Privacy Policy

1. Introduction

1.1 In this privacy notice, you can learn more about how Vertic A/S ("Vertic", "we", "us", "our") processes your personal data in various situations.

1.2 We provide you with this information as we are required to do so under the EU General Data Protection Regulation (the "GDPR") and the Danish Data Protection Act.

2. Controller

2.1 Vertic A/S, Ryesgade 3A, 2. tv, 2200 Copenhagen N, CVR-no 25514041, acts as a data controller for the processing of your personal data in the following situations:

- When you visit our website,
- When you communicate with us or represent a customer, supplier, vendor or other third party,
- When we collect information from public sources in relation to market research projects,
- When we carry out content projects, including video production -
- If you apply for a position at Vertic

2.2. Below you can read more about the various purposes of our processing of your personal data in the different situations. You can also see which data we process, what the legal basis for our processing is, for how long we store the personal data and who we share it with.

2.3 Further, in the section Your rights you can read about your rights. In the section Contact, you can find our contact information.

3 Categories of personal data, purpose, legal basis, retention and disclosure

3.1. When you visit our website (cookies)

3.1.1. Purpose and categories of personal data
When you visit our website, we use cookies to collect data about your visits, including e.g. your navigation on the website the type of browser you use and your IP address. These data may contain personal data.

We collect the data to ensure a stable, secure and user-friendly experience on our website, as well as to keep statistics about our website visitors.

3.1.2 Legal basis
The legal bases for our processing are:
- for necessary (technical) cookies: article 6(1)(f) of the GDPR, as we are pursuing our legitimate interest in ensuring functionality and security of our website, and
- for other cookies: article 6(1)(a) of the GDPR, as you have given your consent.

3.1.3 Retention of data
Personal data contained in cookies will be deleted in accordance with the lifetime/period for each specific cookie. Read more about our cookies, including their lifetime, in our Cookie Policy https://www.vertic.com/cookie-policy.

3.1.4 Recipients
We disclose information about your use of the website to any third-party service providers that you have allowed to place cookies when you use the website.

3.2 When you communicate with us or you represent a customer, supplier, vendor or other third party

3.2.1 Purpose and categories of personal data
When you communicate with us (e.g., via email or the contact form at our website), including if you act on behalf of our customers, suppliers, vendors or another third party, your communication may often contain personal data, e.g. your contact details (including name and email address), association with a certain company or other personal data you may provide us with. We may also receive such personal data from a third party, such as your employer.

We process these personal data for the purpose of managing our customer relationships, answering your inquiries and orders and to communicate with you/the company you represent. Further, such personal data may be processed if you participate in events and meetings at or hosted by Vertic.

3.2.2 Legal basis
The legal basis for the processing is article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in managing customer relationships, answering general inquiries and fulfilling any agreement, we may have concluded with the company you represent.

3.2.3 Retention of personal data
If you are not or do not represent an existing customer, supplier etc., personal data pertaining to our general communication with you (such as email inquiries) will be deleted 1 year after the end of the financial year where your last inquiry has been handled/concluded. If you are or represent a customer, supplier etc., personal data pertaining to our communication with you will generally be deleted 1 year after the end of the financial year in which the business relationship has ended.

3.2.4 Recipients
We disclose personal data included in our account records to the relevant public authorities, including in connection with our statutory bookkeeping etc. We may also disclose your personal data to our relevant business partners, including external advisors. Finally, we make your personal data available to our processors who e.g., host, develop and support our IT systems.

3.3 When we collect information from public sources in relation to market research projects

3.3.1 Purpose and categories of personal data
When we carry out projects on behalf of our customers, we process personal data that people have willingly posted on one of their public social media channels such as name, age, affiliated organization, social media handles, messages shared publicly on social media and other information that is manifestly made public. Further, we access that information through vendors that have specialized in collecting public social media data and making it available for companies such as ours to access and analyze. At Vertic we currently use the following two vendors:-

- Traackr: A platform created to enable companies to discover, understand and connect with influential profiles in the digital landscape. You can read more about Traackr on their website www.traackr.com and how they process your personal data here: https://www.traackr.com/infl-privacy-notice.

- Pulsar: A social media listening platform that collects data from public social media chan-nels and enables analysis of that data. You can read more about Pulsar here: www.pulsarplatform.com.

Additionally, we process personal data such as name, contact details, and other job-related information on health care professionals participating in interviews, focus groups, surveys/questionnaires, or moderated boards. We do not process any special categories of personal data in relation to market research pro-jects. We process these personal data for market research purposes with the objective to under-stand the collective perspectives and opinions by leading voices within the field we are investi-gating. This allows our clients to stay up to date with the latest developments within a given field. Further, we process personal data for market research purposes, including informing a potential outreach and collaborative proposal towards the identified individuals. If you do not want Vertic to use your publicly available personal data, you can write a request to privacy@vertic.com stating that you wish to be excluded from our records.

3.3.2 Legal basis
The legal basis for our processing is article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in conducting market research projects based on public available information, interviews, questionnaires, etc. to match our customers' needs to stay up to date with the lat-est developments within a given field.

3.3.3 Retention of personal data
We will only keep your personal information to fulfil the purpose of the specific project. Once the project has been completed, Vertic will retain your personal data for 1 year for record keeping. Afterwards the data will be deleted.

3.3.4 Recipients
We share your personal data with our customers, including (i) departments and teams of the company that has commissioned the study for the purposes outlined above and (ii) the pharmacovigilance / safety departments of the company that has commissioned the study.

3.4 When we carry out content projects, including video production When we carry out content projects, we produce videos footage which may contain infor-mation from publicly available sources, including name and picture/video of a person.

3.4.1 Purpose and categories of personal data
We process these personal data for the purpose of creating content to our customers. If you do not want Vertic to use your publicly available personal data, you can write a request to privacy@vertic.com stating that you wish to be excluded from our records.

3.4.2 Legal basis
The legal basis for our processing is article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in creating content for our customers based on public available information, including, name and picture/video of individuals.

3.4.3 Retention of personal data
We will only keep your personal information to fulfil the purpose of the specific project. Once the project has been completed, Vertic will retain your personal data for 1 year for record keeping. Afterwards the data will be deleted.

3.4.4 Recipients
We share your personal data with our customers, including (i) departments and teams of the company that has commissioned the project for the purposes outlined above and (ii) the pharmacovigilance / safety departments of the company that has commissioned the project.

3.5 If you apply for a position at Vertic
When we receive your application, we will send you confirmation stating that we have received it. When we go through the applications, we will select the applicants that we call in for an interview. This selection is based on how your qualifications relate to the position or positions. The call ins for an interview will take place by email or telephone.

3.5.1 Purposes of processing and categories of personal data when you apply for at position at Vertic

General collection of personal data and references
As a step in the recruitment process, we receive and process the personal data you have disclosed in your application, your resumé and other potential documents. In addition to the above-mentioned, we will in most cases seek additional information about the applicant(s) that we deem most qualified. We will often seek out relevant available information on the internet, including social media. We might also ask you to send us some additional information. The information that we collect in this connection will, unless we specifically inform you of something else, include the following: information about your activities at a former place of employment, including information about your job assignments and competencies, your performance, your personal appearance and interpersonal skills, and other information about you that has been made publicly available on the internet, to the extent that we deem this information relevant for the assessment of your application.

If we would like to collect information about you from your current or former employer by collecting references, we will ask for your consent in advance. If you do not consent, we will not collect your references. The information that we collect in this connection will, unless we specifically inform you of something else, include the following categories: information about your activities at a former place of employment, including information about your job assignments and competencies, your performance, your personal appearance and interpersonal skills, and the reason why you are no longer employed by or wish to no longer be employed by the employer in question.

Interviews
During the recruitment process we carry out interviews where the focus is both your professional and personal competencies, the challenges of the position and how it is to work at Vertic. We take notes of some of the personal data that is mentioned during the interview(s). We only take notes of the personal data that are relevant for our assessment of whether we should offer you a position or not.

Use of Personality Tests
During the recruitment process we use personality tests when filling out certain positions. This requires that you consent to our processing of the results of the personality test. The consent is given in connection with your completion of the test. The test is usually completed after we have carried out one or more interviews with you. The purpose of the test is to clarify your competencies, so we have a starting point for a dialogue about your personal resources, strengths and weaknesses. The test will never stand alone, instead it forms a part of the collected material that we use for our selection of the right applicant for the position.

Criminal records
During the recruitment process we sometimes make use of criminal records. If we consider it relevant to collect your criminal record in relation to the position, you have applied for we will ask for your consent to do so. Whether or not we collect criminal records depends on which position you have applied for including the responsibility and executive powers that the position entails.

Credit Rating Information
If you are applying for a position of trust, including taking on a position as manager with financial responsibilities or accounting and bookkeeping tasks, we will want to collect personal data about your credit rating from a credit rating agency. If we collect personal data about your credit rating you will receive an individual notice concerning this matter, including that we have run a check on you with a credit rating agency and if we will be storing the credit information afterwards.

3.5.2 Legal basis if you apply for a position at Vertic
The  legal basis for processing the personal data is article 6(1)(f) of the GDPR  as we pursue the legitimate interest in the processing of the personal  data being necessary for our assessment of you as a person and your skills in  relation to the contents of the position. Further,  our processing of data that you make available to us on your own initiative  is deemed to be performed on basis of your consent (in accordance with  the relevant consent provisions of the GDPR and/or national data protection  laws [1]).

Social media: The  legal basis for processing the personal data published by you is article  6(1)(f) of the GDPR as we pursue the legitimate interest in the  processing of the personal data being necessary for our assessment of you as  a person in relation to the contents of the position.

References: The legal basis is the consent you give  for the purpose of using your references; see article 6(1)(a) of the GDPR.

Credit ratings , Use of personality/competency tests & Criminal record: The legal basis is our legitimate interest in  assessing your financial solidity and credit rating to be able to assess if  you are the right applicant for the position that you have applied for  according to article 6(1)(f) of the GDPR. The legal basis for processing the personal data is  article 6(1)(f) of the GDPR as we pursue the legitimate interest in the  processing of the personal data being necessary for our assessment of your  personal skills based on the tests. The legal basis is the consent that you provided  according to section 8(3) of the Danish Data Protection Act and art. 6(1)(a)  of the GDPR.

Drafting  of employment agreement: The legal basis for processing the general  personal data stated in the application documents may also be 6(1)(b) of the  GDPR as it may be necessary to process the personal data in question for the  purpose of drafting an employment agreement, if relevant. 

3.5.3 Retention of your data if you apply for at position at Vertic
If your application is rejected, Vertic will generally delete the information that we have processed about you during the recruitment process when it is completed. This will typically coincide with the time when Vertic enters into an employment agreement with the selected candidate and generally no more than 6 months after the date when you were informed of the rejection. If we employ you, the personal data that we have processed during the recruitment process will, if relevant, be stored in your personnel file in accordance with the applicable retention periods. In that case, you will be further notified of the processing of your personal data.

3.5.4 Recipients of your personal data if you apply for a position at Vertic

We may share your personal data with our processors, for example our IT system providers etc.

4 Transfer of your personal data to third countries

4.1. We transfer your personal data to the US.

4.2. The basis for our transfers is the Commission Decision of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.

If you want additional information about our transfer of personal data outside the EU and EEA, including a copy of the relevant security measures, etc., you may make a request for such additional information by contacting us (see contact information below).

5. Your rights, etc

5.1. You have special rights to help you control your personal data, and we wish to make it easy for you to exercise those rights:.

5.2. Right to withdraw consent
Where you have given your consent for our processing of your personal data, you have the right to withdraw your consent at any time. You can withdraw your consent by contacting us, see below under "Contact".

If you withdraw your consent, the withdrawal will not affect the lawfulness of processing that has already been carried out based on your consent.

5.3. Right of access
You have the right to have confirmed whether we collect or process your personal data, and, if so, you have the right to request a copy of your personal data in a digital format.

5.4. Right of rectification
You have the right to require that we correct any inaccurate personal data concerning you, and that we complete incomplete personal data.

5.5 Right of erasure
In certain circumstances, you have the right to request that we erase personal data concerning you; for example, if it is no longer necessary for the purposes for which it was originally collected.

5.6 Right to restrict processing
In certain circumstances, you have the right to request that we restrict the processing of your personal data, e.g., if you believe that the personal data is not accurate or lawfully processed.

5.7 Right to object to the processing
In certain circumstances, you have the right to request that we stop processing your personal data.

5.8 Right to data portability
In certain circumstances, you have the right to receive the personal data you have provided us with in a structured, commonly used, machine readable format, and the right to have us transmit the data to another entity, where technically feasible.

6. Complaint to a supervisory authority

If you want to lodge a complaint with a supervisory authority about our processing of your personal data, you can do so by contacting the Danish Data Protection Agency via their website, www.datatilsynet.dk.

6.1. You can read more about your rights in the Danish Data Protection Agency's guidelines on data subjects' rights, which is available at www.datatilsynet.dk (in Danish). Please contact Vertic if you wish to exercise your rights. The relevant contact details are stated below.

7 Contact

7.1. If you have any questions about how we process personal data, please contact us at privacy@vertic.com.

[1] Relevant provisions may be: Articles 6(1)(a) and 9(1)(a) of the GDPR, depending on the specific information provided by you.