You are now leaving Lundbeck UK's website (www.lundbeck.com/uk) for an external website. External links are provided as a resource to the viewer. Lundbeck UK are not responsible for the external website and its content.
UK-NOTPR-1010 | April 2022
Protecting the Privacy of Personal Data
Lundbeck Limited Privacy Notice: Healthcare Professionals
1. Introduction
The fair and lawful processing of your personal data is a top priority for us. Therefore, we would like to inform you about when and why Lundbeck Limited (referred to as “Lundbeck”, “we”, “us”, “our”) collect and hold personal data about healthcare professionals in the course of our business with you, how this data is used, the conditions under which it may be disclosed to others and how it is kept secure.
Please note that this privacy notice is separate to our privacy notice on our general UK website (https://www.lundbeck.com/uk), which relates to users and visitors of this website. We recommend you review this policy whenever you visit our Lundbeck UK website. Links to specific social media privacy notices can also be found on our website by clicking here: Privacy Notice: LinkedIn, Privacy Notice: Instagram or on our relevant social media pages or channels. If our website or these links are unavailable for any reason, please contact us using the details at the end of this policy and we can provide you with copies.
Lundbeck Limited (company number 01040798) is the data controller in relation to the processing activities described below. This means that we decide why and how your personal data is processed.
In processing your personal data, Lundbeck will always comply with applicable data protection laws, including the Data Protection Act 2018 and the UK General Data Protection Regulation (“UK GDPR”).
2. What personal data do we process?
As part of our professional dealings with you, we may collect, store and use the following types of personal data:
We will collect the above categories of personal data as follows as part of our interaction with you. This is information that you voluntarily give to us via:
This includes information provided at the time of contacting us in relation to the services or products we provide or making an enquiry about our business.
We may also ask you for information when you report a problem with our site. If you complete any surveys that we request you complete for research purposes, we will collect information in such circumstances as well.
We may also automatically collect technical information, including anonymous data collected by the hosting server for statistical purposes, the Internet protocol (IP) address used to connect your computer or device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. We may also collect any personal data which you allow to be shared that is part of your public profile or third party social network, type and version, time zone setting, browser plug in types and versions, operating system and platform.
Please see our Cookies Policy for further information on how we use cookies.
We may also obtain your personal data from sources outside of our business which may include our group companies or our third party marketing partners. The personal data that we receive from our group companies is as described in the paragraphs above. The personal data that we receive from our third party marketing partners is where you have indicated to such partner that you would like Lundbeck to contact you with information about our products and services. If you would like to opt-out of receiving marketing information from us after providing your consent, you can do so at any time. Please see Your rights for further details on how you can do this.
3. How we use your personal data?
As an overriding principle, we only process such personal data as is necessary to achieve the various purposes (data minimisation principle) of processing. Where possible, we make use of pseudonymisation and anonymisation of data.
The purposes for which we collect and use your personal data and the legal basis under data protection laws on which we rely on do this are explained below.
Lundbeck and other companies of the Lundbeck group are members of the Association of the British Pharmaceutical Industry (ABPI) in the UK. The ABPI require Lundbeck to document and publish certain information regarding transfers of value, including grants, donations, benefits and payments granted to healthcare professionals and healthcare organisations each calendar year. If you receive any transfers of value from us, your personal data (including your name, organisation (if any), and information regarding transfers of value paid to you) will be processed in order for us to comply with our obligations under the ABPI Code. Unless required by law or to comply with our obligations under the ABPI Code, we will only disclose your personal data in relation to such payments if we have obtained your prior consent to do so. Your consent will be obtained via a consent form. If you do not consent, the ABPI requires that we publish the transfers of value information in aggregated form, without it being possible to identify your personal data from that information.
4. Who may receive or have access to your data?
Access to your personal data is restricted to Lundbeck personnel to the extent necessary for processing the data for above-mentioned purposes.
We may also disclose your information to the following third parties:
o We may disclose your information to our third party service providers, agents, subcontractors and other organisations for the purposes of providing services to us or directly to you on our behalf. Our Customer Relationship Management (CRM) system is provided and maintained by Veeva Systems Inc. and our OneKey Database is provided by IQVIA. The IQVIA privacy notice for the OneKey Database can be found on the IQVIA website.
o Other third parties may include cloud service providers (such as hosting and email management), IT providers, technical and professional advisors (including accountants and lawyers), advertising and marketing agencies, communication fulfilment service providers, and administrative service providers.
o When we use third party service providers, we only disclose to them any personal data that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
When disclosing your personal data to third parties, we will always take steps with the aim of ensuring that your privacy rights continue to be protected.
5. Where is your data stored?
All personal data you provide to us is stored on our secure servers which are located within the United Kingdom and/or the European Economic Area (EEA).
We also collect and store personal data in our Customer Relationship Management (CRM) system, which is provided and maintained by Veeva Systems Inc. We use the OneKey database provided by IQVIA.
If at any time we transfer your personal data to, or store it in, countries located outside of the United Kingdom or the EEA (for example, as a result of our engagement of our CRM provider or if our hosting services provider changes) we will ensure that appropriate safeguards are in place for that transfer and storage as required by applicable law. This is because some countries do not have adequate data protection laws equivalent to those in the United Kingdom and EEA.
If your personal data is transferred to other companies in the Lundbeck Group, the transfer will be based on the Lundbeck Intra Group Agreement as applicable from time to time. The current agreement is based on the EU standard contractual clauses.
6. How long do we store your personal data?
If we collect your personal data, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws. We will only keep your personal data in an identifiable format for as long as is reasonably necessary to achieve the respective purpose of the processing unless we believe that the law requires us to preserve it.
We keep business letters and comparable correspondence for a period of six years and invoice-related documents and contract documents for a period of seven years.
We keep your personal data stored in our CRM system for the duration of the business contact with you. This is managed by our third-party service provider, Veeva Systems Inc.
Under the ABPI Code of Practice, data on transfers of value is publicly disclosed and retained for a period of five years after the end of the calendar year of its first publication and subsequently deleted.
If you have contacted us with a complaint or enquiry, we will store your personal data for as long as is reasonably required to resolve your complaint or enquiry.
When it is no longer necessary to retain your personal data, we will delete the personal data that we hold about you from our systems. After that time, we may aggregate the data (from which you cannot be identified) and retain it foranalytical purposes.
The exceptions to the above are where:
7. Security and links to other sites
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted to our site and any transmission is at your own risk. Once we have received your personal data, we put in place reasonable and appropriate controls to ensure that it remains secure against accidental or unlawful destruction, loss, alteration, or unauthorised access.
Our sites may contain links to other websites run by other organisations. This policy does not apply to those other websites, so we encourage you to read their privacy statements. We cannot be responsible for the privacy policies and practices of other websites even if you access them using links that we provide. In addition, if you linked to our site from a third party website, we cannot be responsible for the privacy policies and practices of the operators of that third party website and recommend that you check the policy of that third party website.
8. Data anonymisation and use of aggregated information
Your personal data may be converted into statistical or aggregated data in such a way as to ensure that you are not identified or identifiable from it. Aggregated data cannot be linked back to you as a natural person. We may use this data to share with our partners or for analytical and research purposes. This information may be collected by cookies placed on our site - please see our Cookies Policy for more information.
9. Your rights
In the UK and EEA, you have certain rights in relation to your personal data under data protection law and these are described below. Please note that we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal data.
10. Complaints
If you wish to file a complaint regarding Lundbeck's processing of your personal
data, you can email or write to us using the contact details at the end of this
policy.
You also have the right to complain to the relevant data protection authority, which in the UK is the Information Commissioner's Office (ICO), if you are concerned about the way that we have processed your personal data.
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone Number: 0303 123 1113
Website: https://ico.org.uk/
11. Children
Our site is not intended or designed to attract children. Lundbeck do not knowingly collect personal data from any person we know to be under the age of 18 years.
12. Changes
We may review this policy from time to time and any changes will be notified to you by posting an updated version on our site and/or contacting you by email. Any changes will take effect 7 days after the date on which we post the modified terms on our site or the date of our email, whichever is earlier. We recommend you regularly check for changes and review this policy whenever you visit our site. If you do not agree with any aspect of the updated policy, you must immediately notify us and cease using our services.
This policy was last updated on 28 August 2024.
13. Contact
If you have any questions regarding this privacy policy or Lundbeck’s processing of your personal data, please contact our Data Protection Officer using the details below.
UK-NOTPR-2073 | August 2024