Our Data Protection Organisation
Fresenius Kabi operates a central data protection center of competence. This center has set up a data protection management framework in alignment with ISO 29100 (privacy framework for the protection of personally identifiable information). The competence center aims to implement a harmonized and consistent way of processing personal data across all Fresenius Kabi entities. It sets the policies, procedures, and standards for data protection and provides tools and processes for the employees as well as training and awareness material. Furthermore, this center provides expertise on all data protection topics.
Our local data privacy advisors at the various Fresenius Kabi legal entities support local management in their compliance efforts. They do this by executing risk and compliance assessments for the different data processing activities. With these assessments, we aim to integrate data protection requirements into the design of our processes and IT systems.
At Fresenius Kabi, we know information security is important to our customers, patients, and business partners. We are committed to maintaining information security through responsible management, appropriate use, and protection in accordance with legal and regulatory requirements and our agreements. Please find more about the Information Security at Fresenius Kabi.
The monitoring of our data protection compliance efforts is overseen by our data protection officer.
Our Data Protection Policy
The Fresenius Kabi Group has adopted Binding Corporate Rules on the protection of personal data. These rules have been approved by the European Data Protection Authorities and describe the principles for protecting personal data and determine how we apply them when collecting and processing personal data.
The Fresenius Binding Corporate Rules and associated security policies and procedures aim to create a global adequate and uniform level of data protection across our group. They also set the rules for the internal data transfers between Fresenius Kabi companies and our internal service provider worldwide.
Furthermore, Fresenius Kabi Australia Pty Limited and Fresenius Kabi New Zealand Limited, abide by local laws and regulations related to Data Privacy, both federal and state-based legislation. The main frameworks in scope are:
- The Privacy Act 1988 (Privacy Act) is the principal piece of Australian legislation protecting the handling of personal information about individuals. This includes the collection, use, storage, and disclosure of personal information in the federal public sector and in the private sector.
- The Privacy Act 2020 provides the rules in New Zealand for protecting personal information and puts responsibilities on agencies and organizations about how they must do that.