Cookie & Privacy policy

Cookie policy

We use cookies to improve your experience on our website. This cookie policy explains how we use cookies. Please also refer to our Privacy policy (see below), which explains how we process your personal data.

Cookies are small text files containing both letters and numbers that are saved on your computer. We use the following cookies:

Session cookies: temporary cookie files that are deleted when you close your browser or app.
Permanent cookies: cookies that stay on your computer until they expire or you delete them.
First party cookies: cookies used by our website.
Third party cookies: cookies used by third party websites (such as RSS newsfeeds).

We use these cookies to save your preferences (such as your language or bookmark settings) and to collect analytical information regarding your use of our site. Your web browser allows you to change user settings and cookie settings, as well as to delete and/or block cookies.

Cookie settings

Privacy policy

Processing of personal data

2018-05-25 – The following policy has been established for Scandinavian CRO AB (the ”Company”):

1. BACKGROUND

In most cases, it is our client, ie. the company, authority or organization that uses our services, who is the controller, which means that it has the ultimate responsibility for the processing of your personal data and the preservation of your rights. If you are, or have been, part of a clinical study you can, in your documented informed consent, find out who is the controller regarding your personal data. You can also contact us in accordance with the contact details in section 6 below, and we can guide you to the relevant controller.

The Company has, through agreements with our clients, been commissioned to collect and process personal data on their behalf, and we fulfill this task in the capacity of a processor. In some cases, the Company itself operates as a controller. This applies when we collect and process personal data for our own account, such as in relation to employees or in connection with marketing.

We do not process more personal data than is necessary for the purpose, and we always strive to use the least privacy-sensitive information.

The processing of employee’s and former employee’s personal data is specifically regulated in an internal policy.

2. PURPOSE

We protect your privacy and you should be able to feel safe when you entrust us with your personal data. Therefore, we have established this policy based on current data protection legislation to clarify how we work to defend your rights and your integrity.

The purpose of this policy is to inform you about how we process your personal data, what we use it for, who will get access to it and under what conditions and how you can exercise your rights.

3. GUIDELINES

WHAT TYPES OF PERSONAL DATA DO WE PROCESS?

We only process personal data when we have a legal ground and, when we operate as a processor, only when we have explicit instructions from our client. We do not process personal data in any case other than when they are required to fulfill our obligations under law and agreements or based on legitimate interests.

The types of personal data that we process as a processor are primarily the following:

Age
Information regarding genetics
Information regarding health and sickness
Study code
Subject number/patient number
Photos/pictures/radiography
Information that you publish yourself or otherwise provide to us voluntarily including details regarding your health (i.e. sensitive personal data)

The types of personal data that we process as a controller are primarily the following:

Name
Address
E-mail address
Phone number
Personal identity number
User name
Photos/pictures/sound recordings
Account number and other bank-related information
Education participation
CVs
Information that you publish yourself or otherwise provide to us voluntarily including details regarding your health (i.e. sensitive personal data)

Special category data (sensitive personal data)

The processing of personal data that is deemed sensitive – for example information regarding politics, religion, genetics or health– is made restrictively and with due observance of confidentiality.

How do we access your personal information?

We will primarily get access to your personal information from our clients in cases where we are a processor and otherwise by you providing the personal data to us.

We can also get access through the following ways:

Information which you provide us with directly
Information that is registered when you visit our website
Information we receive from public registers
Information that we receive when you answer surveys and other polls and investigations
Information we receive when you sign up for our events or seminars
Information that we receive when you sign up for newsletters and other mailings
Information that we receive when you contact us, seek employment with us, visit us or in other ways seek contact with us

In what ways and for what reasons do we process your personal data?

In most cases, we process personal data on behalf of our clients in the capacity of processor. The controller is then responsible for determining which legal ground is applicable as well as what personal data to collect, for which purposes and how to process them.

In cases where the Company itself is the controller, we mainly process personal data with the support of law, so called legal obligation, for example in order to comply with requirements under the Accounting Act, or with the support of an agreement with an individual (such as an employment contract).

In some cases, we may also process your personal data based on legitimate interests. This will primarily be relevant when we need to process personal data for advertising or marketing purposes.

Regarding such processing of personal data which is not directly necessary to comply with applicable laws and which does not have another legal ground as described above, we will collect your consent in connection with the retrieval of such personal data, for example health information or other sensitive personal data when inviting to events and seminars. You may withdraw your consent at any time for such processing as described above. We will then no longer process your personal data or obtain any new data, if it is not necessary to fulfill our obligations under a contract or law.

Is your personal data processed in a safe way?

We have routines and procedures for managing your personal data in a safe way. Only persons who need personal data to perform their duties and the Company’s commitments shall have access to personal data.

Our security systems are developed with your integrity in focus and to protect, to a great extent, against intrusion, destruction and other incidents that could endanger your privacy. We have agreements with our IT providers regarding IT security to ensure that your personal data is processed safely.

When do we share your personal data?

We may not disclose your personal data to anyone other than the client who is the controller for your personal information unless you have given your consent or where it is necessary to comply with our statutory obligations or is governed by our agreement with the controller

In some cases, personal data is transferred to our subcontractors for marketing-, information- and follow-up purposes and for storage. See more about processors/sub-processors in section 5 below.

We do not transfer personal data to third parties in cases other than those expressly stated in this policy.

We only transfer personal data outside the EU/EEA, if we have a legal ground for the transfer in accordance with applicable laws and regulations for data protection. This means, for example, that we can transfer personal data to Privacy Shield-certified data processors in the United States. For non-Privacy Shield-certified recipients, we may transfer your personal data outside the EU/EEA, using standard data protection measures adopted by the EU Commission. We may also transfer your personal data to a country that the EU Commission has assessed to have an adequate level of protection for the processing of personal data.

Retaining and deleting personal data

We retain your personal information according to the instructions we receive from the controller. We will never process (save) your personal data after our agreement with the controller is terminated, if not requested by law or specific requirement in the agreement with the controller.

Where we are the controller, your personal data will not be retained for longer than what is necessary in order to fulfill the purpose of the processing and we will delete personal data in accordance with applicable law.

4. YOUR RIGHTS

When we are processor

The rights for individuals as set out below apply in relation to the relevant controller. In cases where we process personal data on behalf of others and as processor, please contact the respective controller for the exercise of your rights below. If you have any questions regarding this, you can contact us via the contact details in section 6 below.

When we are controller

Withdraw consent

To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time by contacting us via the contact information set forth in section 6 below. Withdrawal will not affect the lawfulness of processing before the withdrawal.

Request for rectification or erasure

You are entitled to request that personal data about you is rectified or erased. You also have the right to restrict the processing of your personal data or object to such processing in accordance with the General Data Protection Regulation or national privacy laws. Following such a request, we will examine whether there is reason to implement the requested change.

Request for a registry extract

You are entitled to request extracts from the Company and our registries/systems in which personal data about you is processed and, in such extracts, be informed of what personal data about you that the Company is processing and how we process this data.

If you have questions regarding the processing of your personal data or if you find that any data is incorrect, want to request rectification, erasure, restriction or objection to the processing please contact us in accordance with section 6 below.

The Swedish Data Protection Authority

The Swedish Data Protection Authority (DPA) is the supervisory public authority for processing of personal data and data protection in Sweden. You are entitled to lodge complaints regarding the processing of personal data to the DPA. Contact information for the DPA can be found on https://www.imy.se/kontakta-oss/

5. CONTROLLER OF PERSONAL DATA AND OUR PROCESSORS

The controller is ultimately responsible for how your personal data is processed and that your rights are protected. The Company is in most cases a processor of personal data.

The Company always ensures through personal processing agreements or otherwise that our processors/sub-processors only process personal data in accordance with this policy.

If you, as a registered person, want to know which personal data processors (sub-processors) we use, you can contact you in accordance with section 6 below and we will provide you with a list.

6. CONTACT DETAILS

Controller of personal data: Scandinavian CRO AB, 556587-3147

Address: Box 150 27, SE-75015 Uppsala, SWEDEN

Phone number: +46 18 100 550

E-mail address: dataprotection@scro.se

Home

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
sp_landing	1 day	The sp_landing is set by Spotify to implement audio content from Spotify on the website and also registers information on user interaction related to the audio content.
sp_t	1 year	The sp_t cookie is set by Spotify to implement audio content from Spotify on the website and also registers information on user interaction related to the audio content.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_3D8LZLDYSB	2 years	This cookie is installed by Google Analytics.
_gat_UA-133302835-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.