Global Medical Affairs – Interactions with members of the healthcare/scientific community

United States (For Global – click here)

This Privacy Policy (“Policy”) explains how Genmab US, Inc. (“company”, “We”, “Us”) process your Personal Information in the administration of our sites or mobile applications, when you communicate with Us via email, when you engage with Us as an agent or representative of a business, when you engage with Us as a member of the healthcare/scientific community when you register or attend our webinars or online events, when you apply for a medical education grant, a grant for scientific advancement and company and/or corporate membership, and when you engage with Us offline (the “Sites”). By accessing or using the sites, you agree to be bound by this Policy and any accompanying Legal Notice. If you do not agree to (or cannot comply with) all of the terms of this Policy, you may not access or use the sites.

This Policy does not apply to information We collect about employees, job applicants, independent contractors, and in relation to the provision of our patient services. For those, please refer to our other policies.

For purposes of this Policy, “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. It does not include de-identified or aggregate information, or public information lawfully available from governmental records.

THE INFORMATION WE COLLECT

In the 12 months preceding the date of this Policy, We may have collected your Personal Information when you visited our sites, requested information about our products or services, clicked through links on our sites to engage with content We provide, engaged with Us offline, such as at a conference, or when you voluntarily provided information to Us through our web portal, email, or phone number. When a member of the healthcare/scientific community, the personal information We use is provided by you or is collected from publicly accessible sites and social media platforms, clinical trials and publications databases, cooperative groups and societies, our collaboration partners, and other third parties (e.g. data resellers). We will continue to collect Personal Information from the same sources.

The categories of Personal Information We may have collected from these sources during the 12 months preceding the date of this Policy, and will continue to collect, include the following, in addition to unstructured Personal Information you may voluntarily provide to Us:

• Personal identifiers: such as name, address, contact details, national identification document information, IP address, login and password information,
• Internet or other electronic activity information: such as information about your operating system, mobile device, browser, and cookie information,
• Financial information: such as bank account information,
• Protected class information: such as age and birth date,
• Commercial information: such as records of program purchase, travel, expense, and research payment history,
• Audio, electronic, visual, thermal, olfactory, or similar information: such as customer support call recordings, presentation recordings,
• Professional or employment-related information: such as job title, professional qualifications and work experience, CV and certifications/licenses, conference proceedings and presentations,
• Education information, defined as information that is not publicly available; personally identifiable information from a school.

PURPOSE FOR COLLECTION AND HOW WE USE INFORMATION

We use the information We collect to provide you the sites, enhance your experience on our sites, to improve our sites, and for marketing and promotional efforts.

Additionally, We use Personal Information, including about your use of our sites, to monitor or improve our sites; for internal business analysis; to prevent fraud, activities that violate our Terms of Service or that are illegal; and to protect our rights and the rights and safety of our users or others.

If you are a member of the healthcare/scientific community, We use the information We collect to:

1. Extend invitations to participate in our programs, events, or activities (including but not limited to clinical trials, steering committees, advisory boards, symposia, speaker programs, market research, or consultancies)
2. Manage collaboration and payments (We process data relating to your prior, ongoing, or future engagement in our programs, events, or activities, including information required to enable payment for relevant activities)
3. Arrange business travel and/or accommodation
4. Document communications directed to Genmab and provide replies to questions/comments
5. Engage in scientific exchange (medical, scientific, and technical discussions relating to Genmab products (investigational or approved) and/or disease areas of relevance to Genmab)
6. Evaluate your request for a medical education grant, grant for scientific advancement and/or company sponsorship and corporate membership
7. Comply with transparency laws regarding HCP interactions and transfers of value
8. Satisfy pharmacovigilance and product complaints documentation and reporting requirements
9. Record interactions with Genmab employees/Genmab-directed third parties and at Genmab-hosted events, including entry into Genmab’s customer relationship management (CRM) system
10. Assign internal evaluations/classifications of professional activities
11. Evaluate your request for a medical education grant, grant for scientific advancement and/or company sponsorship and corporate membership
12. Where relevant, check that you do not appear in the public list of persons currently debarred pursuant to sections 306(a) or (b) of the Federal Food, Drug, and Cosmetic Act (21 U.S.C. 335(a) or (b)

THIRD-PARTY DATA SHARING AND DISCLOSURE

Disclosure of Personal Information For Business Purposes in the Past 12 Months

The following chart describes the categories of Personal Information We have disclosed to third parties for a business purpose in the past 12 months:

Categories of Personal Information	Categories of Third Parties with Which We disclosed Personal Information for a Business Purpose
Personal identifiers: name, address, contact details, national identification document information, IP address, login and password information	Service providers that assist in providing customer relationship functions, facilitate scheduling and email communications, provide security services and cloud-based data storage, and assist with other IT-related functions
Internet or other electronic network activity information: such as information about your operating system, mobile device, browser, and cookie information	Service providers that provide security services and cloud-based data storage, host our sites, and assist with other IT-related functions, and provide analytics information
Financial information: such as bank account information	Service providers that provide security services and cloud-based data storage, and assist with other IT-related functions.
Protected class information: such as age and birth date	Service providers that provide security services and cloud-based data storage, host our sites and assist with other IT-related functions, and provide analytics information
Commercial information: such as records of program purchase, travel, expense, and research payment history	Service providers that provide security services and cloud-based data storage, host our sites and assist with other IT-related functions, and provide analytics information
Audio, electronic, visual, thermal, olfactory, or similar information: such as customer support call recordings, presentation recordings	Service providers that provide security services and cloud-based data storage, host our sites and assist with other IT-related functions, and provide analytics information
Professional or employment-related information: such as job title, professional qualifications and work experience, CV and certifications/licenses, conference proceedings and presentations	Service providers that provide security services and cloud-based data storage, host our sites and assist with other IT-related functions, and provide analytics information
Education information, defined as information that is not publicly available; personally identifiable information from a school.	Service providers that provide security services and cloud-based data storage, host our site and assist with other IT-related functions, and provide analytics information

Additional Information About How We May Share Personal Information

We may also share your Personal Information as required or permitted by law to comply with a subpoena or similar legal process or government request, or when We believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property or safety of others, including to law enforcement agencies, and judicial and regulatory authorities. We may also share your Personal Information with third parties to help detect and protect against fraud or data security vulnerabilities. And We may transfer your Personal Information to a third party in the event of an actual or contemplated sale, merger, reorganization of our entity or other restructuring.

Categories of Personal Information We Sold to Third Parties in the Preceding 12 Months

In the 12 months prior to the date of this Policy, We sold Personal Information to third party digital advertising networks by allowing such third parties to place cookies or other trackers on our online Sites that may collect information about your online activities over time and across different sites or applications. These parties may then use the information they collect to provide you with personalized content and present you with third party products or services in which you may be interested. For more information about the use of cookies and trackers, see the COOKIES AND OTHER TRACKING TECHNOLOGIES section.

We do not knowingly sell the Personal Information of persons under the age of 16.

COOKIES AND OTHER TRACKING TECHNOLOGIES

Cookies are small, sometimes encrypted text files that are stored on computer hard drives by sites that you visit. They are used to help users navigate sites efficiently as well as to provide information to the owner of the sites. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, please visit www.allaboutcookies.org.

When you visit our Sites, We may place a “cookie” or other online tracking devices (e.g. web beacons) that recognize you. The cookies and other tracking technologies may also collect information about your IP address or actions taken in connection with the Sites. We may use cookies or similar tracking technologies to capture information about the use of our Sites, including to improve your user experience. We do not allow third parties to use cookies or other trackers through our Sites that track your behavior over time and across the Internet, such as when you visit other sites or applications after visiting our Sites.

We use Google Analytics to evaluate the use of our Site. Google Analytics uses cookies and other identifiers to collect information, such as how often users visit a site, what pages they visit when they do so, and what other sites they visited prior to visiting a site. To learn more about how Google Analytics collects personal information, review Google’s Privacy Policy.

RIGHTS SPECIFIC TO CALIFORNIA RESIDENTS

If you are a California resident, you have certain rights that are described in this section of the Policy.

Your Rights

Your Right to Request Disclosure of Information We Collect and Share About You

We are committed to ensuring that you know what Personal Information We collect. To that end, you can ask Us for any or all of following types of information regarding the Personal Information We have collected about you prior to our receipt of your request:

• Specific pieces of Personal Information We have collected about you;
• Categories of Personal Information We have collected about you;
• Categories of sources from which such Personal Information was collected;
• Categories of Personal Information that the business sold or disclosed for a business purpose about the consumer;
• Categories of third parties to whom the Personal Information was sold or disclosed for a business purpose; and
• The business or commercial purpose for collecting your Personal Information.

Your Right to Request Deletion of Personal Information We Have Collected About You

Upon your request, We will delete the Personal Information We have collected about you, except for situations where the CCPA (California Consumer Privacy Act) authorizes Us to retain specific information, including when it is necessary for Us to provide you with services that you requested; perform a contract We entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law. The law also permits Us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to Us or that are reasonably aligned with your expectations based on your relationship with Us. We will act on your deletion request within the timeframes set forth below.

Your Right to Ask Us Not to Sell Personal Information We Have Collected About You

Opting Out of the Sale of Personal Information

You can direct Us not to sell your Personal Information by submitting an opt-out request through our Data Request Form, or by contacting Us at [email protected]. We will act on your request within the timeframes set forth below.

Global Privacy Control

We also recognize opt-out signals communicated through the browser-based extension offered through the Global Privacy Control, a non-profit that is in the process of developing a technological tool that can be used universally to signal a user’s privacy preferences. However, please note that, due to the technical limitations of the Global Privacy Control’s extension, requests made through their extension apply only to the device on which the request is made (e.g., a specific computer) and will only work with the browser used to activate the opt-out setting (e.g., Duck Duck Go).

Exercising Your Rights and How We Will Respond

To exercise your access or deletion rights, or to ask a question about your data subject rights, contact Us at 1-855-4GENMAB from Monday to Friday 8AM to 8PM (Eastern time), [email protected] or click here.

We will first acknowledge receipt of your request within 10 business days of receipt of your request. We will then provide a substantive response to your request as soon as We can, generally within 45 days from when We receive your request, although We may be allowed to take longer to process your request under certain circumstances.

If We expect your request is going to take Us longer than normal to fulfill, We will let you know.

We usually act on requests and provide information free of charge, but We may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. In some cases, the law may allow Us to refuse to act on certain requests. When this is the case, We will endeavor to provide you with an explanation as to why.

Our Commitment to Allowing You to Exercise Your Rights – Non-Discrimination

If you exercise any of the rights explained in this Policy, We will continue to treat you fairly. If you exercise your rights under this Policy, you will not be denied or charged different prices or rates for goods or services, or provided a different level or quality of goods or services than others.

Verification of Identity – Access or Deletion Requests

We will ask you for identifying information and attempt to match it to information that We maintain about you.

If We are unable to verify your identity with the degree of certainty required, We will not be able to respond to your request. We will notify you to explain the basis of the denial.

Authorized Agents

You may designate an agent to submit requests on your behalf. The agent must be a natural person or a business entity that is registered with the California Secretary of State.

If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our verification process. Specifically, if the agent submits requests to access, know or delete your Personal Information, the agent will need to provide Us with your signed permission indicating the agent has been authorized to submit the opt-out request on your behalf. We will also require that you verify your identity directly with Us or confirm with Us that you provided the agent with permission to submit the request.

Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney. Any such requests will be processed in accordance with California law pertaining to powers of attorney.

HOW WE PROTECT YOUR INFORMATION

We take very seriously the security and privacy of the Personal Information that We collect pursuant to this Policy. Accordingly, We implement reasonable security measures designed to protect your Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in processing and the nature of such data, and to comply with applicable laws and regulations. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our systems or the systems of the third parties with which We may share your information, nor can We guarantee that the information you supply will not be intercepted while being transmitted over the Internet. In particular, e-mail sent to Us may not be secure, and you should therefore take special care in deciding what information you send to Us via e-mail.

CHILDREN

We do not knowingly collect Personal Information from children under the age of 13 through the Sites. If you are under 13, please do not give Us any Personal Information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Policy by instructing their children to never provide Personal Information without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Information to Us, please contact Us at [email protected] and We will endeavor to delete that information from our databases.

NON-US RESIDENTS

Our servers are located in the United States and elsewhere. Please be aware that your information may be transferred to, processed, maintained, and used on computers, servers, and systems located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your country of origin. If you are located outside the United States and choose to use the Sites, you do so at your own risk.

YOUR CHOICES

Opt-Out Links

We do not control how third parties use your information, but you can opt out of certain third-party activities at the links below.

To opt out of Google Analytics, please visit: https://tools.google.com/dlpage/gaoptout.

To opt out of certain ad functions, please visit: https://youradchoices.com/control.

Do Not Track Mechanisms

We do not respond to “Do Not Track” settings or other related mechanisms at this time.

CHANGES TO THIS PRIVACY POLICY

This Policy is effective as of the last updated date stated at the bottom of this Policy. We may change this Policy from time-to-time with or without notice to you. By accessing the Sites after We make any such changes to this Policy, you are deemed to have accepted such changes. Please be aware that, to the extent permitted by applicable law, our use of the information collected is governed by the Policy in effect at the time We collect the information. Please refer back to this Policy on a regular basis.

THIRD-PARTY SITES

Our Sites may contain social media buttons or links to third-party sites, which may have privacy policies that differ from our own. We are not responsible for the activities and practices that take place on those social media platforms or third-party sites. We recommend that you review the privacy policies posted on any platform or site that you may access through our Sites.

HOW TO CONTACT US

If you have questions about this Policy, please email Us at [email protected] with “Privacy Policy” in the subject line, or at the contact Us at the following address:

Genmab US, Inc.
At: Legal Department
777 Scudders Mill Road
Plainsboro, NJ 08536
USA

---

Global (For United States – click here)

This Privacy Policy explains how Genmab A/S. (“We”, “Us”) process your personal data required for our management of our relationship with you.  

 

1) DATA CONTROLLER 

The entity responsible for the processing of your personal data is: 

Genmab A/S (CVR no. 21023884) 
Carl Jacobsens Vej 30,
DK-2500 Valby 
www.genmab.com 

Contact details (if you have inquiries and/or questions to our processing of your personal data): [email protected]. 

 

2) USE OF PERSONAL INFORMATION 

Below we have explained the purposes for which we may process your personal data. 

1. Extend invitations to participate in our programs, events, or activities (including but not limited to clinical trials, steering committees, advisory boards, symposia, speaker programs, market research, or consultancies) 
2. Manage collaboration and payments (we process data relating to your prior, ongoing, or future engagement in our programs, events, or activities, including information required to enable payment for relevant activities)  
3. Arrange business travel and/or accommodation  
4. Document communications directed to Genmab and providing replies to questions/comments 
5. Engage in scientific exchange (medical, scientific, and technical discussions relating to Genmab products (investigational or approved) and/or disease areas of relevance to Genmab) 
6. Comply with transparency laws regarding HCP interactions and transfers of value 
7. Satisfy pharmacovigilance documentation and reporting requirements  
8. Record interactions with Genmab employees/Genmab-directed third parties and at Genmab-hosted events, including entry into Genmab’s customer relationship management (CRM) system 
9. Assign internal evaluations/classifications of professional activities
10. Evaluate your request for a medical education grant, grant for scientific advancement and/or company sponsorship and corporate membership.
11. Where relevant, check that individuals and organizations connected to the application (including you) do not appear in the public list of persons currently debarred pursuant to sections 306(a) or (b) of the Federal Food, Drug, and Cosmetic Act (21 U.S.C. 335(a) or (b).

 

3) CATEGORIES OF PERSONAL DATA 

As a starting point we only process ordinary personal data about you, such as name, address, date of birth, email address, telephone number, but other information including payment-related details, identity document information (e.g. passport), photographs and audio and video recordings may be processed by Us if required for a specific purpose and when the information is provided to Us by you.

Further, we may also process more professional information about you such as job title, education, professional qualifications and work experience, publications, clinical trial participation, GxP compliance status, conference proceedings and presentations, CV and certifications/licenses, and Genmab-associated travel/expense/research payment history, but again only if required for a specific purpose. 

 

4) SOURCES 

The personal data we use are provided by you or are collected from publicly accessible websites and social media platforms, clinical trials and publications databases, cooperative groups and societies, other HCPs, our collaboration partners, and third parties providing access to their databases (e.g. our CRM vendor, Veeva) or performing services on behalf of Genmab. 

 

5) LEGAL BASIS 

Our legal bases for the processing of your data for the purposes described above are: 

Re 1) & 4) & 8) & 9) The rule on balancing of legitimate interests – article 6.1.f. of the GDPR. The legitimate interests pursued by us are: The processing of your personal data enables us to enhance, improve and personalize our services to- and communication with you.

Re 2) & 3) & 5) Our legal basis for the processing of your data is necessary for our performance under the contract with you. – article 6.1.b. of the GDPR.

Re 6) & 7) Our processing of your data is necessary for in order for us to be compliant with legal obligations, article 6.1.c. of the GDPR. 

Re 10) & 11) The rule on balancing of legitimate interests – article 6.1.f. of the GDPR. The legitimate interests pursued by us are: The evaluation and processing of your application

Should you be awarded funds pertaining to a medical education grant, grant for scientific advancement or company sponsorship or corporate membership, We will process your personal data based on article 6.1.b. of the GDPR; processing of your personal data is necessary for our performance under our contract with you.

 

6) SHARING OF YOUR PERSONAL DATA 

We may share your data with Genmab group entities, vendors, and service providers, such as cooperative groups, conference organizers and agencies working with Genmab and partners.

 

7) RETENTION OF YOUR PERSONAL INFORMATION 

We will retain your personal data as long as necessary to fulfill a specific purpose. However, we will never keep your personal data longer than required by applicable law. We will keep your personal data for a maximum of five (5) years. 

 

8) TRANSFERS TO COUNTRIES OUTSIDE THE EU/EEA

Your personal data may be transferred within the EEA or to countries outside the EEA, that are not deemed to provide an adequate level of protection of your personal data compared to the EEA. Instead we have provided appropriate safeguards as required by GDPR art. 49 (1) through EU Standard Contractual Clauses.

When transferring your personal data to vendors in the United States, we rely on their self-certification to the EU-US Data Privacy Framework (link) or, when this is not the case, on EU standard contractual clauses.

You may obtain a copy of the EU standard contractual clauses by contacting Us at: [email protected]. 

 

9) YOUR RIGHTS 

In general, you have the following rights:  

• You are entitled to request access to, rectification or erasure of your personal data. 
• You are also entitled to oppose the processing of your personal data and to request restriction of the processing of your personal data. 
• You have in particular an unconditional right to oppose the processing of your personal data for direct marketing purposes. 
• If the processing of your personal data is based on your consent, you are entitled to revoke such consent at any time. Revocation of your consent will not affect the lawfulness of the processing carried out prior to your revocation of consent. 
• You are entitled to receive personal data which you have provided to us in a structured, commonly used and machine-readable format (data portability) 
• You can always lodge a complaint with a data protection authority, for example the Danish Data Protection Agency. 

You can exercise your rights by contacting Genmab by email [email protected]. 

There may be conditions or limitations on these rights. It is therefore not certain for example you have the right of data portability in the specific case – this depends on the specific circumstances of the processing activity.  

Policy Last Updated: August 2023