Privacy Policy. Woman in a restaurant having lunch with friends. Privacy Policy. Woman in a restaurant having lunch with friends.

PRIVACY POLICY

Protecting the Privacy of Personal Data

Lundbeck Canada Personal Information Protection Policy

PURPOSE

The purpose of this policy is to set out ground rules to govern the collection, use, and disclosure of personal information in a manner that recognizes and protects the rights and privacy of individuals with respect to their personal information.

This policy applies to Lundbeck Canada in respect to personal information that:

  • Lundbeck Canada collects, uses or discloses in the course of its commercial and research and development activities; or
  • Is about an employee of Lundbeck Canada.

Please see separate Privacy Notification for individuals seeking medical information specific to Lundbeck’s products.

DEFINITIONS

1. Personal Information:

Personal information is any information which relates to a natural person and allows that person to be identified. This includes information in any form (computerized, written, electronic, graphic, taped, and filmed), such as:

  • Age, name, ID numbers, income, ethnic origin, blood type, photo
  • Opinions, evaluations, comments, social status, or disciplinary actions
  • Employee’s files, compensation information, credit records, loan records, medical records

Personal information does not include the name, title and business address or business telephone number of an employee of an organization.1

2. Use:

Refers to the utilisation of personal information by an organization.

3. Disclosure:

Making personal information available to a third party outside the organization.

4. Consent:

Voluntary agreement with what is being proposed. Consent can be either expressed or implied. Express consent is given explicitly, either orally or in writing. Express consent is unequivocal and does not require any interference on the part of the organization seeking consent. Implied consent arises where consent may reasonably be inferred from the action or inaction of the individual.2

5. Organization:

An organization includes an association, a partnership, a person (physical or legal) or a trade union.

1. Explicit in PIPEDA and the Personal Information Protection Act in Alberta and British Columbia, but not for the Québec Act respecting the protection of personal information in the private sector. However, the same exception seems applicable in Québec according to caselaw.

2. Québec Act respecting the protection of personal information in the private sector requires express consent.

PRIVACY LEGISLATIONS AND APPLICATION

Since January 1, 2004, Canadian organizations in the Private Sector engaged in commercial activities are required to comply with the Federal Personal Information Protection and Electronic Act (“PIPEDA”). In addition, Acts respecting the Protection of Personal Information in the Private Sector are in force in several provinces and along with PIPEDA set out the rules regarding the collection, use and disclosure of personal information.

Lundbeck Canada’s Personal Information Protection Policy is in compliance with the more stringent requirements of all Federal and Provincial applicable legislations in the respect and protection of personal information in the private sector.

PRINCIPLES

Lundbeck Canada has adopted the 10 principles developed by the Canadian Standards Association Model Code for the Protection of Personal Information as the minimum requirements for the Protection of Personal Information for its customers, service providers and employees.

1. Accountability

Lundbeck Canada recognizes its responsibility for the personal information collected, used or disclosed under its control and has designated a Chief Privacy Officer (CPO) accountable for the company’s compliance with the underlined principles of Personal Information Protection.

The CPO is in charge of implementing policies and practices to protect personal information. In addition, the CPO has the mandate to develop and conduct information programs to foster employees’ awareness and understanding of the Lundbeck Canada’s privacy provisions and practices.

In turn, the employees recognize their responsibility in regards of protecting the personal information they collect, use and/or disclose.

Other individuals within the company may be delegated to act on behalf of the CPO or to take responsibility for the collection and processing of personal information.

In the instances where personal information is disclosed to a third party, Lundbeck Canada makes sure that the third party will provide equal protection and will hold, use or disclose the personal information in compliance with the present policy.

2. Identifying Purposes

Lundbeck Canada identifies the purposes for which personal information is collected at or before the time the information is collected. Lundbeck Canada collects personal information for a variety of purposes depending on the circumstances; these may include, but are not limited to:

  • Establish, develop and maintain responsible business relationships with physicians, customers and service providers;
  • Develop and organize continuing education programs, conferences, symposia, expert panels, seminars or other types of events;
  • Develop or enhance marketing activities and provide information, services and products;
  • Meet legal and regulatory requirements in the development and management of the company’s products, business operations and research and development activities; this includes the management and development of their employees.
  • Lundbeck Canada documents and specifies to their employees, customers or service providers, verbally, electronically or in writing, the purposes for which the personal information is collected at or before the time of collection. Furthermore, the individuals will be informed of the object of the file, the use which will be made of the information, the categories of persons who will have access to it within the enterprise and the place where the file will be kept and of the rights of access and rectification.

Employees, customers or service providers will have the opportunity to consent, except as otherwise authorized by law, with what is being proposed.

Unless authorized by law, Lundbeck Canada will not, for any new purpose, use or disclose personal information that has been collected without obtaining consent from the customer, service provider or employee.

3. Consent

Lundbeck Canada recognizes that knowledge and expressed consent (either verbal or in writing) of a customer, service provider or employee are required for the collection, use or disclosure of personal information, except when authorized by law (for example, in case of an emergency where the life, the health or security of an individual is threatened).

In obtaining consent, Lundbeck Canada uses reasonable efforts to ensure that customers, service providers or employees are informed of the identified purposes for which the personal information is collected, used or disclosed.

4. Limiting Collection

Lundbeck Canada limits the collection of personal information to that which is necessary for the purposes identified by the company.

Personal information is collected by fair and lawful means:

  • Lundbeck Canada collects personal information directly from their customers, service providers or employees;
  • Lundbeck Canada may also collect personal information from other third parties, when authorized to do so;
  • Lundbeck Canada keeps an inventory of all personal information collected, used and disclosed.

The object and consent for the collection, use and disclosure as well as the archiving, access and retention of the personal information are recorded on checklists by each department responsible for the collection and use of personal information.

Furthermore, the checklists documenting the collection, use and disclosure of personal information are reviewed on a yearly basis.

5. Limiting Use, Disclosure and Retention

Lundbeck Canada uses or discloses personal information only for the purpose for which the personal information was collected, except if consent of the individual has been obtained or the use or disclosure is authorized by law.

Lundbeck Canada keeps the personal information only as long as necessary to satisfy the requirements of the identified purposes. Each department is responsible to verify on a regular basis the retention and destruction requirements for the information collected and used within the department.

Lundbeck Canada implements guidelines and procedures for the access, retention and destruction of personal information.

6. Accuracy

Lundbeck Canada will make reasonable efforts to ensure that personal information collected, used and disclosed is accurate, complete and up-to-date to minimize the possibility that inappropriate information may be used to make decisions about a customer, service provider or employee.

Lundbeck Canada updates personal information’s about customers, service providers and employees upon notification by the individual and when it is necessary to fulfill the identified purposes.

7. Security Safeguards

Lundbeck Canada protects personal information by physical, organisational and technical security safeguards according to the level of sensitivity of the information. Lundbeck Canada implements and enforces security policy to protect personal information, regardless of the format in which it is held, against: loss, theft, unauthorized access, disclosure, copying, use or modification.

Lundbeck Canada implements employee awareness programs for the handling and maintenance of confidentiality and security measures for personal information.

8. Openness Concerning Policies and Practices

On top of the present policy, Lundbeck Canada makes readily available to its customers, service providers or employees with specific information about its policies and practices related to the management of personal information on its website.

Further questions regarding Lundbeck Canada policies and practices related to the management of personal information can be addressed to the CPO.

9. Customer and Employee Access

An employee can obtain information or seek access to his individual file by contacting his first-line supervisor or the Human Resources Department. Any other request to access personal information must be sent directly to the CPO.

Lundbeck Canada responds to individual’s written requests to information, within the timelines prescribed in the applicable laws. When a request is valid, personal information is made available at a minimal or no cost to the individual. If access to personal information cannot be granted, Lundbeck Canada provides in writing the reasons for denying access.

An individual may also request to have access to an account of the third parties to which his personal information has been disclosed.

Lundbeck Canada corrects any personal information found to be inaccurate or incomplete. Unresolved discrepancies are noted in the individual’s records. Where appropriate, Lundbeck Canada transmits to a third party amended information or unresolved discrepancies.

When Lundbeck Canada does not grant a request to access or correct information, it will provide the individual information on its rights to challenge that decision.

10. Challenging Compliance

A customer, service provider or employee is able to address a challenge concerning compliance with the above principles to the designated person(s) accountable for the compliance with the Lundbeck Canada Personal Information Protection Policy or to the Chief Privacy Officer.

If a complaint is found to be justified, Lundbeck Canada will take appropriate measures, up to and/or including amending its policies and procedures.

The Chief Privacy Officer may be reached in writing at:
Chief Privacy Officer
Lundbeck Canada Inc.
2600 Alfred-Nobel boulevard
Suite 400
Saint-Laurent, QC  H4S 0A9




This policy was last updated: 15 July 2013