The Hormosan Pharma GmbH (hereinafter "Hormosan", is pleased that you are visiting our website. Data protection and data security are very important to us. Therefore, we would like to inform you about the personal data we collect during your visit to our website and about the intended purposes.
As changes to the law or changes to our corporate processes may require an adaptation of this privacy statement, we ask you to read this privacy notice regularly. The privacy notice can be accessed any time under “Privacy Notice”, saved and printed out.
Under the EU General Data Protection Regulation (hereinafter: GDPR) and under the UK General Data Protection Legislation (UK-GDPR), the body that determines how and why your personal data is processed is defined as the “controller”. The controller of your personal data is:
Hormosan Pharma GmbH
Hanauer Landstrasse 139 - 143
60314 Frankfurt am Main
Germany
Tel.: +49 (0) 69 - 478730
E-Mail: info@hormosan.de
Website: www.hormosan.de
This privacy notice applies to the online presence of Hormosan, which is available at www.hormosan.com and the various subdomains (hereinafter referred to as "our website").
The (external) Data Protection Officer of Hormosan can be contacted at:
Bird & Bird DPO Services SRL
Avenue Louise 235 b 1
1050 Brussels, Belgium
Email: dpo@lupin.com
Personal data are all information relating to an identified or identifiable natural person. This includes information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior. Information that cannot (or only with a disproportionate effort) be referred to your person, e.g. by anonymizing the information, is not personal data. The processing of personal data (e.g. the collection, retrieval, use, storage or transmission) requires either as legal basis your consent, is based on legitimate interest or on the necessity to perform a legal obligation.
Processed personal data will be deleted as soon as the purpose of the processing has been fulfilled and no legally prescribed retention obligations are to be observed.
Hormosan will comply with data protection law. This means that the personal information we hold about you must be:
a) Used lawfully, fairly and in a transparent way;
b) Collected only for valid purposes that we have explained to you clearly and not used in any way that is incompatible with these purposes;
c) Relevant to the purposes we have told you about and limited to those purposes only;
d) Accurate and kept up to date;
e) Kept only for such time as is necessary for the purposes we have told you about; and
f) Kept securely.
In case we process your personal data for the provision of certain offers, please find below information about the specific processes, the scope and purpose of data processing, the legal basis for processing and the respective storage period.
1. Website
a) Scope and Purpose of the Processing
When you access and use our website, we only collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a so-called log file.
The following personal data is recorded to the extent necessary for the provision of a functional website and our contents and services:
b) Legal Basis
Art. 6 para. 1 lit. f GDPR serves as the legal basis for the data processing. The processing of the mentioned data is necessary for the provision of our services and thus serves the protection of a legitimate interest of our company.
c) Data Deletion and Storage Time
The data subject’s personal data are deleted or blocked as soon as the purpose of the storage is fulfilled. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection for the user. Further storage may take place in individual cases if this is required by law.
2. Registration / Customer Account
a) Scope and Purpose of the Processing
You have the possibility to register on our website for ordering service materials by entering your personal data. Access takes place via a DocCheck password (see below for further details). Your registration is required to complete your order for the following reasons:
We process the following personal data for the registration/customer account setup:
b) Legal Basis
Your Personal data is processed in accordance with article 6 (1) lit. b GDPR for the fulfilment of your order for specialist information between you and Hormosan.
c) Storage Time
As soon as the processed data are no longer necessary for the execution of the order, they will be deleted. It may be necessary to store your personal data in order to comply with contractual or legal obligations even after the contract has been fulfilled. Further storage may be necessary in individual cases if this is required by law.
d) Cancellation
You have the possibility to cancel the registration and to change your personal data any time.
However, if the processed data are necessary for the fulfilment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible insofar as this does not conflict with contractual or statutory obligations.
3. Contact form / Medical Hotline / Costumer Service
a) Scope and Purpose of Processing
You have the opportunity to contact our medical hotline (service@hormosan.de) or our costumer service (customerservice@hormosan.de) using a form provided on our website. In the course of sending your inquiry via the contact form, reference is made to this data protection declaration in order to obtain your consent. If you use the contact form, the following personal data will be processed:
The purpose of entering your e-mail address is to assign your request and to be able to reply to you. When using the contact form, your personal data will not be forwarded to third parties.
b) Legal Basis
The data processing described above for the purpose of establishing contact is carried out voluntarily in accordance with Art. 6 para. 1 lit. a GDPR on the declaration of consent submitted by you as below:
Declaration of consent
By entering my data and clicking the "send" button I declare my consent to the use of my e-mail address for answering my contact request.
I can withdraw my consent to the processing of personal data collected during the registration process at any time.
c) Storage Time
As soon as the request you have made has been dealt with and the relevant facts have been finally clarified, your personal data processed by the contact form will be deleted. Further storage may take place in individual cases if this is required by law.
4. Ordering service materials for patients
a) Scope and Purpose of the Processing
We offer patients the opportunity to order Information Brochures/Service Articles by entering their personal data. The following data are collected as part of the ordering process:
Furthermore, you can provide us with further data on a voluntary basis. However, this is marked accordingly.
b) Legal Basis
Art. 6 para. 1 lit. b GDPR serves as the legal basis as the processing of your personal data is required in order to fulfil your order Information Brochures/Service Articles.
c) Storage Time
As soon as the processed data are no longer necessary for the execution of the order, they will be deleted. It may be necessary to store your personal data in order to comply with contractual or legal obligations even after the contract has been fulfilled. Further storage may be necessary in individual cases if this is required by law.
5. Healthcare Professional (“HCP”) Data Base
a) Scope and Purpose of the Processing
We collect and process publicly available information in connection with your professional activities in order to contact you personally, for example through visits or by mail, and to inform you about our products.
For this purpose, the following categories of personal data are processed by us:
How do we collect your personal data?
We obtain this data from third parties who compile the data for the purpose of providing a database of healthcare professionals or collect the data ourselves from the following publicly available sources: government and public records, institutional websites (hospitals, universities, medical facilities), medical databases and registries, and other online professional profiles and web sources related to your professional activity.
b) Legal Basis
The legal basis for processing this personal data is our legitimate interest in offering our goods or services to healthcare professionals, healthcare providers or other experts who directly or indirectly offer services related to our products and to provide information about our products and services, and as required by law (Art. 6 para. 1 lit. f DSGVO).
c) How long do we keep your personal data?
The data subject's personal data are deleted or blocked as soon as the purpose of the storage is fulfilled. We will review the data regularly at least on an annual basis and delete or anonymize the data after this period, unless there is a conflicting interest on our part (such as your request to stop contacting us).
We only share your personal information with third parties if:
With whom do we share your personal data?
a) Scope and Purpose of Processing
We use cookies on our website. Cookies are small files which are sent by us to the browser of your terminal device and stored there as part of your visit to our internet pages. Some functions of our website cannot be offered without the use of technically necessary cookies. Other cookies allow us to perform various analyses. Cookies are, for example, able to recognize the browser you are using when you visit our website again and to transmit various information to us. We can use cookies to make our internet offer more user-friendly and effective, for example, by tracking your use of our website and by determining your preferred settings (e.g. country and language settings). In case third parties use cookies to process information, they will collect the information directly from your browser. Cookies do not cause any damage to your device. They cannot run programs or contain viruses.
Our website uses transient cookies, which are automatically deleted when you close your browser. This type of cookie allows us to collect your session ID allowing you to assign different browser requests to a common session and enabling us to recognize your end device during visits to websites in one session.
b) Legal Basis
Due to the described purposes of use the legal basis for the processing of personal data using cookies lies in Art. 6 para. 1 lit. f GDPR.
c) Storage Time
As soon as the data transmitted by the cookies is no longer necessary for the purposes described above, this information will be deleted. Further storage may take place in individual cases if this is required by law.
d) Browser Settings
Most browsers are already set to accept cookies by default. However, you can change your browser settings so that it only accepts certain cookies or no cookies at all. However, we would like to point out that you may no longer be able to use all the functions of our website if cookies are disabled by your browser settings on our website.
You can also use your browser settings to delete cookies already stored in your browser. Furthermore, it is possible to set your browser so that it informs you before cookies are stored. Since the different browsers may differ in their respective functions, we ask you to use the respective help menu of your browser for the setting options.
If you would like a comprehensive overview of all third-party access to your Internet browser, we recommend that you install specially developed plug-ins.
e) Login for closed user groups (DocCheck®)
This website uses the login service of DocCheck Medical Services GmbH ("DocCheck"). DocCheck uses so-called "cookies" - text files that are stored in the user's browser - to facilitate the use of the services. The information generated by these cookies is only transmitted to DocCheck servers and is not shared with the website operator or any other third party. There is no data transfer to countries outside the EU.
Cookie 1
Doccheck_user_id
Allows a single sign-on for all DocCheck logins.
Lifetime = 1 session
Cookie 2
Doccheck_scu_data
Serves to provide suitable content on the basis of pseudonymised identification data (e.g. occupation, country, language).
Lifetime = 1 year
The techniques used and their purpose including the underlying data processing processes can be found in the DocCheck® cookie notices.
Log data
As part of the use of DocCheck password protection, DocCheck collects the so-called log data (IP address, access date, access time, referrer URL, information on hardware and software used such as browser features, device information such as resolution) of the user, starting from the website of the information provider which integrates the login into the website via "embed" or iFrame.
These data are not used to draw conclusions about the person, but serve to ensure the correct display of the page or iFrame contents and/or the security of the DocCheck services.
When using DocCheck, the agreements between you and DocCheck apply, and with regard to data protection, the DocCheck Privacy Notice: www.doccheck.com/de/privacy/
We use tracking and analysis tools to ensure continuous optimization and user-oriented design of our website. With the help of tracking measures it is also possible for us to statistically record the use of our website by visitors and to further develop our online offer for you with the help of the knowledge gained.
On the basis of these interests, the use of the tracking and analysis tools described below is justified in accordance with Art. 6 para. 1 s. 1 lit. f GDPR. The following description of the tracking and analysis tools also shows the respective processing purposes and the processed data.
1. IONOS Webanalytics
Our website uses IONOS Webanalytics, a web analysis service of 1&1 IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, Germany, ("Ionos"). Ionos uses server log data, to help the website analyse how users use the site.
The information from the server logs, for example about the referrer (previously visited website), requested website or file, browser type and version, operating system used, type of device used, time of access and IP address in anonymised form (only used to determine the location of the access), is only processed by Ionos from servers within the EEA and not transferred to third parties unless this is required by law or if third parties process this data on behalf of Ionos. According to 1&1, the data collection is completely anonymised so that it cannot be traced back to individual persons. Cookies are not stored by 1&1 Web Analytics. Ionos will use the information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activities and to provide the website operator with further services associated with website and internet use.
For more information on data collection and processing by 1&1 Web Analytics, please see the following links:
https://hosting.1und1.de/hilfe/online-marketing/
https://hosting.1und1.de/hilfe/datenschutz/datenverarbeitung-von-webseitenbesuchern-ihres-company-name-produktes/webanalytics/
https://hosting.1und1.de/terms-gtc/terms-privacy/
2. Web Beacons
In connection with cookies, so-called "Internet tags" (also known as web beacons) can be used on our website or by third party advertising partners. Tags can help us measure visitor response and the effectiveness of advertising campaigns.
Our website contains hyperlinks to websites of other providers. When you activate these hyperlinks, you will be directed directly to the other providers' website. You will recognize this when the URL is changed. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
If your personal data are processed, you are a data subject within the meaning of the General Data Protection Regulation (GDPR) and the following rights apply to you:
In case the processing of your personal data is based on legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR insofar as there are reasons which arise from your particular situation or if the objection refers to direct marketing. In the case of direct marketing, you have a general right to objection which will be considered without mentioning any particular situation.
If you no longer wish us to use your personal data, you can of course revoke your consent at any time with effect for the future at the following address:
Hormosan Pharma GmbH
Hanauer Landstrasse 139 - 143
60314 Frankfurt am Main
Germany
Deutschland
Fax: 069/ 47 87 30
e-Mail: datenschutz@hormosan.de
Requests for the deletion of your personal data will be carried out in compliance with all applicable legal regulations.
We are committed to protecting your privacy and treating your personal information confidentially. In order to avoid any manipulation, loss or misuse of your data stored by us, we take extensive technical and organizational security measures that are regularly reviewed and adapted to technological progress. This includes, among other things, the use of recognized encryption methods (SSL or TLS).
However, we would like to point out that due to the structure of the internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions for which we are not responsible.
In particular, unencrypted data - e.g., if this is done by e-mail - can be read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data provided by him against misuse by encryption or in any other way.
This website, and the information provided on this website, are not designed or intended for use by children 18 years and younger. Lupin also do not knowingly collect, process or store any Personal Data from any users under the age of 18 without the verifiable consent of a parent or guardian prior to collecting, processing or storing information collected either directly or indirectly through the use of this websites. Parents or guardians of minors may have the right to request to view or delete Personal Data provided by the child either directly or indirectly through the use of this website.
Data controller:
The following companies operating as part of Lupin Europe are deemed to be data controllers:
Hormosan Pharma GmbH, Hanauer Landstraße 139-143, 60314 Frankfurt am Main, Germany
Lupin Europe GmbH, Hanauer Landstraße 139-143, 60314 Frankfurt am Main, Germany
The Company is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you.
During the recruitment process, the Company collects and processes personal data relating to job applicants.
The Company is committed to being clear and transparent about how it collects and uses that data and to meeting its data protection obligations.
The Company will comply with data protection law. This means that the personal information we hold about you must be:
The Company collects and processes a range of personal information (personal data) about you. Personal data means any information about an individual from which the person can be identified. This may include:
We may also collect the following special categories of more sensitive personal information:
The Company collects this information in a variety of ways during the application and recruitment process.
In some cases, the Company collects personal data about you from third parties in accordance with local labour law, with your consent or if the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party such as references supplied by former employers, information from employment background check providers and information from criminal records checks permitted by law.
Data is stored in a range of different places, including on your application record, in the Company's HR systems and in other IT systems (including the Company's email system).
The Company needs to process data prior to entering into a contract with you. We also need to process data to enter into an employment contract with you and to meet its obligations under that employment contract.
In addition, the Company needs to process data to ensure that we are complying with our legal obligations. For example, we are required to check an employee's entitlement to work in the country. For certain positions, it is necessary to carry out criminal records checks to ensure that individuals are permitted to undertake a particular role. The Company processes health information if we need to make reasonable adjustments to the recruitment process for candidates with a disability.
The Company has a legitimate interest in processing personal data during the recruitment process and in keeping records of that process. Processing such data from job applicants enables the Company to manage the recruitment process, assess the suitability of candidates and make informed decisions as to whom we wish to recruit. The Company may also have to process data from job applicants in order to defend legal claims.
In cases where the processing of your personal data exceeds the purpose of processing the recruitment process, it shall be legitimised by an individual consent.
If you have granted us your consent for the processing of your personal data, this consent will provide the legal basis for the processing specified therein.
With regard to the use of cookies in the context of the online application portal, the legal basis for the processing of personal data lies in Art. 6 para. 1 lit. f DSGVO. Further information on the use of cookies can be found here: https://go.softgarden.de/datenschutz_softgarden and here: https://www.hormosan.com/datenschutz.html#datenschutz
You are under no obligation to provide the Company with personal data during the recruitment process. However, if you do not provide certain personal information when requested, the Company may not be able to process your application for employment properly or at all.
You are under no obligation to provide information for equal opportunities monitoring purposes and there are no consequences for you if this information is not provided.
Our employment decisions are not based on automated decision-making.
The Company will only hold your personal data for as long as is necessary to fulfil the purposes we collected it for, including any legal, accounting or reporting requirements. If your application for employment is unsuccessful, the company will destroy your data unless you specifically consent for your data to be kept for a longer specified period in order to be considered for any other suitable position within a twelve (12) month period.
If your application for employment is successful, personal data gathered during the new recruitment process will be transferred to your personnel file and we shall inform you through a new privacy notice which sets down the details of how we process your data in an employment relationship including the periods for which your data shall be held.
Your information will be shared internally for the purposes of the recruitment process, including with members of the HR team and interviewers.
The execution of the application process is supported by the responsible person with the help of the order processor softgarden e-Recruiting GmbH, Tauentzienstr. 14, 10789 Berlin. Further information on data processing as well as on all measures taken for data security can be found here: https://go.softgarden.de/datenschutz_softgarden
Furthermore, the Company will not share your data with third parties unless you accept an offer of employment. In those circumstances, the Company shall share your data with third parties where required by law and where it is necessary in order to administer the employment relationship with you or where we have another legitimate interest in doing so.
Your data may be transferred to countries outside the European Economic Area (EEA) in order to administer employment benefits, effect compensation payments, make recommendations on compensation and promotions.
Data is transferred outside the EEA on the basis of data processing agreements, EU standard contractual clauses and other safeguards.
The Company takes the security of our data seriously. The Company has internal policies and controls in place to prevent your data being lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. When the Company engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
As a data subject, you have a number of rights. You can:
If you would like to exercise any of these rights, or you have any questions about the privacy notice, please contact your HR Manager or the relevant Data Protection Officer.
If you believe that the Company has not complied with your data protection rights, you have the right to make a complaint to:
The Hessian Data Protection Office
https://datenschutz.hessen.de/
The Hessian Data Protection Officer
PO Box 3163
65021 Wiesbaden
Phone: +49 611 1408 - 144
For Hormosan Pharma GmbH and die Lupin Europe GmbH:
Bird & Bird DPO Services SRL
Avenue Louise 235 b 1
1050 Brussels, Belgium
Email: dpo@lupin.com
Constant technological development makes it necessary to adapt our privacy notice from time to time. We reserve the right to change this privacy notice at any time with effect for the future. If we change our privacy notice, we will inform you of this by appropriate means.
The following companies operating as part of Lupin Europe are deemed to be data controllers (hereinafter termed: the Company) and according to the EU General Data Protection Regulation (hereinafter: GDPR) and other national data protection acts of the Member States, as well as other data protection regulations, are:
Hormosan Pharma GmbH
Hanauer Landstraße 139-141
60314 Frankfurt
Germany
+49 (0) 69 - 47 87 30
info@hormosan.de
Lupin Europe GmbH
Hanauer Landstraße 139-141
60314 Frankfurt
Germany
+49 (0) 69 - 47 87 30
info@hormosan.de
As representatives of our customers, we will process your personal data as described in this Privacy Notice. We respect you and are committed to honoring and protecting your privacy. This Privacy Notice describes our privacy practices regarding collection and use of your personal data when we process it in the context of providing services to our customer whom you represent and sets out your privacy rights in relation to it.
The Company will comply with data protection law. This means that the personal information we process about you must be:
The Company collects and processes a range of personal information (personal data) about you. Personal data means any information about an individual from which the person can be identified. The categories of personal data that could be processed are:
We, at Lupin, use your personal data in order to establish a connection with our customer (whom you work for or represent), provide you and the customer whom you represent with a better customer experience and ensure that the marketing material we send to you reflects your personal preferences.
In the following, we will inform you about the legal basis and the purpose for which we process your data:
1. Based on your consent (Art. 6 sec. 1 lit. a GDPR)
If you have given us your consent to process your data, the respective consent shall be the legal basis for the mentioned processes.
For example, we do this so that we can communicate with you for the following purposes:
2. Legitimate interests (Art. 6 sec. 1 lit. f GDPR)
We may also use your data for the purposes of legitimate interests.
For example, we do this so that we can communicate with you for the following purposes:
The Company will only use your personal information for the purpose for which it was collected unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will advise you of this and explain the legal basis which allows us to do so.
You should be aware that we may process your personal information without your knowledge or consent where this is required or permitted by law.
An automated decision-making process does not take place.
We will only keep your personal data for as long as is reasonably necessary taking into consideration our need to answer queries or resolve problems, any other purpose outlined above or to comply with legal requirements under applicable law(s). Your data will be completely deleted as soon as the processing purpose for its storage ceased to apply.
Your data is only disclosed if disclosure is permitted by a legal basis and only with due regard for the duty of confidentiality.
We may use carefully selected third parties to carry out certain activities to help us to run our business (such as cloud service providers, IT support vendors, information security support vendors, third party auditors, etc.) also outside of the EU and actual or prospective purchasers. Any such third parties would be required to contractually agree with applicable laws and regulations and treat your personal data in accordance with this Privacy Notice.
We have offices and operations in a number of international locations, and we share information between our group companies for marketing and administrative purposes. Your information may be shared with our internal staff for marketing and administrative purposes, located in India, as outlined above. Please visit https://www.lupin.com/contact-us/global-offices/ to see a list of the locations within our corporate group.
Within the scope of the mentioned processing activities, you are not obliged to provide your personal data.
If you do not provide the relevant information, we may not be able to answer your inquiries or provide product information.
The Company takes the security of our data seriously. The Company has internal policies and controls in place to prevent your data being lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. When the Company engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organizational measures to ensure the security of data.
As a data subject, you have a number of rights. You can request the Company to:
If you believe the processing of your personal data infringes data protection law, you have the right to lodge a complaint before a data protection supervisory authority.
If you would like to exercise any of these rights, or you have any questions about the privacy notice, please contact the relevant Data Protection Officer.
If you believe that the Company has not complied with your data protection rights, you have the right to make a complaint to:
The external Data Protection Officer
Bird & Bird DPO Services SRL
Avenue Louise 235 b 1
1050 Brussels, Belgium
Email: dpo@lupin.com
Last updated: February 2024
This notice describes how the European affiliates of Lupin Limited/India which act as Marketing Authorization Holders and/or Distributors for medical products ("Lupin" we", "us" or "our") uses and discloses your personal data as Controller for activities that are related to pharmacovigilance.
It also describes your data protection rights, including a right to object to some of the processing which Lupin carries out. More information about your rights, and how to exercise them, is set out in the "Your choices and rights" section.
This notice applies to data received by Lupin employees and by contractors who provide services to Lupin on its behalf. The data processing described in this notice may be limited as required by applicable law.
We also may provide you with additional information when we collect personal data, where we feel it would be helpful to provide relevant and timely information.
Lupin Limited has designated Hormosan Pharma GmbH and Lupin Europe GmbH, Hanauer Landstraße 139-141, 60314 Frankfurt, Germany, as its representative for Pharmacovigilance in the European Union.
For the provision of the services and our pharmacovigilance obligations Lupin may process the following categories of data about you where permissible:
We collect this information from you directly when you contact us via letter, fax, telephone, email and in person or from a third person in relation to your care.
For example, data is collected through forms that you expressly fill up; from correspondence with you; or through meetings, calls or other communications that may take place.
We collect, use and store your personal data for the reasons set out below:
Where necessary for Lupin's legitimate interests, as listed below, and where our interests are not overridden by your data protection rights:
Where we process personal data on this basis, then – as required by data protection law – we have carried out a balancing test to document our interests, to consider what the impact of the processing will be on individuals and to determine whether individuals’ interests outweigh our interests in the processing taking place. You can obtain more information about this balancing test by using the contact details at the end of the notice.
Where necessary to comply with a legal obligation such as:
With your consent:
We may provide you with more specific notices for some of the processing described above and, if we require your consent, will ask for this at the time we collect your personal data.
In addition, where the abovementioned purposes imply Lupin processing your health data, and/or other special categories of personal data, Lupin hereby declares and guarantees that the processing purpose additionally relies in a valid condition for the processing of special categories of data.
Where we collect personal data to administer our contract with you or to comply with our legal obligations, this is mandatory and we will not be able to comply with our purposes without this information.
Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above and if required for the protection of our legitimate interests.
We have offices and operations in a number of international locations, and we share information between our group companies for business and administrative purposes. Your information may be shared with our internal staff for pharmacovigilance and administrative purposes, located in India, as outlined above. Please visit https://www.lupin.com/contact-us/global-offices/ to see a list of the locations within our corporate group. For this purpose, your personal data will be pseudonymized.
In addition, Lupin may also share your personal data with the following third-party recipients:
| Recipient | Purpose |
| National and/or international regulatory, enforcements, public body or courts where we are required to do so by applicable law or regulation or at their request. | To comply with the applicable laws or regulation and react at their request. |
| Co-marketing and distribution partners (Marketing Authorization Holder of the product or connected Marketing Authorization Holder) including third party auditors | To allow them to comply with the applicable laws or regulation and react at their request. |
| Competent health authorities | To comply with the applicable pharmacovigilance laws. |
| Third-party buyers or assignees | To facilitate the sale and assignment of Lupin, where applicable. |
Personal data may also be shared with third party service providers, who will process it on our behalf and in accordance with our instructions. These third parties may include medical service information providers and IT service providers, such as hosting and/or cloud providers. Third parties that process personal data on our behalf are deemed Data Processors under the applicable data protection regulations. Lupin is expressly obliged under the applicable data protection law to enter into a contract or Data Processing Agreement (“DPA”) with its Data Processors. This DPA ensures access by Data Processors to Lupin data remains compliant with the applicable law. Lupin therefore guarantees to enter into a DPA with any and all Data Processors that exist and that may exist in the future. Data Processors are further prohibited from using the personal data for any purpose other than to perform the services as instructed by Lupin.
Your personal data may be shared with recipients and Data Processors located in the following countries: EEA, UK, USA, India. In the event that your personal data is transferred outside of the UK or the EEA to a third party that is located in a country which is not subject to an adequacy decision by the EU Commission or considered adequate as determined by applicable data protection laws, we will take steps to ensure your personal information is adequately protected (e.g. by way EU Commission approved Standard Contractual Clauses, or by relying on alternative data transfer mechanisms as available under applicable data protection laws). A copy of the relevant mechanism that is employed to guarantee the safety of your personal data can be obtained for your review on request by using the contact details below.
You have the right to request Lupin for:
In addition, where we have asked for your consent, you may withdraw consent at any time. If you ask to withdraw your consent to Lupin processing your data, this will not affect any processing which has already taken place at that time.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep.
We also inform you that you have the right to lodge a complaint against Lupin before a competent data protection authority.
Lupin will retain and process personal data relating to you in accordance with our customary pharmacovigilance retention periods.
Pharmacovigilance personal data will generally be kept for as long as is reasonably necessary taking into consideration our need to answer queries or resolve problems, any other purpose outlined above or to comply with legal requirements under applicable law(s), in particular by national legislation on medicinal products, e.g. Medical Products Act (AMG).
A copy of the relevant retention periods affecting your personal data can be obtained for your review on request by using the contact details below.
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
The joint data controllers for your personal data will be: Hormosan Pharma GmbH / Lupin Europe GmbH
If you have questions about this privacy notice or wish to contact us for any reason in relation to our personal data processing, please contact us at:
Hormosan Pharma GmbH / Lupin Europe GmbH
Hanauer Landstraße 139-141
60314 Frankfurt, Deutschland
Phone: +49 (0) 69 47 87 30
Email: service@hormosan.de
In addition, you may also contact our relevant external Data Protection Officer at:
Bird & Bird DPO Services SRL
Avenue Louise 235 b 1
1050 Brussels, Belgium
Email: dpo@lupin.com