9. Your rights
9.1. Our responsibility for your rights
9.1.1. Gedeon Richter is responsible as a personal data controller for your personal data being used in accordance with the law and for your rights to be enforced. You can contact us at any time if you want to exercise your rights. You will find our contact details at the bottom of this Privacy Policy.
9.1.2. Gedeon Richter is obliged to respond to your request to exercise your rights within one month of hearing from you. If your request is complicated or if a large number has been received, we have the right to extend the time by two more months. If we believe that we cannot do what you want us to do, we are obliged to notify you within one month of receiving your request at the latest why we cannot do what you want us to do and inform you that you have the right to complain to the supervisory authority.
9.1.3. All information, communication and all actions we carry out are free of charge for you. However, if what you request in relation to your rights is clearly unfounded or unreasonable, we have the right to charge an administrative fee to provide you with the information or to carry out the requested action, or to refuse to comply with your request.
9.2. Your right to access, rectification, erasure and restriction
9.2.1. You have the right to request from Gedeon Richter
a) Access to your personal data. This means that you have the right to request a register extract of our use of your personal data. You also have the right to receive a free copy of the personal data that we use. For any additional copies, we have the right to charge an administration fee. If you make a request in electronic format, e.g. by e-mail, we will provide you with the information in a commonly used electronic format.
b) Correction of your personal data. We will, at your request or on our own initiative, correct, de-identify, delete or supplement the information that we discover to be incorrect, incomplete or misleading. You also have the right to supplement with additional information if something relevant is missing.
c) Deletion of your personal data. You have the right to request that we delete your personal data if there is no longer an acceptable reason for us to use it. Acceptable reasons for our continued processing of your personal data may be:
(i) for us to comply with a legal obligation,
(ii) for archival purposes of general interest, scientific or historical research purposes or statistical purposes,
(iii) to establish, exercise or defend against legal claims.
Deletion as above must therefore take place if none of the circumstances above exists and if:
(iv) the personal data is no longer needed for the purpose for which we collected it,
(v) we use your data based on your consent and you revoke this,
(vi) you object to our use of your data which takes place after a balance of interests and we do not have important interests that outweigh your interests and rights,
(vii) we have used the personal data in an unauthorized way,
(viii) we have a legal obligation to delete the personal data, or
However, there may be legal requirements or other compelling reasons that prevent us from immediately deleting your personal data. We will then stop using your personal data for purposes other than complying with legislation or which are not necessary for any other compelling reason.
d) Limitation of Use. This means that we temporarily limit the use of your personal data and that we must inform you before the restriction of processing ends. You have the right to request a restriction when:
(i) you believe that your information is incorrect and you have requested a correction according to point9.2.1a), while we investigate the correctness of the data,
(ii) the use is illegal and you do not want the data to be deleted,
(iii) we, as the data controller, no longer need to process the personal data for our purposes of processing, but you need it to be able to establish, assert or defend a legal claim, or
(iv) you have objected to use according to point9.3.1 , pending verification if our legitimate concerns outweigh your legitimate reasons.
9.2.2. We at Gedeon Richter will take all reasonable steps we can to notify anyone who has received personal data in accordance with section7 above if we corrected, deleted or restricted access to your personal data after you requested us to do so. At your request, we will inform you about to whom we have disclosed personal data.
9.3. Your right to object to use
9.3.1. You have the right to object to such use of your personal data that we make on the basis of a balancing of interests or in the public interest (see section3 above). If you object to such use, we will only continue use if we have important reasons for continuing use that outweigh your interests, rights and freedoms or if continued processing is necessary for the establishment, exercise or defence of legal claims.
9.3.2. If you do not want Gedeon Richter to use your personal data for direct marketing, you always have the right to object to such use by contacting us. Once we have received your objection, we will stop using personal data for this marketing purpose.
9.4. Your right to withdraw consent
For the use where we use your consent as a legal basis (see section3 above where we specify which legal grounds we have for our processing), you can withdraw your consent at any time by contacting us. You will find our contact details at the bottom of this Privacy Policy.
9.5. Your right to data portability
You have the right to data portability. This means a right to obtain part of your personal data in a structured, commonly used and machine-readable format and to be able to transfer this data to another personal data controller provided that it is technically possible. You only have the right to data portability when the use of your personal data is automated and we base our use on your consent or on an agreement between you and us.
9.6. Your right to complain to a supervisory authority
You have the right to submit any complaints about our use of your personal data to the supervisory authority. The supervisory authority in Sweden is the Privacy Protection Authority (IMY).