This privacy policy sets out how InDex process personal data in relation to its homepage visitors and to those who are in contact with InDex in connection to our business operations.
InDex Pharmaceuticals Holding AB, 55067-6820, Berzelius väg 13, 171 65 Solna (“InDex”), and including its subsidiaries, shall only process personal data in accordance with applicable data protection law and high industry standards. InDex is responsible as a data controller for the processing described herein.We may sometimes need to make updates or changes to this Policy. You can always find the latest version of this Policy on our website (please visit: http:// www.indexpharma.com/).
This version was last updated on 2021-04-22.
Personal data
We collect the personal data that you provide us with when you visit and use our homepage and when you interact or otherwise communicate with us or in any other way provide us with your personal data, including if we come in contact with you personally or if we receive your personal data from third parties such as the company you represent.
The personal data may consist of contact and identification details and other information relevant to the situation, such as information related to your visit and use of our homepage.
Purposes
InDex process personal data for the purposes mentioned below:
- We process personal data to create and thereafter maintain and develop business relationships with you or the company you represent.
- If you visit our website, we collect and process information generated by your visit to analyze and produce statistical information regarding our web traffic in order to evaluate and improve our website and web-based communication. For example, we may use cookies on our website. For more information on how we use cookies, please see our cookie policy.
- We also process your name and email address to send you newsletters if you have opted in (registered) for such letters. You may opt-out (unregister) from further messages at any time by using the un-subscription link provided in every message.
- We may also process your personal data if the processing is necessary for the establishment, exercise or defense of our legal claims.
Legal grounds
The legal grounds for processing personal data is either;
(i) Legitimate interest: The processing is necessary to fulfil our legitimate interests for the purposes mentioned above., or
(ii) Our processing for the purpose of sending you newsletters is based on the explicit consent that you provide when you sign up for our newsletter and marketing. .
How we share your personal data
The personal data that we collect is shared with the following types of third parties:
- Service providers: We use third party service providers to manage some aspects of our business operations. We share personal data with such third parties with regard to the IT systems and IT services we use and the companies and organizations we work together with in order to provide our services. When we use such service providers or work together with other third parties we typically enter into data processing agreements, or make other relevant arrangements, to ensure that your personal data is only processed in accordance with this Policy.
- Authorities: When we are required by law, we may share your personal data to public authorities such as the police or tax authorities.
Security
InDex shall use adequate technical and organisational security measures to protect the personal data from loss and to safeguard against access from unauthorised persons. We have taken a number of security measures to ensure that the personal data we store is secure. For example, access to areas where personal data is stored is limited to our employees and service providers who require it in the course of their duties and who are informed of the importance of maintaining the security and confidentiality of the personal data we keep. We maintain appropriate safeguards and security standards to protect your personal data against unauthorized access, disclosure or misuse. We also monitor our systems to discover vulnerabilities in order to protect your personal data.
Transfers of personal data may only occur;
(i) to third parties who perform services on InDex behalf and who may only process personal data in accordance with our instructions, and may not use personal data for their own purposes; and
(ii) outside the EU/EEA only in accordance with applicable data protection laws and subject to the EU Commission’s standard contractual clauses (including any supplementary measures that may be required), and
(iii) as otherwise permitted by law or your consent.
Duration
The duration we process personal data is limited to what is reasonable for the purpose of the processing, unless otherwise required or permitted by law. As a general rule, we store your personal data as long as we have a relationship with you.
Rights
InDex is the controller of the personal data processing, meaning that we are responsible for that the personal data is processed correctly and in accordance with applicable data protection laws.
Unless prevented by applicable law, regulation or agreement data subjects have the right to;
(i) know what personal data we process about them, and
(ii) request that we rectify or erase inaccurate or incomplete personal data
(iii) object to specific processing of personal data.
(iv) receive the personal data provided by them and have the personal data transferred to another party responsible for data processing.
All communications with InDex regarding how we process personal data or exercise of any of your rights can be sent by e-mail to [email protected] or by post to the address above.
You may at any time file a complaint with the supervisory authority if you believe that our processing is performed in breach of applicable data protection legislation. Please note that you are also always welcome to contact us in such event. Reports and complaints can also be directed to Integritetsskyddsmyndigheten who is the supervisory authority for our processing of personal data.