This Privacy Notice (“Privacy Notice”) for Cinclus Pharma Holding AB company reg. no. 559136-8765, and its subsidiaries, (“Cinclus Pharma”, “we”, “us”, “our”), describes how Cinclus Pharma in its capacity of data controller collects, stores and processes your personal data. The Privacy Notice further describes our legal bases for the processing, how it affects you and how to exercise your rights.
We collect and process personal data provided by you in different contexts such as when you apply for a job or as being an employee at Cinclus Pharma. Furthermore, we collect and store personal data about you as a shareholder, investor, supplier contact person or as another stakeholder.
The personal data is collected and processed for the following main purposes:
In order to fulfill our obligations towards suppliers, we use e.g., contact information that we collect through agreements.
In order to fulfill our obligations towards job applicants and employees e.g., to pay salaries and handle recruitment processes.
In order to answer questions received through email or contact forms, we process the personal data that has been provided through the specific message.
In order to fulfill legal obligations, for example the Swedish Accounting Act (Sw. Bokföringslagen), we are obliged to store accounting information for 7 years.
Cinclus Pharma conducts business within the development and commercialization of pharmaceuticals and acquisition and exploitation of intellectual property rights.
Cinclus Pharma finds that the processing of personal data in accordance with applicable rules and legislation is of high importance in order to maintain the trust of suppliers and investors as well as the trust of other stakeholders and people we are in contact with. Protection of the integrity of the individual is crucial to maintain their trust and to develop the long-term relationships we strive for. The management of Cinclus Pharma is ultimately responsible for ensuring that your personal data is processed in accordance with applicable rules and legislations, in a way that preserves and respects the interests of the individual.
The personal data that we collect
Cinclus Pharma collects personal data in order to fulfill contractual obligations with our suppliers, but also in order to be able to contact job applicants, employees, investors, shareholders and other stakeholders.
Some of the information is provided to us directly through e-mail contact, the form on our website, through LinkedIn or during the course of business related relationships. We may also collect information from third parties. Such third-party sources may vary from time to time, but have previously been including:
Credit reporting services
Staffing- and recruitment companies
What kind of information we collect, depends on the context of your interactions with Cinclus Pharma and the nature of our relationship.
We also collect and store information that you have provided through messages that you sent us such as the overall content of the message, feedback and questions.
If we intend to use your personal data for any other purpose, beyond what has been set out in this Privacy Notice, we will inform you prior to, or in connection with, the collection of that personal data. We will also ask for your permission or, where applicable, your consent. Alternatively, such permission will be required after collection of personal data but prior to the use of the information for the new purpose.
Reasons we share your personal data
In some cases, it may be necessary to share your personal data with other actors performing services on our behalf in order to conduct our business in an effective way. This may apply e.g., by the use of systems for handling emails, consent management tools or hiring a recruitment agency when recruiting new staff members.
In the case of sharing your personal data with others, we have ensured that such parties comply with our data protection requirements and are subject to prohibition of using the information for other purposes.
We may also need to disclose or store your personal data, when deemed necessary in order to fulfill certain obligations such as:
To comply with applicable legislation or to proceed in a legal process. This includes providing information to the police, the Swedish Tax Agency and other authorities.
To protect our suppliers and employees e.g., to prevent spam mail and fraud attempts.
To manage and maintain the security of our products and functions, including preventing or stopping an attack on our systems and our networks.
Please note that our website may contain links to products or platforms from a third party whose data protection notice differs from ours, e.g., LinkedIn or Piwik. If you provide your personal data through such products or platforms, your personal data will be subject to, and processed in accordance with, their privacy notice.
How to access and control your personal data
Information on how to administer your rights according to applicable data protection legislation can be found under the section named “Contact us”.
Your individual rights
Cinclus Pharma complies with applicable data protection legislation, including (where applicable) the following rights:
You have the right to request a free extract from our registry (as defined in the legislation). You also have the right to request a copy of your personal data processed by us and to request a correction, if found necessary. Under certain conditions you may request deletion of your personal data.
You have the right to request restriction of, and object to, the processing of personal data that is subject to the legal basis of our legitimate interests.
You have the right to make complaints to a supervisory authority. The Swedish Authority for Privacy Protection (IMY) is the authority in Sweden that supervises how companies, including us, comply with the legislation.
If the processing of personal data is subject to your consent as legal basis, you have the right to withdraw your consent at any time in regard to the processing of your personal data.
You have the right to data portability, meaning that you have the right to request us to disclose your personal data in a structured format. Please note that this right only applies to personal data subject to the legal bases of i). your consent or ii). an agreement that you have entered into with us.
Security of your personal data
Cinclus Pharma uses a range of security techniques and measures to protect your personal information from unauthorized access, unwanted change and loss of data; e.g., personal data that you enter is stored on computer systems that have limited access and are located in protected premises.
The location of storage and processing of personal data
The personal data, processed by Cinclus Pharma, may be stored and processed in the region of your habitual residence, in Sweden, or other countries where Cinclus Pharma, our partners or suppliers are conducting business. We take action to ensure that the information we collect is processed in accordance with this Privacy Notice and in accordance with the provisions of applicable legislation of the location of the personal data.
In case of transfer of your personal data to a data controller or data processor, due to circumstances explained under “Reasons we share your personal data”, located in a third country, i.e., a country outside of EU/EES, we will enter into an agreement and take other actions in accordance with applicable data protection regulations. We will use EU:s standard contractual clauses as appropriate security measures where applicable and, if necessary, use additional measures such as encryption.
Our preservation of personal data
Cinclus Pharma preserves personal data as long as necessary to respond to inquiries, maintain relationships with suppliers, shareholders and other stakeholders, or for other necessary purposes such as complying with our legal obligations, resolving disputes and enforcing our agreements. Since these needs may vary for different types of data and contexts, actual retention periods may vary. In summary the following can be said:
Information on contact persons of suppliers is stored up to one year after the end of the contractual relationship, but please note that the name of the contact person still may appear in the invoice documentation stored in accordance with applicable accounting legislation.
Information received by Cinclus Pharma, by e-mail or website form, is deleted when it is established that there is no need for further follow up on the matter.
Contracts are stored for a period of ten years after the completion of the assignment, in order to secure the legitimate interest of Cinclus Pharma in regard to defending itself against various types of legal claims.
Invoices and other information relating to the accounts are stored for seven years after the ending of the financial year in accordance with the Swedish Bookkeeping Act or for subsidiaries outside of Sweden in accordance with local similar Acts.
Salary bases are stored up to seven years after the ending of the financial year in accordance with the Swedish Bookkeeping Act. For subsidiaries outside of Sweden in accordance with local similar Acts. Other information on employees is stored for ten years after termination of employment.
Applications from job applicants are stored as long as deemed necessary for the recruiting process and thereafter for a time period of two years, in accordance with the Swedish Discrimination Act (sw. Diskrimineringslagen).
Information on investors and shareholders are stored in accordance with time periods set in the Swedish Companies Act (sw. Aktiebolagslagen).
Cookies and similar technologies
When visiting our website, Cinclus Pharma, or a trusted third party, may store cookies on your device for the purpose of improving your user experience. Cookies that are essential for the website's appearance and functionality (Umbraco, MFN token and Recaptcha) will be stored automatically. Storage of other cookies will require your consent (Fontawesome and perseverance of the consent itself, which is managed by the third party tool Piwik. For information about their personal data processing, please see their privacy notice).
The storage times for the specific cookies are as follows:
Fontawesome: 12-24 months
Umbraco UMB_MCULTURE: 13 months
Umbraco UMB_UPDCHK: Session cookie
Cookie consent: 13 months
RECAPTCHA: 4 months
MFN: Session cookie
Cinclus Pharma’s website does not contain cookies for tracking, statistics or marketing purposes.
Changes to this Privacy Notice
This Privacy Notice will from time to time be subject to changes in order to reflect our user feedback and changes to our business. When an update is made, the date for the latest update will be stated at the top of the Notice and the changes will be further described in the section “Change history”.
If the Privacy Notice is subject to major changes, or changes are made in the way Cinclus Pharma processes your personal data, you will be noticed through our website or by receiving an email prior to the effective date of the changes.
Please read this Privacy Notice from time to time, to keep yourself informed on how we protect your personal data and integrity.
If you have any questions, or for other reasons want to contact us regarding privacy matters, please contact our Data Protection Coordinator, by sending an email to email@example.com.
May 2018: Clarifications due to the new data protection regulation (General Data Protection Regulation, “GDPR”) entered into force May 25, 2018. The updated Privacy Notice will automatically enter into force for all current users and visitors on May 25, 2018. Your continued use of our products and services, from that day, will be subject to the new Privacy Notice. The Privacy Notice has also been adjusted and adapted in order to be concise, clear, distinct and comprehensible and in that way easier to understand.
May 2022: Additional updates and changes for the purpose of making the Privacy Notice more clearly reflect how we conduct our business and how we during that process, handle personal data, your rights and how you may exercise your rights, transfer of personal data to third countries.
October 2022: Update regarding the implementation of third-party tool for obtaining and storing cookie consent.