Privacy Notice for use of personal data for scientific research
At Mölnlycke, we focus on sustainable use of personal data. That means, that we protect the personal data entrusted us, while we reuse the personal data to the extent legally and ethically possible.
For us, it is not only about what we can do with personal data – but what is the right thing to do.
Here you can read about how Mölnlycke use personal data for scientific research purposes.
Who is responsible
Mölnlycke Health Care AB (company reg. no. 556547-5489) is a progressive and human-centric MedTech company, specialising in innovative solutions for wound care and surgical procedures.
It is important to us to respect your rights and to keep your personal data private. We have solid processes in place to protect your rights. We will only process your personal data for ethical and lawful purposes.
You can contact our Data Protection Officer (“DPO”) directly via email at privacy@molnlycke.com if you have any questions or concerns. You may read more general information about how and why we process personal data at https://www.molnlycke.com/privacy-center/ or you can contact us at phone number: +46 31 722 30 00.
If you have more specific questions about the processing of your personal data, please contact the site or study doctor responsible for the research you participated in, as Mölnlycke is not able to identify you directly in the data set we have access to.
How do we collect your personal data
We collect personal data from the following sources:
- Hospitals and clinics
- Research organisations
- Suppliers and partners we collaborate with
- Research institutions and practitioners as part of our clinical studies
- Universities
- Public and private databases
- Medical devices, apps and eDevices
- Your relatives, if they participated in one of our clinical studies
- From you directly
Why do we use your personal data (Our purpose)
We will use your personal data for scientific research to find out more about care treatment and how we can improve the quality of care, including our products.
Examples of scientific research are:
- Investigation of a new potential treatment and/or medical device or new use of an approved treatment and/or medical device
- Improvement of standard of care and treatment progression
- To demonstrate that a treatment and/or medical device works as intended and is safe to use
- To learn more about a disease area
- To spread awareness and educate professional within standard of care and best practice
- To make a study design better
- Quality controls of treatment/device
- Improvement of quality systems
- To develop new diagnostic tools and methods
- To analyse and identify correlations in your data set
Mölnlycke aims to use anonymised data for research purposes where possible. All data included in our scientific publications will be anonymised.
What personal data do we use
Mölnlycke uses both non-sensitive personal data and sensitive personal data for scientific research purposes as described in section 3. Examples of this are listed below.
Examples of sensitive personal data |
Such as: |
Health related information |
Wound history, BMI, diagnosis (e.g., diabetes) , genetic data, biometric data. |
Images showing health related information |
Images of wounds at different stages. |
Information about the use of a Mölnlycke product |
Preferences for or experiences of use of a product or a service, if it relates to health information, e.g., pain or wounds. |
Quotes/comments relating to health information |
Quotes/comments relating to your or someone else’s health. |
Other sensitive information |
Race or ethnic origin, religious beliefs, sexual orientation. |
To the extent possible, such personal data will be coded or anonymised. This means that personal data that can be linked directly to you (for example name, address) will be removed and we will not be able to directly identify you.
What is our legal basis to use your personal data
At Mölnlycke, we only process your personal data to the extent permitted or required by applicable data protection legislation.
We are allowed to use your data because:
- Our purpose is to revolutionise care for people and planet. To achieve this, we rely on scientific research and development. The legal bases for this are our legitimate interests to understand and develop treatments and medical devices and to conduct scientific research. These legal bases are found in the GDPR art. 6(1)(f), GDPR art. 9(2)(j).
- We will share study results to demonstrate safety and efficacy of treatments and medical devices with relevant authorities. The legal bases for this are to meet the legal obligations of Mölnlycke and public interest in the area of public health. These legal bases are found in the GDPR art. 6(1)(c) and GDPR art. 9(1)(i).
- In some cases, you have given your consent to share your personal data for specific research purposes. This could be the consent you have provided to our suppliers, partners, research institutions or directly to Mölnlycke to use your personal data. These legal bases for our processing are found in the GDPR art. 6(1)(a) and GDPR art. 9(2)(a).
For how long will we keep your personal data
We will keep your personal data as long as relevant for the intended use for which it was collected and in accordance with Mölnlycke’s data retention and deletion procedures. After such period has ended, your Personal Data will be anonymised or deleted.
Example:
Type of Personal Data |
Retention period |
Data related to technical complaints |
10 years |
Pharmacovigilance data and regulatory documents relating to individual authorised medicinal products |
As long as the marketing authorisation exists and for at least a further 20 years after the marketing authorisation has ceased to exist. |
Personal Data collected as part of a Mölnlycke study/clinical trial |
For scientific research for at least 25 years |
With whom do we share your personal data?
In line with the purpose as stated above in section 3, we may share your coded personal data with the following external parties:
Recipients: |
Such as: |
Suppliers or vendors assisting Mölnlycke |
Consultants, IT service providers, law firms and Contract Research Organisations (CRO). |
Other Mölnlycke entities |
Mölnlycke entities in other countries. |
Public authorities, if required |
Health care authorities (e.g., FDA). |
Hospitals and clinics |
Public, private or university hospitals, speciality clinics. |
Partners |
Researchers from universities and other MedTech companies who we collaborate with. |
External researchers |
Researchers who are investigating the same or related disease area or drug product. |
Health care professionals |
Doctors, nurses, key opinion leaders. |
How do we keep your data safe?
We have taken measures to ensure that your personal data is handled in a safe way. For example, access to systems where personal data is stored is limited to our employees and service providers who require it in the course of their duties. Such parties are informed of the importance of maintaining security and confidentiality in relation to the personal data we process. We maintain appropriate safeguards and security standards to protect your personal data against unauthorised access, disclosure or misuse. We also monitor our systems to discover vulnerabilities.
How do we keep your data safe when transferred outside the EU?
For the purposes described above in section 3, we may transfer your personal data to countries outside the European Union (EU) and the European Economic Area (EEA).
To safeguard your rights, we rely on the following so called transfer mechanism:
- European Commission’s Adequacy Decisions. This means that the European Commission has assessed and decided that your personal data will be equally protected in that country as within the EU/EEA. You can access a list of the countries that the European Commission has decided provide an adequate level of data protection here.
- European Commission’s standard contractual clauses. These clauses function as a contract between Mölnlycke and the recipient, with the purpose of safeguarding your rights. You may access the European Commission’s standard contractual clauses here. Please contact Mölnlycke’s DPO for specific information.
You have specific rights in relation to Mölnlycke’s processing of your personal data. In general, you have the below rights.
These rights might be limited when data is used solely for scientific research purposes. This means that the right to get insight into the data, right to correction or deletion of data and the right to restrict use are limited if Mölnlycke only uses your data for scientific research. In addition, your possibilities to exercise your rights might be limited due to the fact that Mölnlycke is not able to identify you or link your identity to the applicable personal data.
Please contact us as described under section 1 if you have questions or requests relating to these rights.
You can also contact the Swedish Data Protection Agency (“Integritetsskyddsmyndigheten”) if you would like more information or if you wish to make a complaint here or your local supervisory authority in the EU member state where you are located. You can find contact details to each local supervisory authority by visiting this link.
Your rights are the following:
Right of access
You have the right to obtain a confirmation as to whether or not we process your personal data. If that is the case, you also have the right to receive copies of the personal data concerning you that we process as well as additional information about the processing, such as for what purposes the processing occurs, relevant categories of personal data and the recipients of such personal data.
Right to rectification
You have the right to have you Personal Data corrected (rectified) and/or complemented if it is wrong and/or incomplete.
Right to erasure
You have the right to request that we erase your Personal Data without undue delay in the following circumstances:
- the Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- you withdraw your consent on which the processing is based (if applicable) and there is no other legal ground for the processing;
- you object to our processing of Personal Data, and we do not have any overriding legitimate grounds for the processing;
- the processed Personal Data is unlawfully processed; or
- the processed Personal Data has to be erased for compliance with legal obligations.
Right to restriction
You have the right to restrict the processing of your Personal Data in the following circumstances:
- you contest the accuracy of the Personal Data during a period enabling us to verify the accuracy of such Personal Data;
- the processing is unlawful, and you oppose erasure of the Personal Data and request restriction instead;
- the Personal Data is no longer needed for the purposes of the processing, but are necessary for you for the establishment, exercise or defence of legal claims; or
- you have objected to the processing of the Personal Data, pending the verification whether our legitimate grounds for our processing override your interests, rights and freedoms.
Right to object
You have the general right to object to our processing of your Personal Data when it is based on our legitimate interest. If you object and we believe that we may still process your Personal Data, we must demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
Right to data portability
If your Personal Data has been provided by you and our processing of your Personal Data is based on your consent or on the performance of a contract with you, you have the right to receive the Personal Data concerning you in a structured, commonly used and machine-readable format in order to transmit these to another service provider where it would be technically feasible and can be carried out by automated means.
Right to withdraw consent
When our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Please note that the lawfulness of any processing based on your consent before its withdrawal is not affected by the withdrawal. We will keep information regarding your withdrawal for as long as is necessary for us to ensure that all your personal data relating to your former consent is erased.