We protect your privacy
Your privacy is of the utmost importance to UMC. Should you have any questions related to the processing of personal data at UMC, please contact us using the contact details found at the bottom of this page.
Processing of personal data at UMC
Uppsala Monitoring Centre (“UMC”, “we”, “us”), acting as controller of personal data, is responsible for the processing of personal data under the applicable data protection laws, such as the European Union’s General Data Protection Regulation (GDPR). When you interact with UMC, use our products and services, apply for a job, attend an event, or visit our websites, we collect certain information about you.
Data collected from visiting our websites
When you visit our websites (who-umc.org or uppsalareports.org), certain information is collected and shared with us through your web browser. This information includes for example your IP address, the date and time of access, which browser you used, and the URL of the website from which you were referred.
We collect this data for statistical reasons to improve our websites, the technical functionality of the sites, and the user experience. We process your personal data based on our legitimate interest when you use our websites.
Data collected from contacting us
When you contact us, for example by using our web forms or by sending an email, we collect certain information. The information we collect is the information you provide, for example your email address and your name.
We collect this information so that we can communicate with you, help you with your query, or establish a business relationship with you or the organisation that you represent. We process your personal data based on our legitimate interest when you contact us.
Data collected from using our products and services
We offer many products and services to our customers. These include, for example, our WHODrug products and products and services connected to the WHO Programme for International Drug Monitoring. We also publish the Uppsala Reports magazine.
When you use our products and services, we collect certain information about you. For example, we can collect and store your username, your name, your email address, your job title, and the name of your employer or the organisation that you represent. This information is usually provided by you or your employer. We will also process your personal data when you subscribe to the Uppsala Reports magazine or when you sign up for a newsletter.
We collect your personal data to communicate with you, to establish or maintain a business relationship with you or the organisation that you represent, or to provide you with access to our products and services. We process your personal data based on our legitimate interest or based on the performance of a contract or to enter into a contract where you or your employer is a party.
When you use our products and services, we may for statistical reasons collect data about your use of these products and services. We collect this data based on our legitimate interest. The data will help us improve our product and service offering and to improve the technical functionality of our services.
Data collected from attending our courses and events
We host events and offer workshops and courses within the field of pharmacovigilance, both in-person and virtually.
When you sign up for a course, an event or similar, we collect certain information about you. For example, we can collect and store your name, your email address, your job title, and the name of your employer. The information we process is usually provided by you or your employer.
We collect this information to provide you with access to courses and to give you information on events and courses that you have been invited to attend. We may also use your contact information to send a survey to you after you have attended an event, a course or similar, which will help us improve these services in the future. We process your personal data based on our legitimate interest or based on the performance of a contract or to enter into a contract where you or the organisation that you represent is a party.
Data collected from job applicants
When you apply for a job at UMC, we collect and process information that you have provided in your application. Such data may include your name, your personal identification number, your contact details, and your photo. We may also collect other personal data related to the recruitment process from third parties, for example information provided by your employment references. The information we collect is necessary for the purposes of the recruitment process at UMC and for UMC to enter into an employment contract or consulting contract with successful applicants.
What are the legal bases for the processing of your data?
We process your personal data based on the following legal grounds:
- Legitimate interest: we may process your data based on our legitimate interest, for example to communicate with you, to establish or maintain a business relationship with you or the organisation that you represent, or to improve our services. When we use our legitimate interest as legal basis, we have balanced our interests with your interests to ensure that the processing of the data is necessary.
- Contract: we may process your data based on a contract or prior to entering into a contract where you or the organisation that you represent is a party.
- Consent: we may process your personal data based on your consent. You have the right to withdraw your consent at any time by contacting us.
- Legal obligation: we may process your personal data due to a legal obligation, for example relating to bookkeeping and accounting.
How long will we retain your data?
Your data will be retained for as long as necessary to fulfil the purposes for which the data was collected. In some cases, data will be retained longer for the purpose of legal requirements, for example relating to bookkeeping.
You have the right to ask us to delete the information we have collected about you. Please note that we might sometimes need to keep your data due to legal obligations.
Who can access your data?
Access to personal data is restricted to times when it is deemed necessary and to people who need to access the data as part of their job. Access to data for our employees and contractors is covered by confidentiality agreements to ensure that all data is handled with the utmost care.
We may use data processors for the processing of your personal data, for example IT service providers. Data Processing Agreements are used to ensure an adequate level of protection when a processor is processing personal data on our behalf.
Where is your data processed?
Your personal data is primarily processed within the EU/EEA. We might use processors based in countries outside the EU/EEA, and such processing is protected by adequate technical and organisational measures to protect your personal data, such as the use of the European Commission’s Standard Contractual Clauses.
Your rights as data subject
As a data subject, you have certain rights when your personal data is processed. Please note that some of these rights may not be applicable to you in a particular situation.
You have the right to know what personal data we process about you and to access this data. You have the right to request that we correct inaccurate personal data about you and to ask us to delete your personal data. You can also ask us to restrict the processing of your personal data or object to the processing of your data. You can also ask us to send your personal data to you in digital form so that you can forward it to somebody else.
If you want to exercise any of your rights, please contact us using the contact form on our website.
If you believe that UMC is not processing your data in accordance with GDPR or national data protection legislation, you have the right to submit a complaint to the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten) or to your local data protection authority.
If you have any questions regarding our processing of your personal data, or if you have any complaints, you can contact us through the contact form on our website.
We have appointed a Data Protection Officer (DPO) to monitor our compliance with GDPR. You can contact our DPO by sending an email to firstname.lastname@example.org.