Privacy centre
Privacy notice for personnel in investigator initiated studies
-
1. Why and how we process your personal data
To evaluate your proposal for an Investigator Initiated Study, Mölnlycke Health Care AB, reg. no. 556547-5489 (“Mölnlycke”), will process the personal data included in your application. If your proposal is approved, Mölnlycke will subsequently enter into an agreement with you/your employer (the “Agreement”). This Privacy Notice explains how Mölnlycke, including its affiliates (“Mölnlycke”, “we”, “us”, or “our”), processes your personal data in connection with the application process and, if applicable, the Agreement.
Mölnlycke Heath Care AB is responsible for the processing of your personal data as described in this Privacy Notice in the capacity of data controller. You can also contact our Data Protection Officer (“DPO”) directly via email at privacy@molnlycke.com if you have any questions or concerns. You may read more general information about how and why we process personal data at https://www.molnlycke.com/privacy-center/ or you can contact us at phone number: +46 31 722 30 00
-
Purpose:
Mölnlycke will process your personal data for the following purposes:
- to evaluate the application for an Investigator Initiated Study;
- to fulfil our obligations under the Agreement;
- to communicate with you regarding matters related to the Agreement;
- to comply with legal or regulatory obligations (such as those related to reporting adverse events and demonstrating that the study has been conducted in accordance with applicable law and regulations)
- reference study results in our marketing materials;
Categories of personal data:
a) your name;
Personal Data: Mölnlycke will process the following categories of your personal data:
b) your title;
c) your contact information;
d) your business credentials, including educational level;
e) your financial information
(hereinafter referred to as the “Personal Data”).
Legal basis:
We only process your Personal Data to the extent permitted or required in accordance with applicable data protection legislation.
- For the purpose of conducting scientific research, the legal basis is our legitimate interest in conducting scientific research aimed at understanding and developing treatments and medical devices. This legal basis is found in the GDPR art. 6(1)(f).
- For the purpose of sharing study results to demonstrate safety and efficacy of treatments and medical devices with relevant authorities, including reporting serious adverse events, the legal basis is to meet our legal obligations. This legal basis is found in the GDPR art. 6(1)(c).
- For the purpose of communicating with you regarding the Agreement, the legal basis is our legitimate interest of initiating a business relationship with you/your employer and fulfilling our obligations under the Agreement with you/your employer. The legal basis is found in the GDPR art. 6(1)(f).
- For the purpose conducting due diligence checks, evidence transactions and your financial interest in Mölnlycke, the legal bases are our legal obligations to comply with anti-corruption and transparency legislation as well as our legitimate interest to comply with industry standards and guidelines on ethical conduct of business. The legal bases are found in the GDPR art. 6(1)(c) and GDPR art. 6(1)(f).
- For the purpose of referencing the study results in marketing materials and reference your name as part of a published paper or presentation, we rely on our legitimate interest to promote Mölnlycke and our products and services. The legal basis is found in the GDPR art. 6(1)(f).
Retention period:
We will store your Personal Data during the application process, thereafter (if applicable) for the duration of the Agreement and a period of 10 years after the expiration or termination thereof. If your proposal is not approved, your Personal Data will be deleted. In addition, we will store your Personal Data for as long as required by applicable laws and regulations. After such period has ended, your Personal Data will be deleted.
Collection of personal data
We collect personal data from your employer or from you directly.
Access and transfer of Personal Data: We will share your Personal Data with the following recipients:
- Suppliers or vendors assisting Mölnlycke, such as consultants and IT service providers;
- Other Mölnlycke entities;
- Public authorities, if required
To safeguard your rights, we rely on the below so-called transfer mechanism if your Personal Data is transfer to a country outside the EU/EEA. To receive a copy of the applicable transfer mechanism, please contact Mölnlycke’s DPO as described above.
- European Commission’s Adequacy Decisions. This means that the European Commission has assessed and decided that your personal data will be equally protected in that country as within the EU/EEA.
- European Commission’s standard contractual clauses. These clauses function as a contract between Mölnlycke and the recipient, with the purpose of safeguarding your rights.
-
Your rights and security Measures
You have the below listed rights in relation to our processing of your Personal Data. You can exercise them by contact us using the contact details above. Please note that not all rights listed below are absolute and there are exemptions which can be valid.
Right of access. You have the right upon request to get a copy of your Personal Data which we process and to get complementary information regarding our processing of your Personal Data.
Right to rectification. You have the right to have your Personal Data rectified and/or complemented if they are wrong and/or incomplete.
Right to erasure. You have the right to request that we erase your Personal Data without undue delay in the following circumstances: (i) the Personal Data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) you object to our processing of Personal Data, and we do not have any overriding legitimate grounds for the processing; (iii) the processed Personal Data is unlawfully processed; or (iv) the processed Personal Data has to be erased for compliance with legal obligations.
Right to restriction. You have the right to restrict the processing of your Personal Data in the following circumstances: (i) you contest the accuracy of the Personal Data during a period enabling us to verify the accuracy of such Personal Data; (ii) the processing is unlawful, and you oppose erasure of the Personal Data and request restriction instead; (iii) the Personal Data is no longer needed for the purposes of the processing, but is necessary for the establishment, exercise or defence of legal claims; or (iv) you have objected to the processing of the Personal Data, pending the verification whether our legitimate grounds for our processing override your interests, rights and freedoms.
Right to object. You have the general right to object to our processing of your Personal Data when it is based on our legitimate interest. If you object and we believe that we may still process your Personal Data, we must demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
Complaints to the supervisory authority. You may at any time also file a complaint with the supervisory authority in Sweden, or with your local supervisory authority in the EU member state where you are located. The data protection authority in Sweden is ‘Integritetsskyddsmyndigheten’. If you believe that our processing is performed in breach of applicable data protection legislation, we encourage you in first-hand to contact us in order for us to oversee your complaints. You can find contact details to each local supervisory authority by visiting this link: https://edpb.europa.eu/about-edpb/about-edpb/members_en.
Security measures. We have taken measures to ensure that your personal data is handled in a safe way. For example, access to systems where personal data is stored is limited to our employees and service providers who require it in the course of their duties. Such parties are informed of the importance of maintaining security and confidentiality in relation to the personal data we process. We maintain appropriate safeguards and security standards to protect your personal data against unauthorised access , disclosure or misuse. We also monitor our systems to discover vulnerabilities.