We obtain your personal data through/from the following sources:
- From you directly
- From your manager
- From other Novo Nordisk affiliates or entities
- From publicly available publications and websites
- From vendors or public authorities
Novo Nordisk keeps your personal data for as long as it is needed to carry out the business purpose for which the data was collected and/or for as long as required under applicable law. Retention periods for Novo Nordisk records, including records containing employee personal data, are set out in the ATLAS document catalogue.
Retention periods for GxP data
As a pharmaceutical company, many Novo Nordisk records (including employee records containing personal data) are covered by specific GxP requirements that mandate certain, typically quite long, retention periods. The following table lists retention periods for categories of employee personal data that are covered by GxP requirements:
Data category | Retention time |
Signature sheet | 50 years |
Full name, initials, department, period of employment in department | End of employment +30 years |
Documentation of completed training and education in GxP regulated processes | 50 years |
IT user activity for GxP regulated IT systems | Depending on the specific purpose for which data is stored in the IT system, the retention period ranges from 7 to 75 years |
Access logs for GxP regulated facilities | 10 years |
QA surveillance (video) of GMP[1] regulated areas | 5 years |
[1] Good Manufacture Practices may require some areas are controlled and monitored by cameras (always marked with sign postings) and stored by a certain period in order to comply with QA surveillance.
Please find a detailed description of which Personal Data is processed by Novo Nordisk in Appendix A below.
Please inform local P&O if there are any changes to the personal data you have shared with Novo Nordisk.
We may share your personal data with:
- Public authorities
- Other Novo Nordisk entities (e.g. Novo Nordisk affiliates in other countries)
- Suppliers or vendors that assist our company (e.g. consultants, IT service providers, financial institutions, law firms)
Novo Nordisk may process the following Personal Data from you:
- Name and personal contact details (e.g. private email, private phone, physical address)
- Business contact information (e.g. Novo Nordisk initials, phone number, e-mail)
- Position, department, and photograph (e.g., for the employee phone book or ID card)
- Nationality and language
- Signature
- Information regarding current and former positions in Novo Nordisk
- Job application and Curriculum Vitae (CV)
- Ability and personality tests, if used for recruitment or development activities
- Criminal background check for recruitment process
- Terms of employment, incl. salary, allowances, incentive schemes, and bonus payments
- Social security number and bank details
- Marital status and dependents, including emergency contact information
- Tax, insurance, and pension scheme information
- Union membership, if provided by the employee
- Information related to employee accidents and illnesses
- Absence data, including sickness, holidays and leave
- Disciplinary warnings
- Resignation or dismissal (including reason)
- Performance objectives and evaluations
- Documentation of accomplished training and education
- Participation in talent, career development, and leadership programmes
- Personal information relating to international transfers and expat assignments
- Promotion and succession plans (certain positions only)
- IT user activity on Novo Nordisk's IT infrastructure, systems, and equipment
- Facility access logs and security surveillance recordings in certain facilities (always marked with sign postings)
- Travel details (e.g., passport number, itineraries):
- Company credit card details and documentation of expenses
- Company car, including information about use of petrol and any fines
- Details related to dietary requirements, health alerts, or mobility assistance, if voluntarily provided by the employee