Privacy Policy

Last updated September 15 2023

This Privacy Policy explains how ZEMA Pharma Consulting ("We", "Us") processes your personal data.

1. Data Controller

The entity responsible for the processing of your personal data is: 

ZEMA Pharma Consulting ApS
CVR: DK 42 68 04 27

Email: madsh@zemacon.com 

Telephone: +45 61 47 64 68 

2. Description of the processing

2.1   General contact with potential customer

Where you as a part of your employment contact us on behalf of your employer, we process your personal data in relation to you acting as a contact person on behalf of your employer.

We process your personal data, including name, phone number, email address and occupation, to enable us to respond to your inquiries. 


We receive your personal data directly from you or from your employer.
The legal basis for processing your personal data is GDPR art. 6.1.f, as based on our legitimate interest in responding to inquiries and correspond with companies and persons who contact us. 


We will share your information with external IT service providers, most notably Microsoft and IDrive. 


We will process your personal data until it is no longer necessary for the purpose it was collected for. In general, personal data will be deleted one year after your most recent inquiry unless your inquiry results in the provision of services (see Section 2.2 below).


2.2   Provision of services

When your employer enters into an agreement with us regarding the services we provide, incl. as part of interpreting scientific data for medical products, product specific and strategic advice, training sessions, applications for the use of medical products in Denmark, and assistance in connection with studies, we process your personal data in relation to you being listed as a contact person for your employer. 


We process your personal data, including name, phone number, email address and occupation, to be able to correspond with you and contact you in connection with the provision of our services. 


We receive your personal data directly from you or from your employer. The legal basis for processing your personal data is GDPR art. 6.1.f, as based on our legitimate interest in providing our services. 


We will share your information with external IT service providers, most notably Microsoft and IDrive. 


We will process your personal data until it is no longer necessary for the purpose it was collected for. In general, personal data will be deleted five years after the end of the year in which the payment for the provided services takes place if such personal data also forms part of our bookkeeping material. Otherwise, personal data will generally be deleted as set out under Section 2.1 above.

2.3   Contact persons (doctors, nurses and other personnel within the healthcare sector and administrators within the Danish Medicines Agency, other medicines committees, etc.)

You may act as a general contact person for us for the purpose of providing our services as set out under Section 2.2 above. In this case, we process your personal data. 


We process your personal data, including name, phone number, email address and occupation, to be able to correspond with you and contact you in connection with the provision of our services. 


We receive your personal data directly from you. 


The legal basis for processing your personal data is GDPR art. 6.1.f, as based on our legitimate interest in providing our services. 


We will share your information with external IT service providers, most notably Microsoft and IDrive.

 
We will process your personal data until it is no longer necessary for the purpose it was collected for. In general, personal data will be deleted one year after we no longer consider you a general contact person. 

3.  Transfers to countries outside the EU/EEA

In general, personal data will only be processed within the EU/EEA. If we transfer your personal data to third countries outside the EU/EEA we will ensure appropriate security measures, including the use of Standard Contractual Clauses prepared by the European Commission pursuant to GDPR art. 46.2.c. 


Due to our use of products and platforms provided by Microsoft and IDrive, we may transfer personal data to the USA, when using their services.

If we transfer personal data to Microsoft or IDrive, the legal basis for the transfer is GDPR art. 45 since both companies are certified under the EU-U.S. Data Privacy Framework. 


Furthermore, personal data may also be transferred to Microsoft's or IDrive's subsidiaries or sub-processors in the USA or other third countries outside the EU/EEA. All transfers to third countries conducted by Microsoft or IDrive are subject to appropriate security measures pursuant to GDPR art. 46, provided that such transfer cannot be based on GDPR art. 45.

4. Your rights

You have the following rights:

You have the right to request access to, rectification or erasure of your personal data.

  • You also have the right to have the processing of your personal data restricted.

  • You have the right to receive your personal information in a structured, commonly used and machine-readable format (data portability).

  • You may always lodge a complaint with a data protection supervisory authority, e.g. the Danish Data Protection Agency (Datatilsynet).

Furthermore, you have the right to object to processing of your personal data as follows.

  • If processing of your personal data is based on GDPR, art. 6.1.f, see above regarding legal basis, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data.

You can take steps to exercise your rights by sending an email to madsh@zemacon.com.

There may be conditions or limitations on these rights. It is therefore not certain for example you have the right of data portability in the specific case – this depends on the specific circumstances of the processing activity.