PRIVACY POLICY


1. SCOPE

1.1. This privacy policy (the “Privacy Policy” comprise all Services from:
         Contera Pharma A/S
         Company Reg. No. 33062214
         Ole Maaløes Vej 3
         DK-2200 Copenhagen N
         (”Contera Pharma”, “we”, “our”, “us”, etc.)
         to the Customers.
1.2. Contera Pharma is an affiliate of Bukwang Pharma. Co., Ltd. in Korea.
1.3. This Privacy Policy describes the types of Personal Data we collect, how we process such Personal Data, and who you can contact, if you have any questions or comments about this Privacy Policy.
1.4. The Privacy Policy describes our processing of Personal Data as Data Controller of Personal Data.

2. DEFINITIONS

2.1. Terms and expressions with capital first letters used in this Privacy Policy shall have the meanings set out in this clause
2.2. “Customer”, “you”, “yours” etc. shall mean a customer or user of Services provided by Contera Pharma.
2.3. “Data Controller” and “Data Processor” shall mean “controller” and “processor” respectively as defined in the GDPR.
2.4. “Personal Data” shall mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.5. “Services” shall mean all services rendered by Contera Pharma, including, but not limited to research and development (“R&D”) projects and patent licensing within the area of movement disorders and consultancy services related hereto.

3. CATEGORIES OF PERSONAL DATA

3.1. If you enter into an agreement with Contera Pharma for the provision of our Services, we will ask you to provide us with certain personal identifiable information that can be used to identify you, including:
· Email address
· First and last name
· Address
· Telephone number
· Occupation
· IP address
· Payment information, including bank account number
3.2. When you use our website, www.conterapharma.com, we collect information about your use of our website through so-called “cookies”. See clause 11 of this Privacy Policy for further information.

4. OUR PURPOSES FOR PROCESSING OF PERSONAL DATA

4.1. We process the Personal Data we collect to:
4.1.1. Fulfil our agreement with you, including provide our Services to you or take steps on your request;
4.1.2. Notify you about changes in our Services, Terms and Conditions or this Privacy Policy;
4.1.3. Provide analysis or valuable information so that we can improve our website.
4.1.4. Monitor the use of our website and Services;
4.1.5. To contact you for feedback about our services;
4.1.6. To contact you for our own marketing and promotional purposes (if you have provided your consent);
4.1.7. Detect, prevent and mitigate technical issues;
4.1.8. Comply with legal obligations;
4.1.9. Establish, exercise or defend against legal claims and to protect and defend the rights or property of Contera Pharma;
4.1.10. Prevent or investigate possible wrongdoing in connection with our website or Services and protect the personal safety of users of our website.

5. TRANSFER OF PERSONAL DATA

5.1. Personal Data is, as the main rule, stored on servers located within the EU.
5.2. Before transferring Personal Data to a third country or an international organization outside the EU/EEA, we will assess whether such transfer of Personal Data ensures an adequate level of protection of the Personal Data. We will ensure that the transfer is in accordance with rules on transfers of personal data to third countries or international organizations in the GDPR and the Danish Data Protection Act, including, where necessary, entering into data processing agreements with our Data Processors (see clause 7) on the basis of the European Commission’s standard contractual clauses for data transfers between EU and non-EU countries or according to the EU-US Privacy Shield Framework.

6. OUR USE OF DATA PROCESSORS

6.1. We may employ third-party suppliers located in the EU or the US to facilitate, service or analyze the use of our website or Services or for data hosting and storage.
6.2. These third-party suppliers are located in the EU and will only have access to your Personal Data if necessary, to perform the agreed tasks. We will ensure that third parties with access to Personal Data are obligated not to disclose or use the Personal Data for any other purposes than to perform the agreed tasks.
6.3. If the third-party suppliers act as Data Processors and process Personal Data on our behalf, we will make sure to enter into data processing agreements with the Data Processors, before the Data Processors carry out any processing of Personal Data on our behalf.

7. STORAGE OF YOUR PERSONAL DATA AND DELETION

7.1. In accordance with the general principles of storage limitation set out in the GDPR, we will only keep your Personal Data for as long as necessary. The storage (or retention) period depends on the nature of the information and the background for storage. It is therefore not possible to specify a specific time frame for deletion of Personal Data in each case in this Privacy Policy. However, we have described our general retention rules in clause 8.2 below.
7.2. Generally, we process Personal Data about Customers for a period of up to three (3) years from effective termination of the Customer’s use of our Services. However, Personal Data related to payments must be kept for five (5) years + the current calendar year after the end of the accounting year according to Danish rules on bookkeeping. Personal Data may be stored for a longer period if the Personal Data is needed to establish, exercise or de-fend a legal claim

8. SECURITY MEASURES

8.1. We have taken technical and organizational measures to prevent your information from being accidentally or illegally deleted, disclosed, lost, impaired, misused or otherwise violated by law.
8.2. We use encryption of data which means that all data transmitted between your device and our servers is unreadable to outsiders. To access your account, you need your personal username and password and must go through our authentication process. We host all data on up-to-date Windows servers that are protected against unauthorized access by a firewall. We take a backup of the Personal Data on our servers every 24 h. Backup data is overwritten in 40-day intervals.
8.3. We have internal rules on information security. We have adopted internal rules on information security that contain instructions and measures which protect Personal Data from being destroyed, lost or modified, from unauthorized disclosure, and against unauthorized access or knowledge of them. We will ensure that collected Personal Data are treated with care and protected according to applicable safety standards. We have strict security procedures for collecting, storing and transfer-ring Personal Data to prevent unauthorized access and compliance with applicable laws.
8.4. The security of your data is very important to us, but remember that no online transmissions, or method of electronic storage is 100 % secure. While we strive to use commercially validated means to protect your Personal Data, we cannot guarantee its absolute security.
8.5. We assess the risk of our processing of personal data on an ongoing basis.

9. COOKIES

9.1. We may use cookies and similar tracking technologies to track the activity on our website. Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from our website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information.
9.2. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our website.
9.3. By using our website, you provide your consent to the use of cookies as described in this Privacy Policy. If you no longer wish to consent to the use of cookies, you can deselect and delete the cookies by modifying the settings in your browser (see clause
9.4. Types of cookies
9.4.1. Session cookies and Persistent cookies. There are two types of cookies - session cookies and persistent cookies. Session cookies are bits of information that are erased when you close your web browser. Persistent cookies are bits of information that are stored on your computer until they are erased. Persistent cookies erase themselves after a certain period of time but are renewed each time you visit www.conterapharma.com.
9.4.2. “Own” cookies and third-party cookies. Cookies can be placed on www.conterapharma.com by Contera Pharma itself or by third parties such as Google or Facebook (see below for information about the use of Google Analytics).
9.5. Purposes
9.5.1. Session cookies. We use session cookies to operate our website.
9.5.2. Persistent cookies. We use preference cookies to remember your preferences and various settings and security cookies for security purposes.
9.6. Google Analytics.
9.7. Deletion of cookies
9.7.1. Most browsers allow you to erase cookies from your hard drive, block all cookies or receive a warning before a cookie is stored. You must be aware that in such case services and features cannot be used by you be-because they require cookies to remember choices you make.
9.8. Links to other websites
9.9. Our website may contain links to other sites that are not operated by Contera Pharma. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit.
9.10. We have no control over and assume no responsibility for the contents, privacy policies or practices of any third-party sites or services.

10. YOUR RIGHTS

10.1. You have certain rights related to our processing of your Personal Data according to the GDPR.
10.2. In short, your rights include:
10.3. Right of access. You are entitled to be informed whether any Personal Data about the subject is being processed and if so, obtain access to the Personal Data.
10.4. Right of data portability. You are entitled to receive Personal Data that you have provided to Contera Pharma (this data must be provided in a structured, commonly used and machine-readable format).
10.5. Right to rectification. You are entitled to obtain rectification of incorrect Personal Data.
10.6. Right of deletion. You are (with certain limitations), entitled to request erasure of Personal Data by us without undue delay.
10.7. Right to object. You are entitled to object to the processing of your personal data, namely if the processing of your personal data includes profiling or if the processing is based on the assessment of our interest in processing your personal data)
10.8. Right to restriction of processing. You are entitled to obtain a restriction of the processing of your personal data, namely if you contest the accuracy of the personal data, or where a request to be deleted cannot be accommodated, e.g. due to Contera Pharma' need to keep the personal data for the establishment, exercise or defense of legal claims.
10.9. Please note that the above-mentioned rights will only be individually fulfilled by Contera Pharma in relation to the cases where Contera Pharma is considered as the Data Controller. In situations where Contera Pharma is not regarded as the data controller, the above-mentioned rights must be fulfilled by the data controller in question.
10.10. Inquiries related to your rights according to GDPR can be made to: jbha@conterapharma.com.

11. CHANGES TO THIS PRIVACY POLICY

11.1. We may update this Privacy Policy. We will notify you of any significant changes.
11.2. You are advised to review this Privacy Policy periodically for any changes. The Privacy Policy available on our website (as updated from time to time) applies to our Services and use of our website.

12. CONTACT INFORMATION

12.1. If you have any questions about this privacy policy, please send us an email at jbha@conterapharma.com. We will get back to you asap. If you contact us by email you should not include unnecessary Personal Data, and especially not information containing any confidential or special categories of Personal Data, as the email may not be encrypted. We can only ensure encryption on emails that we send from Contera Pharma.

13. SUPERVISION

13.1. The Danish Data Protection Agency, inter alia, supervises the compliance with the applicable national regulation on Personal Data. The contact information for the Danish Data Protection Agency is:


Datatilsynet

Borgergade 28, 5
DK- 1300 Copenhagen K
T: 3319 3200
Email: dt@datatilsynet.dk


Policy Version: July 2019