Visitors Privacy Notice (Kastrup, Denmark)

Last updated: 22.01.2020

Astellas Pharma A/S (“Astellas“) respects your right to privacy. This Privacy Notice explains who we are, how we collect, share and use personal information about you when you enter or visit our premises, and how you can exercise your privacy rights.  If you have any questions or concerns about our use of your personal information, then please contact us using the contact details provided at the bottom of this Privacy Notice.

What does Astellas do?

Astellas is a global pharmaceutical business, whose ultimate parent company is headquartered in Tokyo, Japan.  Our mission is to improve the lives of patients in the following key areas: transplantation, urology, oncology, anti-infectives. For more information about Astellas, please see the “About” section of our Website at https://www.astellas.com/dk/about.

What personal information does Astellas collect and why?

The personal information that we may collect about you broadly falls into the following categories:

• Information that you provide

We ask you to provide certain information when you enter our premises. The types of information we ask you to provide, and the reasons why we ask you to provide it, include:

If we ask you to provide any other personal information not described above, then the personal information we will ask you to provide, and the reasons why we ask you to provide it, will be made clear to you at the point we collect your personal information.

• Information that we obtain from third party or other sources

In addition, from time to time, we may receive additional personal information about you from third party sources (including contracting companies, service providers), but only where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us.

The types of information we collect from third parties include your name, the company you work for, who you are visiting (name of Astellas employee), Astellas ID-card identification, time of entry and check-out confirmation, and we use the information we receive from these third parties to allow your entry in our premises.

Who does Astellas share my personal information with?

We may disclose your personal information to the following categories of recipients:

• to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person or (iv) for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.
• to any other person with your consent to the disclosure.

Legal basis for processing personal information

The legal basis we rely on to process your personal data is our legitimate interests. We want to achieve health & safety in our premises and to that effect, we collect and process only minimum information in a proportionate and secure manner to ensure our purposes without overriding your rights and freedoms. We also rely on Danish bookkeeping and tax regulation to document if a guest registers for lunch in the canteen, data is processed for tax reasons.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to contact us” heading below.

How does Astellas keep my personal information secure?

We use appropriate technical and organisational measures to protect the personal information that we collect and process about you.  The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information.  Specific measures we use include keeping personal information password protected in an online system with restricted access.

Data retention

We retain personal information we collect from you for a maximum period of 30 days, or for as long as we have a legitimate need to process it. For guests registering for lunch, we retain personal information for a maximum period of five years. All CCTV data is retained for a period of up to 30 days unless storage for a longer period is required under the Danish TV Monitoring Act.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Your data protection rights

You have the following data protection rights:

• If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided under the “How to contact us” heading below.
• In addition, if you are a resident of the European Union, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “How to contact us” heading below.
• Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
• You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority, Datatilsynet. (Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries (including the US and Canada) are available here)

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Updates to this Privacy Notice

We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make.  We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws.

You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.

How to contact us

If you want to exercise any of your rights, you can contact Astellas Pharma here. If you have any questions or concerns about our use of your personal information, please contact our data protection officer using the following details: privacy@astellas.com.

The data controller of your personal information is Astellas Pharma a/s, Kajakvej 2, 2770 Kastrup, Denmark – CVR.: DK10888638.