Privacy policy
Go North Medical Privacy Notice
Information on Data Protection for Customers, Suppliers and other Data Subjects
Go North Medical takes the privacy of your information seriously. We are committed to ensuring that information relating to you and from which you can be identified (known as “personal data”) is protected in accordance with our legal obligations under the EU General Data Protection Regulation (“GDPR”) and other applicable national data protection laws. With this Privacy Notice, we would like to give you an overview of the processing of your personal data by us and your rights under data protection law. Which data exactly are processed and the manner in which they are used is principally determined by the services requested or agreed.
1. Who is responsible for data processing?
Responsibility lies with Go North Medical AB (Ekedalsvägen 10, 433 62 Sävedalen, Sweden) as the controller (Art. 4 no. 7 GDPR) of data. For further information on the controller role please contact: dataprotection@gonorthmedical.com
2. How can I contact the Data Protection Officer?
You can contact the Data Protection Officer under: Go North Medical, Ekedalsvägen 10, 433 62 Sävedalen, Sweden dataprotection@gonorthmedical.com
3. What kind of personal data do we hold?
We may have received personal data directly from you, from our business partners (such as the legal entity for whom you work), other third parties (such as health care facilities) or reliable public sources (such as university or congress websites). We collect different kinds of personal data on you, for example:
• Name and contact details (e.g. name, sex, email address and/or postal address, telephone number(s))
• Function (e.g. title, position, name of company, as well as for health care professionals field(s) of expertise, education, publications, congress activities, participation in clinical studies and organizations)
• Payment details (e.g. bank details, VAT no. or other tax ID)
• Information on your preferences, including communication channels and frequency
• Data provided to us e.g. by filling out forms, during events in which you participate or by answering questions of a survey
• Data relating to our products or services
• Information on a scientific and medical cooperation with us
If you would like to provide personal data on other persons (e.g. colleagues of yours) to us you are obliged to provide such persons with a copy of this Privacy Notice either directly or via your employer.
4. For which purpose do we process your personal data and why is this justified? We process personal data in accordance with the provisions of the GDPR and other applicable national data protection laws.
4.1 As a result of your consent, Art. 6 (1) (a) GDPR To the extent you have consented to the processing of personal data by us for certain purposes (such as marketing, mailing newsletters, clinical studies, device tracking), such processing is legitimate based on your consent. Consent once given may be revoked at any time. This also applies to the revocation of declarations of consent given to us before the effective date of the GDPR, i.e. before 25 May 2018. Revocation of consent has an effect only for the future and does not affect the legitimacy of the data processed until revocation. You may easily revoke your consent by reaching out to us and or clicking the unsubscribe link at the bottom of newsletters.
4.2 In order to comply with contractual obligations, Art. 6 (1) (b) GDPR Personal data are processed for the purpose of providing services in connection with the performance of our agreements with our customers or for performing pre-contractual measures as a result of queries. The purposes of data processing are primarily determined by the specific agreements regarding services or products (such as purchase of medical devices, repair or maintenance services, participation in events) and may, among other things, include administration of contracts. For further details on the purposes of data processing, please refer to the respective contractual documents.
4.3 Within the scope of the balancing of interests, Art. 6 (1) (f) GDPR To the extent necessary, we will process your personal data beyond the scope of the actual performance of the contract so as to protect justified interests of our own and of third parties. Please note that, when processing your personal data on this basis, we always seek to maintain a balance between our legitimate interests and your privacy. Examples: • Tracking of side effects (pharmacovigilance purposes)
• Improvement of our products and services
• Commercialisation of products
• Advertising or marketing and opinion research unless you have objected to the use of your data (please see article 4.1 rejection of consent)
• Lodging of legal claims and defence in case of legal disputes
• Ensuring IT security and IT operations
• Prevention and investigation of criminal acts
• Measures for business management and advanced development of services and products.
4.4 On the basis of statutory regulations, Art. 6 (1) (c) GDPR
Moreover, as an agent for a medical device manufacturers, we are subject to various legal obligations, i.e. statutory requirements (such as the EU Medical Device Regulation) which require us to process your personal data in certain cases.
5. Who will receive my data?
Within Go North Medical, those departments will be granted access to your data which require them in order to comply with our contractual and statutory obligations. Further, we may transfer personal data within the Go North Medical group. Regulatory authorities responsible for medical device approval and product safety may receive personal data from us. Service providers, third parties and agents appointed by us may receive the data for these purposes. These are companies in the categories of medical device manufacturers, pharma companies, IT services, logistics, printing services, telecommunication, consultation as well as sales and marketing. Your personal data may also be accessed by or transferred to any national and/or international regulatory, enforcement, public body or court.
In any case, personal data will only be transferred to recipients outside Go North Medical if this is required by law, you have given your consent or we have entered into data processing agreements, if applicable.
6. Will the data be transferred to a third country or an international organization? Data transfers to bodies in states outside the European Union (so-called third countries) will take place to the extent
• you have given your consent, and/or
• we ensure that appropriate safeguards are implemented to provide an adequate level of data protection such as standard contractual clauses approved by the European Commission or adequacy decision by the European Commission.
7. For how long will my data be stored?
We process and store your personal data as long as this is required to meet our contractual and statutory obligations. If the data are no longer required for the performance of contractual or statutory obligations, these will be erased on a regular basis unless – temporary – further processing is necessary for the following purposes:
• Compliance with obligations of retention under commercial or tax law. In general, the time limit specified for respective retention or documentation is two to 15 years.
• Preservation of evidence under the statutory regulations regarding the statute of limitations. These statutes of limitations may be up to 30 years, the regular statute of limitation being three years.
8. What are my rights under to data protection law?
Every data subject has the right of access pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR, the right to object pursuant to Art. 21 GDPR and the right to data portability pursuant to Art. 20 GDPR. Moreover, there is a right to appeal to a competent data protection supervisory authority (Art. 77 GDPR).
Your consent to the processing of personal data granted to us may be revoked at any time by informing us accordingly. This also applies for the revocation of declarations of consent given to us before the effective date of the GDPR, i.e. before 25 May 2018. Please keep in mind that such revocation will be effective only for the future with no impact on processing carried out before the date of revocation.
9. Am I obliged to provide data?
Within the scope of our business relationship, you are obliged to provide such personal data which are required for commencing, executing and terminating a business relationship and for compliance with the associated contractual obligations. Without these data, we will generally not be able to enter into agreements with you, to perform under such an agreement or to terminate it.
Information about your right to object pursuant to Art. 21 GDPR
Right to object based on individual cases
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6 (1) (f) GDPR (data-processing on the basis of the balancing of interests). If you do object, we will no longer process your personal data unless we have compelling justified reasons for such processing which take precedence over your interests, rights and freedom or, alternatively, such processing serves to assert, exercise or defend legal claims.
Right to object to processing for the purpose of direct marketing
In individual cases, we will process your personal data for the purpose of direct marketing. You have the right to object at any time against the processing of your personal data for the purposes of such marketing; this also applies for profiling to the extent it is connected to such direct marketing. If you do object to processing for the purposes of direct marketing, we will refrain from using your personal data for such purposes in the future.
Recipient of an objection
Any objection may be submitted informally under the heading “objection” indicating your name, your address and your date of birth and should be addressed to: dataprotection@gonorthmedical.com
Go North Medical AB Flöjelbergsgatan 3, 431 35 Mölndal, Sweden
Go North Medical AB Ekedalsvägen 10, 433 62 Sävedalen, Sweden