you to
events, congresses or meetings sponsored by us; or
- to grant
you access to restricted offerings such as password protected
websites for professionals, and training modules allowing you to
provide us with certain services (i.e. consultancy services);
- to provide you with appropriate, adequate and updated
information about diseases, drugs and other services; and
- to send you surveys and communications regarding products,
therapeutic areas or services that we promote.
- to process
your data for profiling purposes to plan, manage and execute
communications and interactions with you and to target and conduct
segmentation activities to best address and anticipate your
professional needs and to improve the quality of our interactions
and services by adapting our offering to your specific needs.
Compliance. We process your personal data for the following
compliance purposes as this is necessary to comply with our legal or
regulatory obligations:
- to manage our relationship with you, including validation of
your professional accreditations (e.g. via third party
databases);
- to ensure compliance with legal requirements
including: ensuring transparency of value transactions, product
sample documentation, documentation regarding tax and
deductions;
- to respond to alleged cases of misconduct or
fraud, to defending litigation, to conducting audits, and to ensure
compliance in regard to mergers and acquisitions involving our
company or group of companies; and
- to manage and report
adverse events and quality complaints, according to law.
Contractual. We
process your personal data for the following purposes as the
processing is necessary to perform our contractual obligations towards
you, or to take pre-contractual steps at your request:
- implementing tasks or preparation of or performance of
existing contracts and for general record keeping; and
- to
ensure correct billing and invoicing.
4. WHAT PERSONAL DATA DO WE PROCESS ABOUT YOU?
General, Compliance and Contractual purposes. For the purposes
described above in Section 4.3, 4.4 and 4.5 (General, Compliance
and Contractual purposes) , we may process the following types of
personal data:
- general identification information (e.g. name, gender, contact
details, incl. but not limited to address, email and phone
number);
- your function (e.g. title, position, name of
company, department). For health care professionals: Health Care
Professional ID, first specialty, second specialty, year of
graduation from medical school, publications, congress activities,
awards, biography, education, links to universities, expertise and
participation in/contribution to clinical trials, guidelines,
editorial boards and organisations, engagements in therapies and
treatment;
- payment information (e.g. credit card details,
bank account details, VAT or other tax identification number);
- your electronic identification data where required for the
purpose of delivering products or services to our company (e.g.
login, access right, passwords, badge number, IP address, online
identifiers/cookies, logs, access and connection times, image
recording or sound such as badge pictures, CCTV or voice
recordings);
- information regarding your utilisation,
responses and/or preferences including in terms of types of messages
discussed, channels of communication and frequency;
- data
you provide to us for example when you fill in forms or during
events you attend, or when you answer questions during a
conversation or in a survey;
- data related to the services
we provide to you; and information about the promotional,
scientific and medical activities/interactions you have with us,
including potential future interactions.
5. HOW DO WE SHARE YOUR PERSONAL DATA?
In the course of our activities and for the purposes set out under
section 4, we may share your personal data with:
- our personnel (including personnel, departments or other
companies of the Novo Nordisk group of companies);
- our
independent agents or brokers (if any);
- our suppliers and
services providers that provide services and products to us;
- our IT systems providers, cloud service providers, database
providers and consultants;
- our business partners who offer
products or services jointly with us or with our subsidiaries or
affiliates;
- any third party to whom we assign or novate any
of our rights or obligations; and
- our advisors and external
lawyers in the context of the sale or transfer of any part of our
business or its assets.
All third parties are contractually obliged to protect the
confidentiality and security of your personal data, in compliance with
applicable law.
Your personal data can also be accessed by or transferred to any
national and/or international regulatory, enforcement, public body or
court, where we are required to do so by applicable law or regulation
or at their request.
6. DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE THE EU/EAA?
The personal data we collect from you may also be processed,
accessed or stored in a country outside the [local country] for the
purposes set out under section 5.
The level of data protection in certain countries outside the EEA
does not conform to the level of data protection for personal data
currently applied and enforced within the EEA. We therefore use the
following safeguards, as required by law, to protect your personal
data in case of such transfers:
- The transfer is to a Novo Nordisk entity covered by Novo
Nordisk’s Binding Corporate Rules, available at https://www.novonordisk.com/about-novo-nordisk/corporate-governance/personal-data-protection.html.
:
- The destination countries are deemed by the EU Commission
to have an adequate level of protection of personal data;
- We have entered into Standard Contractual Clauses for the
Transfer of Personal Data to Third Countries. You can get a copy of
the Clauses by contacting us as described in section
2;
- The EU-US Privacy Shield Framework for
transfers to Privacy Shield-certified and US-based companies and
organisations. More information and a list of Privacy
Shield-certified companies and organisations are available at https://www.privacyshield.gov/welcome.
7. HOW LONG WILL WE KEEP YOUR PERSONAL DATA?
We will only retain your personal data for as long as necessary to
fulfil the purpose for which it was collected or to comply with legal
or regulatory requirements.
8. WHAT ARE YOUR RIGHTS?
In general, you have the following rights and may:
- Obtain an overview of what personal data we have about
you,
- obtain a copy of your personal data in a structured,
commonly used and machine-readable format
- request an update
or correction to your personal data
- request to have your
personal data deleted or destroyed
- request us to stop or
limit processing of your personal data
- You can submit a
complaint about how we process your personal data to a Data
Protection Authority.
You can use your rights, by writing an e-mail to EGPRIVACY@novonordisk.com
with your request.
Under applicable law, there may be limits on these rights depending
on the specific circumstances of the processing activity. Contact us
as described in section 2 with questions or requests relating to
these rights.