Abacus Medicine Group

Privacy & Cookie Policy

At Abacus Medicine A/S, we take your privacy and the security of your information very seriously.

This privacy policy is designed to help you understand how Abacus Medicine A/S collects and uses your personal information and applies to the following categories:

  1. Communication
  2. Recruitment
  3. Pharmacovigilance
  4. Cookies
  5. Your rights


Last updated: 2023, October

Communication

This section of our privacy policy is designed to help you understand how Abacus Medicine A/S collects and uses your personal information when you communicate with us.

When you communicate with Abacus Medicine, we will process the following information:

  • Name, Email address, Telephone no., Job title.
  • Information you provide us with.

Your personal information will be used for the purpose of general business communication. Abacus Medicine bases its processing of your personal information on the General Data Protection Regulation´s Article 6(1)(f) and our legitimate interest in communicating and trading with our business partners.

Your personal information will be shared with our service providers and data processors in order to make use of their services. All data processors are bound by our instructions and will only process your personal information in accordance with this policy.

Your personal information may also be shared with external advisors as part of our internal review procedures to address our compliance with various legal obligations. All external advisors are bound by confidentiality agreements to protect your personal information.

Your personal information will be stored as long as the information is needed in the course of business.

Recruitment

This section of our privacy policy is designed to help you understand how your personal information is processed when you apply for a job at Abacus Medicine A/S.

During the recruitment process at Abacus Medicine, we will collect and store the following information about you:

  • Name, Address, Telephone no., Email address.
  • Job application, supporting documents and information you submit to us during the recruitment process.

Our purpose of processing your personal information is to assess your suitability for the job you have applied for.

We process your information on the basis of the General Data Protection Regulation´s Article 6(1)(b), which relates to the processing necessary to perform a contract or to take steps at your request, before entering a contract.

Your personal information will be shared with our service providers and data processors in order to make use of their services. All data processors are bound by our instructions and will only process your personal information in accordance with this policy.

Your personal information may also be shared with external advisors as part of our internal review procedures to address our compliance with various legal obligations. All external advisors are bound by confidentiality agreements to protect your personal information.

All data related to rejected candidates will be deleted at the end of the recruitment process.

If you are employed, we will store your job application in accordance with our Human Resource Privacy Policy.

Pharmacovigilance

This section of our privacy policy is designed to help you understand how Abacus Medicine A/S will handle your personal information when you make a report related to adverse events or other activities related to pharmacovigilance (“Pharmacovigilance reports”).

When making a Pharmacovigilance report, Abacus Medicine will collect the information necessary to fulfil our obligation related to pharmacovigilance, this may include:

  • Patient initials, gender and date of birth
  • Description of adverse reaction
  • Contact details of the reporter

Abacus Medicine processes your personal data in accordance with the General Data Protection Regulation (GDPR). Your personal information will be used for the following purposes:

  1. To comply with our legal obligation to collect Pharmacovigilance reports in accordance with GDPR Article 6(1)(c),
  2. Detecting and preventing adverse effect or any other medicine related problem necessary for reasons of public health in accordance with GDPR Article 9(2)(i), and
  3. Transmission of information to manufacturers based on your consent in accordance with GDPR Article 6(1)(a).

Pharmacovigilance reports are kept as long as the product is authorised and for at least 10 years after the marketing authorisation has ceased to exist.

Abacus Medicine may be legally obligated to share your personal information with independent data controllers, such as:

  • Public health authorities
  • The product’s marketing authorisation holder or manufacturer.


Your personal information will be shared with our service providers and data processors in order to make use of their services. All data processors are bound by our instructions and will only process your personal information in accordance with this policy.

Your personal information may also be shared with external advisors as part of our internal review procedures to address our compliance with various legal obligations. All external advisors are bound by appropriate confidentiality agreements to protect your personal information.

Cookies

This section of our privacy policy is designed to help you understand how Abacus Medicine A/S uses cookies on this website.

When you visit Abacus Medicine´s website, cookies are stored on your device, according to your given preferences. Cookies are small text files that are stored locally on your device and make it possible to collect data about the use of our website. The use of cookies may involve the collection of your personal data, such as your IP address. Our website uses the web analysis service “Matomo Analytics” to analyse the use of our website. By using the statistics obtained through the service, we can provide a better browsing experience and improve your experience when visiting our website. 

We use cookies to collect and process information about you for the following purposes:

  1. To support the website’s functionality in order to provide you with a better user experience. 
  2. To perform statistical analyses of your use of the website in order to improve your and other visitor’s user experience. 
  3. To show you targeted marketing, in accordance with your preferences. 

The legal basis for the use of cookies is GDPR Article 6(1)(a) and the consent you provide us with.

The cookies categorised as strictly necessary help provide you with services and features available through our website and remember whether you have given a consent or not. These cookies are essential for the functioning of the website and do not require your consent. This processing is therefore based on GDPR Article 6 (1)(f), and our legitimate interest in providing you with a good browsing experience, while limiting the processing of your personal data.

You can at any time change or withdraw your consent on our website by clicking on the cookie symbol at the bottom left of the page. However, if you do not consent, please be aware that this may affect some of the functions and services on the website.

It is possible to prevent the use of cookie tracking by activating the opt-out plug in, known as a “Do not track”-function, in your browser settings. In this case, an opt-out cookie is stored on your browser that prevents cookies from being installed on your device. If you delete your cookies, the opt-out cookie will also be deleted and must therefore be reactivated when you revisit the website.

With your consent, you accept that personal data on this website may be obtained, published or shared by our Data Processors; Matomo Analytics (Data Processor Privacy Policy), Leadfeeder (Data Processor Privacy Policy) and Mouseflow (Data Processor Privacy Policy). 

Matomo is a company based in New Zealand with an EU representative in Germany. All data processed and stored by Matomo is stored on servers in Europe, and no data will be transferred to third countries. New Zealand is considered by the EU Commission to have an adequate level of data protection in accordance with GDPR Article 45.

Data collected by Leadfeeder and Mouseflow may be stored and processed outside the EU/EEA area, namely in the United States. The legal basis for such international transfers is GDPR Article 46(2)(c) and the European Commission’s Standard Contractual Clauses 2021/914/EU, in order to provide you with an equivalent protection for your rights and freedoms.

The cookies used

Strictly necessary
Strictly necessary cookies help make a website navigable by activating basic functions such as page navigation and access to secure website areas. Without these cookies, the website would not be able to work properly. These cookies have a legitimate purpose and are not optional.

Data Processor

Cookie name

Expiration

Purpose

Cookie Information

 

Data Processor Privacy Policy

CookieInformationConsent

1 year

Supports the website´s technical functions. 

PHP

PHPSESSID

Session expires when browser is closed.

Third-party cookie. Required for the website to perform properly.

Functional
Functional cookies make it possible to save information that changes the way the website appears or acts, for instance, your preferred language or region. These cookies are optional and require your consent.

Data Processor

Cookie name

Expiration

Purpose

There are currently no functional cookies on the website.





Statistical
Statistical cookies help the website owner understand how visitors interact with the website by collecting and reporting information. These cookies are optional and require your consent.

Data Processor

Cookie name

Expiration

Purpose

Google Analytics

 

Data Processor Privacy Policy

_gid

A day

Collects information about the users, how they accessed the website and their activity on the website, for instance an IP-address, for analytics and reporting purposes. 

Google Analytics

 

Data Processor Privacy Policy

_ga

2 years

Collects information about the users in order to distinguish between visitors to the website. 

Google Analytics

 

Data Processor Privacy Policy

_gat

_gtag

A few seconds

Collects information about the users and their activity on the website, for instance an IP-address, for analytics and reporting purposes. 

Matomo


Data Processor Privacy Policy

_pk_id

13 months

Used to store a few details about the user such as the unique ID to recognize returning visitors.

Matomo


Data Processor Privacy Policy

_pk_ses

30 minutes

Short lived cookie used to temporarily store data for the visit, such as a unique session ID. The cookie tracks the time of the visit for the user, time of the previous visit for the user, and number of visits for the user.

Mouseflow


Data Processor Privacy Policy

mf_[website-id]

Session

A cookie for identifying the current session on a website.

The cookie contains information about the current session but does not contain any information that can identify the visitor. This cookie is deleted when the session ends, meaning when the user leaves the website.

 

The use of Mouseflow may include the use of heatmaps and session recordings, which track interactions like clicks, mouse movements, scrolls, form interaction and page changes. These interactions can afterwards be replayed in a video or visualized in a heatmap in order to find out what visitors are really looking for and how they get there.

Mouseflow


Data Processor Privacy Policy

mf_user

90 days

A cookie for checking if the user is new or returning.


This cookie establishes whether the user is a returning or first-time visitor. This is done simply by a yes/no toggle and no further information about the user is stored. 

Marketing
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and interesting to the individual user and thus more valuable for publishers and third-party advertisers. These cookies are optional and require your consent.

Data Processor

Cookie name

Expiration

Purpose

Leadfeeder


Data Processor Privacy Policy

_lfa

2 years

The cookie registers data such as IP-addresses, owner of the IP address, time spent on the website and page requests for the visit, and stores and tracks audience reach.

Google

 

Data Processor Privacy Policy

_gcl­_au

3 months

Used by Google for experimenting with advertisement efficiency across websites using their services.  

Google Marketing Platform

doubleclick.net


Data Processor Privacy Policy

test_cookie

15 minutes

Third-party cookie.

Used for online marketing by collecting information about the users and their activity on the website. The information is used to target advertising to the user across different channels and devices. 

Google Marketing Platform

doubleclick.net


Data Processor Privacy Policy

IDE

1 year

Third-party cookie.

Used for online marketing by collecting information about the users and their activity on the website. The information is used to target advertising to the user across different channels and devices.

Your rights

Under the General Data Protection Regulation, you have rights as an individual which you can exercise in relation to the information, we hold about you. This includes the right to:

  • Get access to the information we process,
  • Rectification of inaccurate or incorrect information about you,
  • Deletion of your personal information (in certain circumstances),
  • Restrict our processing of your personal information (in certain circumstances),
  • Object to our processing of your personal information, and
  • Have your personal information provided to you in a machine-readable format.

If you wish to invoke any of these rights, send your request to: privacy@abacusmedicine.com

You can read more about these rights at the Danish Data Protection Agency’s webpage or at the European Commission’s webpage.

Complaint

If you have any complaints regarding Abacus Medicine’s processing of your personal information, you can file an official complaint with the Danish Data Protection Agency, by filling out this complaint form.

Contact

Abacus Medicine A/S acts as the data controller for the information we collect.

You can contact us at:

Abacus Medicine A/S
Kalvebod Brygge 35
1560 Copenhagen V
Denmark

Telephone: +45 70 22 02 12
E-Mail: privacy@abacusmedicine.com

Guidelines for handling Personal Data

Handling sensitive information – All employees must keep their mailbox, computer and workstation free of sensitive personal information, unless the information is needed as part of their job function (i.e. prescriptions needed to fulfil orders, HR files, etc.). Neither Abacus Medicine nor any of its employees may handle information about religious beliefs, sexual orientation or ethnicity.

Email communication
You can freely communicate via email any non sensitive data such as, name and title, email address and telephone number, corporate photo and B2B information.

a . Sensitive personal information must be encrypted before being transmitted over the internet. Regular emails should never be used for sharing sensitive personal information.

b . If you use your company email account to send personal emails, make sure to mark these as “Private”. Please be aware that this is subject to review by Abacus Medicine.

c . Remember to clean out your mailbox regularly when you find that you no longer need the content of
the email.

Job applications
You should never store job applications on your computer, unless you are part of an active recruitment process. Any job applications you may receive directly from applicants must be passed along to HR and subsequently deleted from your own computer and mailbox.

a . A guide on how to clean job applications from your email inbox, will be provided to all employees on a yearly basis.

IT-infrastructure
All employees shall make sure to keep all data within the Abacus Medicine IT infrastructure and should never use private IT equipment or email accounts to store or send company info.

Sensitive personal information is defined as follows: 
“Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.”
Contact the IT department if you need help transferring sensitive personal information. 

When we are processing any kind of personal data, the individuals whose data we are processing are exposed to many risks. Whenever a new system is implemented, or a new project has started, you should therefore always consider the possible risks and consequences.

A security incident or any related risks or consequences may be prevented by conducting a risk assessment. A risk assessment is an objective assessment of the risks the planned processing of personal data may impose for the rights and freedoms of data subjects. By conducting a risk assessment, we can scope the possible risks before they actually occur and thereby limiting the related consequences.

An integral part of this risk assessment is to consider the privacy by design principles which means that we incorporate data protection in all our business processes and systems. Privacy by design can be illustrated through the following principles:
1. Proactive not reactive; Preventive not Remedial.
2. Privacy as the default setting.
3. Privacy embedded into design.
4. Full functionality – No compromises in privacy vs security.
5. End-to-end security – Lifecycle protection.
6. Visibility and transparency – Keep it open.
7. Respect for user privacy – Keep it user-centric.

Sensitive personal information
is defined as follows:
“Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.”

Contact the IT Department if you need help transferring sensitive personal
information.

Examples of measures that can be built into and constitute privacy by design may include; minimising the processing of personal data, pseudonymisation, encrypting data, and securing the infrastructure against unauthorised access. By implementing appropriat e technical and organisational measures we can ensure the effective implementation of the basic data protection principles, such as lawfulness, fairness and transparency.

Please make sure to involve the Legal Department early in the process of implementing new systems, starting up new projects or entering into new contracts in order to incorporate data protection at all levels and to evaluate possible risks and limiting the consequences.

A privacy security incident is a single or a series of events in loss or disclosure of personal information to an unauthorised third party. Most common events involve: 

  • Theft/loss of equipment.
    • The theft or loss of physical devices (laptops and storage devices) or paper records that contain personal information. 
  • Unauthorised access to information/systems
    • Employees accessing personal information they are not authorised to. 
  • Unauthorised release of or disclosure of information
    • Personal information being leaked or otherwise disclosed to an unauthorised third party. This may include computer virus, emailing personal information to the wrong person, or disclosure of personal information to a scammer as a result of inadequate identify vertification. 
  • Unauthorised alteration of personal information or loss of personal information. 
    • Unauthorised/accidental change or deletion of personal information. 


Responsibilities to prevent privacy security events: 

  • All employees
    • All employees should report any suspicious incidents to either their manager or the privacy manager at privacy@abacusmedicine.com
  • Managers
    • If a manager receives a report of an incident the manager is responsible for reporting the incident to the privacy manager. 
  • Privacy manager
    • The privacy manager coordinates the investigation and makes the assessment of the scope and scale of the incident. The privacy manager determines if further steps are necessary related to the company’s legal obligation towards the data subject and the national data protection authorities. 

The General Data Protection Regulation confers specific rights on any individuals we hold information about. In order for Abacus Medicine to comply with the requirements we have to make sure we respond correctly and in a timely manner to any such inquiries.

All employees must be attentive when any individuals request the following:
a . To gain access to the information we hold on the person
b . To rectify inaccurate or incorrect information
c . To delete personal information we store (in certain situations)
d . To restrict the information we process (in certain situations)
e . To object to our processing of their data
f. To have your personal information provided to you in a machine readable format

If you receive any of the above requests you must report it to privacy@abacusmedicine.com. When reporting a request, remember to record the individual’s name, contact details, the specific request and the date. It is of the utmost importance that the request is forwarded immediately in order for the assessment to begin as soon as possible.

Proper use of surveillance at Abacus Medicine
Access to surveillance footage
is reserved authorised personnel only, and only authorised personnel will be involved in and/or have access to surveillance camera footage and recordings of surveillance.

The surveillance footage and camera data may only be accessed:
a . in case of suspected criminal activities, and
b . during planned service and maintenance to ensure that the equipment is operating properly.

When a crime is suspected to have occurred, only authorised personnel may review the images from the surveillance camera.

When records are released to law enforcement officials, authorissed staff shall, where possible, limit the ed staff shall, where possible, limit the release of information about individuals deemed not to be involved in the investigation. This includes, release of information about individuals deemed not to be involved in the investigation. This includes, but is not limited to, zooming images in on suspects in question, obscuring identifiable features of other but is not limited to, zooming images in on suspects in question, obscuring identifiable features of other indivindividuals, and limiting the timeframe of video coverage provided.iduals, and limiting the timeframe of video coverage provided.

Surveillance footage may under no circumstances be made public or disclosed to unauthorised individuals.

Surveillance camera recordings will be stored for a period of no longer than thirty (30) days, unless retained as part of a criminal investigation or court proceedings.

Recruitment at Abacus Medicine
The recruitment process at Abacus Medicine involves a Hiring Committee consisting of several people from various departments. The following applies to anyone participating in the recruitment process:

a . Access to job applications and related documents is restricted to HR and the members of the Hiring Committee. Sharing these documents with other employees or any third party is not allowed.
b . Job applications, resumes, and other information related to a job applicant must be stored in such a manner that only the members of the Hiring Committee and the HR Department have access to them.
c . The HR Department has the responsibility of storing all documents related to recruitment and the maximum period of storage of recruitment related information is six (6) months from the end of the recruitment process.
d . Members of the Hiring Committee must delete all documents related to the job applicants once the recruitment process has been finalised.

Social media at Abacus Medicine
Abacus Medicine manages several social media accounts to help promote the Company. The following guidelines shall apply to anyone administrating or partake in creating content for these profiles. 
Using pictures of individuals can be done in one of two ways:

a . by having the individuals’ consent; or
b . by purchasing the right to use the pictures.

Use of pictures by having the individuals’ consent to do so
When the use of pictures relies on the consent given by the individual, the consent must be obtained the consent must be obtained prior to posting the picture(s) or video(s) of the individual to any social media profile owned or operated prior to posting the picture(s) or video(s) of the individual to any social media profile owned or operated by Abacus Medicine.

If the individual has not given a general consent for the use of their pictures, the following steps must be taken, to obtain individual consent, prior to posting picture(s), video(s) and/or other relevant content on taken, to obtain individual consent, prior to posting picture(s), video(s) and/or other relevant content on social media platforms:

a . obtain initial indication of consent;
b . evaluate the material;
c . collect valid consent; and
d . store/archive the consent a place where you are always able to find it.

Initial indication of consent – Before filming or photographing an individual, you must ensure that the  person wishes to partake in the posting of their pictures to a social media platform. You must also inform the individual of the following:

a . what the picture will be used for;
b . where it will be posted;
c . how consent will be collected;
d . the individual’s right to withdraw the consent at the time of their choosing.

Evaluation of the content – Does it contain information that might be detrimental to the person(s) in the  background, such as drinking, indecent behaviour, etc.?  If it does, then discard the picture.

a. Once the relevant photo/video has been selected –– delete all other photo(s) and/or video(s).delete all other photo(s) and/or video(s).

Collect valid consent – It is important to ensure consent is collected and stored properly. Use the following steps to ensure a valid consent is obtained:
a. Open the email consent form;
b. Fill in name and description of event;
c. If there is only one person in the photo, then attach the photo to the email;
d. Attach our Social Media Privacy Policy;
e. Add privacy@abacusmedicine.com as CC to the email; and
f. Send out the email individually to all individuals presented in the photo(s), video(s) and/or other content.

Storing consent – If the individual answers the email affirmatively make sure the answer is also If the individual answers the email affirmatively make sure the answer is also forwarded to forwarded to privacy@abacusmedicine.com.

Withdrawal of consent
A consent is valid as long as the individual has not revoked the consent. An individual can choose to do so at the time of their choosing. If any individual expresses a desire to have their picture(s) and/or video(s) removed it has to be removed right away, no questions asked.

Pictures of an individual cannot be posted to any of Abacus Medicine’s social media profiles unless a valid consent is obtained from the individual in question. A valid
consent is obtained when the individual is listed on the General Consent List or has provided his/her individual consent by replying affirmatively to the email mentioned in the above paragraph e).

Approved by the Board of Directors on 24 October 2023. 

Personal Data and Privacy Policy

This policy sets out the general principles on data protection and data ethics within the Abacus Medicine Group. We are committed to complying with all applicable data protection laws and regulations and to process both personal and non personal information in compliance with data ethics principles.

Your personal information will be shared with our Data Processors in order to make use of their services. These Data Processors are bound by our instructions and will process your personal information in accordance with this policy.

Your personal information may also be shared with external advisors as part of our internal review
procedures to address our compliance with various legal obligations. All external advisors are bound by appropriate confidentiality agreements to protect your personal information.

Abacus Medicine may disclose your personal information in order to respond to lawful request(s) by public authorities and law enforcement agencies.

This policy regulates Abacus Medicine’s compliance with data ethics principles. Data ethics concerns the ethical considerations which we as a company must consider when we use data and new technologies.

According to the Danish Data Ethics Council
“Data ethics is generally understood as the ethical dimension of the relationship between, on the one hand, technology and, on the other hand, citizens’ fundamental rights, legal certainty and fundamental societal values, which technological development gives rise to consider. The concept includes ethical issues in the use of data.”

Data ethics goes beyond compliance with data protection laws and includes both personal and non personal data. Abacus Medicine processes data in a data ethical manner by adhering to the following principles:

  • Welfare the processing of data must take place with respect and consideration for social conditions, society and democracy.
  • Dignity the processing of data must not be used to harm the individual, and data subjects should derive the primary benefit from the data processing.
  • Private life the processing of data must be done with respect for privacy and under the protection of personal data.
  • Self determination w hen at all possible, data subjects must be able to make informed decisions about the processing of their data.
  • Equality the processing of data shall not discriminate on the basis of ethnicity, sexuality, gender, socio economic background, political opinion, religion, trade union membership, genetic data, biometric data, disability or other health related data.
  • Freedom the processing of data must respect fundamental freedoms in a democratic society.
  • Transparency individuals should be able to understand how their personal data are used.
  • Security the processing of data shall be adequately secure, robust and reliable.
  • Accountability – it must be clear at all stages who is responsible for the processing of data and it must be clear at all stages who is responsible for the processing of data and thereby holding them accountable. 


Abacus Medicine considers the abovementioned principles when processing data and implementing new technologies. The principles should be read in conjunction with the other policies in the Compliance Framework and are applicable to the whole Abacus Medicine Group.

This privacy policy is designed to help you understand how Abacus Medicine collects and uses your personal information. The policy applies to information we collect about you as an employee at Abacus Medicine.

Data collected – During your employment at Abacus Medicine, we will collect and store the following pieces of information about you:

a. Name, address, phone no., email address, personal ID number, photograph;
b. Contract, salary, benefits, working hours, bank details;
c. Information needed to report taxes;
d. Job application and supporting documents;
e. Email content, IT usage.

The purpose of processing data Your personal information will be used for the following purposes:
a. Communication and identifying you as an employee;
b. Fulfilling our contractual obligations as your employer, enabling us to pay your salary. The information is processed on the basis of article 6 (1)(b) of the General Data Protection Regulation (GDPR). If you do not wish to provide us with this information, we will not be able to hire you;
c. Fulfilling our legal obligation to report taxable income in accordance with the Tax Control Act’s (Skattekontrolloven) § 7;
d. Documenting and evaluating your qualifications as an employee. The information is processed on the basis of article 6 (1)(f) of the GDPR and our legitimate interest in verifying and evaluating our employees’ qualifications;
e. Fulfilling the employee’s duties in case of absence. The processing of data is based on Art. 6(1)(f) of the GDPR and our legitimate interest in maintaining and continuing ordinary business regardless of your presence.

Recipients
Your personal information may be shared with independent data controllers such as:
a
a .. Banks;Banks;
b
b .. ServiceService providers;providers;
c
c .. InsuranceInsurance companies;companies;
d
d .. PublicPublic authorities,authorities, includingincluding the Danish Tax Agency.the Danish Tax Agency.
Storage
Storage periodperiod
a. Any email content will be stored for as long as necessary in order to maintain the functions you have
a. Any email content will be stored for as long as necessary in order to maintain the functions you have fulfilled as an employee at Abacus Medicine. Job applications will be deleted when you leave the fulfilled as an employee at Abacus Medicine. Job applications will be deleted when you leave the company. company.
b . All other personal data processed by Abacus Medicine A/S during your employment will be stored for
b . All other personal data processed by Abacus Medicine A/S during your employment will be stored for a period of 5 years from the end of the financial year in which your employment ended. Abacus a period of 5 years from the end of the financial year in which your employment ended. Abacus Medicine stores this data in order to comply with the DanishMedicine stores this data in order to comply with the Danish Bookkeeping Act.Bookkeeping Act.

This section of our privacy policy is designed to help you understand how your personal information is processed when you apply for a job at Abacus Medicine A/S.

Data collected – During the recruitment process at Abacus Medicine, we will collect and store the following pieces of information about you:
a. Name, address, phone no., email address.
b. Job application, supporting documents and information you submit to us during the recruitment process.

The purpose of processing
a. Our purpose for processing your personal information is to assess your suitability for the job you have applied for.
b. We process your information on the basis of the General Data Protection Regulation’s article 6(1)(b), the General Data Protection Regulation’s article 6(1)(b), which relates to the processing necessary to perform a contract or to take steps at your request, before which relates to the processing necessary to perform a contract or to take steps at your request, before entering a contract.

Storage period
a. All data related to rejected candidates will be deleted at the end of the recruitment process.
b. If you are employed, we will store your job application in accordance with our Human Resource Privacy Policy.

This privacy policy is designed to help you understand the use of surveillance cameras at Abacus Medicine A/S.

Data collected – Abacus Medicine’s surveillance cameras capture video footage from the office and the warehouse at our Danish site and the Hungarian site. The surveillance footage will only be accessed in warehouse at our Danish site and the Hungarian site. The surveillance footage will only be accessed in case of criminal activity or suspicion thereof, for service and maintenance or if required by law.

The purpose of processing data – The purpose of the surveillance cameras is to improve the safety of our employees and to protect the property of Abacus Medicine. The processing is based on Art. 6(1)(f) of the GDPR and Abacus Medicine’s legitimate interest in protecting company property.

Recipients of the data – Abacus Medicine may be required to disclose your personal information to law enforcement agencies or public authorities.

Storage period – Surveillance footage is stored for 30 days. The storage period will be extended in events of criminal activity or suspicion hereof. The extension will last until the crime has been solved.

This section of our privacy policy is designed to help you understand how Abacus Medicine collects and uses your personal information when you are subscribed to our newsletter.

Data collected – When you sign up for our newsletter, you consent to our collection and processing of your personal information. We collect the following personal information: 
a. Ordinary personal information: Name, email, company.
b. Tracking information: IP-address, Location, use of “Forward to a Friend” function and Time when the newsletter is opened.

How we process your personal information
a. We collect and process your personal information to provide you with our newsletter service. We process your information on the basis of the General Data Protection Regulation’s article 6(1)(a) in accordance with the consent you have provided us with.
b. You can withdraw your consent at any time, by clicking the “Unsubscribe” link in the email or by unsubscribing via our website.
c. Our newsletter contains tracking cookies, such as clear gifs to provide feedback on subscribers’ interaction with the newsletters.

Recipients of your data
a. We use a third party provider, Mailchimp, to send you our newsletter. Your personal information will be shared with Mailchimp to make use of their service.
b. Mailchimp stores and processes your personal information in USA. Abacus Medicine Group and Mailchimp have entered into a Standard Contractual Clause, approved by the European Commission, to ensure adequate protection of your personal information when it is transferred to Mailchimp outside the European Union.

Storage period – We store and process your personal information as long as we have your consent to do so.

This privacy policy is designed to help you understand how Abacus Medicine A/S collects and uses your personal information when you communicate with us.

Data Collected – When you communicate with Abacus Medicine we will process the following information:
a. Name, Email address, Telephone no., Job title.
b. Information you provide us with.

The purpose of processing – Your personal information will be used for the purpose of general business communication. Abacus Medicine bases its processing of your personal information on the General Data Protection Regulation’s (GDPR) article 6(1)(f) and our legitimate interest in communicating  with our business partners.

Recipients of personal information – Your personal information will be shared with our service providers in order to make use of their services. This includes the following service providers:
a. Auditing firms
b. IT-support companies
c. Providers of IT software
d. Providers of servers

Storage period – Your personal information will be stored as long as the information is needed in the course of business.

This privacy policy is designed to help you understand how Abacus Medicine A/S collects and uses your personal information in connection with its social media profiles.
Data collected – If you provide us with your consent, we will be processing the photograph and other data as described in the consent form.

The purpose of processing data – Your personal information will be used to promote Abacus Medicine on its social media platforms. The processing is based on your consent in accordance with article 6(1)(a) of the General Data Protection Regulation. You can withdraw your consent at any time, at which point we withdraw your consent at any time, at which point we will stop the processing of your data.

Recipients – Your personal information will be shared with the independent data controller(s) described in the consent form, which may include:
a. Instagram, Meta Platforms, Inc., owner of , Meta Platforms, Inc., owner of Instagram, treats information about you in accordance with the provisions of its Privacy Policy. Instagram stores data in the US and other countries outside the EEA and utilises Standard Contractual Clauses approved by the European Commission to ensure the protection of your personal data.
b. LinkedIn, LinkedIn Ireland unlimited company treats information about you in accordance with the provisions of its Privacy Policy. LinkedIn stores data in the US and other countries outside the EEA and utilises Standard Contractual Clauses approved by the European Commission to ensure the protection of your personal data. 

Storage period – The processing of your data will continue until you recall your consent or we no longer deem it necessary to fulfil the purpose of the processing.

This privacy policy is designed to help you understand how Abacus Medicine will handle your personal data when you make a report related to adverse events or other activities related to pharmacovigilance (“Pharmacovigilance reports”).

Data collected – When making a Pharmacovigilance report Abacus Medicine will collect the information necessary to fulfil our obligation related to pharmacovigilance, this may include:
a. Patient initials, gender and date of birth;
b. Description of adverse reaction; and
c. Contact details of the reporter.

The purpose of processing data – Abacus Medicine processes your personal data based on article 6(1)(c) and article 9(2)(i) of the General Data Protection Regulation. Your personal information will be used for the following purposes:
a. To comply with our legal obligation to collect Pharmacovigilance reports;
b. Detecting and preventing adverse effects or any other medicine related problem necessary for reasons of public interest in the area of public health; and
c. Transmission of information to manufacturers in accordance with your consent.

Storage period – Pharmacovigilance reports are kept as long as the product is authorised and for at least 10 years after the marketing authorisation has ceased to exist.

Recipients – Abacus Medicine may be legally obligated to share your personal information with independent data controllers, such as:
a. Public health authorities,
b. The product’s marketing authorisation holder or manufacturer.

Abacus Medicine reserves the right to make changes to this policy without prior approval of the Board of Directors in the event of changes in legislation, recommendations or case law. 

Your rights
Under the General Data Protection Regulation, you have rights as an individual which you can exercise in relation to the information we hold about you. This includes the right to:
a. Get access to the data we process;
b. Rectification of inaccurate or incorrect information about you;
c. Deletion of your personal information (in certain circumstances);
d. Restrict our processing of your personal information (in certain circumstances);
e. Object to our processing of your personal data;
f. Have your personal information provided to you in a machine-readable format.

You can read more about these rights at the Danish Data Protection Agency’s webpage or at the European Commission’s webpage.

If you wish to invoke any of these rights, please send your request to privacy@abacusmedicine.com.

Complaints – If you have any complaints regarding Abacus Medicine’s processing of your personal information, you can lodge an official complaint with the Danish Data Protection Agencyi by filling out by filling out this this Complaint form.

Approved by the Board of Directors on 24 October 2023