Data Protection at Fresenius Kabi

Last updated April 2024, replaced the previous version
 

Please be informed that our websites include links to external sites which are not covered by this data protection statement. Also, some of the Fresenius Kabi entities in our group provide data protection statements that may differ from this data protection statement. Your visit to such websites is subject to the respective data protection statement of that website.

Why we collect and use your data

We collect and use your data for the following purposes:

• To make the website work and optimized for the device you use 
• To provide the best possible service to you, enhance your user experience and store your preferences for your current or future browsing sessions
• To further improve our websites.

What data we collect and how we do that

We collect your data of your visit to our website in the following ways:

Automatically by our website or by using cookies and other technologies

We collect and use the following internet protocol data or cookie data during your visits on our websites:

• The name of your service provider including IP address
• The website that directed you to our site
• The pages you visited on our websites
• Your web browser type
• The date and length of your visit
• The preferences you select.

You can accept all, accept only necessary or you can choose your own settings for the use of certain cookies & other technologies for this website. Please note that if you choose not to accept the use of certain cookies you may not be able to experience the full functionality of this website and may have to confirm certain dialogs once again.

Your cookie settings are always related to the web browser you are using, and the settings are of no effect if you use a different web browser upon your next use of this website. Alternatively, you can manage the settings of your web browser or on your mobile device. Here you can delete cookies at your own discretion at any time.

We use the following types of cookies:

Strictly necessary cookies

This type of cookies is required to make the website work. They are exclusively used by us during the session. They help to make the page load more quickly and to limit the number of sessions originating from a user to prevent a website-overload. 

We use a "cookie notifier" cookie which saves your decision either to agree with the usage of cookies on our website or not. It is saved automatically upon your click on one of the two options available. Your acceptance of our cookies is stored for one year from the acceptance date. If you decide to refuse our cookies, your decision will be stored for 30 days. During this time, the cookie information banner will not be shown again.

All other strictly necessary cookies remain valid during the session and are automatically deleted when you close the browser.

Functional cookies

Functional cookies save the choices and preferences you make while visiting this website in order to offer you an improved functionality and personal features. They can remember your login status, or the status of videos played. These will be stored for 30 days.

Analytical cookies

When you consent to the usage of analytical cookies, respective cookies will be stored on your device. Analytical cookies allow us to analyze the way the website is used, how often visitors use a page of our website, and if they get error messages from our pages. For this purpose, your IP address will be processed in a pseudonymized manner by deleting the last three digits. That way we are no longer able to directly identify you as an individual. We will delete this data within three years.

When activating social media plug-ins

If you activate plug-ins of social media providers (such as Facebook, X, YouTube, LinkedIn, Instagram or WhatsApp), your web browser will connect to the servers of the respective providers and send your specific user data to these providers.

In addition, if you are currently logged in to a social network of one of the above-mentioned providers, your activity may be linked to your user account with these providers at the same time.

In order to secure your privacy, we are using a tool called “Shariff.” Shariff enables you to decide whether and when to activate the share plug-ins on our website and, by doing so, whether to initiate a transfer of user specific data to the provider. Only if you specifically activate a plug-in via Shariff, your browser will connect to the servers of the respective provider and the user specific data (as further referenced below) will be sent to that provider. You activate a plug-in via Shariff, by clicking on one of the respective share buttons.

Legal basis to collect, use and share your data

We process your personal data on one or more of the following legal bases:

• You have given us your consent for the intended processing or international transfer of your personal data, (e.g., in the EU Art. 6.1 a, and Art. 49.1 a GDPR). This is e.g. the case for cookies that are not strictly necessary and when you activate the social plug-ins.
• The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR). These legitimate interests are:
  • the establishment, exercise or defense of legal claims
  • to provide information on our products and service via a working and optimized website.

With whom we share your data

Besides the general recipients as mentioned under With Whom We Share Your Data, we share your data with social media platforms if you activate the plug ins.

Fresenius Kabi has no influence on the scope or the kind of data that will be submitted by activating the plug-ins. Besides, further data processing operations could be triggered, on which we do not have any influence. To learn more about the scope of personal data collected and used, the purposes for which we may use your data, and your respective rights and configuration options to protect your privacy (including your right of withdrawal of consent), please refer to the respective social network’s data protection statement.

Facebook: https://www.facebook.com/about/privacy
X: https://twitter.com/en/privacy
YouTube: https://policies.google.com/privacy
Instagram: https://help.instagram.com/519522125107875
LinkedIn: https://www.linkedin.com/legal/privacy-policy
WhatsApp: https://www.whatsapp.com/legal/

How long we retain your data

Information collected via the website or cookies & similar technologies will be stored as long as your visit or as long as the cookie is valid as explained above.

Last updated April 2024, replaced the previous version
 

Why we collect and use your data

We may collect and use your data for the following purposes:

• to verify if you are a healthcare professional. We do this to comply with laws and regulations relating to the marketing and provision of information about certain medical products and medicines. We also need to verify if you are registered as healthcare professional in the respective country of the website you are visiting, because our products have a different registration status with the health authorities and therefore information may differ from country to country.
• to enhance your visits to our websites with content relevant to you
• to tailor and optimize our communications and interactions with you based on your interests

What data we collect and how we do that

We collect your data of in the following ways:

Information we collect via the website

If you create an account or login with your account on our website, the following data may be processed:

• Name
• Username and password
• Healthcare profession number
• Professional email address
• Country
• Zip code
• Profession, therapeutic area and specialty you are working in
• Title, Gender
• Your employers name and address
• Date and time your account was created
• The website your account was first enabled
• Logfiles, containing information date and time you logged into or out a Fresenius website, the pages visited on our websites

Information we collect from other organizations

We may process data that is provided to us by contracted service providers, or obtained from publicly accessible sources, including official registers of healthcare professionals or data brokers which provide information about healthcare professionals. This may include:

• Healthcare profession number
• Professional email address
• Country
• Zip code
• Profession, therapeutic area and specialty you are working in
• Your employers name and address

Profiling and automated decision making

To tailor and optimize our communications, we create a profile of you. These are based on your profession, therapeutic area and specialty you are working in and the interactions on our website and used to tailor and optimize our communications and interactions with you.

An automated decision making (e.g., in the EU Art. 22 GDPR) occurs to fulfill our obligation to not market the use of medical products for human use to the general public. We therefore verify if you are a healthcare professional. This is done based on information obtained from official publicly available sources and/or external data brokers. If you are not recognized as a healthcare professional, you cannot access all information on such restricted areas of our website.

Legal basis to collect, use and share your data

We process your personal data on one or more of the following legal bases:

• The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR). More specifically the legal obligations in relation to the marketing and provision of information about certain medical products and medicines for which we need to verify if you are a healthcare professional. Furthermore, the status of registration of certain products with the health authorities differs from country to country and must therefore be adapted per country.
• You have given us your consent for the intended processing or transfer of your personal data, (e.g., in the EU Art. 6.1 a, and Art. 49.1 a GDPR). This is the case if you create or use a login from another party such as your account from Acxiom, DocCheck, IQVIA and/or Veeva.
• The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR). These legitimate interests are:
  • The establishment, exercise or defense of legal claims
  • To provide information on our products and service via a working and optimized website
  • To obtain insights in the visitors of our website and their interests.

Requirements to provide personal data

Your personal data is required to make the website accessible to you. If you do not provide the personal data marked as compulsory during the account creation or login, you may not be able to access all information available on such restricted areas of our website.

How long we retain your data

Your credentials are stored for 2 years after your last login.

Your logfiles are stored for 13 months.

Last updated April 2024, replaced the previous version
 

Why we collect and use your data

We collect and use data you actively provided to us. For instance, when filling in online forms or when contacting us by other means of communication such as e-mail, telephone or mail. We may do this:

• To validate, handle and respond to you based upon your inquiry or request
• To fulfill our compliance requirements under pharmacovigilance and medicines laws.

What data we collect and how we do that

We collect the information you provide to us, which may include the following data:

• Name
• Gender
• Contact and address information (e.g., address data, email address, phone number, fax number)
• Country of residence
• Organization / Company
• Profession
• Type of request and possible further information for the purpose of responding to your inquiry

Legal basis to collect, use and share your data

We process your personal data on one or more of the following legal bases:

• The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR). More specifically legal obligations in relation to requirements under pharmacovigilance and medicines laws.
• The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR). These legitimate interests are:
  • To validate, handle and respond to you based upon your inquiry or request
  • The establishment, exercise or defense of legal claims
  • To provide information on our products and service.

Requirements to provide personal data

Your contact details are required to be able to provide you an answer to your request.

How long we retain your data

Your contact details will be stored for up to six months after the inquiry has been completed unless legal obligation exists to retain data for a longer duration, which is the case if you report or are you mentioned in an adverse event or reaction associated with the use of medicinal products and safety of medical devices (vigilance).

Last updated April 2024, replaced the previous version
 

Why we collect and use your data

As our valued commercial prospect, client, vendor, interested business contact or otherwise representative of an organization we interact with (business contact), we may collect and use certain personal data from you. Depending on the business relationship we have with you and/or the organization you are working for, we may collect and use your data for the following purposes:

• Asses a potential business relationship and/or maintaining our business relationship with you or the organization you are working for (including customer relationship management, supplier management, investor relations management, and business partner qualification)
• Vendor assessment and qualification (e.g., whether you and your organization meet certain quality and certification requirements)
• Procurement of products and services from you or the organization you are working for
• Exchange of information related to existing contracts or potential future contracts with you or the organization you are working for
• Fulfill our contract with the organization you are working for, including the enforcement of any rights we may have under such contract
• Termination of contracts and agreements
• Fulfillment of compliance requirements related to a business transaction (e.g., conflict checks, business partner due diligence, sanction list screening, anti-money laundering laws, secure supply chain requirements, customs and export law requirements, tracing requirements for products)
• Manufacture and quality management of products
• Provide and deliver products and services
• Marketing (e.g., informing you about products and services or related information)
• Carry out surveys to understand customer requirements in more detail
• Relationship administration and key account management including external communication and public relationship
• Assess and categorize which specific business needs match best with your abilities (e.g., when we look for a key opinion leader in a certain field or for specific products, the extent you belong to the group of scientific input providers, based on scientific or professional experience) or if you can influence in your professional capacity, the use, purchase, ordering, prescribing or recommendation of Fresenius Kabi products, or affect tender decisions, formulary placement, award status or other preferential or qualifying status of Fresenius Kabi products in accordance with applicable law
• Finance and accounting, invoicing, payment collection and reporting
• Assess your company’s financial solvency and credit risk
• Assess potential investments in Fresenius shares, a potential acquisition, divestiture or joint venture transaction with us or any Fresenius Kabi affiliate
• Improve our products and services
• Organize, secure and improve internal processes including communication, administration, research and IT
• Develop, provide, support and maintain IT infrastructure and solutions
• Security analysis of our IT systems, to protect the confidentiality, availability, integrity of the data and systems
• Facilitate mergers, acquisitions and re-organizations.

What data we collect and how we do that

We collect and use your personal data in the following ways:

Information you provide to us

We may collect your personal data when you contact us, order our products and services or enter into a contract with us for the supply of goods and services. Such personal data include:

• First and last name
• Gender
• Contact and address information, including address, e-mail address, phone number, fax number
• Country of residence
• Role and function in your organization
• Your areas of expertise
• Your profession and qualifications
• Information on the kind of a relationship you have with Fresenius Kabi
• Employer name and employer address
• Contact preferences

Information we collect from other organizations

We may process data that is provided to us by contracted service providers, by competent authorities or obtained from publicly accessible trade registers or trade associations and other publicly available sources, including rating agencies, financial solvency, risk information and financial service agencies and institutions, government or supranational agencies, in particular tender authorities or procurement agencies, data brokers, websites, blogs and printed media. Such personal data may include:

• First and last name
• Contact and address information (e.g., address, e-mail address, phone number, fax number)
• Organization / Company
• Your organization’s bank accounts
• Your profession and qualifications
• Professional identifiers
• Organizational details, affiliation details of your company
• Certifications and quality statements issued by your organization’s officers, representatives or auditors
• Percentage of shares held
• Details related to public filings, trade registers and professional boards
• Details related to published transactions of your organization including tenders and financial arrangements
• Details related to specially designated nationals or blocked persons lists
• Previous interactions with Fresenius Kabi and any of our subsidiaries.

Profiling and automated decision making

An automated decision making (e.g., in the EU Art. 22 GDPR) occurs according to our obligation to conduct a sanction-control-procedure. Within this procedure we check if you, or your organization is listed on an official published sanctions list applicable to the business transaction or relation you have with us. This is necessary for entering into, or performance of, a contract between you and us. The consequence of this can be the refusal to enter into a contractual relationship with you.

We create profiles in our systems, that enable us to assess and categorize which specific business needs match best with your abilities (e.g. when we look for a key opinion leader in a certain field or for specific products, the extent you belong to the group of scientific input providers, based on scientific or professional experience) or if you can, in your professional capacity, influence the use, purchase, ordering, prescribing or recommendation of Fresenius Kabi products, or affect tender decisions, formulary placement, award status or other preferential or qualifying status of Fresenius Kabi products in accordance with applicable law

Legal basis to collect, use and share your data

Depending on the business contact we have with you and the purposes we collect and use your data, we process your personal data on one or more of the following legal bases:

• The processing of your personal data is necessary for the performance of a contract (to be) concluded between you and us (e.g., in the EU Art. 6.1 b GDPR)
• The processing of your personal data is necessary for us to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR). More specifically we are obliged to comply with laws on anti-money laundering, customs and export, secure supply chain requirements, product tracing requirements, statutory disclosure and notification requirements or similar compliance requirements that might require us to process certain of your personal data
• The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR). These legitimate interests are:
  • Investigate your interests for a potential business relationship and/or maintaining our business relationship with you or the organization you are working for
  • Fulfilling our contract with the organization you are working for, including the enforcement of any rights we may have under such contract
  • Gather information and knowledge management related to the interests in and satisfaction about internal processes, products and services
  • Development, optimization and improvement of our products and services
  • Optimization of internal communication
  • Optimization of administration
  • Carrying out research work
  • Organizational management
  • Risk Management: safeguarding against e.g., financial / reputational risks
  • Maintenance of the IT infrastructure, IT security, guarantee of IT support and the detection and correction of errors
  • Complying with legal requirements outside the EEA
  • Establishment, exercise or defense of legal claims.

Requirements to provide personal data

You may need to provide your personal data to us for the purpose of fulfilling a contract with you or the organization you are working for, e.g., we might need your contact details if you are our business contact at a supplier. If you do not provide your personal data, we might not be able to enter into the respective contractual relationship.

With whom we share your data

Besides the general recipients as mentioned under With Whom We Share Your Data, we collaborate with professional data and analytics providers such as IQVIA, Veeva, CDQ and Acxiom to achieve our purposes.

How long we retain your data

We store your personal data for one of the following periods of time:

• Until the purpose of the data collecting and using is fulfilled, e.g. for the term of the contractual relationship with you or the organization you are working for. The exact period depends on the organization you are working for and your position in the company.
• As long as we have a duty to retain the data in line with applicable laws (e.g., because we are obliged to store the data for tax purposes)
• If longer retention periods apply after the time periods listed above (e.g., because we are obliged to store the data for tax purposes or civil or criminal proceedings where initiated) our aim also includes that the data will be blocked until the end of the respective retention period and then erased.

Last updated April 2024, replaced the previous version

Why we collect and use your data

We may collect and use your data for the following purposes:

• Execute the contract with you, including value transfers (such as payments and expenses), communication with you and the arrangement of hospitality and other facilities
• Maintain a database of HCPs with whom we already collaborated and/or may collaborate in the future
• Assess and categorize which specific business needs match best with your abilities (e.g., when we look for a key opinion leader in a certain field or for specific products, the extent you belong to the group of scientific input providers, based on scientific or professional experience)
• Best practice sharing internally and externally
• Disclosure of value transfers to you if you have given us your consent or if we are legally required to disclose such transfers
• Fulfillment of our compliance requirements, e.g. from anti-corruption laws, anti-money laundering laws and other laws on economic crime, regulatory and pharmacovigilance and medicines laws, as well as disclosure obligations resulting from applicable laws and self-regulatory codes of conduct as a result of our membership in trade associations

What data we collect and how we do that

We may collect and use your personal data in the following ways:

Information you provide to us

We collect your personal data depending on the different types of interaction you have with us. Such personal data may include:

• First and last name
• Gender
• Contact and address information, including address, e-mail address, phone number, fax number
• Country of residence
• Curriculum vitae information, including information on your professional experience, your engagement with us and other companies, events you attended, publications, organizations you worked for
• Pictures of you
• Audio-visual recordings of your voice, appearance and statements, if a presentation of yours is recorded and this has been agreed
• Your areas of expertise and your areas of professional interest as an HCP
• Information on payments made and benefits granted to you (transfers of value)
• Your bank account number
• Your tax identification number
• Contract entered between you and us

Information we collect from publicly available sources

Before we enter in an interaction with you, we may collect information about you and your professional experience from publicly available sources, such as the internet, social media platforms, sanction lists and other online and print publications. Such data includes:

• First and last name
• Contact information
• Country of residence
• Curriculum vitae information, including information on your professional experience, your engagement with other companies, events you attended, publications etc.
• Business address
• Pictures and audio-visual recordings of you

Legal Basis for Processing Your Data

Depending on the business contact we have with you and the purposes we collect and use your data, we process your personal data on one or more of the following legal bases:

• The processing of your personal data is necessary for the performance of a contract (to be) concluded between you and us (e.g., in the EU Art. 6.1 b, GDPR)
• The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR). More specifically we 
  • are obliged to comply with national and, if applicable, international laws and regulations relating to the fight against corruption, anti-money laundering anti-terrorism financing and other economic crime. 
  • have to assess the appropriateness of the remuneration and other payments made and other support granted to you and are subject to certain documentation, publication and reporting obligations and therefore, can be obliged to disclose the remuneration paid or other support in kind availed to you as a speaker or other service provider, to your employer or to competent regulatory authorities, criminal prosecutors and other recipients responsible for the implementation of transparency rules upon request, or make such payments and in kind support available publicly. This includes particularly documentation, disclosure and reporting obligations in connection with medicines, medical devices and healthcare regulations, transparency laws, laws on anti-money laundering and self-regulatory regimes such as industry and patient codes
• The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (e.g., in the EU Art. 6.1 f, GDPR). These legitimate interests are:
  • Maintenance of a database that contains all HCPs with whom we already collaborated or may collaborate in the future, to manage the interactions with you and other HCPs
  • Establishment, exercise or defense of legal claims
• You have given us your consent for the intended processing of your personal data (e.g., in the EU Art. 6.1 a GDPR), e.g., for disclosing value transfers made to you, if not legally required or for publishing your photo or audiovisual recordings, if not contractually agreed.

Requirements to provide personal data

Your personal data is required to enter into and/or perform the respective interaction with you. If you do not provide your personal data, we may be required to refrain from entering into an interaction with you, as we could be unable to meet our due diligence and disclosure requirements under applicable laws and self-regulatory codes.

With whom we share your data

Besides the general recipients as mentioned under With Whom We Share Your Data, we also share your data with:

• The general public, to the extent we are obliged to publicly disclose payments made to you and other benefits provided to you, e.g., meals, travel and accommodation as well as other hospitality. Where there is no statutory legal basis for public disclosure including the identity of the recipient, you may choose to withhold or withdraw your consent to such disclosure, and we would then disclose the payments and benefits on an anonymous aggregated basis

How Long We Retain Your Data

The personal data related to the publication of value transfers will be deleted 3 years at the end of the calendar year from publication. Your interactions with us will be deleted ten years after the completion of the last interaction with you, unless we are legally required to retain the data. 

Last updated April 2024, replaced the previous version

Why we collect and use your data

The quality and safety of Fresenius Kabi’s products (e.g., drugs, enteral nutrition, medical devices), services and therapies are of paramount importance. Our interactions with patients using our products do not end with the supply of products or the provision of services but involve the monitoring and analysis of applicability, effectiveness and safety for patients of our products on the market. The gained insights are the basis for identifying opportunities for continuous improvement of products and services. Therefore, Fresenius Kabi monitors and evaluates relevant information and feedback on the products, services and therapies during its use and where necessary reports these to health authorities.

The monitoring of adverse reactions or events (side effects) associated with the use of medicinal products is referred to as pharmacovigilance (drug safety). The statutory pharmacovigilance commitments relate to our medicinal products for human use. Similar regulations exist for medical devices.

With the help of our vigilance activities, Fresenius Kabi ensures that the patients’ safety of its products is always guaranteed, and that Fresenius Kabi is enabled to identify any changes in the benefit-risk-ratio at an early stage and react in a timely manner.

What data we collect and how we do that

We may collect and use your personal data in the following ways:

Information you provide to us, we collect from other organizations or from publicly available sources

We collect and use the data:

• you provide directly to us (e.g., via phone, letter or webform), as patient using our products 
• as reporter of adverse reactions or events 
• as reported and published on publicly available sources such as social media and internet forums, literature or other reports we became aware of
• as provided to us by healthcare organizations or organizations otherwise involved in the provision of care such as hospitals, our distributors and resellers or universities.

The exact amount and kind of data depends on the information submitted to us or the information that is published, posted or shared. Such data includes:

• Information identifying the patient (potentially including first and last name, date of birth, gender)
  • Medical history and other characteristics including laboratory data, pregnancy, weight, height and age
  • Measures and treatment of adverse reactions and events
• Information identifying the reporter or on the primary source of the data for potential follow-up requests
  • First and last name
  • Contact and address information (e.g., address, e-mail address, social media account name, phone number)
  • Signature (in case you report on behalf of a healthcare provider) 
• Information on the adverse reactions and events or other information on the safety of our products
  • Description of the adverse reactions and events related data including start, stop, duration
  • Drug/active substance related data including dosage, application, suspected causality indication and duration of treatment
  • Medical device related data including application, and malfunctioning
  • Seriousness criteria of reaction such as death, life threatening, hospitalization or prolonged hospitalization, permanent injury or disability, important medical event
  • Outcome of reactions.

Legal Basis for Processing Your Data

We process your personal data on the following legal basis:

• The processing of your personal data is necessary for reasons of public interest (e.g., in Europe Art. 6.1 e Art. 9.2 i GDPR) in the area of public health to ensure high standards of quality and safety of medicinal products and devices based on law. These laws include inter alia Section 63c of the German Medicines Act and Article 24 of Regulation (EC) No. 726/2004.
• You have given us your consent for the intended processing (e.g., in Europe Art. 6.1 a GDPR and Art. 9.2 a GDPR) which can be the case if you participate in a clinical trial or research study)
• The processing relates to personal data which is manifestly made public by you (e.g., in Europe Art. 9.2 e GDPR) which is e.g. the case if you publish it on social media
• The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in Europe Art. 6.1 f GDPR). This legitimate interest is explained under ‘Why we collect and use your data'
• The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in Europe Art. 6.1 c GDPR and Art. EU 9.2 i GDPR). More specifically we are obliged to have post market surveillance based on Regulation (EU) No 1235/2010 and Directive 2010/84/EU concerning the pharmacovigilance of medicinal products for human use. See also Commission Implementing Regulation No 520/2012 of 19 June 2012 and the European Medicines Agency (EMA) Guidelines on Good Pharmacovigilance Practices (GVP). Furthermore, legal obligations arise as part of a clinical trial, see Regulation (EU) No 536/2014 and as part of medical device regulations EU 745/2017 and 746/2017.

Requirements to provide personal data

If you do not provide all necessary personal data, we might not be able to respond or process your report properly because we cannot comply with the legal requirements as listed above.

How Long We Retain Your Data

Fresenius Kabi only stores personal data that is required to be compliant with the current legislation in our global safety databases. 

• For events related to medicinal products / Drugs, the data will be kept for 10 years after the marketing authorization has ceased to exist or 5 years after the completion of formal discontinuation of the last clinical trial. 
• For events related to medical devices the data will be kept for 10 years after the last device has been placed on the market (15 years for implantable devices). 
• Complaint related documentation related to our products the data will be kept for 30 years after closing. 

Last updated April 2024, replaced the previous version
 

Why we collect and use your data

We collect and use your data to validate, handle and respond to your request, and to fulfill our accountability requirements arising from the General Data Protection Regulation or other data protection legislations.

What data we collect and how we do that

Information you provide to us 

We collect and use the data you provide to us. The exact amount and kind of data depends on what information you include in your request and what type of request you submit. Such data includes:

• First and last name
• Academic title
• Gender
• Contact and address information (e.g., address, e-mail address, phone number, fax number)
• Country of residence
• Information on your relationship with Fresenius Kabi and its entities
• Your request
• Data needed to identify yourself

Legal Basis for Processing Your Data

We process your personal data on one or more of the following legal bases:

• The processing of your personal data is necessary for us in order to comply with a legal obligation, we are subject to (e.g., in Europe Art. 6.1 c GDPR). We are legally obliged to respond to your request and to process your personal data accordingly. More specifically, in Europe legal obligations in relation to requirements under the General Data Protection Regulation (Regulation (EU) 2016/679).
• The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in Europe Art. 6.1 f GDPR). More specifically, these legitimate interests are the establishment, exercise or defense of legal claims
• The processing is necessary for the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity (e.g., in Europe Art. 9.2 f GDPR)

Requirements to provide personal data

If you do not provide all necessary personal data, we may not be able to respond to or properly process your request.

How Long We Retain Your Data

We store your personal data until we have responded to your request. Afterwards, the respective personal data shall be blocked (i.e., we block your data for all other purposes) until the end of the respective statute of limitation for corresponding legal claims. After the end of this status of limitation (after four years), your data will be erased entirely.

If longer retention periods apply after the time periods listed above (e.g., because we are obliged to store the data for tax purposes or civil or criminal proceedings where initiated) our aim also includes that the data will be blocked until the end of the respective retention period and then erased.

Last updated April 2024, replaced the previous version
 

Why we collect and use your data

We may collect data about you for the following purposes:

• to answer your inquiries you sent to us by direct message
• to follow up and report on posted adverse events
• follow up on any hate speech or other statements that allegedly threatens our employees, organization, our brand or reputation
• to gain insights in our and your online presence and standing
• to adapt our online presence with the respective platform or network to best suit the preferences and interests of its users
• to provide advertisements to targeted groups

What data we collect and how we do that

We may collect and use your personal data in the following ways:

Information you post

We collect information you post about us, our brands, our employees, our markets, our products and services or otherwise affects us. This may include: 

• Your name as selected by you for your social media user account, including your picture and profile description/bio
• The content of your published posts
• The content of your direct messages

Information obtained from social media providers

We collect information from social media providers which they collect when you use their platforms and they provide to us. This may include: 

• your profile as determined by the social media provider, which can include:
  • Geography
  • Interests
  • Gender
  • The industry you are working in
  • Age groups
  • Values
  • Channels

Legal basis to collect, use and share your data

We process your personal data on one or more of the following legal bases:

• The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR). More specifically legal obligations in relation to requirements under pharmacovigilance and medicines laws. These include inter alia Section 63c of the German Medicines Act and Article 24 of Regulation (EC) No. 726/2004.
• The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR). These legitimate interests are:
  • To validate, handle and respond to you based upon your inquiry or request
  • To provide information on our products and service
  • To provide an adequate online presence which meets the demands of the users
  • To protect our employees, organization, brands and reputation
• The processing relates to personal data which is manifestly made public by you (e.g., in Europe Art. 9.2 e GDPR)

With whom we share your data

Besides the general recipients as mentioned under With Whom We Share Your Data, we share your data with social media platform providers. These providers are responsible as Controller for the data they receive.

Responsibility regarding Facebook and Instagram

Please be aware that for obtaining the insights in your online presence, Fresenius Kabi is jointly with Facebook, controller of the activities. For all other processing of personal data related to Facebook and Instagram, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is the responsible controller.

You can find information on respective processing of personal data regarding Facebook here: https://facebook.com/about/privacy

You can find information on respective processing of personal data regarding Instagram here: https://help.instagram.com/519522125107875

Responsibility regarding X (formerly Twitter)

For all processing of personal data related to Twitter, Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07 Ireland, is the responsible controller.

You can find information on respective processing of personal data here: https://twitter.com/en/privacy

Responsibility regarding LinkedIn

For all processing of personal data related to LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, is the responsible controller.

You can find information on respective processing of personal data here: https://linkedin.com/legal/privacy-policy

Responsibility regarding YouTube

For all processing of personal data related to YouTube, Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA, is the responsible controller.

You can find information on respective processing of personal data here: https://policies.google.com/privacy?hl=en

How Long We Retain Your Data

We store your data for as long as it is necessary to answer your inquiry. So, until you receive the last relevant message from us to answer your query, plus a 6-month transition period so that we can respond if you have any further or follow-up questions. If your post or you are mentioned in a post that relates to an adverse event or reaction associated with the use of medicinal products and safety of medical devices (vigilance), we store the information longer.

First published March 2025

Why we collect and use your data

If you request information as a visitor of our congress booth, we collect and use certain personal data of you. We may collect and use your data for the following purposes:

• follow up your comments or request as indicated in the app
• assess and qualify the potential business relationship with you or the organisation you are working for
• exchange of information related to potential future contracts or existing contracts with you or the organization you are working for
• Marketing (e.g., informing you about products and services or related information)
• Relationship administration and key account management including external communication and public relationship

What data we collect and how we do that

We collect and use your personal data in the following ways: 

Information you provide to us at the booth:

• First and last name
• Gender
• Contact and address information, including address, e-mail address, phone number, fax number
• Your profession and qualifications
• Country of residence
• The organisation you work for
• Role and function in your organization
• Your areas of expertise
• Your area of interest
• Your request and how to follow up

Information we may infer from our conversation:

• A qualification of your needs based on type of request, urgency and available budget for the request, your decision authority.
• The name of the event where we captured your data
• Invite to a follow up meeting (if requested)

Information we may collect from the congress organiser:

• First and last name
• Gender
• Contact and address information, including address, e-mail address, phone number, fax number
• Your profession and qualifications
• Country of residence
• The organisation you work for
• Role and function in your organization
• Your areas of expertise
• Your area of interest
• Your request and how to follow up

Profiling and automated decision making

To tailor and optimize our communications, we create a profile of you. These are based on your profession, therapeutic area and specialty you are working and used to tailor and optimize our communications and interactions with you.

Legal Basis for Processing

We process your personal data based on  our legitimate interest (e.g in Europe, Art. 6.1 b GDPR):

• Investigate your interests for a potential business relationship and/or maintaining our business relationship with you or the organization you are working for
• Fulfilling our contract with the organization you are working for, including the enforcement of any rights we may have under such contract
• Gather information and knowledge management related to the interests in and satisfaction about internal processes, products and services
• Development, optimization and improvement of our products and services
• Optimization of internal communication
• Optimization of administration
• Carrying out research work
• Organizational management

Requirements to provide personal data

You need to provide your personal data to us for the purpose of following up your request. If you do not provide your personal data, we might not be able to contact you.

We share your data

Besides the general recipients as mentioned under With Whom We Share Your Data, we do not share your data with others.

How long we retain your data

We store your personal data for 2 years after the last interaction we have had with you.   

First published March 2025

Why we collect and use your data

If you subscribe or follow an online training in our Fresenius Learning Center, we collect and use your data for the following purposes:

• to make the training technically available to you
• provide you with the necessary knowledge for your daily work in or on behalf of Fresenius or the service provider, distributor, supplier, or health care organization you work for.
• to document your learning history, 
• to create reports or provide proof and documentation of attendance and receive feedback to help improve our trainings,
• to enable the issuing of certificates of completion, 
• to follow up on any questions and queries

What data we collect and how we do that

We collect and use your personal data in the following ways: 

Information you provide yourself to us or we obtain from your employer

If you create your profile, or your employer as initiated the enrolment into a course or training, we collect and use the following information

• The training(s) to follow
• First and last name 
• Login name and password
• Job title, role or position, such as sales representative, fire-protection assistant, security administrator, truck driver, first responder
• The organisation and department you work for
• The country or location you work in 
• Your supervisor or relevant HR contact
• Email address
• Files you uploaded yourself, such as certificates or CVs.

Automatically by our website or by using cookies and other technologies:

We collect and use the following data during your visits on our Fresenius Learning Center environment:

• When you entered into the system 
• When you left the system 
• Which course you followed 
• When you opened a course 
• When you closed the course 
• Where you left a course
• Training status
• Completion dates
• Account creation date
• Account expiration date
• The name of your service provider including IP address
• Your web browser type
• The preferences you select.

We do this by using strictly necessary cookies. They are required to make the website work. They for example help to make the page load more quickly and to limit the number of sessions originating from a user to prevent a website-overload. They remain valid during the session and are automatically deleted when you close the browser.

Legal Basis for Processing

The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR). These legitimate interests are:

• to provide you with the necessary and available knowledge for your daily work to support knowledge transfer of position related, legally and regularly prescribed as well as operation related content (applicable to internal Fresenius employees)
• to provide a working and optimized modern online training environment.
• the establishment, exercise or defense of legal claims 
• The processing of your personal data is necessary for the performance your employment contract (e.g., in the EU Art. 6.1 b GDPR) which requires you to be trained on certain topics depending on the position you hold within your organization or within Fresenius.
• The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR). More specifically the legal obligations in relation to legally required trainings such as in the area of health and safety regulations where we need proof that you are being trained.

Requirements to provide personal data

Your personal data is required to make the website accessible to you. If you do not provide the personal data marked as compulsory during the account creation or login, you may not be able to access the learning environment

We share your data

Besides the general recipients as mentioned on our With Whom We Share, and depending on the agreement with your employer, we share the status of completion of trainings with your employer, which can be your supervisor, the HR department, the compliance department or the department that has issued the training.

How long we retain your data

Information collected via the website or cookies & similar technologies will be stored as long as your visit or as long as the cookie is valid as explained above.

Your profile and status on completed trainings will remain in our system for 120 months.

First published March 2025

Why we collect and use your data

If you visit our location or site, we will collect your data for the following purposes:

• Provide access to buildings for authorized people (access control)
• Prevent and detect access of unwanted individuals or illegitimate access to buildings or specific areas within a building 
• Protection of the householder's rights in the sense of averting the danger of theft, burglary and vandalism
• Efficient and effective access to buildings
• Ensure safety and security of people, building and properties in case of calamities
• preserving evidence to allow reporting and supporting police investigations in the prosecution of criminal offences and taking disciplinary actions
• Ensure safety of the people (workplace safety) 
• Preserve evidence of theft, burglary or vandalism

What data we collect and how we do that

We collect and use your personal data in the following ways: 

Information you provide yourself to us 

If you register at our visitor registration we capture the following information

• First and last name 
• Reason of your visit
• Internal contact person you are about to visit
• Time of arrival
• Time of leaving
• Signature
• Badge number provided to you

By our video monitoring system

Our video monitoring system captures:

Images of our premises, including time and date of events

By our electronic entrance system 

Our electronic entrance system (badge, fence, biometric) 

• Badge number
• Mathematic representation of your fingerprint
• Time of entry
• Time of exit

Legal Basis for Processing

The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR). These legitimate interests are the purposes as described above under why we collect and use your information.

Requirements to provide personal data

Your personal data is required to provide access to our buildings and premises. If you do not provide the personal data you cannot legitimately access them.

We share your data

Besides the general recipients as mentioned on our With Whom We Share, we share information with police, justice and private investigators and security guards.

How long we retain your data

Information Provided by yourself is stored for a week

Information captured by our video surveillance is stored for one week

Information captured by our electronic entrance system is stored for one week.