- Home
- Privacy Policy
Privacy policy
This Privacy Policy describes how LEO Pharma (“we” or “us”) processes your personal data when you register for one of our services on our website, use our website, or otherwise are in contact or interact with us.
The data controller is LEO Pharma A/S, Industriparken 55, 2750 Ballerup, CVR no. 56759514 (“LEO Pharma”).
Use of your personal data
1. Administering and enabling use of our services
Personal data will be processed for the purpose of providing you with the service you have registered for. For some services, specific information on the purpose of the processing will be made available in connection with the collection of personal data when registering to the service.
We process the following personal data about you:
- Information you provide to us for the purpose of registering with us, including your name, email address, address, profession and workplace, etc.;
- Information relating to transactions carried out between you and us on or in relation to this website.
We process your personal data for the purposes above when the processing is necessary for:
- The performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract (GDPR, art. 6.1.b);
- Pursuit of our legitimate interests in communicating with you, handling your enquiries in relation to our services, and improving our services (GDPR, art. 6.1.f).
We collect the personal data directly from you.
Where necessary, LEO Pharma may share your personal data with:
- Suppliers and vendors that we work with to assist our company, meaning service providers, technical support, supply services, and financial institutions, etc.;
- LEO Pharma affiliates, meaning any affiliate, company, corporation, firm, partnership or other entity controlling or controlled by LEO Pharma;
- Public authorities.
Personal data will be retained as long as necessary for providing you with the given service. For services involving remuneration, your personal data will be retained for up to five years after the current year in accordance with bookkeeping regulations.
2. Marketing
Personal data will be processed for marketing-related purposes, including sending relevant information regarding our products and services (direct marketing), and for targeting our communication with you. We will not send you direct marketing unless you have given your consent. You may revoke your consent at any time and discontinue the use of the service.
We may process the following personal data about you in this regard:
- Email address;
- Name;
- Address;
- Telephone number;
- Profession;
- Workplace.
We process your personal data for the purposes above when the processing is necessary for:
- Pursuit of our legitimate interests in sending you direct marketing, and targeting our communication with you (GDPR, art. 6.1.f).
We collect the personal data directly from you.
Where necessary, LEO Pharma may share your personal data with:
- Suppliers and vendors that we work with to assist our company, meaning service providers, technical support, supply services, and financial institutions.
Personal data will be retained as long as necessary for providing you with the given service. If you withdraw your consent, we will delete your personal data two years after the date of your withdrawal in accordance with guidance from the Consumer Ombudsman.
When you use our website, cookies are used to collect personal data about your behavior for the purpose of optimizing our website and our services, generating statistics and for marketing. LEO Pharma also uses web analysis tools, such as Google Analytics provided by Google, and LEO Pharma and the provider of such third party cookies act as joint data controllers. You can read more about this and locate a link to the privacy policies of such third party providers in the cookie overview, which can be accessed through LEO Pharma’s Cookie Policy. You may read more about the use of cookies in LEO Pharma's Cookie Policy, which can be found by clicking on the cookie-icon at the bottom left of this website.
We may process the following personal data about you:
- Information about your computer and about your visits to and use of our website, including your IP address, browser type, geographical location, length of visit and number of page views. Such information will be collected via cookies.
We process your personal data for the purposes above when the processing is necessary for:
- Profiling and tracking of your use of our website for marketing-related purposes will be based on your consent (GDPR article 6.1.a). You may withdraw or change your consent at any time by clicking on the cookie-icon at the bottom left of this website;
- Pursuit of our legitimate interests in providing you with an interesting website that works optimally (GDPR article 6.1.f).
We collect the personal data directly from you.
Where necessary, LEO Pharma may share your personal data with:
- Third party providers setting cookies on our website;
- Suppliers and vendors that we work with to assist our company, meaning service providers, technical support, supply services, and financial institutions.
Personal data will be retained as long as necessary for providing you with the given service. The retention times for cookies depend on the type of cookie. You may read more about the retention times in the cookie overview in our Cookie Policy, which can be found by clicking on the cookie-icon at the bottom left of the website.
4. Pharmacovigilance and reporting of Adverse Events
As a pharmaceutical company, LEO Pharma is under legal obligations to collect information about Adverse Events and Other Experiences related to information about the safety of our products. When you, your doctor or a third party provide us with information on Adverse Events, experienced with the use of our products, we record and process the information in order to meet our pharmacovigilance obligations. If needed, we will revert to the reporter and request additional information about the experience. These obligations allow Marketing Authorisation Holders and public authorities to learn from experiences in order to minimize the risks for patients.
We may process the following personal data about you:
- Information on the Adverse Event (i.e. any untoward medicinal occurrence in a patient using a medicinal product) or Other Experience(s) (i.e. events which describe the circumstances around the use of a drug which potentially could cause drug related problems or which could potentially give new knowledge of a drug. e.g. pregnancy exposure or medication errors);
- Patient age and/or sex, date of birth, patient initials
- Results of tests and procedures relevant to the investigation of the patient;
- If applicable, date and reported cause of death;
- Information on the primary source(s) which allow the relevant affiliate or partner of LEO to request additional information as needed;
- Relevant medical history and concurrent conditions;
- The name of the medicinal product(s) and the active substance(s);
- Concomitant medicinal products, and past-medical drug therapy for the patient;
- If you are a reporter of Adverse Events/Other Experiences, we will only process the following personal data: Name, contact information, place of work and profession.
We process your personal data for the purposes above when the processing is necessary for:
- Complying with a legal obligation to collect and report information related to pharmacovigilance and safety of our products (GDPR, art. 6.1.c, and art. 9.2.i).
We collect the personal data from either (i) an individual reporting the Adverse Event, which is often a healthcare professional, (ii) a hospital or site, or (iii) companies handling pharmacovigilance activities on our behalf.
Where necessary, LEO Pharma may share your personal data with:
- Public authorities;
- Suppliers and vendors that we work with to assist our company, meaning service providers, technical support, supply services, and financial institutions.
Records and reports will be retained for a minimum of 10 years after the marketing authorization has ceased to exist pursuant to art. 12(2) in the EU Commission’s Implementing Regulation (EU) No 520/2012 on the performance of pharmacovigilance activities.
Personal data on board members, directors and/or shareholders will be processed for the purpose of making official registrations with public authorities, such as the Danish Business Authority and the Danish Registration Court.
We may process the following personal data about you:
- Information about your name, address, place of birth and nationality;
- Confirmation of identity in the form of a scanned copy of a passport, driver's license, health insurance card and/or a birth certificate. If beneficial owners are not Danish, or do not have permanent residence in Denmark, it may be necessary to collect additional data.
We process your personal data for the purposes above when the processing is necessary for:
- Complying with a legal obligation (GDPR, art. 6.1.c).
Pursuit of our legitimate interests in processing your personal data in relation to corporate governance matters, including communicating with you and the relevant authorities (GDPR, art. 6.1.f).
We collect the personal data directly from you.
Where necessary, LEO Pharma may share your personal data with:
- Suppliers and vendors that we work with to assist our company, meaning service providers, technical support, supply services, and financial institutions;
- LEO Pharma Affiliates, meaning any affiliate, company, corporation, firm, partnership or other entity controlling or controlled by LEO Pharma;
- Public authorities.
Personal data will be retained as long as necessary for the purposes above, including in accordance with legal obligations to retain such personal data. In general, we will not keep your data for more than five years after the expiry of the business relationship.
Personal data will be collected from LEO Pharma’s pages on social media, such as Facebook and LinkedIn. The purpose of the processing is to administer our pages and communicate with users, including potential patients. Personal data will also be collected for marketing-related purposes, and we will use aggregated information on the users of our social media pages to conduct statistics and segmentation in order to target our campaigns. If you choose to share personal data related to adverse events, we will process that information in order to comply with our legal obligations to report such information to authorities (please see more information under section below).
We process the following personal data about you:
- Information manifestly made public by you, including your name, email address, profession, workplace, interests, pages you like or follow, preferences, friends, health information in the form of adverse events, racial or ethnic origin, political opinions, etc.
We may process your personal data for the purposes above when the processing is necessary for:
- Processing information manifestly made public by you for the purpose of communicating with you, and for marketing-related purposes as described above (GDPR, art. 6.1.f and art. 9.2.e).
We collect the personal data directly from you.
Where necessary, LEO Pharma may share your personal data with:
- Suppliers and vendors that we work with to assist our company, meaning service providers, technical support, supply services, and financial institutions;
- LEO Pharma Affiliates, meaning any affiliate, company, corporation, firm, partnership or other entity controlling or controlled by LEO Pharma;
- Public authorities.
LEO Pharma uses the analytical tool “Page Insights” provided by Facebook to understand how users interact with our pages on Facebook. The processing of personal data in “Page Insights” is subject to joint controllership between LEO Pharma and Facebook. You can read more about the processing of personal data related to the use of “Page Insights” here, which includes more information about the extent of our responsibility for such processing.
Personal data will be retained as long as necessary for handling your requests on social media, answer your enquiries, or to undertake marketing-related initiatives on the basis of the information provided by you on social media. Please refer to section below for more information on retention of personal data in relation to adverse events.
7. Engagement with health care professionals
When health care professionals (“HCPs”) engage with a supplier assisting LEO Pharma with services, such as, but not limited to, consultancy, speaker activities, advisory boards and when providing donations, grants and/or sponsorships, personal data will be processed for the purpose of complying with local laws and industry standards, including assessments of fair market value, legitimate business needs and disclosure of information on transfer of value.
8. Surveys
In your collaboration, cooperation or other contact with us, we may ask you to participate in one or more surveys. This is mainly facilitated through external platforms or service providers. Most of the surveys are anonymous to the extent that we do not collect your name, contact details or other information unless necessary to fulfil the purpose of the specific survey. However, most surveys you may receive are based on individual and specific links, and thus, from a technical perspective we process your personal data in this regard. In each case you are always informed of the specific purpose and scope of the individual surveys by the contact person with LEO Pharma that initiates the survey.
Your participation in our surveys is voluntary unless we have explicitly informed you otherwise in advance. If you choose to participate in a survey, our processing of your personal data is based on the GDPR article 6(1)(f) regarding the balancing of interests. The legitimate interests pursued by LEO Pharma is this regard is to gain an impression of your thoughts and considerations within specific areas of the surveys to improve, develop or amend the way we do things at LEO Pharma.
We may process the following personal data about you:
- Name, contact details, medical expertise and qualifications, assessment of fair market value, details on activity/services provided by you as well as any remuneration for services or grant, donation and sponsorship provided by LEO Pharma directly or indirectly to you.
We process your personal data for the purposes above when the processing is necessary for:
- Complying with legal obligations and obligations on disclosure of transfer of value (GDPR, art. 6.1.c). Such disclosure will be based on your consent (GDPR, art. 6.1.a), if disclosure is not a legal obligation.
- Pursuit of our legitimate interests in assessing the activity/services and legitimate business need and adherence to local law and industry standards and assessing fair market value (GDPR article 6.1.f).
We collect the personal data from suppliers assisting LEO Pharma with services/engagements involving HCPs.
Where necessary, LEO Pharma may share your personal data with:
- Suppliers and vendors that we work with to assist our company, meaning service providers, technical support, supply services, and financial institutions;
- LEO Pharma Affiliates, meaning any affiliate, company, corporation, firm, partnership or other entity controlling or controlled by LEO Pharma;
- Public authorities;
- Local industry associations.
Personal data will be retained for up to 6 years after a transfer of value has been made to you in order to comply with global standards for pharmaceutical companies.
7. Speak-Up
When you use LEO Pharma’s whistleblower hotline “Speak-Up” personal data about you will be processed.
Anonymous reports
If you choose to be anonymous and not provide any details about your person, only technical details about your visit to our Speak-Up platform will be registered. These pieces of information will only be registered with our provider of the Speak-Up platform, and we have ensured that these pieces of information will never be disclosed to LEO Pharma.
For the purpose of maintaining the Speak-Up platform and for strictly technical reasons, we process these pieces of information when the processing is necessary for the:
- pursuit of our legitimate interests in maintain the Speak-Up platform (GDPR article 6.1.f).
For the subject(s) to a report, witnesses and others mentioned in a report, please see below.
Non-anonymous reports
If you choose not to be anonymous in your reporting, the below applies to you, the subject(s) of the report, witnesses and others mentioned in a report:
We may process the following personal data about you and the other individuals:
- name,
- email and other contact details,
- details of the alleged misconduct, including potentially criminal information.
Please note that special categories of personal data, including
- information relating to an individual’s
- racial or ethnic origin,
- political opinions,
- religious or philosophical beliefs,
- trade union membership,
- genetic or biometric data,
- sex life or sexual orientation
may not be submitted in a report, unless essential for the reported issue.
LEO Pharma will only process information, including personal information, which is adequate, relevant, and necessary in the particular case.
We process the personal data for the purposes above when the processing is necessary for:
- Consent of the reporter when the individual has chosen not to be anonymous (GDPR, art. 6.1.a)
- Complying with legal obligations in providing a whistleblower hotline and addressing the alleged misconduct reported through this hotline (GDPR, art. 6.1.c), and
- Pursuit of our legitimate interests in assessing and addressing the alleged misconduct (GDPR article 6.1.f).
Where special categories of personal data are necessary for the report, we process these special categories for the purposes above when the processing is necessary for:
- Consent of the reporter when the individual has chosen disclose own special categories (GDPR, art. 9.2.a)
- the establishment, exercise or defence of legal claims
The personal data processed in relation to Speak-Up will not be retained longer than is necessary for the purpose of assessing and potentially carrying out an investigation and to address the alleged misconduct. Cases in Speak-Up regarding misconduct will be deleted at the latest within two years of the conclusion of the investigation.
Transfers of personal data to countries outside the EU/EEA
In order to provide some of our services, we may transfer your personal data to a supplier, vendor or LEO Pharma Affiliates located in countries outside of the EU/EEA. Such transfers will only take place on the basis of appropriate safeguards, such as the European Commission’s Model Contracts for the Transfer of Personal Data to Third Countries, which can be found here, or a decision by the European Commission deeming the third country to have an adequate level of protection of personal data.
If you want more information about whether your personal data will be transferred to a country outside the EU/EEA, please contact us by email at dataprivacy@leo-pharma.com.
Security of your personal data
To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.
Passwords
If you are given a password to access some of the services and/or content of the website, you undertake to use it in a diligent manner and keep it secret at all times. You will consequently be responsible for keeping it safe and confidential.
Your rights
You have the following rights:
- You are entitled to request access to, rectification or erasure of your personal data.
- You are also entitled to oppose the processing of your personal data and to request restriction of the processing of your personal data.
- You have in particular an unconditional right to oppose the processing of your personal data for direct marketing purposes.
- If the processing of your personal data is based on your consent, you are entitled to revoke such consent at any time. Revocation of your consent will not affect the lawfulness of the processing carried out prior to your revocation of consent.
- You are entitled to receive personal data which you have provided to us in a structured, commonly used and machine-readable format (data portability).
- You can always lodge a complaint with a data protection authority, for example the Danish Data Protection Agency.
Further, you have a right to object to the following processing:
- You have a right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on art. 6.1.e or art. 6.1.f, including profiling based on those provisions.
- When your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data for such marketing.
You may exercise these rights by writing to the below mentioned e-mail address.
Contact information
If you have any requests or questions about this privacy policy or our processing of your personal data, please e-mail us at DPO@leo-pharma.com
If you have any questions about our processing of your personal data, you are always welcome to contact our Data Protection Officer. You can contact our Data Protection Officer in the following ways:
- By e-mail: DPO@leo-pharma.com.
- On the phone: +45 4494 5888
- By letter: LEO Pharma A/S, Industriparken 55, 2750 Denmark, c/o Data Protection Officer
Last updated: September 26, 2023