This Privacy Notice is
- the healthcare professionals with whom we create or maintain a
- our customers or prospects who are natural
persons (such as self-employed pharmacists);
representatives or contact persons of our customers or prospects who
are legal entities (such as wholesale pharmacists).
suppliers and service providers who are natural persons (such as
- the representatives or contact
persons of our suppliers and service providers who are legal
- any other visitors of one of our
Novo Nordisk Limited is required by law to protect your personal
data. This Notice explains how we process (e.g. collect, use, store,
and share) your personal data. We will process any personal data about
you in accordance with this Notice and with applicable law.
1. WHO ARE WE?
The company responsible for processing your personal data is:
Novo Nordisk Limited
3 City Place, Beehive Ring Road
Gatwick, West Sussex
Registration number 1118740
You can always contact Novo Nordisk or the UK Novo Nordisk Data
Privacy Officer or UK Data Protection Responsible at email@example.com
with questions or concerns about how we process your personal data.
2. HOW DO WE COLLECT PERSONAL DATA ABOUT YOU?
We get your personal data from the following sources:
- from you directly
- from publicly available
publications, websites, or social media
- from a previous
- from other Novo Nordisk employees
vendors/providers/consultants that have prior received your
3. WHY DO WE PROCESS YOUR PERSONAL DATA?
We always process your personal data for a specific purpose and only
process the personal data which is relevant to achieve that purpose.
In particular, we process your personal data for the following purposes:
- manage our relationship with you (e.g. through our
- implement tasks in preparation of or to perform
- evidence transactions and ensuring
transparency on transfers of value;
- provide you with
appropriate, adequate and updated information about disease, drugs
as well as our products and services;
- improve the quality
of our interactions and services by adapting our offering to your
- answer your requests and provide you with
- send you surveys (e.g. to help us
improve your future interactions with us);
- send you
communications regarding products, therapeutic areas or services
that we promote;
- plan, manage and execute communications
and interactions with you (e.g. through the operation of a database
keeping records of interactions with health care professionals or
managing call planning as well as call reporting);
our activities (e.g. measuring interactions or sales, number of
- target and do segmentation exercise in
order to best address your professional needs;
- invite you
to events or promotional meetings sponsored by us (e.g. medical
events, speaker events, conferences);
- grant you access to
our training modules allowing you to provide us with certain
- manage our suppliers and service providers
throughout the supply chain;
- organise tender-offers,
implement tasks in preparation of or to perform existing
- monitor activities at our facilities, including
compliance with applicable policies as well as health and safety
rules in place;
- grant you access to our training modules
allowing you to provide us with certain services;
our IT resources, including infrastructure management and business
- preserve the company’s economic interests and
ensure compliance and reporting (such as complying with our policies
and local legal requirements, tax and deductions, managing alleged
cases of misconduct or fraud; conducting audits and defending
litigation and disclosing transfers of value as required by law,
relevant authorities and/or industry codes of practice);
- manage mergers and acquisitions involving our company;
- archiving and record keeping;
- billing and invoicing;
- any other purposes imposed by law and authorities.
4. WHAT PERSONAL DATA DO WE PROCESS ABOUT YOU?
For the purposes described above in Section 3, we may process the
following types of personal data:
- your general and identification information (e.g. name, first
name, last name, gender, email and/or postal address, fixed and/or
mobile phone number);
- your function (e.g. title, position,
name of company, as well as, for healthcare professionals, first
specialty, second specialty, year of graduation from medical school,
publications, congress activities, awards, biography, education,
links to universities, expertise and participation in/contribution
to clinical trials, guidelines, editorial boards and organisations,
engagements in therapies and treatment);
information (e.g. credit card details, bank account details, VAT or
other tax identification number and transfers of value to you,
including but not limited to support to attend scientific events,
fees, grants or benefits in kind);
- your electronic
identification data where required for the purpose of delivering
products or services to our company (e.g. login, access right,
passwords, badge number, IP address, online identifiers/cookies,
logs, access and connection times, image recording or sound such as
badge pictures, CCTV or voice recordings);
regarding your utilisation, responses and/or preferences including
in terms of types of messages discussed, channels of communication
- data you provide to us for example when you
fill in forms or during events you attend, or when you answer
questions during a conversation or in a survey;
- data which
relate to our products and services; and
- information about
the promotional, scientific and medical activities/interactions you
have with us, including potential future interactions.
If you intend to provide us with personal data about other
individuals (e.g. your colleagues), you must provide a copy of this
Privacy Notice to the relevant individuals, directly or through their employer.
5. WHY ARE WE ALLOWED BY LAW TO PROCESS YOUR PERSONAL DATA?
Personal data are collected only to the extent required. Under no
circumstances are the collected data sold on to third parties for any reason.
Our processing of your personal data requires a legal basis.
We will not process your personal data if we do not have a proper
justification foreseen in the law for that purpose. Therefore, we will
only process your personal data if:
- we have obtained your prior consent;
- the processing
is necessary to perform our contractual obligations towards you or
to take pre-contractual steps at your request;
processing is necessary to comply with our legal or regulatory
- the processing is necessary for our
legitimate interests and does not unduly affect your interests or
fundamental rights and freedoms.
Please note that, when processing your personal data on this last
basis, we always seek to maintain a balance between our legitimate
interests and your privacy. Examples of such ‘legitimate interests’
are data processing activities performed:
- To develop a transparent and professional relationship with
health care professionals including but not limited to, disclosing
transfers of value as required by law, relevant authorities and/or
industry codes of practice;
- To promote Novo Nordisk
innovation in the pharmaceutical field;
- To manage Novo
Nordisk human and financial resources and optimise interactions with
health care professionals;
- To ensure that the right
medicine according to a well-informed health care professional
technical and professional opinion reaches the patient.
benefit from cost-effective services (e.g. we may opt to use certain
platforms offered by suppliers to process data);
- to offer
our products and services to our customers;
· to benefit from cost-effective services (e.g. we may opt
to use certain platforms offered by suppliers to process data);
· to offer our products and services to our customers;
- to prevent fraud or criminal activity, misuses of our products
or services as well as the security of our IT systems, architecture
- to sell any part of our business or its
assets or to enable the acquisition of all or part of our business
or assets by a third party; and
- to meet our corporate and
social responsibility objectives.
6. HOW DO WE SHARE YOUR PERSONAL DATA?
We may share your personal data with:
In the course of our activities and for the same purposes as those
listed in this Privacy Notice, your personal data can be accessed by,
or transferred to the following categories of recipients, on a need to
know basis to achieve such purposes:
- our personnel (including personnel, departments or other
companies of the Novo Nordisk group);
- our independent
agents or brokers (if any);
- our suppliers and services
providers that provide services and products to us;
- our IT
systems providers, cloud service providers, database providers and
- our business partners who offer products or
services jointly with us or with our subsidiaries or
- any third party to whom we assign or novate any
of our rights or obligations; and
- our advisors and external
lawyers in the context of the sale or transfer of any part of our
business or its assets.
The above third parties are contractually obliged to protect the
confidentiality and security of your personal data, in compliance with
We may also make public disclosures of transfers of value, where
required by law, relevant authorities and/or industry codes of practice.
Your personal data can also be accessed by or transferred to any
national and/or international regulatory, enforcement, public body or
court, where we are required to do so by applicable law or regulation
or at their request.
7. WHEN DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE THE EU/EAA?
For the purposes
described above in Section 3, we transfer your personal data to
countries outside the European Economic Area (EEA). The level of data
protection in certain countries outside the EEA does not conform to
the level of data protection for personal data currently applied and
enforced within the EEA.
We therefore use the following safeguards, as required by law, to
protect your personal data in case of such transfers:
- The destination countries are deemed by the EU Commission to
have an adequate level of protection of personal data.
- We have entered into Standard Contractual Clauses for the
Transfer of Personal Data to Third Countries. You can get a copy of
the Clauses by contacting us as described in Section 1.
8. HOW LONG WILL WE KEEP YOUR PERSONAL DATA?
We will only retain your personal data for as long as necessary to
fulfil the purpose for which it was collected or to comply with legal
or regulatory requirements.
For contracts, the retention period is the term of your (or your
company’s) contract with us, plus the period of time until the legal
claims under this contract become time-barred, unless overriding legal
or regulatory schedules require a longer or shorter retention period.
When this period expires, your personal data is removed from our
Personal data collected and processed in the context of a dispute
are deleted or archived (i) as soon as an amicable settlement has been
reached, (ii) once a decision in last resort has been rendered or
(iii) when the claim becomes time barred.
9. WHAT ARE YOUR RIGHTS?
In general, you have the following rights:
- You can get an overview of what personal data we have about
- You can get a copy of your personal data in a structured,
commonly used and machine-readable format
- You can get an
update or correction to your personal data
You can have your
personal data deleted or destroyed
- You can have us stop or
limit processing of your personal data
- If you have given
consent for us to process your personal data (see Section 5), you
can withdraw your consent at any time. Your withdrawal will not
affect the lawfulness of the processing carried out before you
withdrew your consent
- You can submit a complaint about how
we process your personal data to a Data Protection Authority.
Under applicable law, there may be limits on these rights depending
on the specific circumstances of the processing activity. Contact us
as described in Section 1 with questions or requests relating to these rights.