top of page
Working from Home

Privacy Policy

Insife Data Privacy Policy
Final Version 3.0
Department: Information Security

 

This Privacy Policy has been laid down by Insife ApS (“Insife”,” we”,” us” or “our” in this Privacy Policy) and applies to Insife’s business. This Privacy Policy provides information about following:

1) About Insife

2) What is Personal data?

3) What types of personal data do we process about you and why?

4) Use of your Personal data

5) Legal basis for the processing of your personal data

6) Sharing of Personal data

7) Data Integrity and Data Protection

8) Your rights We consider responsible handling of personal data processed as part of the operation of our business to be essential to our business aim and reputation.

 

This Privacy Policy explains how your personal data is collected and used if you are a Customer of Insife and how you may obtain access to your own personal data. This Privacy Policy contains various amounts of information that we are obliged by law to provide to you. The Privacy Policy does not form part of your agreement with us and does not grant or impose on you any contractual rights or obligations.

1. Privacy Policy for Insife APS
 

2. About Insife
 

Insife was started in August 2017. Insife’s background comes partially from industry experience as well as life science consulting and industry benchmarking/ analytical services.

 

Our bases of operations are in Copenhagen (Denmark), Noida/ Bangalore (India), Cologne (Germany), Zagreb (Croatia), Jersey City (USA) and Milton Keynes (UK). We are global in nature and partner with several companies that we trust to deliver on the same high standards as our own.

If you have any questions relating to this Privacy Policy or the processing of personal data by Insife as part of the operation of our business, please contact us using the following contact details:

Insife ApS

Gladsaxevej 384A, st. a

Søborg 2860

Denmark

Danish CVR no. 38819259

Email: gdpr@insife.com

3. What is Personal data?
 

Personal data is any information concerning an identified or identifiable natural person. An identifiable natural person means a person who can be identified, directly or indirectly, by reference to an identifier, e.g., a name, an identification number or one or more factors specific to the identity of a given person.

4. What types of personal data do we process about you and why?
 

The data we process about you will be used for various purposes in connection with your customer relationship and the operation of Insife’s business. The data processed may vary depending on whether you are a customer, supplier, or business partner, but will generally be data relating to customer management and supplier management, data stored in Insife’s cloud, information used to improve our website and data relating to Insife’s rights and obligations.

Any failure by you to provide personal data may mean that we at Insife will be unable to fulfil our obligations relating to your customer or supplier relationship.

Insife collects and processes general personal data only in connection with your customer or supplier relationship with Insife.

When Insife offers its services to customers, Insife will in some cases process special categories of personal data relating to you.

Insife will typically process the following data (the list is not exhaustive):

  • Data about our customers: Data that you provide to us when becoming a customer of Insife, including contact details (name and address of the enterprise), your marketing or communication preferences, and data that you provide to us when contacting us to ask a question or to report a problem or generally as part of your customer relationship with Insife.

  • Data about our suppliers and business partners: Data that you provide to us in connection with the conclusion of a supply or cooperation agreement, including contact details (workplace, job title, first name, middle name(s), last name, address, telephone number and email address), data that you provide to us on your marketing or communication preferences, and data that you provide to us when contacting us to ask a question or to report a problem or generally as part of our cooperative relations.

  • Data stored in the cloud: Data that you store in the Insife cloud, including PV agreements, ICSR reports (i.e., patient, parent, reporter data and related data concerning individual’s health), data from PSPs, MRPs etc. that may be needed to fulfil your pharmacovigilance obligations while using the Insife Cloud. General reference to “your personal data” also includes data that you have collected on your customers, and you have stored in the Insife Cloud.

  • Data that we collect and process when you visit our website: Data on the way you navigate to and between our websites and the resources you access, information about your computer, device, and browser, including in some instances your IP address, browser type, and other hardware and software information. If you access our website from a mobile device, we may also collect the unique identification number of your device.

Employees and Consultants

f you are engaged as an employee or as a consultant with Insife, we would collect information that are personal in nature for our records. The information will be used legitimately, would be available for you to access and kept updated. Insife aims to maintain information only that is required for employment (payroll basis, bookkeeping - employee and employer relationship). We also ensure that no information of any visitor on the Company website is retained without the individual’s consent, for e.g., those interested in our service offerings leaving a query or request to contact them, we ensure consent of the individual is solicited. On our website, no cookies are set that can identify individuals. Newsletters are available as a subscription, where consent must be provided, and it is at any time possible to unsubscribe via links on the website and in the emails. Additionally, there are no log files and tracking systems set on our website that collects user details.

 

5. Use of your Personal data
 

Insife processes your personal data for the purposes set out below. Please note that not all the specified purposes, categories of data, recipients of data or types of processing of data will in all instances apply to you.

Insife processes your personal data solely to the extent necessary in connection with your customer or supplier relationship (in each case taking any interests into account), in connection with Insife’s services in relation to Pharmacovigilance IT systems such as HALOPV or Oracle Argus Safety, according to current law.

  • Customer relationship management: Creation and management of your customer relationship with Insife as part of the operation of the Insife business.

  • Supplier relationship and Cooperative Relations Management (CRM): Insife processes your personal data as part of the management of supplier relationships and/ or cooperative relations where you are a supplier or business partner or a contact person of a supplier or business partner with which Insife has business relations as part of the operation of our business.

  • Operation and maintenance of our websites: The provision of our online services at our websites, including to support the ongoing evaluation and improvement of our websites.

  • Services regarding IT systems for Pharmacovigilance e.g., HALOPV: Provide support to users of the system, which may include access to data provided by patients and healthcare professionals.

  • Compliance with current laws and regulations: The compliance with laws and regulations to which Insife is subject in connection with the operation of the business or to fulfil various duties of reporting or disclosure under current laws and regulations imposed on Insife.

  • Employees and Consultants: Insife maintains information only that is required for employment (payroll basis, bookkeeping - employee and employer relationship).

Insife does not use your personal data to make decisions based solely on automatic processing, including profiling.

Insife endeavours to ensure that all personal data processed by us are accurate and up to date. As a result, we request that you always inform us of any change in your data (e.g., any change of address or payment details) to enable us to ensure that the data are always accurate and up to date.

6. Legal basis for the processing of your personal data
 

Insife will process your personal data only if we have a legal basis for doing so. Depending on the circumstances, Insife may process non-sensitive data as well as special categories of data about you.

Non-sensitive data about you are generally processed on one of the following bases:

  • Consent: You have given your consent to the processing of your personal data for one or more specific purposes. Processing based on consent is in accordance with Article 6(1)(a) of the General Data Protection Regulation (the “GDPR”).

  • ​Legal obligation: Compliance with a legal obligation imposed on Insife. Processing based on a legal obligation is in accordance with Article 6(1)(c) of the GDPR. The Danish Acts requiring Insife to process personal data include:

 

   a. The Danish Bookkeeping Act, which requires Insife to retain all bookkeeping records for a minimum of 5 years.

 

   b. The Danish Tax Control Act, which requires Insife to report information to the Danish tax authorities.

In addition to the above, there may be other statutory regulations requiring Insife to process personal data. That will be the case particularly in the event of any act or amendment to an act adopted after the preparation of this Privacy Policy or any act/ executive order to which Insife may later be subject due to changes in the enterprise, and in the event of any special factor coming into play.

  • Our legitimate interests: The legitimate interests pursued by Insife, i.e., the purposes described above. Processing based on our legitimate interests is in accordance with Article 6(1)(f) of the GDPR.

Sensitive personal data about you are generally processed on one of the following bases:

  • Consent: You have given your consent to the processing of your personal data for one or more specific purposes. Processing based on consent is in accordance with Article 9(2)(a) of the GDPR

  • Publicly available information: Processing concerns personal data that are publicised by you. Such processing is based on Article 9(2)(e) of the GDPR.

  • Legal claims: Processing is necessary to establish, exercise or defend legal claims (Article 9(2)(f) of the GDPR).

Special categories of personal data about you are generally processed on one of the following bases:

  • Civil registration number: Such data will be processed either 1) if you have given your consent to such processing, 2) if Insife is required to process such data under statutory regulations (see above under processing of non-sensitive data), or 3) if one of the conditions for processing of sensitive data is fulfilled. Processing of a civil registration number is in accordance with section 11(2) of the Danish Data Protection Act.

7. Sharing of Personal data
 

Insife will disclose data only to the extent necessary as part of the operation of our business.

 

Furthermore, Insife may disclose your personal data and/ or make them available to other suppliers and/ or service providers in connection with the general operation of our business, e.g., in connection with the external administration of our IT systems, analysis tasks, marketing tasks, debt collection, credit rating, audit, legal assistance, etc.

 

Insife endeavours, wherever possible, to restrict the disclosure of personal data in a form enabling them to be attributed to a natural person to limit the instances of disclosure of data that could be attributed to you personally. Insife does not disclose your personal data unless such disclosure is necessary to perform our activities or fulfil your needs.

Insife is geographically located across the globe that includes regions not in the EU jurisdiction.

 

Insife does not transfer personal data from citizens in the EU/ EEA outside of the region. In case a customer or data processor on behalf of a customer includes personal data from an EU/ EEA citizen, provisions to redact this information will be made, for Insife colleagues outside the region to be shielded from access to the personal data.

 

In case a customer requires Insife to utilize staff from outside the region, e.g., for customer support, a contract allowing for lawful transfer of personal data will be created and consent will be obtained by the customer. In the capacity of customer support (locations outside EU regions), the customer support team will be provided access to customer environment for only those areas that are in the scope of customer support management with access approved and in consent with the customer.

 

Additionally, if Insife ApS is the data exporting organization and any entities of Insife outside EU region is the data importing organization, then an appropriate contractual agreement will be executed and maintained by both the organizations. The contract shall govern and describe acceptable practices to be followed by the data importing organization.

8. Data Integrity and Data Protection
 

Personal data are retained for no longer than is necessary in relation to the purpose for which they were collected, unless retention is necessary to comply with national statutory requirements, including statutory retention periods relating to EU-subsidy control, bookkeeping, etc.

 

Insife’s policy is to protect personal data by taking adequate technical and organisational security measures. Once your personal data are no longer needed, we will ensure that they are erased in a secure manner.

9. Your rights
 

You are always entitled to exercise your rights under the data protection legislation in force at any time. However, please note that we will not always be required to fulfil these rights in whole or in part. For example, you are not entitled to erasure of your personal data retained by Insife if the law obliges Insife to store such data.

  • Your right of access: You may, for e.g., request access to the personal data held by us and information about e.g., the purpose(s) for which personal data are used and to whom they are disclosed.

  • Your right to object: You may object to the processing of your personal data, including object to automated decisions and profiling or to the use of your personal data for direct marketing.

  • Your right to rectification: You may request correction of any incorrect information about yourself.

  • Your right to restrict processing and erasure: You may request the restriction or erasure of information about yourself if the relevant conditions are met.

  • Your right to data portability: Your right to data portability is applicable to information you have provided to us if the processing is based on your consent or a contract, and such portability is technically possible.

In addition, you have the right to withdraw your consent to processing of your personal data in case our processing is based on your consent.

If you withdraw your consent or request restriction of our processing of your personal data, it may mean that we will no longer be able to manage our agreement with you.

 

If you wish to exercise one or more of your rights, please contact us at gdpr@insife.com. Your request will be processed in accordance with the data protection legislation in force at any time.

 

Any complaint about processing of your personal data by Insife should be filed with:

The Danish Data Protection Agency

Carl Jacobsens Vej 35

DK-2500 Valby

Tel: 33 19 32 00

Email: dt@datatilsynet.dk

10. Updates
 

Insife will evaluate and update this Privacy Policy from time to time. We would therefore recommend that you regularly check this Privacy Policy for any changes which may be relevant for the processing of your personal data.

bottom of page