- Privacy >> Third Parties
1) DATA CONTROLLER
The entity responsible for the processing of your personal data is:
2) USE OF PERSONAL INFORMATION
We may use your personal data for the following purposes:
- Your onboarding as a Genmab third party, which includes a confirmation of bank account details for the purpose of accuracy and fraud control
- Management of our business relationship, including communication, payments, etc.
- Internal audit purposes
3) CATEGORIES OF PERSONAL DATA
From our “New Third Party Request form” we collect the following categories of ordinary personal data about you:
- Contact details: first name(s), surname(s), business address, phone number, tax-ID, VAT-number (if applicable), email address, website address (if applicable).
- Financial data: banking account information, incl. bank name, bank address, account holder name (beneficiary), account number, IBAN, US routing number.
We do not collect any special categories of data about you.
The personal data we process is provided by you.
5) LEGAL BASIS
We may process your personal data described above based on the following legal basis:
Art. 6 (1) litra f of the GDPR; processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
The legitimate interests that we pursue in connection with the processing of your data are:
- To enable us to onboard you as a third party to Genmab and manage our business relationship incl. services agreed/provided, communication between the parties, etc.
- To perform internal control activities.
6) SHARING OF YOUR PERSONAL DATA
We may share your personal data with:
- Group entities;
- Our system vendors: SAP, Infiniance, Bizagi, Vantage.
7) TRANSFERS TO COUNTRIES OUTSIDE THE EU/EEA
Your personal data may be transferred within the EEA or to countries outside the EEA, that are not deemed to provide an adequate level of protection of your personal data compared to the EEA. Instead, we have provided appropriate safeguards as required by GDPR art. 49 (1) through EU Standard Contractual Clauses.
When transferring your personal data to vendors in the United States, we might rely on their self-certification to the EU-US Data Privacy Framework (link) or, when this is not the case, on EU standard contractual clauses.
You may obtain a copy of the EU standard contractual clauses by contacting Us at: [email protected].
8) RETENTION OF YOUR PERSONAL INFORMATION
We will retain your personal data for as long as required to fulfil the purposes above and for a minimum period of current fiscal year + 7 years to be counted as of supplier creation/last payment as required by our internal Finance Record Retention Plan
9) YOUR RIGHTS
In general, you have the following rights:
- You have the right to request access to and rectification or erasure of your personal data.
- You also have the right to object to the processing of your personal data and have the processing of your personal data restricted.
- In particular, you have an unconditional right to object to the processing of your personal data for direct marketing purposes.
- If processing of your personal information is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried out before you withdrew your consent.
- You have the right to receive your personal information in a structured, commonly used and machine-readable format (data portability).
- You may always lodge a complaint with a data protection supervisory authority, e.g. The Danish Data Protection Agency.
There may be conditions or limitations on these rights. It is therefore not certain for example you have the right of data portability in the specific case – this depends on the specific circumstances of the processing activity.
Last updated: December 2023