Data Protection at Fresenius Kabi

Welcome to the Fresenius Kabi Limited (“Fresenius Kabi” or “we”) data protection information page. As a global healthcare company that specialises in lifesaving medicines and technologies for infusion, transfusion, and clinical nutrition, we need to collect, use and share your personal data to carry out our work. We need to ensure that this data is appropriately handled and protected.

This site explains how your data is used in our processes and how we incorporate data protection in our operations. Furthermore, you will find information on how to execute your rights.

How We Take Care of Your Data

Our Data Protection Organisation

Fresenius Kabi operates a central data protection competence center. This center has set up a data protection management framework in alignment with ISO 29100 (privacy framework for the protection of personally identifiable information). The competence center aims to implement a harmonized and consistent way of processing personal data across all Fresenius Kabi entities. It sets the policies, procedures and standards for data protection and provides tools and processes for the employees as well as training and awareness material. Furthermore, this center provides expertise on all data protection topics.

Our local data privacy advisors at the various Fresenius Kabi legal entities support local management with their compliance programs. They do this by executing risk and compliance assessments for the different data processing activities. With these assessments we aim to integrate ‘Privacy by design’ into the design of our processes and IT systems.

The monitoring of our data protection compliance efforts is overseen by our data protection officer.

Our Data Privacy Policy

The Fresenius Kabi Group has adopted Binding Corporate Rules on the protection of personal data. These rules have been approved by the European Data Protection Authorities and describe the principles for protecting personal data and determine how the Fresenius Kabi Group apply them when collecting and using personal data.

The Fresenius Binding Corporate Rules, associated security policies and procedures aim to create a global adequate and uniform level of data protection across our group. They set the rules for the internal data transfers between Fresenius Kabi companies and our internal service providers worldwide.

Our Security Measures 

At Fresenius Kabi we know information security is important to our customers, patients, and business partners. We are committed to maintaining information security through responsible management, appropriate use, and protection of our and your data in accordance with legal and regulatory requirements and our agreements. Please find more about the Information Security at Fresenius Kabi.

Transparency on Our Data Processing Activities

We collect and use your personal data in various ways and for various purposes. We collaborate with other organisations to achieve our purposes. In the sections below you can find when and how we do that. If you have any further questions, requests, inquiries or complaints relating your personal data you can contact us.

Situations in Which We Collect Your Data

Last updated October 2024, replaced the previous version

As a visitor of our websites, Fresenius Kabi Limited (“we”) will collect and use certain personal data from you. This data protection statement informs you about the processing of personal data when visiting our website. 

Please be informed that our websites include links to external sites which are not covered by this data protection statement. Also, some of the Fresenius Kabi entities in our group provide data protection statements that may differ from this data protection statement. Your visit to such websites is subject to the respective data protection statement of that website.

Why we collect and use your data

We collect and use your data for the following purposes:

  • To make the website work and optimised for the device you use it on
  • To provide the best possible service to you, enhance your user experience and store your preferences for your current or future browsing sessions
  • To further improve our websites.
What data we collect and how we do that

We collect your data of your visit to our website in the following ways:

Automatically by our website or by using cookies and other technologies

We collect and use the following internet protocol data or cookie data during your visits on our websites:

  • The name of your service provider including IP address
  • The website that directed you to our site
  • The pages you visited on our websites
  • Your web browser type
  • The date and length of your visit
  • The preferences you select.

You can accept all, accept only necessary or you can choose your own settings for the use of certain cookies & other technologies for this website. Please note that if you choose not to accept the use of certain cookies you may not be able to experience the full functionality of this website and may have to confirm certain dialogs once again.

Your cookie settings are always related to the web browser you are using, and the settings are of no effect if you use a different web browser upon your next use of this website. Alternatively, you can manage the settings of your web browser or on your mobile device. Here you can delete cookies at your own discretion at any time.

We use the following types of cookies:

Strictly necessary cookies

This type of cookies is required to make the website work. They are exclusively used by us during the session. They help to make the page load more quickly and to limit the number of sessions originating from a user to prevent a website-overload. 

We use a "cookie notifier" cookie which saves your decision either to agree with the usage of cookies on our website or not. It is saved automatically upon your click on one of the two options available. Your acceptance of our cookies is stored for one year from the acceptance date. If you decide to refuse our cookies, your decision will be stored for 30 days. During this time, the cookie information banner will not be shown again.

All other strictly necessary cookies remain valid during the session and are automatically deleted when you close the browser.

Functional cookies

Functional cookies save the choices and preferences you make while visiting this website in order to offer you an improved functionality and personal features. They can remember your login status, or the status of videos played. These will be stored for 30 days.

Analytical cookies

When you consent to the usage of analytical cookies, respective cookies will be stored on your device. Analytical cookies allow us to analyze the way the website is used, how often visitors use a page of our website, and if they get error messages from our pages. For this purpose, your IP address will be processed in a pseudonymized manner by deleting the last three digits. That way we are no longer able to directly identify you as an individual. We will delete this data within three years.

When activating social media plug-ins

If you activate plug-ins of social media providers (such as Facebook, LinkedIn, or Instagram), your web browser will connect to the servers of the respective providers and send your specific user data to these providers.

In addition, if you are currently logged in to a social network of one of the above-mentioned providers, your activity may be linked to your user account with these providers at the same time.

Legal basis to collect, use and share your data

We process your personal data on one or more of the following legal bases:

  • You have given us your consent for the intended processing or international transfer of your personal data, (e.g., in the UK and EU Art. 6.1 a, and Art. 49.1 a UK and EU GDPR). This is for example the case for cookies that are not strictly necessary and when you activate the social plug-ins.
  • The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the UK and EU Art. 6.1 f UK and EU GDPR). These legitimate interests are:
    • the establishment, exercise or defense of legal claims
    • to provide information on our products and service via a working and optimised website.
With whom we share your data

Besides the general recipients as mentioned under With Whom We Share Your Data, we share your data with social media platforms if you activate the plug ins.

Fresenius Kabi has no influence on the scope or the kind of data that will be submitted by activating the plug-ins. Besides, further data processing operations could be triggered, on which we do not have any influence. To learn more about the scope of personal data collected and used, the purposes for which we may use your data, and your respective rights and configuration options to protect your privacy (including your right of withdrawal of consent), please refer to the respective social network’s data protection statement.

Facebook: https://www.facebook.com/about/privacy
Instagram: https://help.instagram.com/519522125107875
LinkedIn: https://www.linkedin.com/legal/privacy-policy

How long we retain your data

Information collected via the website or cookies & similar technologies will be stored as long as your visit or as long as the cookie is valid as explained above.

Last updated October 2024, replaced the previous version
 

Why we collect and use your data

We collect and use data you actively provided to us. For instance, when filling in online forms or when contacting us by other means of communication such as e-mail, telephone or mail. We may do this:

  • To validate, handle and respond to you based upon your inquiry or request
  • To fulfill our compliance requirements under pharmacovigilance and medicines laws.
What data we collect and how we do that

We collect the information you provide to us, which may include the following data:

  • Name
  • Title
  • Contact information (e.g. email address)
  • Profession
  • Type of request and possible further information for the purpose of responding to your inquiry
Legal basis to collect, use and share your data

We process your personal data on one or more of the following legal bases:

  • The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in the UK and EU Art. 6.1 c UK and EU GDPR). More specifically legal obligations in relation to requirements under pharmacovigilance and medicines laws.
  • The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the UK and EU Art. 6.1 f UK and EU GDPR). These legitimate interests are:
    • To validate, handle and respond to you based upon your inquiry or request
    • The establishment, exercise or defense of legal claims
    • To provide information on our products and services
Requirements to provide personal data

Your contact details are required to be able to provide you an answer to your request.

How long we retain your data

Your contact details will be stored for up to six months after the inquiry has been completed unless legal obligation exists to retain data for a longer duration, which is the case if you report or are you mentioned in an adverse event or reaction associated with the use of medicinal products and safety of medical devices (vigilance).

Last updated October 2024, replaced the previous version
 

Why we collect and use your data

As our valued commercial prospect, client, vendor, interested business contact or otherwise representative of an organisation we interact with (business contact), we may collect and use certain personal data from you. Depending on the business relationship we have with you and/or the organisation you are working for, we may collect and use your data for the following purposes:

  • Asses a potential business relationship and/or maintaining our business relationship with you or the organisation you are working for (including customer relationship management, supplier management, investor relations management, and business partner qualification)
  • Vendor assessment and qualification (e.g., whether you and your organisation meet certain quality and certification requirements)
  • Procurement of products and services from you or the organisation you are working for
  • Exchange of information related to existing contracts or potential future contracts with you or the organisation you are working for
  • Fulfill our contract with the organisation you are working for, including the enforcement of any rights we may have under such contract
  • Termination of contracts and agreements
  • Fulfillment of compliance requirements related to a business transaction (e.g., conflict checks, business partner due diligence, sanction list screening, anti-money laundering laws, secure supply chain requirements, customs and export law requirements, tracing requirements for products)
  • Manufacture and quality management of products
  • Provide and deliver products and services
  • Marketing (e.g., informing you about products and services or related information)
  • Carry out surveys to understand customer requirements in more detail
  • Relationship administration and key account management including external communication and public relationship
  • Assess and categorize which specific business needs match best with your abilities (e.g., when we look for a key opinion leader in a certain field or for specific products, the extent you belong to the group of scientific input providers, based on scientific or professional experience) or if you can influence in your professional capacity, the use, purchase, ordering, prescribing or recommendation of Fresenius Kabi products, or affect tender decisions, formulary placement, award status or other preferential or qualifying status of Fresenius Kabi products in accordance with applicable law
  • Finance and accounting, invoicing, payment collection and reporting
  • Assess your company’s financial solvency and credit risk
  • Assess potential investments in Fresenius shares, a potential acquisition, divestiture or joint venture transaction with us or any Fresenius Kabi affiliate
  • Improve our products and services
  • Organise, secure and improve internal processes including communication, administration, research and IT
  • Develop, provide, support and maintain IT infrastructure and solutions
  • Security analysis of our IT systems, to protect the confidentiality, availability, integrity of the data and systems
  • Facilitate mergers, acquisitions and re-organisations.
What data we collect and how we do that

We collect and use your personal data in the following ways:

Information you provide to us

We may collect your personal data when you contact us, order our products and services or enter into a contract with us for the supply of goods and services. Such personal data include:

  • First and last name
  • Gender
  • Contact and address information, including address, e-mail address, phone number, fax number
  • Role and function in your organisation
  • Your areas of expertise
  • Your profession and qualifications
  • Information on the kind of a relationship you have with Fresenius Kabi
  • Employer name and employer address
  • Contact preferences
Information we collect from other organisations

We may process data that is provided to us by contracted service providers, by competent authorities or obtained from publicly accessible trade registers or trade associations and other publicly available sources, including rating agencies, financial solvency, risk information and financial service agencies and institutions, government or supranational agencies, in particular tender authorities or procurement agencies, data brokers, websites, blogs and printed media. Such personal data may include:

  • First and last name
  • Contact and address information (e.g., address, e-mail address, phone number, fax number)
  • Organisation / Company
  • Your organisation’s bank accounts
  • Your profession and qualifications
  • Professional identifiers
  • Organisational details, affiliation details of your company
  • Certifications and quality statements issued by your organization’s officers, representatives or auditors
  • Percentage of shares held
  • Details related to public filings, trade registers and professional boards
  • Details related to published transactions of your organisation including tenders and financial arrangements
  • Details related to specially designated nationals or blocked persons lists
  • Previous interactions with Fresenius Kabi and any of our subsidiaries.
Profiling and automated decision making

An automated decision making (e.g., in the UK and EU Art. 22 UK and EU GDPR) occurs according to our obligation to conduct a sanction-control-procedure. Within this procedure we check if you, or your organisation is listed on an official published sanctions list applicable to the business transaction or relation you have with us. This is necessary for entering into, or performance of, a contract between you and us. The consequence of this can be the refusal to enter into a contractual relationship with you.

We create profiles in our systems, that enable us to assess and categorize which specific business needs match best with your abilities (e.g. when we look for a key opinion leader in a certain field or for specific products, the extent you belong to the group of scientific input providers, based on scientific or professional experience) or if you can, in your professional capacity, influence the use, purchase, ordering, prescribing or recommendation of Fresenius Kabi products, or affect tender decisions, formulary placement, award status or other preferential or qualifying status of Fresenius Kabi products in accordance with applicable law

Legal basis to collect, use and share your data

Depending on the business contact we have with you and the purposes we collect and use your data, we process your personal data on one or more of the following legal bases:

  • The processing of your personal data is necessary for the performance of a contract (to be) concluded between you and us (e.g., in the UK and EU Art. 6.1 b UK and EU GDPR)
  • The processing of your personal data is necessary for us to comply with a legal obligation we are subject to (e.g., in the UK and EU Art. 6.1 c UK and EU GDPR). More specifically we are obliged to comply with laws on anti-money laundering, customs and export, secure supply chain requirements, product tracing requirements, statutory disclosure and notification requirements or similar compliance requirements that might require us to process certain of your personal data
  • The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the UK and EU Art. 6.1 f UK and EU GDPR). These legitimate interests are:
    • Investigate your interests for a potential business relationship and/or maintaining our business relationship with you or the organisation you are working for
    • Fulfilling our contract with the organisation you are working for, including the enforcement of any rights we may have under such contract
    • Gather information and knowledge management related to the interests in and satisfaction about internal processes, products and services
    • Development, optimisation and improvement of our products and services
    • Optimisation of internal communication
    • Optimisation of administration
    • Carrying out research work
    • Organisational management
    • Risk Management: safeguarding against e.g., financial / reputational risks
    • Maintenance of the IT infrastructure, IT security, guarantee of IT support and the detection and correction of errors
    • Complying with legal requirements outside the EEA
    • Establishment, exercise or defense of legal claims
Requirements to provide personal data

You may need to provide your personal data to us for the purpose of fulfilling a contract with you or the organisation you are working for, e.g., we might need your contact details if you are our business contact at a supplier. If you do not provide your personal data, we might not be able to enter into the respective contractual relationship.

With whom we share your data

Besides the general recipients as mentioned under With Whom We Share Your Data, we collaborate with professional data and analytics providers such as IQVIA, Veeva, CDQ and Acxiom to achieve our purposes.

How long we retain your data

We store your personal data for one of the following periods of time:

  • Until the purpose of the data collecting and using is fulfilled, e.g. for the term of the contractual relationship with you or the organisation you are working for. The exact period depends on the organization you are working for and your position in the company.
  • As long as we have a duty to retain the data in line with applicable laws (e.g., because we are obliged to store the data for tax purposes)
  • If longer retention periods apply after the time periods listed above (e.g., because we are obliged to store the data for tax purposes or civil or criminal proceedings where initiated) our aim also includes that the data will be blocked until the end of the respective retention period and then erased.

Last updated October 2024, replaced the previous version

Why we collect and use your data

We may collect and use your data for the following purposes:

  • Execute the contract with you, including value transfers (such as payments and expenses), communication with you and the arrangement of hospitality and other facilities
  • Maintain a database of HCPs with whom we already collaborated and/or may collaborate in the future
  • Assess and categorise which specific business needs match best with your abilities (e.g., when we look for a key opinion leader in a certain field or for specific products, the extent you belong to the group of scientific input providers, based on scientific or professional experience)
  • Best practice sharing internally and externally
  • Disclosure of value transfers to you if you have given us your consent or if we are legally required to disclose such transfers
  • Fulfillment of our compliance requirements, e.g. from anti-corruption laws, anti-money laundering laws and other laws on economic crime, regulatory and pharmacovigilance and medicines laws, as well as disclosure obligations resulting from applicable laws and self-regulatory codes of conduct as a result of our membership in trade associations
What data we collect and how we do that

We may collect and use your personal data in the following ways:

Information you provide to us

We collect your personal data depending on the different types of interaction you have with us. Such personal data may include:

  • First and last name
  • Gender
  • Contact and address information, including address, e-mail address, phone number, fax number
  • Country of residence
  • Curriculum vitae information, including information on your professional experience, your engagement with us and other companies, events you attended, publications, organizations you worked for
  • Pictures of you
  • Audio-visual recordings of your voice, appearance and statements, if a presentation of yours is recorded and this has been agreed
  • Your areas of expertise and your areas of professional interest as an HCP
  • Information on payments made and benefits granted to you (transfers of value)
  • Your bank account number
  • Your tax identification number
  • Contract entered between you and us
Information we collect from publicly available sources

Before we enter in an interaction with you, we may collect information about you and your professional experience from publicly available sources, such as the internet, social media platforms, sanction lists and other online and print publications. Such data includes:

  • First and last name
  • Contact information
  • Country of residence
  • Curriculum vitae information, including information on your professional experience, your engagement with other companies, events you attended, publications etc.
  • Business address
  • Pictures and audio-visual recordings of you
Legal Basis for Processing Your Data

Depending on the business contact we have with you and the purposes we collect and use your data, we process your personal data on one or more of the following legal bases:

  • The processing of your personal data is necessary for the performance of a contract (to be) concluded between you and us (e.g., in the UK and EU Art. 6.1 b, UK and EU GDPR)
  • The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in the UK and EU Art. 6.1 c UK and EU GDPR). 

More specifically we 

  • are obliged to comply with national and, if applicable, international laws and regulations relating to the fight against corruption, anti-money laundering anti-terrorism financing and other economic crime. 
  • have to assess the appropriateness of the remuneration and other payments made and other support granted to you and are subject to certain documentation, publication and reporting obligations and therefore, can be obliged to disclose the remuneration paid or other support in kind availed to you as a speaker or other service provider, to your employer or to competent regulatory authorities, criminal prosecutors and other recipients responsible for the implementation of transparency rules upon request, or make such payments and in kind support available publicly. This includes particularly documentation, disclosure and reporting obligations in connection with medicines, medical devices and healthcare regulations, transparency laws, laws on anti-money laundering and self-regulatory regimes such as industry and patient codes
  • The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (e.g., in the UK and EU Art. 6.1 f, UK and EU GDPR). These legitimate interests are:
    • Maintenance of a database that contains all HCPs with whom we already collaborated or may collaborate in the future, to manage the interactions with you and other HCPs
    • Establishment, exercise or defense of legal claims
  • You have given us your consent for the intended processing of your personal data (e.g., in the UK and EU Art. 6.1 a UK and EU GDPR), e.g., for disclosing value transfers made to you, if not legally required or for publishing your photo or audiovisual recordings, if not contractually agreed.
Requirements to provide personal data

Your personal data is required to enter into and/or perform the respective interaction with you. If you do not provide your personal data, we may be required to refrain from entering into an interaction with you, as we could be unable to meet our due diligence and disclosure requirements under applicable laws and self-regulatory codes.

With whom we share your data

Besides the general recipients as mentioned under With Whom We Share Your Data, we also share your data with:

  • The general public, to the extent we are obliged to publicly disclose payments made to you and other benefits provided to you, e.g., meals, travel and accommodation as well as other hospitality. Where there is no statutory legal basis for public disclosure including the identity of the recipient, you may choose to withhold or withdraw your consent to such disclosure, and we would then disclose the payments and benefits on an anonymous aggregated basis
How Long We Retain Your Data

The personal data related to the publication of value transfers will be deleted 3 years at the end of the calendar year from publication. Your interactions with us will be deleted ten years after the completion of the last interaction with you, unless we are legally required to retain the data. 

Last updated October 2024, replaced the previous version

Why we collect and use your data

The quality and safety of Fresenius Kabi’s products (e.g., drugs, biosimilars, enteral nutrition, medical devices), services and therapies are of paramount importance. Our interactions with patients using our products do not end with the supply of products or the provision of services but involve the monitoring and analysis of applicability, effectiveness and safety for patients of our products on the market. The gained insights are the basis for identifying opportunities for continuous improvement of products and services. Therefore, Fresenius Kabi monitors and evaluates relevant information and feedback on the products, services and therapies during its use and where necessary reports these to health authorities.

The monitoring of adverse reactions or events (side effects) associated with the use of medicinal products is referred to as pharmacovigilance (drug safety). The statutory pharmacovigilance commitments relate to our medicinal products for human use. Similar regulations exist for medical devices.

With the help of our vigilance activities, Fresenius Kabi ensures that the patients’ safety of its products is always guaranteed, and that Fresenius Kabi is enabled to identify any changes in the benefit-risk-ratio at an early stage and react in a timely manner.

What data we collect and how we do that

We may collect and use your personal data in the following ways:

Information you provide to us, we collect from other organisations or from publicly available sources

We collect and use the data:

  • you provide directly to us (e.g., via phone, letter or webform), as patient using our products 
  • as reporter of adverse reactions or events 
  • as reported and published on publicly available sources such as social media and internet forums, literature or other reports we became aware of
  • as provided to us by healthcare organisations or organisations otherwise involved in the provision of care such as hospitals, our distributors and resellers or universities.

The exact amount and kind of data depends on the information submitted to us or the information that is published, posted or shared. Such data includes:

  • Information identifying the patient (potentially including first and last name, date of birth, gender)
    • Medical history and other characteristics including laboratory data, pregnancy, weight, height and age
    • Measures and treatment of adverse reactions and events
  • Information identifying the reporter or on the primary source of the data for potential follow-up requests
    • First and last name
    • Contact and address information (including address, e-mail address, social media account name, phone number)
    • Signature (in case you report on behalf of a healthcare provider) 
  • Information on the adverse reactions and events or other information on the safety of our products
    • Description of the adverse reactions and events related data including start, stop, duration
    • Drug/active substance related data including dosage, application, suspected causality indication and duration of treatment
    • Medical device related data including application, and malfunctioning
    • Seriousness criteria of reaction such as death, life threatening, hospitalization or prolonged hospitalization, permanent injury or disability, important medical event
    • Outcome of reactions.
Legal Basis for Processing Your Data

We process your personal data on the following legal basis:

  • The processing of your personal data is necessary for reasons of public interest in the area of public health to ensure high standards of quality and safety of medicinal products and devices based on law (e.g., in UK and Europe Art. 6.1 e and Art. 9.2 I UK and EU GDPR). 
  • You have given us your consent for the intended processing (e.g., in UK and EU Art. 6.1 a UK and EU GDPR and Art. 9.2 a UK and EU GDPR) which can be the case if you participate in a clinical trial or research study
  • The processing relates to personal data which is manifestly made public by you (e.g., Art. 9.2 e UK and EU GDPR) which can be the case if you publish it on social media
  • The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in UK and EU Art. 6.1 f UK and EU GDPR). This legitimate interest is explained under ‘Why we collect and use your data'
  • The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in UK and EU Art. 6.1 c UK and EU GDPR and Art. UK and EU 9.2 I UK and EU GDPR). More specifically we are obliged to have post market surveillance based on Regulation (EU) No 1235/2010 and Directive 2010/84/EU concerning the pharmacovigilance of medicinal products for human use. See also Commission Implementing Regulation No 520/2012 of 19 June 2012 and the European Medicines Agency (EMA) Guidelines on Good Pharmacovigilance Practices (GVP). Furthermore, legal obligations arise as part of a clinical trial, see Regulation (EU) No 536/2014 and as part of medical device regulations EU 745/2017 and 746/2017.
Requirements to provide personal data

If you do not provide all necessary personal data, we might not be able to respond or process your report properly because we cannot comply with the legal requirements as listed above.

How Long We Retain Your Data

Fresenius Kabi only stores personal data that is required to be compliant with the current legislation in our global safety databases. 

  • For events related to medicinal products / Drugs, the data will be kept for 10 years after the marketing authorisation has ceased to exist or 5 years after the completion of formal discontinuation of the last clinical trial. 
  • For events related to medical devices the data will be kept for 10 years after the last device has been placed on the market (15 years for implantable devices). 
  • Complaint related documentation related to our products the data will be kept for 30 years after closing. 

Last updated October 2024, replaced the previous version
 

Why we collect and use your data

We collect and use your data to validate, handle and respond to your request, and to fulfill our accountability requirements arising from the General Data Protection Regulation or other data protection legislations.

What data we collect and how we do that
Information you provide to us 

We collect and use the data you provide to us. The exact amount and kind of data depends on what information you include in your request and what type of request you submit. Such data includes:

  • First and last name
  • Academic title
  • Gender
  • Contact and address information (e.g., address, e-mail address, phone number, fax number)
  • Country of residence
  • Information on your relationship with Fresenius Kabi and its entities
  • Your request
  • Data needed to identify yourself
Legal Basis for Processing Your Data

We process your personal data on one or more of the following legal bases:

  • The processing of your personal data is necessary for us in order to comply with a legal obligation, we are subject to (e.g., in UK and EU Art. 6.1 c UK and EU GDPR). We are legally obliged to respond to your request and to process your personal data accordingly. More specifically, in UK legal obligations in relation to requirements under the UK General Data Protection Regulation (Regulation (EU) 2016/679).
  • The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in UK and EU Art. 6.1 f UK and EU GDPR). More specifically, these legitimate interests are the establishment, exercise or defense of legal claims
  • The processing is necessary for the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity (e.g., in UK and EU Art. 9.2 f UK and EU GDPR)
Requirements to provide personal data

If you do not provide all necessary personal data, we may not be able to respond to or properly process your request.

How Long We Retain Your Data

We store your personal data until we have responded to your request and thereafter in line with the respective statute of limitation for corresponding legal claims. After the end of this status of limitation (after six years), your data will be erased entirely.

Longer retention periods may apply after the time periods listed above (e.g., because we are obliged to store the data for tax purposes or civil or criminal proceedings where initiated).

Last updated October 2024, replaced the previous version
 

Why we collect and use your data

We may collect data about you for the following purposes:

  • to answer your inquiries you sent to us by direct message
  • to follow up and report on posted adverse events
  • follow up on any hate speech or other statements that allegedly threatens our employees, organisation, our brand or reputation
  • to gain insights in our and your online presence and standing
  • to adapt our online presence with the respective platform or network to best suit the preferences and interests of its users
  • to provide advertisements to targeted groups
What data we collect and how we do that

We may collect and use your personal data in the following ways:

Information you post

We collect information you post about us, our brands, our employees, our markets, our products and services or otherwise affects us. This may include: 

  • Your name as selected by you for your social media user account, including your picture and profile description/bio
  • The content of your published posts
  • The content of your direct messages
Information obtained from social media providers

We collect information from social media providers which they collect when you use their platforms and they provide to us. This may include: 

  • your profile as determined by the social media provider, which can include:
    • Geography
    • Interests
    • Gender
    • The industry you are working in
    • Age groups
    • Values
    • Channels
Legal basis to collect, use and share your data

We process your personal data on one or more of the following legal bases:

  • The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in the UK and EU Art. 6.1 c UK and EU GDPR). More specifically legal obligations in relation to requirements under pharmacovigilance and medicines laws. 
  • The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the UK and EU Art. 6.1 f UK and EU GDPR). These legitimate interests are:
    • To validate, handle and respond to you based upon your enquiry or request
    • To provide information on our products and service
    • To provide an adequate online presence which meets the demands of the users
    • To protect our employees, organisation, brands and reputation
  • The processing relates to personal data which is manifestly made public by you (e.g., in UK and EU Art. 9.2 e UK and EU GDPR)
With whom we share your data

Besides the general recipients as mentioned under With Whom We Share Your Data, we share your data with social media platform providers. These providers are responsible as Controller for the data they receive.

Responsibility regarding Facebook and Instagram

Please be aware that for obtaining the insights in your online presence, Fresenius Kabi is jointly with Facebook, controller of the activities. For all other processing of personal data related to Facebook and Instagram, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is the responsible controller.

You can find information on respective processing of personal data regarding Facebook here: https://facebook.com/about/privacy

You can find information on respective processing of personal data regarding Instagram here: https://help.instagram.com/519522125107875

Responsibility regarding LinkedIn

For all processing of personal data related to LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, is the responsible controller.

You can find information on respective processing of personal data here: https://linkedin.com/legal/privacy-policy

How Long We Retain Your Data

We store your data for as long as it is necessary to answer your enquiry. So, until you receive the last relevant message from us to answer your query, plus a 6-month transition period so that we can respond if you have any further or follow-up questions. If your post or you are mentioned in a post that relates to an adverse event or reaction associated with the use of medicinal products and safety of medical devices (vigilance), we store the information longer.

With Whom We Share Your Data

In all the situations as mentioned above, we collaborate with other organisations to achieve our purposes. Therefore, we may send your personal data in parts or as a whole to other organisations.

Apart from the specific recipients as mentioned above for the specific situations, such recipients are:

  • Other Fresenius Kabi Group companies
  • Other Fresenius Group Companies
  • Service providers which process personal data on our behalf (e.g., for hosting or maintenance services) and have to follow our instructions on such processing; 
  • Authorities, courts and/or parties, or their delegated bodies, in a litigation in case we are required to do so to meet any applicable laws, regulations, legal processes or enforceable governmental requests
  • Professional advisors or auditors, such as tax advisors, financial auditors, lawyers, insurers, banks and other external professional advisors in the countries in which we operate
  • Other entities in the event of a change in ownership, a merger with, acquisition by, or sale of assets.

International data transfers

We may send your personal data in parts or as a whole to the above recipients in other countries. For some of these countries the European Commission or respective legislator or authority in your country has determined an adequate level of data protection to be in place that matches the level of data protection in your country. 

The European Commission has done this for the following countries / international organisations in which Fresenius entities are located: Argentina, Canada, Japan, South-Korea, United Kingdom, New Zealand, Switzerland or Uruguay.

For the UK these are: all countries in the European Union, and the countries, territories and sectors covered by the European Commission's adequacy decision including Andorra, Argentina, Faroe Islands, Guernsey, Isle of Man, Israel, Jersey, New Zealand, Switzerland, and Uruguay. There are partial findings of adequacy for Canada, Japan, and the United States of America.  For countries where the respective legislator or authority has not decided that an adequate level of data protection exists that matches the level of data protection in the UK, we have provided safeguards in order to secure your personal data to a degree that is equivalent to the level of data protection in the European Union and the UK.

These safeguards are:

  • For the exchange of data within our company: our Binding Corporate Rules for Controllers
  • For the exchange of data with our service providers and other international organisations: Standard Contractual Clauses that have been issued by the European Commission or the ICO.

You can obtain a copy of these Standard Contractual Clauses and the Fresenius Kabi Group Binding Corporate Rules, online, or upon request.

Changes to Our Personal Data Processing Activities

As our collection and use of your data may change over time, we may update the information on this site from time to time to correctly reflect our data processing practices. We encourage you to review it from time to time. Previous versions are available as link under the sections of the different situations in which we collect your data.

Contact, Requests, Enquiries and Complaints relating to your data

For all the situations where we collect and use your data the following information is applicable.

Controller and contact:

The controller or designated responsible entity representing the Fresenius Kabi group, for processing of your personal data:

Fresenius Kabi Limited
Cestrian Court
Eastgate Way, Manor Park
Runcorn, Cheshire WA7 1NT
United Kingdom

General Contact Form

Requests, Enquiries and Complaints

By using our data protection contact form (see below), you can request information and execute your rights. 

Where applicable based on data protection legislation, you have the right to request:

  • confirmation whether or not we process your personal data
  • access to or a copy of your personal data: You can ask to access/receive information about e.g. the purpose of processing, the categories of personal data concerned, the recipients, storage periods, any existence of automated decision-making.
  • rectification of your personal data if they are incomplete or incorrect
  • deletion of your personal data, unless it must be maintained e.g. due to legal retention requirements
  • to restrict of processing of your personal data if either the accuracy of the personal data is contested, or the processing is unlawful (no longer required for the pursued purposes).
  • data portability of your data to another organisation in a commonly used and machine-readable format, if the following conditions are met: 

    - Personal data have been provided by the individual

    - The processing is based on the individual’s consent or on a contract with the individual

    - The processing is carried out by automated means.

  • Object to processing on grounds specific to your situation or to direct marketing and profiling.
  • revocation or withdrawal of your previously given consent at any time. You can withdraw your consent to all processing or for individual purposes of your choice. The withdrawal of consent will not affect the lawfulness of processing based on your consent before the withdrawal.
  • to be not subject to automated decision making (incl. profiling) which could lead to legal or similar significant effects to your, unless:

   -  It is necessary for entering into or performance of a contract between the you and Fresenius Kabi

   -  It is based on your explicit consent.

If you submit a request, our data protection organisation may contact you for additional information to confirm your identity and to clarify our request. We provide information free of charge unless requests are manifestly unfounded or excessive. In that case we may charge a fee.

We aspire to answer your request within four weeks. We reserve the right to extend the period within the scope of the admissibility by law and will inform you if this is the case. Please do not inquire about your processing status.

If you want to submit a request to another Fresenius Kabi entity than listed in this form, please navigate to the website of the country the respective entity is located. Web addresses can be found here​.

For more information on how we handle your personal data, please read the information in the section called If you submit a data subject request.

 

The fields marked with * are mandatory. If you do not complete them, we cannot process your request.
 

Personal Information

You also have the right to lodge a complaint with our data protection officer or the supervisory authority:

Data Protection Officer:

Fresenius Kabi AG
Data Protection Officer
Else-Kröner-Straße 1
61352 Bad Homburg
Germany

Email: data.protection-uk@fresenius-kabi.com

If you're unhappy with the outcome of your enquiry, then you can contact the ICO:

Data Protection Authority:

The Information Commissioner’s http://ico.org.uk/global/contact-us/
Tel: 0303 123 1113

 

 

GB-NP-2400157 October 2024