Privacy Notice

Last Updated: May 2018  
 
INTRODUCTION

This Privacy Notice explains who we are, how we collect, share and use personal data about you, and how you can exercise your privacy rights. If you have any questions or concerns about our use of your personal data, or would like to exercise any of your rights — including to object to the processing of your personal data in the way that we describe here — then please contact us using the details provided at the bottom of this Privacy Notice.
 
 
PERSONAL DATA

"Personal Data" is data that identifies you as an individual or relates to an identifiable individual. We collect Personal Data in various ways on our Sites, including through registrations, applications, surveys, in connection with your inquiries, and automatically when you browse our Sites.
We may request basic Personal Data when you use a Site; if you are an HCP, we may request additional Personal Data.

Personal Data that we may request includes:
•Name
•Your preferred language
•Contact details (such as postal address, telephone numbers, email address)
•Your interests (such as health conditions and topics about which you request information through the Site or indicate interest)

If you are an HCP, we also may request additional data related to our professional interaction with you:
•Professional biography/credentials
•Data related to your licensures, specialties, professional affiliations, publications, credentials, and other professional achievements
•Adverse event data
•Data related to your use of our products, your interactions with us, and services for those you care for

If we ask you to provide any other personal information not described above, then the personal information we will ask you to provide, and the reasons why we ask you to provide it, will be made clear to you at the point we collect your personal information.

We may also collect Personal Data from other sources, including data companies, publicly accessible databases, joint marketing partners and other third parties.

When you are asked to provide Personal Data, you may decline. But if you choose not to provide data that is necessary to for us to provide requested services, we may not be able to provide you those services.

If you provide or permit us to collect any Personal Data relating to another person, you are telling us that you have the authority to share that data and to permit us to use the data as described in this Privacy Notice.

In general, we will use the personal information we collect from you only for the purposes described in this Privacy Notice or for purposes that we explain to you at the time we collect your personal information. However, we may also use your personal information for other purposes that are not incompatible with the purposes we have disclosed to you (such as archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes) if and where this is permitted by applicable data protection laws.
 
 
HOW WE USE PERSONAL DATA

We use Personal Data in order to:
•Provide Site functionality and fulfill your requests when we have a contractual relationship or a legitimate interest.

Site functionality and fulfilling your requests includes:
•To provide customer service to you.
•To respond to your inquiries and fulfill your requests and complete your transactions.
•To send administrative information to you, such as changes to our terms, conditions and policies, as well as marketing communications that we believe may be of interest to you.
•Provide personalized services when we have your consent or a legitimate interest in providing you with information of interest to you.

Personalized services include:
•To better understand you and personalize our interactions with you.
•To analyze or predict your preferences in order to improve our interactions with you, i.e., to deliver you the content, products and offers (via our Site, emails or digital tools) that we believe will be relevant to your professional interests.
•Engage with you as an HCP when we have a contractual relationship or a legitimate interest.

Engaging with you as a health care professional includes:
•To verify your eligibility to access certain products, services and data that may be provided only to certain licensed HCPs.
•To interact with you based on your professional expertise and opinion by digital or other means.
•To involve you in programs/panels of healthcare professionals.
•To reach out to you for your professional expertise, for example, in the context of surveys relating to products or services of CTHC entity or its business partner.
•To collaborate with you on medical events, publications, or advisory meetings.
•To seek your views on products and services promoted by us, an affiliate or business partner for development and improvement purposes.

•Allow you to participate in special programs, activities, events, or promotions as part of our contractual relationship with you or where we have a legitimate interest.

In these cases, we may use your Personal Data in additional ways disclosed as part of these special program, activites, events or promotions.

•Operate our business to comply with our legal obligations and to meet our legitimate interests in maintaining our business.

Our business activities include:
•To conduct data analysis and audits.
•To identify usage trends in the use of our Sites and analyze the effectiveness of our communications.
•To detect, prevent, investigate fraud and including (cyber) security monitoring and prevention.
•To develop, enhance, improve or modify our products and services.
•To validate your ability to access or use certain products or services.
•To better understand how our products and services impact you and those for whom you care.
•To track and respond to concerns, including engaging in regulatory monitoring and reporting obligations related to adverse events, product complaints and patient safety.
•To operate and expand our business activities.

We may aggregate the Personal Data that you and other Site users provide. If we do, we may use and disclose such aggregated data for any purpose. Aggregated data does not personally identify you or any other individual.
 
 
HOW WE USE AND DISCLOSE PERSONAL DATA

We disclose Personal Data as follows:
•To other CTHC companies for the purposes described in this Privacy Notice.
•To our third party service providers, to provide services such as website hosting, data analysis, information technology and related infrastructure provision, customer service, email delivery, auditing and other services.
•To other companies with which we collaborate regarding particular products or services. These may include our co-promote partners for products that we jointly develop and/or market.
•To any other person with your consent to the disclosure.

We also use and disclose your Personal Data as we believe to be necessary or appropriate:
•To comply with applicable law and our regulatory monitoring and reporting obligations (which may include laws outside your country of residence), to respond to requests from public and government authorities (which may include authorities outside your country of residence), to cooperate with law enforcement, or for other legal reasons.

 
 
Legal basis for processing personal information (EEA visitors only)

If you are a visitor from the European Economic Area, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person, e.g. to inform patients of possible adverse side effects related to medication they are taking.

If we ask you to provide personal information to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).

Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the "contact us" heading below.


INDIVIDUAL RIGHTS

On some Sites, you have the opportunity to update your profile through the Site.

If you would like to request to review, correct, update, suppress, restrict or delete Personal Data that you have provided to us through the Site, or if you would like to request to receive an electronic copy of such Personal Data for purposes of transmitting it to another company, you may contact us as indicated in the Contact Us section. We will respond to your request consistent with applicable law.

In your request, please tell us what Personal Data you would like to have changed, whether you would like to have it suppressed from our database, or otherwise let us know what limitations you would like to put on our use of it. For your protection, we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.

Please note that we may need to retain certain Personal Data for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion.
 
 
DATA SECURITY

We seek to use reasonable organizational, technical and administrative measures to protect your Personal Data. Specific measures we use include encrypting your personal information in transit and at rest.


Data Retention Period

We will retain your Personal Data for as long as needed or permitted in light of the purpose(s) for which it was obtained and as outlined in this Privacy Notice. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you and provide the Site to you; (ii) whether there is a legal obligation to which we are subject; or (iii) whether retention is advisable in light of our legal position (such as in regard to the enforcement of the Site Terms of Use, applicable statutes of limitations, litigation or regulatory investigations).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.


International Data Transfers

Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country.

Specifically, our servers are located in the South Korea and our group companies and third party service providers and partners operate around the world. This means that when we collect your personal information we may process it in any of these countries.

However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice. These include implementing the European Commission's Standard Contractual Clauses for transfers of personal information between our group companies, which require all group companies to protect personal information they process from the EEA in accordance with European Union data protection law.

Our Standard Contractual Clauses can be provided on request. We have implemented similar appropriate safeguards with our third party service providers and partners and further details can be provided upon request.


Use by Minors

We do not intend for our websites or online services to be used by anyone under the age of 18.


UPDATES

We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws. This Privacy Notice was last updated as of the "Last Updated" date shown above.


Contact US

If you have any questions or concerns about our use of your personal information, please contact our data protection officer using the following details: DPO.CTHC@celltrion.com.