• Privacy >> Federated Partner Access


Federated Partner Access

WHAT IS FEDERATED PARTNER ACCESS? This policy applies to all external collaborators of Genmab (employees at partner organizations, agents, etc.) who are not employed directly by Genmab, but that receive access to one or more Genmab-managed IT systems and platforms.

United States (For Global – click here)

This Privacy Policy (“Policy”) explains how Genmab US, Inc. (“company”, “We”, “Us”) process your Personal Information in the administration of our sites or mobile applications, when you communicate with Us via email, when you use our internal systems, when you engage with Us as an agent or representative of a business, and when you engage with Us offline (the “Sites”). By accessing or using the sites, systems, and applications you agree to be bound by this Policy and any accompanying Legal Notice. If you do not agree to (or cannot comply with) all of the terms of this Policy, you may not access or use the sites.

This Policy does not apply to information We collect about employees, job applicants, healthcare providers and in relation to the provision of our patient services. For those, please refer to our other policies.

For purposes of this Policy, “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.  It does not include de-identified or aggregate information, or public information lawfully available from governmental records.

THE INFORMATION WE COLLECT

In the 12 months preceding the date of this Policy, We may have collected your Personal Information when you visited our sites, used our systems, clicked through links on our sites to engage with content We provide, or when you voluntarily provided information to Us through our web portal, email, or phone number. The personal information We use is provided by you or your employer. 

The categories of Personal Information We may have collected from these sources during the 12 months preceding the date of this Policy, and will continue to collect, include the following, in addition to unstructured Personal Information you may voluntarily provide to Us:

  • Personal identifiers:such asname, email address, mobile phone number (MFA – Multi-factor authentication), IP address and GEO location, federated login information
  • Internet or other electronic activity information: such as information about your operating system, mobile device, browser, and cookie information

PURPOSE FOR COLLECTION AND HOW WE USE INFORMATION

We use the information We collect to provide you the sites, systems and applications.

Additionally, We use your Personal Information for internal business analysis; to prevent fraud, activities that violate our Terms of Service or that are illegal; and to protect our rights and the rights and safety of our users or others.

We use the information We collect to:

  1. Provide you access to sites, systems and applications you need to perform your services.
  2. Conduct internal business analysis to prevent fraud, activities that violate our Terms of Service or that are illegal; and to protect our rights and the rights and safety of our users or others; and to
  3. Conduct investigations in case of reasonable suspicion of company policy violations.

THIRD-PARTY DATA SHARING AND DISCLOSURE

Disclosure of Personal Information For Business Purposes in the Past 12 Months

The following chart describes the categories of Personal Information We have disclosed to third parties for a business purpose in the past 12 months:

Categories of Personal InformationCategories of Third Parties with Which We disclosed Personal Information for a Business Purpose
Personal identifiers: name, email address, mobile phone number (MFA – Multi-factor authentication), IP address and GEO location, federated login informationService providers that provide security services and cloud-based data storage and assist with other IT-related functions.
Internet or other electronic network activity information: such as information about your operating system, mobile device, browser, and cookie informationService providers that provide security services and cloud-based data storage, host our sites, and assist with other IT-related functions, and provide analytics information


Additional Information About How We May Share Personal Information

We may also share your Personal Information as required or permitted by law to comply with a subpoena or similar legal process or government request, or when We believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property or safety of others, including to law enforcement agencies, and judicial and regulatory authorities. We may also share your Personal Information with third parties to help detect and protect against fraud or data security vulnerabilities. And We may transfer your Personal Information to a third party in the event of an actual or contemplated sale, merger, reorganization of our entity or other restructuring.

Categories of Personal Information We Sold to Third Parties in the Preceding 12 Months

We do not sell the personal information of our federated partners.

RIGHTS SPECIFIC TO CALIFORNIA RESIDENTS

If you are a California resident, you have certain rights that are described in this section of the Policy.

Your Rights

Your Right to Request Disclosure of Information We Collect and Share About You

We are committed to ensuring that you know what Personal Information We collect. To that end, you can ask Us for any or all of following types of information regarding the Personal Information We have collected about you prior to our receipt of your request:

  • Specific pieces of Personal Information We have collected about you;
  • Categories of Personal Information We have collected about you;
  • Categories of sources from which such Personal Information was collected;
  • Categories of Personal Information that the business sold or disclosed for a business purpose about the consumer;
  • Categories of third parties to whom the Personal Information was sold or disclosed for a business purpose; and
  • The business or commercial purpose for collecting your Personal Information.

Your Right to Request Deletion of Personal Information We Have Collected About You 

Upon your request, We will delete the Personal Information We have collected about you, except for situations where the CCPA (California Consumer Privacy Act) authorizes Us to retain specific information, including when it is necessary for Us to provide you with services that you requested; perform a contract We entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law. The law also permits Us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to Us or that are reasonably aligned with your expectations based on your relationship with Us. We will act on your deletion request within the timeframes set forth below.

Global Privacy Control

We also recognize opt-out signals communicated through the browser-based extension offered through the Global Privacy Control, a non-profit that is in the process of developing a technological tool that can be used universally to signal a user’s privacy preferences. However, please note that, due to the technical limitations of the Global Privacy Control’s extension, requests made through their extension apply only to the device on which the request is made (e.g., a specific computer) and will only work with the browser used to activate the opt-out setting (e.g., Duck Duck Go).

Exercising Your Rights and How We Will Respond

To exercise your access or deletion rights, or to ask a question about your data subject rights, contact Us at 1-855-4GENMAB from Monday to Friday 8AM to 8PM (Eastern time), [email protected] or click here.

We will first acknowledge receipt of your request within 10 business days of receipt of your request. We will then provide a substantive response to your request as soon as We can, generally within 45 days from when We receive your request, although We may be allowed to take longer to process your request under certain circumstances.

If We expect your request is going to take Us longer than normal to fulfill, We will let you know.

We usually act on requests and provide information free of charge, but We may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. In some cases, the law may allow Us to refuse to act on certain requests. When this is the case, We will endeavor to provide you with an explanation as to why. 

Our Commitment to Allowing You to Exercise Your Rights – Non-Discrimination

If you exercise any of the rights explained in this Policy, We will continue to treat you fairly. If you exercise your rights under this Policy, you will not be denied or charged different prices or rates for goods or services, or provided a different level or quality of goods or services than others.

Verification of Identity – Access or Deletion Requests

We will ask you for identifying information and attempt to match it to information that We maintain about you. 

If We are unable to verify your identity with the degree of certainty required, We will not be able to respond to your request. We will notify you to explain the basis of the denial. 

Authorized Agents

You may designate an agent to submit requests on your behalf. The agent must be a natural person or a business entity that is registered with the California Secretary of State.  

If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our verification process. Specifically, if the agent submits requests to access, know or delete your Personal Information, the agent will need to provide Us with your signed permission indicating the agent has been authorized to submit the opt-out request on your behalf.  We will also require that you verify your identity directly with Us or confirm with Us that you provided the agent with permission to submit the request.

Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney. Any such requests will be processed in accordance with California law pertaining to powers of attorney.

HOW WE PROTECT YOUR INFORMATION

We take very seriously the security and privacy of the Personal Information that We collect pursuant to this Policy. Accordingly, We implement reasonable security measures designed to protect your Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in processing and the nature of such data, and to comply with applicable laws and regulations. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our systems or the systems of the third parties with which We may share your information, nor can We guarantee that the information you supply will not be intercepted while being transmitted over the Internet. In particular, e-mail sent to Us may not be secure, and you should therefore take special care in deciding what information you send to Us via e-mail.

CHILDREN

We do not knowingly collect Personal Information from children under the age of 13 through the Sites. If you are under 13, please do not give Us any Personal Information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Policy by instructing their children to never provide Personal Information without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Information to Us, please contact Us at [email protected] and We will endeavor to delete that information from our databases.

NON-US RESIDENTS

Our servers are located in the United States and elsewhere. Please be aware that your information may be transferred to, processed, maintained, and used on computers, servers, and systems located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your country of origin. If you are located outside the United States and choose to use the Sites, you do so at your own risk.

CHANGES TO THIS PRIVACY POLICY

This Policy is effective as of the last updated date stated at the bottom of this Policy. We may change this Policy from time-to-time with or without notice to you. By accessing the Sites after We make any such changes to this Policy, you are deemed to have accepted such changes. Please be aware that, to the extent permitted by applicable law, our use of the information collected is governed by the Policy in effect at the time We collect the information. Please refer back to this Policy on a regular basis.

THIRD-PARTY SITES

Our Sites may contain social media buttons or links to third-party sites, which may have privacy policies that differ from our own. We are not responsible for the activities and practices that take place on those social media platforms or third-party sites. We recommend that you review the privacy policies posted on any platform or site that you may access through our Sites.

HOW TO CONTACT US

If you have questions about this Policy, please email Us at [email protected] with “Privacy Policy” in the subject line, or at the contact Us at the following address:

        Genmab US, Inc.

        At: Legal Department

        777 Scudders Mill Road

        Plainsboro, NJ 08536

        USA


Global (For United States – click here)

This Privacy Policy explains how Genmab A/S. (“We”, “Us”) process your personal data required for our management of our relationship with you.  

 
1) DATA CONTROLLER 

The entity responsible for the processing of your personal data is: 

Genmab A/S (CVR no. 21023884) 
Carl Jacobsens Vej 30, 
DK-2500 Valby, Denmark

www.genmab.com 

Contact details (if you have inquiries and/or questions to our processing of your personal data): [email protected]

 
2) USE OF PERSONAL INFORMATION 

Below we have explained the purposes for which we may process your personal data:

  1. Provide you access to sites, systems, and applications you need to perform your services,
  2. Conduct internal business analysis to prevent fraud, activities that violate our Terms of Service or that are illegal; and to protect our rights and the rights and safety of our users or others; and to
  3. Conduct investigations in case of reasonable suspicion of company policy violations.

 
3) CATEGORIES OF PERSONAL DATA 

As a starting point we only process ordinary personal data about you, such as your name, email address, mobile phone number (MFA – Multi-factor authentication), IP address, GEO location, and federated login information.

Further, we may also process information about your operating system, mobile device, browser, and cookie information.

 
4) SOURCES 

The personal data we use are provided by you or your employer.

 
5) LEGAL BASIS 

Our legal bases for the processing of your data for the purposes described above are: 

Art. 6 (1) litra b of the Regulation (EU) 2016/679 of 27 April 2016 (the General Data Protection Regulation “GDPR”); Processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract. This may both concern individual contracts and collective agreements;

Art. 6 (1) litra f of the GDPR; Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data; 

The legitimate interests that we pursue are: 

  • Providing you with access to systems, sites, and applications for the purpose of conducting the tasks required by Genmab,
  • Conducting internal business analysis; to prevent fraud, activities that violate our Terms of Service or that are illegal; and to protect our rights and the rights and safety of our users or others.
  • Conducting investigations in case of reasonable suspicion of company policy violation

Art. 9 (2) litra f of the GDPR; processing is necessary for the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity. 

 
6) SHARING OF YOUR PERSONAL DATA 

We may share your data with Genmab group entities, vendors, and service providers, such as cooperative groups, conference organizers and agencies working with Genmab and partners.

 
7) RETENTION OF YOUR PERSONAL INFORMATION 

We will retain your personal data as long as necessary to fulfill a specific purpose. However, we will never keep your personal data longer than required by applicable law. We will keep your personal data for a maximum of ninety (90) days. 

 
8) TRANSFERS TO COUNTRIES OUTSIDE THE EU/EEA

Your personal data may be transferred to countries outside the EEA, that are not deemed to provide an adequate level of protection of your personal data compared to the EEA. Instead, we have provided appropriate safeguards as required by GDPR art. 49 (1) through EU Standard Contractual Clauses.

When transferring your personal data to vendors in the United States, we might rely on their self-certification to the EU-US Data Privacy Framework (link) or, when this is not the case, on EU standard contractual clauses.

You may obtain a copy of the EU standard contractual clauses by contacting Us at: [email protected]

 
9) YOUR RIGHTS 

In general, you have the following rights:  

  • You are entitled to request access to, rectification or erasure of your personal data. 
  • You are also entitled to oppose the processing of your personal data and to request restriction of the processing of your personal data. 
  • You have in particular an unconditional right to oppose the processing of your personal data for direct marketing purposes. 
  • If the processing of your personal data is based on your consent, you are entitled to revoke such consent at any time. Revocation of your consent will not affect the lawfulness of the processing carried out prior to your revocation of consent. 
  • You might be entitled to receive personal data which you have provided to us in a structured, commonly used and machine-readable format (data portability) 
  • You can always lodge a complaint with a data protection authority, for example the Danish Data Protection Agency. 

You can exercise your rights by contacting Genmab by email[email protected]. 

There may be conditions or limitations on these rights. It is therefore not certain for example you have the right of data portability in the specific case – this depends on the specific circumstances of the processing activity.  

POLICY LAST UPDATED: November 2023

You are now leaving Genmab.com to go to our collaborator’s website. If you continue, we encourage you to read the website’s privacy and cookie policy.