Privacy Policy for Websites

The Hormosan Pharma GmbH (hereinafter "Hormosan", is pleased that you are visiting our website. Data protection and data security are very important to us. Therefore, we would like to inform you about the personal data we collect during your visit to our website and about the intended purposes.

As changes to the law or changes to our corporate processes may require an adaptation of this privacy statement, we ask you to read this privacy policy regularly. The privacy policy can be accessed any time under “Privacy Policy”, saved and printed out.

§ 1 Data Controller and Scope
The controller according to the EU General Data Protection Regulation (hereinafter: GDPR) and other national data protection acts of the Member States, as well as other data protection regulations, is:

Hormosan Pharma GmbH
Hanauer Landstrasse 139 - 143
60314 Frankfurt am Main
Germany
Deutschland
Tel.: +49 (0) 69 - 478730
E-Mail: info@hormosan.de
Website: www.hormosan.de

This privacy policy applies to the online presence of Hormosan, which is available at www.hormosan.com and the various subdomains (hereinafter referred to as "our website").

§ 2 Data Protection Officer
The (external) Data Protection Officer of Hormosan can be contacted at:

Herr Rechtsanwalt Dr. Karsten Kinast, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
Hohenzollernring 54
D-50672 Köln
Tel.: +49 (0)221 – 222 183 – 0
E-Mail: mail@kinast-partner.de
Website: http://www.kinast-partner.de/externer-datenschutzbeauftragter/

§ 3 Principles of Processing Personal Data
Personal data are all information relating to an identified or identifiable natural person. This includes information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior. Information that cannot (or only with a disproportionate effort) be referred to your person, e.g. by anonymizing the information, is not personal data. The processing of personal data (e.g. the collection, retrieval, use, storage or transmission) always requires a legal basis or your consent.

Processed personal data will be deleted as soon as the purpose of the processing has been fulfilled and no legally prescribed retention obligations are to be observed.

In case we process your personal data for the provision of certain offers, please find below information about the specific processes, the scope and purpose of data processing, the legal basis for processing and the respective storage period.

§ 4 Data Processing
1. Website
a) Scope and Purpose of the Processing

When you access and use our website, we only collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a so-called log file.

The following personal data is recorded to the extent necessary for the provision of a functional website and our contents and services:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • The website from which access is made (referrer URL)
  • The used browser and, if applicable, the operating system of your computer as well as the name of your access provider

b) Legal Basis
Art. 6 para. 1 lit. f GDPR serves as the legal basis for the data processing. The processing of the mentioned data is necessary for the provision of our services and thus serves the protection of a legitimate interest of our company.

c) Data Deletion and Storage Time
The data subject’s personal data are deleted or blocked as soon as the purpose of the storage is fulfilled. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection for the user. Further storage may take place in individual cases if this is required by law.

2. Registration / Customer Account
a) Scope and Purpose of the Processing
You have the possibility to register on our website for ordering service materials by entering your personal data. Access takes place via a DocCheck password (see below for further details). Your registration is required to complete your order for the following reasons:


We process the following personal data for the registration/customer account setup:

  • Name
  • E-mail address
  • Address
  • IP Address

b) Legal Basis
Your Personal data is processed in accordance with article 6 (1) lit. b GDPR for the fulfilment of your order for specialist information between you and Hormosan.

c) Storage Time
As soon as the processed data are no longer necessary for the execution of the order, they will be deleted. It may be necessary to store your personal data in order to comply with contractual or legal obligations even after the contract has been fulfilled. Further storage may be necessary in individual cases if this is required by law.

d) Cancellation
You have the possibility to cancel the registration and to change your personal data any time.

However, if the processed data are necessary for the fulfilment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible insofar as this does not conflict with contractual or statutory obligations.


3. Contact form / Medical Hotline / Costumer Service
a) Scope and Purpose of Processing

You have the opportunity to contact our medical hotline (service@hormosan.de) or our costumer service (customerservice@hormosan.de) using a form provided on our website. In the course of sending your inquiry via the contact form, reference is made to this data protection declaration in order to obtain your consent. If you use the contact form, the following personal data will be processed:

  • E-mail address
  • Information about your (medical) inquiry and, if applicable, your health data

 The purpose of entering your e-mail address is to assign your request and to be able to reply to you. When using the contact form, your personal data will not be forwarded to third parties.

b) Legal Basis
The data processing described above for the purpose of establishing contact is carried out voluntarily in accordance with Art. 6 para. 1 lit. a GDPR on the declaration of consent submitted by you as below:

Declaration of consent
By entering my data and clicking the "send" button I declare my consent to the use of my e-mail address for answering my contact request.
I can withdraw my consent to the processing of personal data collected during the registration process at any time.

c) Storage Time
As soon as the request you have made has been dealt with and the relevant facts have been finally clarified, your personal data processed by the contact form will be deleted. Further storage may take place in individual cases if this is required by law.


4. Ordering service materials for patients
a) Scope and Purpose of the Processing
We offer patients the opportunity to order Information Brochures/Service Articles by entering their personal data. The following data are collected as part of the ordering process:

  • Name
  • Address
  • E-mail Address
  • IP Address

Furthermore, you can provide us with further data on a voluntary basis. However, this is marked accordingly.

b) Legal Basis
Art. 6 para. 1 lit. b GDPR serves as the legal basis as the processing of your personal data is required in order to fulfil your order Information Brochures/Service Articles.

c) Storage Time
As soon as the processed data are no longer necessary for the execution of the order, they will be deleted. It may be necessary to store your personal data in order to comply with contractual or legal obligations even after the contract has been fulfilled. Further storage may be necessary in individual cases if this is required by law.

§ 5 Third Party Transfers
We only share your personal information with third parties if:

  • you have given your express consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR,
  • it is legally permissible and necessary for the fulfilment of a contractual relationship with you pursuant to Art. 6 (1) sentence 1 lit. b GDPR,
  • there is a legal obligation to pass on the data in accordance with Art. 6 (1) sentence 1 lit. c GDPR,
  • the disclosure pursuant to Art. 6 (1) sentence 1 lit. f GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.

§ 6 Cookies
a) Scope and Purpose of Processing
We use cookies on our website. Cookies are small files which are sent by us to the browser of your terminal device and stored there as part of your visit to our internet pages. Some functions of our website cannot be offered without the use of technically necessary cookies. Other cookies allow us to perform various analyses. Cookies are, for example, able to recognize the browser you are using when you visit our website again and to transmit various information to us. We can use cookies to make our internet offer more user-friendly and effective, for example, by tracking your use of our website and by determining your preferred settings (e.g. country and language settings). In case third parties use cookies to process information, they will collect the information directly from your browser. Cookies do not cause any damage to your device. They cannot run programs or contain viruses.

Our website uses transient cookies, which are automatically deleted when you close your browser. This type of cookie allows us to collect your session ID allowing you to assign different browser requests to a common session and enabling us to recognize your end device during visits to websites in one session.

b) Legal Basis
Due to the described purposes of use the legal basis for the processing of personal data using cookies lies in Art. 6 para. 1 lit. f GDPR.

c) Storage Time
As soon as the data transmitted by the cookies is no longer necessary for the purposes described above, this information will be deleted. Further storage may take place in individual cases if this is required by law.

d) Browser Settings
Most browsers are already set to accept cookies by default. However, you can change your browser settings so that it only accepts certain cookies or no cookies at all. However, we would like to point out that you may no longer be able to use all the functions of our website if cookies are disabled by your browser settings on our website.

You can also use your browser settings to delete cookies already stored in your browser. Furthermore, it is possible to set your browser so that it informs you before cookies are stored. Since the different browsers may differ in their respective functions, we ask you to use the respective help menu of your browser for the setting options.

If you would like a comprehensive overview of all third-party access to your Internet browser, we recommend that you install specially developed plug-ins.

e) Login for closed user groups (DocCheck®)
This website uses the login service of DocCheck Medical Services GmbH ("DocCheck"). DocCheck uses so-called "cookies" - text files that are stored in the user's browser - to facilitate the use of the services. The information generated by these cookies is only transmitted to DocCheck servers and is not shared with the website operator or any other third party. There is no data transfer to countries outside the EU.

Cookie 1
Doccheck_user_id
Allows a single sign-on for all DocCheck logins.
Lifetime = 1 session

Cookie 2
Doccheck_scu_data
Serves to provide suitable content on the basis of pseudonymised identification data (e.g. occupation, country, language).
Lifetime = 1 year

The techniques used and their purpose including the underlying data processing processes can be found in the DocCheck® cookie notices.

Log data
As part of the use of DocCheck password protection, DocCheck collects the so-called log data (IP address, access date, access time, referrer URL, information on hardware and software used such as browser features, device information such as resolution) of the user, starting from the website of the information provider which integrates the login into the website via "embed" or iFrame.

These data are not used to draw conclusions about the person, but serve to ensure the correct display of the page or iFrame contents and/or the security of the DocCheck services.

When using DocCheck, the agreements between you and DocCheck apply, and with regard to data protection, the DocCheck Privacy Policy: www.doccheck.com/de/privacy/

§7 Tools for Tracking and Analysis
We use tracking and analysis tools to ensure continuous optimization and user-oriented design of our website. With the help of tracking measures it is also possible for us to statistically record the use of our website by visitors and to further develop our online offer for you with the help of the knowledge gained.

On the basis of these interests, the use of the tracking and analysis tools described below is justified in accordance with Art. 6 para. 1 s. 1 lit. f GDPR. The following description of the tracking and analysis tools also shows the respective processing purposes and the processed data.

1. Google Analytics
Our website uses Google Analytics, a web analysis service of Google Inc, 1600 Amphitheatre Parkway, Mountainview, CA 94043 USA ("Google"). Google Analytics uses cookies, which are text files placed on your computer, to help the website analyse how users use the site.

The information generated by these cookies, for example about the time, place and frequency of your use of this website, is usually transferred to a Google server in the USA and stored there. When using Google Analytics, it is not excluded that cookies set by Google Analytics may collect other personal data in addition to the IP address. We would like to point out that Google may transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google.

Google will use the information generated by cookies on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activities and to provide the website operator with further services associated with website and internet use. The IP address transmitted by your browser within the framework of Google Analytics is not merged by Google with other data according to its own statements.

You can generally prevent cookies from being saved by adjusting your browser settings accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

To prevent information about your use of the website from being collected by Google Analytics and transmitted to Google Analytics, you can download and install a plug-in for your browser under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

This plug-in prevents information about your visit to the website from being transmitted to Google Analytics. This plug-in does not prevent any other analysis.

Please note that you cannot use the browser plug-in described above when visiting our website via the browser of a mobile device (smartphone or tablet). When using a mobile device, you can prevent Google Analytics from collecting your usage data by clicking the following link: Disable Google Analytics.

By clicking on this link, an opt-out cookie is placed in your browser. This prevents information about your visit to the website from being transmitted to Google Analytics. Please note that the opt-out cookie is only valid for this browser and only for this domain. If you delete the cookies in the browser, the opt-out cookie will also be deleted. To further prevent the collection by Google Analytics, you have to click the link again. The use of the opt-out cookie is also possible as an alternative to the above plug-in when using the browser on your computer.

To ensure the best possible protection of your personal data, Google Analytics has been extended on this website by the code "anonymizeIp". This code has the effect that the last 8 bits of the IP addresses are deleted and your IP address is thus recorded anonymously (so-called IP masking). As a matter of principle, Google shortens your IP address even before the transmission within member states of the European Union or in other Member States to the Agreement on the European Economic Area and thus makes it anonymous. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there

2. Web Beacons
In connection with cookies, so-called "Internet tags" (also known as web beacons) can be used on our website or by third party advertising partners. Tags can help us measure visitor response and the effectiveness of advertising campaigns.

§ 8 Hyperlinks
Our website contains hyperlinks to websites of other providers. When you activate these hyperlinks, you will be directed directly to the other providers' website. You will recognize this when the URL is changed. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.

§ 9 Your Rights as a Data Subject
If your personal data are processed, you are a data subject within the meaning of the General Data Protection Regulation (GDPR) and the following rights apply to you:

  • Pursuant to Art. 15 GDPR you can request information about your personal data processed by us. In particular, you may obtain information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the right to lodge a complaint with a supervisory authority, the origin of your data, if not collected from us, about transfer to third countries or international organisations, and the existence of automated decision-making, including profiling and, where applicable, meaningful information about the logic involved.
  • Pursuant to Art. 16 GDPR you can immediately demand the correction of incorrect data or the completion of your personal data stored with us.
  • Pursuant to Art. 17 GDPR, you may request the deletion of your personal data stored by us, provided that the processing is not necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
  • Pursuant to Art. 18 GDPR, you can request the restriction of the processing of your personal data if you contest the accuracy of the data, if the processing is unlawful, if we no longer need the data and if you refuse their deletion because you need to establish, exercise or defend legal claims. You are also entitled to the right under Art. 18 GDPR if you have objected to the processing in accordance with Art. 21 GDPR.
  • Pursuant to Art. 20 GDPR, you may request that the personal data you have provided us with be received in a structured, current and machine-readable format or you may request that it be transmitted to another person responsible.
  • Pursuant to Art. 7 para. 3 GDPR you can withdraw your consent at any time. As a consequence, we are no longer allowed to continue the data processing based on this consent for the future.
  • Pursuant to Art. 77 GDPR, you have the right to complain to a supervisory authority. You can contact the supervisory authority of your habitual residence, place of work or our company headquarters.

§ 10 Right to Object
In case the processing of your personal data is based on legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR insofar as there are reasons which arise from your particular situation or if the objection refers to direct marketing. In the case of direct marketing, you have a general right to objection which will be considered without mentioning any particular situation.

If you no longer wish us to use your personal data, you can of course revoke your consent at any time with effect for the future at the following address:

Hormosan Pharma GmbH
Hanauer Landstrasse 139 - 143
60314 Frankfurt am Main
Germany
Deutschland
Fax: 069/ 47 87 30
e-Mail: datenschutz@hormosan.de

Requests for the deletion of your personal data will be carried out in compliance with all applicable legal regulations.

§ 11 Data Security and Security Measures
We are committed to protecting your privacy and treating your personal information confidentially. In order to avoid any manipulation, loss or misuse of your data stored by us, we take extensive technical and organisational security measures that are regularly reviewed and adapted to technological progress. This includes, among other things, the use of recognized encryption methods (SSL or TLS).

However, we would like to point out that due to the structure of the internet, it is possible that the rules of data protection and the above mentioned security measures may not be observed by other persons or institutions for which we are not responsible.

In particular, unencrypted data - e.g. if this is done by e-mail - can be read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data provided by him against misuse by encryption or in any other way.

Privacy Policy for applicants

Data controller:
The following companies operating as part of Lupin Europe are deemed to be data controllers:

Hormosan Pharma GmbH, Hanauer Landstraße 139-143, 60314 Frankfurt am Main, Germany

Lupin Atlantis Holdings SA, Landis+Gyr Strasse 1, 6300 Zug, Switzerland

Lupin Europe GmbH, Hanauer Landstraße 139-143, 60314 Frankfurt am Main, Germany

Lupin GmbH, Landis+Gyr Strasse 1, 6300 Zug, Switzerland

Lupin Healthcare (UK) Ltd, The Urban Building, Second Floor 3-9 Albert Street, Slough, Berkshire, SL1 2BE, United Kingdom

Nanomi BV, Zutphenstraat 51, 7575 EJ Oldenzaal, The Netherlands

Each company listed above is referred to as “Company” below.

1. Introduction

The Company is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you.

During the recruitment process, the Company collects and processes personal data relating to job applicants.

The Company is committed to being clear and transparent about how it collects and uses that data and to meeting its data protection obligations.

2. Data Protection requirements

The Company will comply with data protection law. This means that the personal information we hold about you must be:

  1. Used lawfully, fairly and in a transparent way;
  2. Collected only for valid purposes that we have explained to you clearly and not used in any way that is incompatible with these purposes;
  3. Relevant to the purposes we have told you about and limited to those purposes only;
  4. Accurate and kept up to date;
  5. Kept only for such time as is necessary for the purposes we have told you about; and
  6. Kept securely.

3. What personal information does the Company collect and process?

The Company collects and processes a range of personal information (personal data) about you. Personal data means any information about an individual from which the person can be identified. This may include:

  1. Personal contact details, such as your name, title, address and contact details, including email address and telephone number;
  2. application documents such as CV, references, certificates
  3. details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers;
  4. lawful selection testing data where requested; which results shall only be interpreted by those qualified to do so;
  5. information about your remuneration, including entitlement to benefits such as pensions;
  6. information about your nationality and entitlement to work in the country;

We may also collect the following special categories of more sensitive personal information:

  1. information about medical or health conditions, including whether or not you have a disability for which the Company needs to make reasonable adjustments, in accordance with local labour law
  2. information about your criminal record; and
  3. equal opportunities monitoring information, including information about your health and religion or belief.

The Company collects this information in a variety of ways during the application and recruitment process.

In some cases, the Company collects personal data about you from third parties in accordance with local labour law, with your consent or if the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party such as references supplied by former employers, information from employment background check providers and information from criminal records checks permitted by law.

Data is stored in a range of different places, including on your application record, in the Company's HR systems and in other IT systems (including the Company's email system).

4. Why does the Company process personal data and under what situations?

The Company needs to process data prior to entering into a contract with you. We also need to process data to enter into an employment contract with you and to meet its obligations under that employment contract.

In addition, the Company needs to process data to ensure that we are complying with our legal obligations. For example, we are required to check an employee's entitlement to work in the country. For certain positions, it is necessary to carry out criminal records checks to ensure that individuals are permitted to undertake a particular role. The Company processes health information if we need to make reasonable adjustments to the recruitment process for candidates with a disability.

The Company has a legitimate interest in processing personal data during the recruitment process and in keeping records of that process. Processing such data from job applicants enables the Company to manage the recruitment process, assess the suitability of candidates and make informed decisions as to whom we wish to recruit. The Company may also have to process data from job applicants in order to defend legal claims.

In cases where the processing of your personal data exceeds the purpose of processing the recruitment process, it shall be legitimised by an individual consent. If you have granted us your consent for the processing of your personal data, this consent will provide the legal basis for the processing specified therein.

5. If you fail to provide personal information

You are under no obligation to provide the Company with personal data during the recruitment process. However, if you do not provide certain personal information when requested, the Company may not be able to process your application for employment properly or at all. You are under no obligation to provide information for equal opportunities monitoring purposes and there are no consequences for you if this information is not provided.

6. Automated decision-making

Our employment decisions are not based on automated decision-making.

7. For how long do we keep personal data?

The Company will only hold your personal data for as long as is necessary to fulfil the purposes we collected it for, including any legal, accounting or reporting requirements. If your application for employment is unsuccessful, the company will destroy your data unless you specifically consent for your data to be kept for a longer specified period in order to be considered for any other suitable position within a twelve (12) month period.

If your application for employment is successful, personal data gathered during the new recruitment process will be transferred to your personnel file and we shall inform you through a new privacy notice which sets down the details of how we process your data in an employment relationship including the periods for which your data shall be held.

8. Who has access to personal data?

Your information will be shared internally for the purposes of the recruitment process, including with members of the HR team and interviewers.

The Company will not share your data with third parties unless you accept an offer of employment. In those circumstances, the Company shall share your data with third parties where required by law and where it is necessary in order to administer the employment relationship with you or where we have another legitimate interest in doing so.

Your data may be transferred to countries outside the European Economic Area (EEA) in order to administer employment benefits, effect compensation payments, make recommendations on compensation and promotions.

Data is transferred outside the EEA on the basis of data processing agreements, EU standard contractual clauses and other safeguards.

9. How does the company protect data?

The Company takes the security of our data seriously. The Company has internal policies and controls in place to prevent your data being lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. When the Company engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

10. Your rights

As a data subject, you have a number of rights. You can:

  1. access and obtain a copy of your data on request (known as a “data subject access request”);
  2. require the Company to change incorrect or incomplete data;
  3. request erasure of your personal information. This enables you to ask the Company to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
  4. object to the processing of your data where the Company is relying on its legitimate interests as the legal ground for processing; and ask the Company to suspend the processing of your personal data for a period of time if data is inaccurate or there is a dispute about its accuracy or the reason for processing it, and
  5. Lodging a complaint with a supervisory authority

If you would like to exercise any of these rights, or you have any questions about the privacy notice, please contact your HR Manager or the relevant Data Protection Officer.

11. Complaints

If you believe that the Company has not complied with your data protection rights, you have the right to make a complaint to:

UK:
Information Commissioner's Office
https://ico.org.uk/
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire
SK9 5AF
Phone: 0303 123 1113 / +44 1625 545 700

Germany (Hesse):
The Hessian Data Protection Office
https://datenschutz.hessen.de/
The Hessian Data Protection Officer
PO Box 3163
65021 Wiesbaden
Phone: +49 611 1408 - 144

The Netherlands:
Dutch Data Protection Authority
https://autoriteitpersoonsgegevens.nl/nl
Authority Personal Data
PO Box 93374
2509 AJ DEN HAAG
Phone: 0900 - 2001 201

Switzerland:
Federal Data Protection and Information Commissioner
https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection---switzerland.html
Office of the Federal Data Protection and Information
Commissioner FDPIC
Feldeggweg 1
CH - 3003 Berne
Phone: +41 (0)58 462 43 95

12. How you can get in contact with the relevant Data Protection Officer?

For Hormosan:
The Data Protection Officer
Dr. Karsten Kinast
KINAST Rechtsanwaltsgesellschaft mbH
Attorneys at Law (Germany)
Email: mail@kinast-partner.de
Phone: +49 211 – 222 183 10

For Lupin Atlantis Holdings SA, Nanomi BV, Lupin Healthcare (UK) Ltd, Lupin Europe GmbH:
The Data Protection Officer
Dr. Katy Ritzmann
Email: katy.ritzmann@gsk.de
Phone: +49 30 203 907 422

13. Updating our privacy notice

Constant technological development makes it necessary to adapt our privacy notice from time to time. We reserve the right to change this privacy notice at any time with effect for the future. If we change our privacy notice, we will inform you of this by appropriate means.

Privacy Policy for customers

Data controller

The following companies operating as part of Lupin Europe are deemed to be data controllers (hereinafter termed: the Company):

Hormosan Pharma GmbH
Hanauer Landstraße 139-141
60314 Frankfurt
Germany
+49 (0) 69 - 47 87 30
info@hormosan.de

Lupin Atlantis Holdings SA
Landis + Gyr Str. 1
6300 Zug
Switzerland
+41 (0)52 633 70 00
karimallam@lupin.com

Lupin Europe GmbH
Hanauer Landstraße 139-141
60314 Frankfurt
Germany
+49 (0) 69 - 47 87 30
info@hormosan.de

Lupin Healthcare (UK) Ltd
The Urban Building
3-9 Albert Street
Slough
SL1 2BE
United Kingdom
+44 (0) 1565 751 378 | Option 7 or ext:210
annagillard@lupin.com

Nanomi BV
Zutphenstraat 51
NL-7575 EJ Oldenzaal
The Netherlands
+31 8 800 40 800
maarten.donker@nanomi.com

Introduction

As representatives of our customers, we will process your personal data as described in this Privacy Notice. We respect you and are committed to honouring and protecting your privacy. This Privacy Notice describes our privacy practices regarding collection and use of your personal data when we process it in the context of providing services to our customer whom you represent and sets out your privacy rights in relation to it.

Data Protection requirements

The Company will comply with data protection law. This means that the personal information we process about you must be:

  1. Used lawfully, fairly and in a transparent way;
  2. Collected only for valid purposes that we have explained to you clearly and not used in any way that is incompatible with these purposes;
  3. Relevant to the purposes we have told you about and limited to those purposes only;
  4. Accurate and kept up to date;
  5. Kept only for such time as is necessary for the purposes we have told you about; and
  6. Kept securely.

What information does the Company collect?

The Company collects and processes a range of personal information (personal data) about you. Personal data means any information about an individual from which the person can be identified. The categories of personal data that could be processed are:

  1. personal identification and contact details
    e.g. first and last name, address, e-mail address, telephone number
  2. Information about your job and your qualifications
    e.g. name, title, company you represent, designation/job role, industry
  3. Information about your interests that you share with us
    e.g. using our Subscition Center or within the scope of discussions

To which purposes we process your personal data and on what legal basis

We, at Lupin, use your personal data in order to establish a connection with our customer (whom you work for or represent), provide you and the customer whom you represent with a better customer experience and ensure that the marketing material we send to you reflects your personal preferences.

In the following, we will inform you about the legal basis and the purpose for which we process your data:

  1. Based on your consent (Art. 6 sec. 1 lit. a GDPR)
    If you have given us your consent to process your data, the respective consent shall be the legal basis for the mentioned processes.
  2. Legitimate interests (Art. 6 sec. 1 lit. f GDPR)
    We may also use your data for the purposes of legitimate interests. This is so that we can communicate with you about the following:
  • To contact you in order to inform you of new products, services or promotions we may offer including to keep you appraised of our thought leadership and marketing collateral and to better assist your needs, in pursuit of our legitimate business interests and on occasion with your consent.
  • To invite you to Lupin hosted or sponsored events in your geographical region that may be of interest to you based on your role within the company and/or industry, in pursuit of our legitimate business interests.
  • To conduct market research and to carry out marketing campaigns, in pursuit of our legitimate business interests.
  • To contact you for customer care related purposes including regular communication regarding project status, notifying issues/concerns, sharing project deliverables and carrying out day-to-day project activities, in order to comply with our contractual obligations towards the customer you represent.
  • We may also use your personal data to communicate with you about our product and service offering, for example to inform you that our products/ services have changed or to send you critical alerts and other such notices relating to our products and/or services, in pursuit of our legitimate business interests.
  • We engage carefully selected third party vendors to conduct surveys to receive feedback from you on the services currently provided by Lupin to the company you represent. This will help us serve the company you represent better and improve our overall service offerings and business strategies, in pursuit of our legitimate business interests.
  • To develop new and improved products and services to help us serve the company you represent better and to improve our overall service offerings in pursuit of our legitimate business interests.

Change of purpose

The Company will only use your personal information for the purpose for which it was collected unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will advise you of this and explain the legal basis which allows us to do so.

You should be aware that we may process your personal information without your knowledge or consent where this is required or permitted by law.

Automated decision-making

An automated decision-making process does not take place.

For how long do you keep data?

We will only keep your personal data for as long as is reasonably necessary taking into consideration our need to answer queries or resolve problems, any other purpose outlined above or to comply with legal requirements under applicable law(s). Your data will be completely deleted as soon as the processing purpose for its storage ceased to apply.

Who has access to data? (recipients or categories of recipients of the personal data)

Your data is only disclosed if disclosure is permitted by a legal basis and only with due regard for the duty of confidentiality.

We may use carefully selected third parties to carry out certain activities to help us to run our business (such as cloud service providers, IT support vendors, information security support vendors, third party auditors, etc.) also outside of the EU and actual or prospective purchasers. Any such third parties would be required to contractually agree with applicable laws and regulations and treat your personal data in accordance with this Privacy Notice

We have offices and operations in a number of international locations and we share information between our group companies for marketing and administrative purposes. Your information may be shared with our internal staff for marketing and administrative purposes, located in India, as outlined above. Please visit https://www.lupin.com/contact-us/global-offices/ to see a list of the locations within our corporate group.

Am I obliged to provide data?

Within the scope of the mentioned processing activities, you are not obliged to provide your personal data.

If you do not provide the relevant information, we may not be able to answer your inquiries or provide product information.

How does the company protect data?

The Company takes the security of our data seriously. The Company has internal policies and controls in place to prevent your data being lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.

When the Company engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organizational measures to ensure the security of data.

Your rights

As a data subject, you have a number of rights. You can:

  1. access and obtain a copy of your data on request (known as a “data subject access request”);
  2. require the Company to change incorrect or incomplete data;
  3. request erasure of your personal information. This enables you to ask the Company to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
  4. object to the processing of your data where the Company is relying on its legitimate interests as the legal ground for processing; and
  5. ask the Company to suspend the processing of your personal data for a period of time if data is inaccurate or there is a dispute about its accuracy or the reason for processing it.

If you believe the processing of your personal data infringes data protection law, you have the right to lodge a complaint to a data protection supervisory authority.

If you would like to exercise any of these rights, or you have any questions about the privacy notice, please contact the relevant Data Protection Officer.

Contact

If you believe that the Company has not complied with your data protection rights, you have the right to make a complaint to:

  1. For Hormosan Pharma GmbH

    The Data Protection Officer
    Dr. Karsten Kinast
    KINAST Rechtsanwaltsgesellschaft mbH
    Email: datenschutz-hormosan@kinast.eu
    Phone: +49 211 222 183 10

  2. For Lupin Europe GmbH, Lupin Atlantis Holdings SA, Nanomi BV, Lupin Healthcare (UK) LtdThe Data Protection Officer
    Dr. Katy Ritzmann
    GSK Compliance Services GmbH
    Email: dpo-europe@lupin.comPhone: +49 30 203 907 422

Privacy Policy Pharmacovigilance

Data controller

The following companies operating as part of Lupin Europe are deemed to be data controllers:

Hormosan Pharma GmbH
Hanauer Landstraße 139-141
60314 Frankfurt
Germany
+49 (0) 69 - 47 87 30
info@hormosan.de

Lupin Atlantis Holdings SA
Landis + Gyr Str. 1
6300 Zug
Switzerland
+41 (0)52 633 70 00
karimallam@lupin.com

Lupin Europe GmbH
Hanauer Landstraße 139-141
60314 Frankfurt
Germany
+49 (0) 69 - 47 87 30
info@hormosan.de

Lupin Healthcare (UK) Ltd
The Urban Building
3-9 Albert Street
Slough
SL1 2BE
United Kingdom
+44 (0) 1565 751 378 | Option 7 or ext:210
annagillard@lupin.com

Nanomi BV
Zutphenstraat 51
NL-7575 EJ Oldenzaal
The Netherlands
+31 8 800 40 800
maarten.donker@nanomi.com

Introduction

We, at Lupin, will need to process personal data provided by you, in connection with dealing with your enquiry, complaint or adverse event report. We respect you and are committed to honouring and protecting your privacy, we treat personal data in accordance with data protection laws and the purpose of this notice is to make you aware of what personal data we collect, how we use it and how we protect it. If you have any questions or concerns about this privacy policy or your personal data, please contact us at info@hormosan.de

Data Protection requirements

The Company will comply with data protection law. This means that the personal information we process about you must be:

  1. Used lawfully, fairly and in a transparent way;
  2. Collected only for valid purposes that we have explained to you clearly and not used in any way that is incompatible with these purposes;
  3. Relevant to the purposes we have told you about and limited to those purposes only;
  4. Accurate and kept up to date;
  5. Kept only for such time as is necessary for the purposes we have told you about; and
  6. Kept securely.

What information does the Company collect?

We, at Lupin, collect and maintain certain personal data and sensitive personal data in the name of Hormosan Pharma GmbH (Germany), Lupin Atlantis Holdings SA (Switzerland), Lupin Europe GmbH (Germany), Nanomi BV (Netherlands), and Lupin Healthcare (UK) Ltd. (United Kingdom) about you for compliance with our legal and business obligations. This information will be collected by us directly from you when you contact us via letter, fax, telephone, email and in person or from a third person in relation to your care.
The categories of personal data that could be processed are:

  1. personal identification and sociodemographic details
    e.g. name, age, date of birth, email address, home address, contact details, government-issued identification numbers, demographic information, citizenship, nationality, marital status or relationship to a person, conversation records, job title, professional qualifications
  2. Information collected as part of Surveillance and Monitoring
    e.g. video surveillance data, physical access logs, communication channels, photographs

Special categories of personal data

The sensitive personal data collected may include:
e.g. Information relating to your Health: such as medical diagnostic results, prescription information, accident and injury reports, information concerning sex life and sexual orientation, disability status, health risk factors, physical or mental health, weight and height, biometric data, medical history, medication received including the dosage the patient has been taking or was prescribed, the reason the patient has been taking or were prescribed the product and any subsequent change to the usual regimen, reported incidence, description on circumstances of Adverse Event

To which purposes we process your personal data - and on what legal basis?

We, at Lupin, must keep and process information about you for the purpose of complying with pharmacovigilance obligations and to help us fulfil our duty to monitor the safety of all medicines we market by Lupin. The information we hold and process will be used for our pharmacovigilance, regulatory, management and administrative uses only. We will keep and use it to enable us to perform task in public interest, such as to ensure high standards of our service. If you do not provide this data, we may be unable in some circumstances to comply with our legal pharmacovigilance reporting obligations or answer your request.
In the following, we will inform you about the legal basis and the purpose for which we process your data:

  1. Based on your consent
    (Art. 6 sec. 1 lit. a GDPR)
    If you have given us your consent to process your data, the respective consent shall be the legal basis for the mentioned processes.
  2. Compliance with a legal obligation
    (Art. 6 sec. 1 lit. c GDPR)
    We are subject to various legal obligations, e.g.
    • Administration and legal maintenance of product registries
    • Government investigations, investigations of noncompliance with policies and procedures and legal proceedings (such as subpoenas, and court legal orders)
    • Legal obligations to process the personal data
  3. Legitimate interests
    (Art. 6 sec. 1 lit. f GDPR)
    We may also use your data for the purposes of legitimate interests. This occurs to communicate with you regarding our research, products and services.
    • Responding to enquiries for information, products, or services
    • Reporting and Processing of Adverse Events, product quality complaints and complaint management
    • Communication of product details and safety information to you
    • Communications regarding our studies, market research and product developments
    • Determination of eligibility for certain products, services, or programs

Change of purpose

The Company will only use your personal information for the purpose for which it was collected unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will advise you of this and explain the legal basis which allows us to do so.
You should be aware that we may process your personal information without your knowledge or consent where this is required or permitted by law.

Automated decision-making

An automated decision making process does not take place.

For how long do you keep data?

We will only keep your personal data for as long as is reasonably necessary taking into consideration our need to answer queries or resolve problems, any other purpose outlined above or to comply with legal requirements under applicable law(s), in particular by national legislation on medicinal products, e.g. Medical Products Act (AMG).

Who obtains my data and how is it processed?

Your data is only disclosed provided that disclosure is permitted by a legal basis and only with due regard for the duty of confidentiality.

We may use carefully selected third parties to carry out certain activities to help us to run our business (such as cloud service providers, IT support vendors, information security support vendors, third party auditors, etc.) also outside of the EU and actual or prospective purchasers. Any such third parties would be required to contractually agree with applicable laws and regulations and treat your personal data in accordance with this Pharmacovigilance Privacy Notice.

We have offices and operations in a number of international locations and we share information between our group companies for business and administrative purposes. Your information may be shared with our internal staff for pharmacovigilance and administrative purposes, located in India, as outlined above. Please visit https://www.lupin.com/contact-us/global-offices/ to see a list of the locations within our corporate group.

Where required or permitted by law, information may be provided to others, such as regulators and law enforcement agencies or the Marketing Authorisation holder.

Am I obliged to provide data?

Within the scope of the mentioned processing activities, you are not obliged to provide your personal data.
If you do not provide the relevant information, we may not be able to answer your inquiries or provide product information.

How does the company protect data?

The Company takes the security of our data seriously. The Company has internal policies and controls in place to prevent your data being lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.


When the Company engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

Your rights

As a data subject, you have a number of rights. You can:

  1. access and obtain a copy of your data on request (known as a “data subject access request”);
  2. require the Company to change incorrect or incomplete data;
  3. request erasure of your personal information. This enables you to ask the Company to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
  4. ask the Company to suspend the processing of your personal data for a period of time if data is inaccurate or there is a dispute about its accuracy or the reason for processing it.

If you would like to exercise any of these rights, or you have any questions about the privacy notice, please contact your HR Manager or the relevant Data Protection Officer.

Right to object

Right to object in individual cases
You have the right to object at any time, for reasons related to your particular situation, to the processing of personal data concerning you carried out pursuant to Art. 6 sec. 1 lit. f GDPR (data processing based on legitimate interests).
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

Complaints and contact

If you believe that the Company has not complied with your data protection rights, you have the right to make a complaint to:

  1. For Hormosan Pharma GmbH
    The Data Protection Officer
    Dr. Karsten Kinast
    KINAST Rechtsanwaltsgesellschaft mbH
    Email: datenschutz-hormosan@kinast.eu
    Phone: +49 211 – 222 183 10
  2. For Lupin Europe GmbH, Lupin Atlantis Holdings SA, Nanomi BV, Lupin Healthcare (UK) Ltd
    The Data Protection Officer
    Dr. Katy Ritzmann
    Email: katy.ritzmann@gsk.de
    Phone: +49 30 203 907 422