Effective Date of last update 30 August, 2023
This privacy notice applies to you if you are using the app NN Bikes (referred to as the “App”). The privacynotice does not apply to situations where we have notified you that analternative privacy statement applies, nor does it apply to Novo Nordiskwebsites, including websites operated by Novo Nordisk affiliates. You shouldreview the privacy statement posted on the Novo Nordisk websites when you visit them.
This privacy notice tells you what Novo Nordisk doeswith your personal data as data controller. When referring to “Novo Nordisk”,“we”, “our” and “us”, we mean Novo Nordisk A/S.
We encourage you to reach out to us if you have questions about this privacy notice or to take advantage of your data privacy rights in accordance with the General Data Protection Regulation (“GDPR”).
Ourcontact information is:
Novo Nordisk A/S
Novo Allé
2880 Bagsværd
Denmark
CVR number 24256790
+45 4444 8888
privacy@novonordisk.com
You can also contact our Data Protection Officer at privacy@novonordisk.com
Below you will find a description of the personaldata, which Novo Nordisk may collect and process about you in connection withyour use of the App, as well as the purpose and on which basis we areprocessing the data. Your personal data is information that can identify youdirectly or indirectly.
When using the App, we ask for your explicit consent to process yourpersonal data as described below. Novo Nordisk will ask for your explicitconsent to collect and process personal data for each of the following purposes:
(a) App functionality
(b) Product and service improvement
You can provide consent when you register to the App,and later by adjusting your account settings. You can revoke your consent atany time in the App settings or by reaching out to us using the contactinformation above. The consequences of doing so, if any, are described below.
If you are a parent or legal guardian setting up anaccount for a user who is a minor, you must inform the child about the consentyou have given and their right to withdraw their consent once he or she reachesthe age of [to be insertedby Affiliate] years.
Each purpose of ourprocessing of your personal data is described further below.
(a) App functionality (required consent)
Novo Nordisk requires personal data about you toprovide the App. We collect and use this personal data to provide the followingapp functionalities:
If you consent to our use of your personal data for appfunctionality, we will collect and use the personal data listed below toprovide our services to you based on the legal basis in GDPR Article 6(1)(a)and 9(2)(a). If you do not consent to this processing of your personal data, orlater revoke that consent, you cannot use the App.
Personal data necessary to create an account in theApp and to pair your smart cap device
The following data is necessary in order for you to createan account in the App and pair your smart cap device:
(a) Name or alias of the person in treatment
(b) Your e-mail address
(c) Your password
(d) Date of birth of the person in treatment
(e) Registration date
(f) Status and details of consents
(g) Additional information requested as part ofregistration (e.g., whether you sign up as a patient or caregiver) that iseither necessary for registration or that you choose to provide.
(h) Information about your Mallya smart cap to connect and reconnect to theApp.
Personaldata required for other App features
All personal data thatis not listed above is optional. The amount of data that the App collectsdepends on your use of our App. Certain App features may only be available ifyou share medical data with us (either via your smart cap device or by addingthe data manually in the App), including:
i. Norditropin pen strength
ii. Dose size and dose date and time
(b) Product and service improvement (optional consent)
Before you provide personal data as part of your useof the App, we will ask for your explicit consent to use the data for productand service improvement. This consent isseparate from the one required for app functionality as described above.
If you provide us with your explicit consent to use the data forproduct and service improvement, we will anonymize the personal data stated abovebased on the legal basis in GDPR Article 6(1)(a) and 9(2)(a). This means thatthe data can no longer be linked to you. We will use the anonymized data to assess,document, and improve the use and effects of our products and services, and toconduct research within growth disorders as well as to include findings inscientific publications.
If you do not consent to our use of your data forproduct and service improvement, it will not affect your use of the App and youcan change your preference at any time.
Please note that this privacy policy does not apply to personal datacollected in relation to customer support. Customer and product support for theApp will be handled by the local Novo Nordisk company in the country you aresituated. The contact information to the local Novo Nordisk company isavailable in the App.
If you are a parent or legal guardian setting up anaccount for a user who is a minor, Novo Nordisk will collect and process your e-mailaddress. We will process your e-mail address based on our legitimate interestin setting up the account. This meansthat we process your e-mail on the legal basis in GDPR Article 6(1)(f).
We do not knowingly collect personal data fromchildren under [to beinserted by Affiliate] years without the consent of their respectiveparent or legal guardian. If we learn that a child who is younger than [to be inserted by Affiliate]years has provided us his/her personal data without the consent of his/herparent or legal guardian, we will delete that personal data. If you believe achild that does not meet the above age limit has provided his/her personal datawithout the consent of his/her parent or legal guardian, please contact us.
Personal data will be treated as confidential information by those whoare allowed to access it. We will only use the data for the purposes set out inthis privacy notice. Novo Nordisk applies appropriate security andconfidentiality standards to protect your data. This includes protection fromunauthorized and illegal processing, unintentional loss, unintentionaldestruction or damage. We apply strict internal processes, security features,and appropriate encryption methods for storage and transfer of data, alwaysconsidering state-of-the-art technology and implementation costs. When usingyour data for purposes that does not require us to connect the data to you, wewill pseudonymize it, meaning that we will ascribe a number to you instead ofincluding e.g. your name or e-mail address.
Third party service providers engaged by Novo Nordisk(processors), such as IT service providers and consultants, may access yourpersonal data on behalf of us and only for use as described in this privacy notice.We only use processors capable of offering suitable technical andorganizational security measures.
Novo Nordisk may share your personal data in thefollowing instances:
(a) With processors, as explained above
(b) With public bodies, such as health authorities, inaccordance with our legal obligations
(c) With collaborators, for example, otherpharmaceutical companies that partner with us in the provision of services orin research – as pseudonymized or anonymized data and with your consent or inaccordance with applicable laws relating to scientific research and statistics
(d) With other third parties, such as your and ourinsurance company, competent courts or legal advisors in case of a productrecall or claim or to assert, exercise, or defend legal claims(e) With other third parties that you instruct us toshare the data with
We do not transfer your personal data outside of theEU/EEA.
We will keep your personal data for as long as necessary for us tofulfil the purpose of the processing and nolonger than the last date the App was available. Your personal data may beprocessed longer if required by law.
Where we process your personal data with your consentand you later decide to withdraw your consent, we will delete or anonymize thedata unless it can be processed on another legal basis.
As a data subject, you have a number of rights which are described below.To make use of any of these rights, please use the privacy settings provided inthe App or reach out to us using the contact information provided above and letus know which right it concerns.
Under applicable law, there may be limits on theserights depending on the specific circumstances of the processing activity.Please contact us as described above with questions relating to these rights.
Your rights are:
The right to information. You can obtain further information on the personal data, which we store and processes about you.
The right to a copy. You can obtain a copy of your personal data in a structured, commonlyused and machine-readable format.
The right to object. You can object to the processing of yourpersonal data at any point in time.
Theright to restrict data processing. You have the right to request restriction ofour use of your personal data for the duration of any investigation review thatyou have requested.
The right to rectify. You can at any point intime request correction of your personal data by contacting us requesting thatyour information is rectified. You can also correct some of your personal data yourself in the App.
The right to withdraw theconsent. You can at any point intime withdraw your consent to the processing of your personal data bycontacting us by using the contact information stated above or in the privacysettings provided in the App.
Theright to erasure. You have the right to request the erasure of yourdata by contacting us stating that you wish to have your data erased. There areexceptions to the right to erasure, for example where we have a legalobligation to keep the data.
The right to data portability. You have the right toreceive the personal data concerning you, which you have provided to us and totransmit those data to another data controller where the processing is based onconsent.
The right to complain. Please contact us if you have any complaints about NovoNordisk’s processing of your personal data. You may also lodge acomplaint with the Danish Data Protection Agency or the supervisory authoritywhere you are based. The names and contact information of all supervisoryauthorities in the EU are listed here [INSERT THE FOLLOWING LINK UNDER “here”: https://edpb.europa.eu/about-edpb/board/members].
As technology and data protection and devicelegislation are constantly changing, we may have to change this Privacy Noticefrom time to time. We will inform you of changes through our App and, ifnecessary, obtain new consents.
[Guidance to Affiliates: Ifrequired by national legislation please insert relevant additional informationthat relates to NN A/S' collection and processing of personal data about usersin your country.]