Privacy Policy

We have a privacy policy covering our CRM system and a general privacy policy. You can find both privacy policies here. 

Privacy Policy covering our CRM system 


Dansk Lægemiddel Information A/S, DLI Market Intelligence ApS in Denmark and Swedish Pharma Insights AB in Sweden as joint controllers of master data and other data, primarily within the CRM system.


Version: 1.1, 28 February 2019   

This Privacy and Cookie Policy describes procedures for collecting, processing and disclosing personal data in the CRM system and derived data that may be incorporated in other systems. The Privacy and Cookie Policy covers Dansk Lægemiddel Information A/S, DLI Market Intelligence ApS in Denmark and Swedish Pharma Insights AB in Sweden (jointly and severally "Lif")
 

Please study the policy text carefully.

You/the organisation or company you are employed by or otherwise associated with, are/is a current or potential

  1. Recipient of electronic marketing
  2. Corporate customer and its contacts
  3. Course attendee, participant or tutor on courses/training programmes or events/conferences and the like, including a course attendee on courses conducted by Atrium – Dansk Lægemiddel Information – in association with the University of Copenhagen
  4. Exhibitor/event organiser/sponsor or venue/site host
  5. Supplier and/or
  6. Associate

Dansk Lægemiddel Information A/S, DLI Market Intelligence ApS in Denmark and Swedish Pharma Insights AB in Sweden are the joint data controllers of personal data pertaining to you in the CRM system and derived data, such as in a profiling and marketing context.

There are other processes and systems, such as customer portals, in which only a single one of the entities is the data controller of personal data. The personal data processed in those systems is not subject to this Privacy and Cookie Policy.


Types of data and purposes

Our collection and processing of your personal data are category-dependent. In addition, certain purposes are common to all the categories. These are listed in the last table below.

We also process historical data on the categories below until those data are deleted. You may well be represented in multiple categories concurrently.

When you use our website we place cookies, you can read more here 


1. Recipient of electronic marketing
Personal date
  • Name
  • E-mail address
  • Any fields of special interest
  • Activity (telephone calls, e-mails, etc.)
  • Subscriptions to communications and newsletters
  • Tracking of use and clicks in electronic marketing

Purpose
  • Marketing and direct marketing
  • Administration and mailing of newsletters and invitations to courses, events, and enrolments for such activities
  • Profiling in relation to fields of professional interest and work
  • Analysis of behaviour in response to mailed marketing materials 

2. Corporate customer and its contacts
Personal data
  • Name
  • Employer/type of association, position/job title, possibly qualifications and field of work
  • Telephone number and e-mail address
  • Preferred language (as applicable)
  • Activity (telephone calls, e-mails, meetings etc.)
  • Enrolments for events
  • Contact for a contract

Purpose
  • Establishing a customer relationship
  • Strengthening a customer relationship
  • Marketing and direct marketing
  • Profiling in relation to fields of professional interest and work
  • Evaluation of relationship
  • Ongoing contact
  • Billing/invoicing and compliance with documentation requirements of the Danish Bookkeeping Act (if names appear in billing/invoicing data)

3. Course attendee, participant or tutor on courses/training programmes or events/conferences and the like, including a course attendee on courses conducted by Atrium – Dansk Lægemiddel Information – in association with the University of Copenhagen
Personal data
  • Name
  • Date of birth (as applicable)
  • Place of work, position/job title
  • Telephone number and e-mail address
  • User name for online course platform (if applicable)
  • Billing/invoicing address
  • Courses/examinations/events completed or enrolled for
  • Preferred language (as applicable)
  • Activity (telephone calls, e-mails, meetings etc.)

Purpose
  • The registration and administration of enrolments for and planning and conducting courses, examinations and events, including billing/invoicing and compliance with documentation requirements of the Danish Bookkeeping Act
  • Contact and information for course, tuition and events on offer
  • Issuance of course and examination certificates
  • Marketing and direct marketing 

4. Exhibitor/event organiser/sponsor or venue/site host
Personal data
  • Name
  • Employer/type of association, position/job title, possibly qualifications and field of work
  • Telephone number and e-mail address
  • Preferred language (as applicable)
  • Activity (telephone calls, e-mails, meetings etc.)
  • Events attended/coordinated

Purpose
  • Contact and management of exhibition order/requested sponsorship
  • Practicalities of planning and conducting events, sending out exhibitor information (list of attendees, ID badges, programme, exhibition layout etc.)
  • Billing and compliance with documentation requirements of the Danish Bookkeeping Act
  • Evaluation of relationship

5. Supplier and 6. Associate
Personal data
  • Name
  • Employer/type of association, position/job title, possibly qualifications and field of work
  • Telephone number and e-mail address
  • Activity (telephone calls, e-mails, meetings etc.)

Purpose
  • Contact for purposes of partnership, e.g. consulting services, system suppliers and system support
  • Evaluation of relationship


Common purposes for all types of registrants
  • Compliance with applicable legislation (e.g. the EU General Data Protection Regulation (GDPR)) and other legitimate purposes, e.g.
    - Duty to keep records
    - Compliance with the basic principles applicable to processing of personal data and the lawful basis for such processing
    - The implementation and maintenance of technical and organisational security precautions, including, but not limited to, preventing unauthorised access to systems and data, preventing the receipt or distribution of malware, blocking denial-of-service attacks and damage to computer systems and electronic communication systems
    - Investigation of suspected or known security breaches and reporting to individuals and authorities
    - Handling of inquiries and complaints from registrants and others, including confirmation of identity
    - Handling of inspections and inquiries from official inspection bodies
    - Handling of disputes with registrants and third parties
    - Statistical surveys
    - Satisfaction surveys

Profiling

Personal data is processed for profiling purposes in that we tailor our marketing activities etc. based on data such as job title and fields of interest.



Sources

Personal data are collected from you (by phone, in person, in writing or via various enrolment forms, e.g. online course enrolment), your employer or other organisation with which you are associated, websites, apps and other social media, partners etc. This data may be supplemented by publicly available data from websites.



Lawful basis for data processing

The lawful basis for our collection, processing and disclosure of your personal data is as follows:


Topic: DLI disclosure to CRM

Situation: If you have previously been registered with Dansk Lægemiddel Information A/S in Denmark, and your consent is required for disclosure to the joint CRM system (i.e. our data collection), then the lawful basis consists of your consent. In other cases, disclosure is based on a balance of interests (for details, see under "All other purposes" below).

Lawful basis:  Chapter 6(1) Item 1 of the Danish Act on Processing of Personal Data (superseded by Art. 6(1)(a) of GDPR effective from 25 May 2018)


Topic:  Electronic, direct marketing and tracking

Situation: Consent to electronic marketing. We obtain consent for receipt of marketing materials in line with the rules of the Danish Marketing Practices Act. The legal authority for processing of personal data is the balance of interests (for details, see under "All other purposes" below). Consent to the storage of data on the end-user's terminal devices and collection of data already stored on the end-user's terminal devices, including, e.g. tracking the use of marketing e-mails.

Lawful basis: Art. 6 (1) (f) of GDPR*, Section 10 of the Danish Marketing Practices Act, Section 3 of the Danish Executive Order on the Requirement for Information and Consent when Storing or Accessing Data on End-user Terminal Devices


Topic: Specific consent

Situation: If you have given your consent to processing of your personal data for one or more specific purposes, any collection, processing and disclosure is based on that consent.

Lawful basis: Art. 6 (1) (a) of GDPR*


Topic:  Party to contract

Situation: If you are personally party to a contract with one of the three companies, e.g. if you have enrolled for a course as a private individual. Collection, processing and disclosure are necessary for the purposes of executing a contract to which you are a party, or for the purpose of fulfilling arrangements made at your request prior to conclusion of a contract.

Lawful basis: Art. 6 (1) (b) of GDPR*


Topic: All other purposes

Situation: The collection, processing and disclosure of your personal data to the joint data controllers is necessary in order for the three companies, jointly or severally, to pursue a legitimate interest, unless the registrant's interests or fundamental rights or freedoms, which require protection of personal data, take precedence.

To ensure a balance of interests, we apply the principles that

  • we have a commercial relationship with you or your employer or the organisation you are associated with
  • the data do not relate to you as a private individual, just as the data involved are not in the nature of private information such as your national ID number, health information or other sensitive personal information.
  • registrants perceive the three Lif entities as a single legal entity, even though there are three entities with a joint CRM system.
  • it is our informed impression that registrants expect Lif to recognise them, regardless of which legal entity they are in contact with
  • in relation to disclosure to the CRM system based on a balance of interests, the purposes for which the data were processed prior and subsequent to disclosure are compatible
  • in relation to any disputes that might arise, we, severally and jointly, and a third party may determine and defend legal rights and invoke them.

Lawful basis: Art. 6 (1) (f) of GDPR*

*GDPR is the EU's General Data Protection Regulation effective from 25 May 2018



Voluntary consent

When we collect personal data from you directly, you are giving us those personal data voluntarily, or in order to enter into a contract with us. You are under no obligation to provide us with these personal data. The consequences of not providing us with the personal data will be that we are unable to fulfil the purposes above, including


  • that we are unable to enter into a customer relationship with you or maintain ongoing contact with you or/the organisation or company you are employed by or otherwise associated with
  • that we are unable to mail you marketing materials
  • that we are unable to make you offers or service propositions to you or the company you are employed by or otherwise associated with
  • that you are unable to attend courses or events 


Consent

If our data processing is consent-based, you have the right to withdraw your consent; however, this does not affect the processing that preceded withdrawal of your consent, including any consent-based disclosure.


Data processors

  • We use an external provider of systems for e-mail marketing, through which e-mails are mailed and processed and tracking data are analysed.
  • Dansk Lægemiddel Information A/S in Denmark is the data processor for the CRM system and retains the personal data in Denmark.
  • In addition, consultants or IT consultants may gain access to your personal data as data processors.



Transfers to third countries

We do not currently transfer personal data to countries outside the EU/EEA, but reserve the option of doing so in future.


Retention periods

We retain personal data on you for as long as we need
1. to fulfil the stated purposes, and
2. to document

  • our right to process your personal data
  • your consent for direct marketing (if granted)
  • to comply with the rules applicable to processing of personal data and other legislation, such as the Danish Bookkeeping Act.
Both in relation to expiry of statutory limitations on criminal liability and liability for damages (absolute time limits), if relevant. If this is not applicable, we will delete the data before that time limit.



Your rights

Within statutory limitations, you have certain rights, including the right to access personal data, the right to rectification of data, the right to data erasure, the right to restriction of data processing, the right to data portability, the right to object to processing of personal data, including in relation to automated, individual decision-making. You also have the right to complain to a competent supervisory authority, including the Danish Data Protection Agency.


Contact

Please note that the three above-mentioned Lif entities may also have privacy policies jointly and severally governing the processing of personal data.

If you have any questions concerning the processing of your personal data or exercising your rights, you are welcome to contact DLI, which is the joint contact point:

DLI

Dansk Lægemiddel Information A/S
Lersø Parkallé 101
DK-2100 København Ø
Denmark


Data controllers for the CRM system and related data

Dansk Lægemiddel Information A/S
Lersø Parkallé 101
DK-2100 København Ø
Denmark

DLI Market Intelligence ApS
Lersø Parkallé 101
DK-2100 København Ø
Denmark

Swedish Pharma Insights AB
Nybroviken, Birger Jarlsgatan 2
114 32 Stockholm
Sweden



Separate objection text regarding legitimate interest

Version: 1, Date: February 2018

You have the rights to – by reasons that concern your special situation - to object to processing of personal data where the lawful basis is Art. 6 (1) (e) or (f), including profiling based on these regulations. The data controller may subsequently no longer process your personal data, unless the data controller proves weighty lawful reasons for processing that precede your interests, fundamental rights or freedoms, or the processing is necessary to determine, defend legal rights and/or invoke them.



Separate objection text regarding direct marketing

Version: 1, Date: February 2018

If personal data is processed with a view to direct marketing, you have at any time the right to object to processing of your personal data to such marketing, including objecting to profiling to the extent that it concerns direct marketing. If you object to processing with a view to direct marketing, the personal data may no longer be processed for this purpose.




General Privacy policy

Atrium

Version: 1.1, 28 February 2019  

This Privacy Policy describes procedures for collecting, processing and disclosing personal data in Atrium, including Planorama and eTouches at Dansk Lægemiddel Information A/S (”Atrium”). Please study the policy text carefully.

You/the organisation or company you are employed by or otherwise associated with, are/is a current or potential

1. Course attendee
2. Tutor
3. Exhibitor/sponsor
4. Conference attendee

Atrium is data controller of personal data about you in Atrium. Personal data can also be covered by another private policy e.g. regarding the joint CRM system in the Lif Group. Such personal data is not covered by this privacy policy.



Types of data and purposes

Our collection and processing of your personal data is category-dependent. In addition, certain purposes are common to all the categories. These are listed in the last table below.

We also process historical data on the categories below until those data are deleted. You may well be represented in multiple categories concurrently.


When you use our website we place cookies, you can read more here.


1. Course attendee
Personal data
  • Name and contact details. For private course attendees who attend courses privately, private address is needed
  • Invoicing data (including address)
  • Courses/examinations/events completed or enrolled for
  • Information on personal login for and use of the course administration system Planorama or subsequent systems
  • Additionally, only for course attendees enrolled in a course provided in collaboration with the University of Copenhagen: All data in the completed application form, personal data generated in connection with the course participation e.g. questions for the courses, evaluations etc. and examination results when a course has been completed for the purpose of issuing a certification of exam by Atrium

Purpose
  • Administration of enrolment, planning and conducting courses, events and examinations, including invoicing and compliance with documentation requirements of the Danish Bookkeeping Act.
  • Contact and information for course and tuition on offer
  • Issuance of course and examination certificates
  • Disclosure to other course attendees and tutors in list of attendees to inform about who attend the courses etc.
  • Additionally, only for course attendees enrolled in a course provided in collaboration with the University of Copenhagen: Evaluation of applicants, student administration and management purposes

2. Tutors
Personal data
  • Name and contact details
  • Employer/type of association, position/job title
  • Invoicing details for tutors who are remunerated as private individuals, including private bank details and national ID number
  • Contract on tuition etc.
  • Information on personal log in and use of the course administration system Planorama and subsequent systems.

Purpose
  • Concluding contact on tuition for courses and administration and conducting courses and examinations
  • Remuneration – national ID number for the use of payment of salary / honorarium to tutors who are paid as private individuals and not as an entity/a company, compliance with documentation requirements of the Danish
  • Bookkeeping Act.
  • Disclosure to other tutors / course attendees in tuition material etc.

3. Exhibitors/sponsors 
Personal data
  • Name and contact details
  • Employer/type of association, position/job title
  • Conference/Exhibition engagement
  • Information on personal login for and use of the event planning system eTouches or subsequent systems.

Purpose
  • Contact and management of exhibition order/requested sponsorship
  • Practicalities of planning and conducting events, sending out exhibitor information (list of attendees, ID badges, programme, exhibition layout etc.)
  • Invoicing and compliance with documentation requirements of the Danish Bookkeeping Act
  • Disclosure to other attendees/exhibitors on ID badges/list of attendees informing about the attendees in the event
  • Contact and practicalities when setting up exhibition, including disclosure for such purposes.

4. Conference attendees etc.
Personal data
  • Name and contact details
  • Employer/type of association, position/job title
  • Payment details (associated employer or personally)
  • Conference/exhibition attendance
  • Information on personal login for and use of the event processing system eTouches or subsequent systems.

Purpose
  • Registration of enrolment forms, design of ID badges, collection and payment of attendance fees
  • Disclosure to other attendees/exhibitors on ID badges/list of attendees informing about the attendees in the event.

Common purposes for all types of registrants

Compliance with applicable legislation (e.g. the EU General Data Protection Regulation (GDPR) and other legitimate purposes, e.g.

  • Duty to keep records
  • Compliance with the basic principles applicable to processing of personal data and the lawful basis for such processing
  • Running, safety, delivery of services and statistics in relation to use of IT systems
  • The implementation and maintenance of technical and organisational security precautions, including, but not limited to, preventing unauthorised access to systems and data, preventing the receipt or distribution of malware, blocking denial-of-service attacks and damage to computer systems and electronic communication systems
  • Investigation of suspected or known security breaches and reporting to individuals and authorities
  • Handling of inquiries and complaints from registrants and others, including confirmation of identity
  • Handling of inspections and inquiries from official inspection bodies
  • Handling of disputes with registrants and third parties
  • Statistical surveys
  • Satisfaction surveys.



Profiling

Personal data is not processed for profiling purposes in relation to the above-mentioned purpose (see separate privacy policy regarding personal data in the CRM system).



Sources

Personal data is collected from you (by phone, in person, in writing or via various enrolment forms, e.g. online course enrolment), your employer or other organisation with which you are associated, websites, apps and other social media, partners etc. This data may be supplemented by publicly available data from websites.



The lawful basis for our collection, processing and disclosure of your personal data

The lawful basis for our collection, processing and disclosure of personal data is as follows:


Topic: Party to contract

Personal data: If you are personally party to a contract with Atrium. Processing of a number of information is necessary for the purposes of executing a contract to which you are a party, or for the purpose of fulfilling arrangements made at your request prior to conclusion of a contract.

Lawful basis: Art. 6 (1) (b) of GDPR*, The Bookkeeping Act

Topic: National ID numbers of tutors

Personal data: Collection and reporting to the Danish Customs and Tax Administration (SKAT)

Lawful basis: Art. 11, (2) (1) of The Data Protection Act cf. Art. 3 in the Income Registration Law, The Bookkeeping Act.

Topic: Consent, specifically for course attendees enrolled in a course provided in collaboration with the University of Copenhagen

Personal data: If you have signed up for a course provided in collaboration with the University of Copenhagen, the processing of your personal data for the purposes of evaluation of applicants, student administration and management purposes specifically for these courses is based on your consent.
Lawful basis: Art. 6 (1) (a) and art. 9 (2) (a) of GDPR* and art. 11 (2) (2) of the Danish Data Protection Act.

Topic:  Other personal data

Personal data: Processing and disclosure of your other personal data is necessary for Atrium to pursue a legitimate interest, unless your interests or fundamental rights or freedoms, which require protection of personal data, take precedence. To ensure a balance of interests, we apply that Atrium’s legitimate interests are:

  • We have a commercial relationship with you or your employer or the organisation you are associated with
  • Data does not relate to your private sphere, unless you have a direct agreement with Atrium.
  • We have a relation to you that you participate in voluntarily e.g. as course attendee or tutor and you benefit from.
  • Atrium takes an interest in both protection and further development of IT systems used.

Lawful basis:  Art. 6 (1) (f) of GDPR*

Topic: Disclosure in the CRM system

Personal data:  Atrium discloses your personal data to the CRM system whose data controllers are Dansk Lægemiddel Information A/S, DLI Market Intelligence ApS, both with address on Lersø Parkallé 101, 2100 Copenhagen Ø and Swedish Pharma Insights AB, Engelbrektsgatan 9-11, 114 32 Stockholm, Sweden.
NB! Attendees enrolled in a course provided in collaboration with the University of Copenhagen: Only relevant non-sensitive personal data will be disclosed, your National ID number and other documents from your application will not be stored in the CRM system. Se CRM privacy policy above.

Processing and disclosure of your other personal data is necessary for Atrium and the other entities mentioned above to pursue a legitimate interest, unless your interests or fundamental rights or freedoms, which require protection of personal data, take precedence. To ensure a balance of interests, we apply that the three companies’ legitimate interests are that:

  • Having a joint CRM system
  • We have a commercial relationship with you or your employer or the organisation you are associated with, unless you have a direct agreement with Atrium
  • Data does not relate to your private sphere
  • Atrium does not expect that you will raise objection to the disclosure
    Processing of data in the joint CRM system is covered by a separate privacy policy that is available on the top of this page.

    Lawful basis: Art. 6 (1) (f) of GDPR*

*GDPR is the EU's General Data Protection Regulation effective from 25 May 2018



Voluntary consent

When we collect personal data from you directly, you are giving us those personal data voluntarily, or in order to enter into a contract with us. You are under no obligation to provide us with these personal data. The consequences of not providing us with the personal data will be that we are unable to fulfil the purposes above, including

  • that we are unable to enter into a customer relationship with you or maintain ongoing contact with you or/the organisation or company you are employed by or otherwise associated with
  • that you are unable to attend courses or events etc.


Data processors

At present, our data processors are the following:

  • Providers of IT systems, including course administration system and conference planning system and their subcontractors who are hosting providers and provide support functions.
  • Data processors who assist with invoicing (at present Lif – Lægemiddelindustriforeningen and their subcontractors, including e-Boks).
  • In addition, consultants or IT consultants may gain access to your personal data as data processors.


Transfers to third countries

Our data processors can in some cases transfer data to the USA for system support or service purposes, though data is hosted in data centres in EU at present. The European Commission has not given the USA status as “safe third country” (providing adequate protection) which means that the Commission has determined that USA’s legislation on personal data in general does not give the registrant a sufficient protection compared with the level of protection in EU’s legislation. Therefore, there must be a special legal basis for transferring personal data to the USA. The legal basis to transfer personal data included in this privacy policy is that our supplier and their subcontractors have carried out a self-certification of their personal data processing under the EU-US Privacy Shield scheme. More is available here: https://www.privacyshield.gov/welcome. If you need information regarding to whom we transfer data, you are welcome to contact us.


Retention periods

We retain personal data on you for as long as we need

1. to fulfil the stated purposes, and

2. to document

  • our right to process your personal data
  • to comply with the rules applicable to processing of personal data and other legislation, such as the Danish Bookkeeping Act

Both in relation to expiry of statutory limitations on criminal liability and liability for damages (absolute time limits), if relevant. If this is not applicable, we will delete the data before.


Your rights

Within statutory limitations, you have certain rights, including the right to access personal data, the right to rectification of data, the right to data erasure, the right to restriction of data processing, the right to data portability, the right to object to processing of personal data, including in relation to automated, individual decision-making. You also have the right to complain to a competent supervisory authority, including the Danish Data Protection Agency.


Contact

If you have any questions concerning the processing of your personal data or exercising your rights, you are welcome to contact Atrium.

Atrium
Dansk Lægemiddel Information A/S
Lersø Parkallé 101
DK-2100 Copenhagen Ø
Denmark


Separate objection text regarding legitimate interest
Version: 1, Date: February 2018


You have the rights to – by reasons that concern your special situation - to object to processing of personal data where the lawful basis is Art. 6 (1) (e) or (f), including profiling based on these regulations. The data controller may subsequently no longer process your personal data, unless the data controller proves weighty lawful reasons for processing that precede your interests, fundamental rights or freedoms, or the processing is necessary to determine, defend legal rights and/or invoke them.