We collect and use your data to validate, handle and respond to your request, and to fulfill our accountability requirements arising from the General Data Protection Regulation or other data protection legislations.
Data Protection Statement for Data Subject Request
Data protection information for individuals submitting a data subject request
Last updated April 2022, previous version
As an individual contacting us with a request regarding your rights as a data subject under the General Data Protection Regulation (GDPR) or other applicable data protection laws, Fresenius Kabi AG (“we”) will collect and use certain personal data from you.
This data protection statement informs you about the processing of personal data when making a data subject request.
Please be aware that we also may process your personal data in other contexts, e.g. when you visit our website, when you are a business contact for products or services, when you interact with us in your capacity as a healthcare professional or if you report an adverse reaction. Please see the specific information on the processing of your personal data in such situations.
We collect and use your personal data in the following situation:
Information you provide to us
We collect and use the data you provide to us. The exact amount and kind of data depends on what information you include in your request and what type of request you submit. Such data includes:
- First and last name
- Contact and address information (including address, e-mail address, phone number, fax number)
- Country of residence
- Information on your relationship with Fresenius Kabi and its entities
- Your request
- Data needed to identify yourself
We process your personal data on the following legal basis:
- The processing of your personal data is necessary for us in order to comply with a legal obligation, we are subject to (Art. 6.1 c GDPR). We are legally obliged to respond to your request and to process your personal data accordingly
- The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (Art. 6.1 f GDPR). More specifically, these legitimate interests are the establishment, exercise or defense of legal claims
- The processing is necessary for the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity (Art. 9.2 f GDPR)
We collaborate with other organizations to reach our purposes. Therefore, we may send your personal data in parts or as a whole to other organizations.
Such recipients are:
- Other Fresenius Group companies if such a transfer of personal data is required for the specific purpose (please refer to the overview of the locations in which Fresenius Kabi Group companies are active). The scope of such transfer largely depends on the scope of your request, in particular, which entities you interacted with. For example, if you are a customer of a particular Fresenius Kabi entity, we will forward your request to this entity, in order to process the necessary information to respond to it
- Service providers which process personal data on our behalf (e.g. for hosting or maintenance services) and have to follow our instructions on such processing; these service providers will not be allowed to use your personal data for other than our purposes
- Authorities, courts, parties in a litigation in case we are required to do so to meet any applicable laws, regulations, legal processes or enforceable governmental requests
- Professional advisors or auditors, such as tax advisors, financial auditors, lawyers, insurers, banks and other external professional advisors in the countries in which we operate
International Data Transfers
We may send your personal data in parts or as a whole to Fresenius Group recipients or our service providers other international organizations in countries, which are not member states of the European Union, for the purposes listed above. Please refer to the overview of the locations in which Fresenius Kabi Group companies are active.
We may send data to the following countries for which the European Commission has determined an adequate level of data protection to be in place that matches the level of data protection within the European Union in which Fresenius entities have been established: Argentina, Canada, Japan, New Zealand, Switzerland or Uruguay.
With regards to such international data transfers to third countries, for which the European Commission has not decided that an adequate level of data protection exists, we have provided appropriate safeguards in order to secure your personal data to a degree that equals the level of data protection in the European Union.
Safeguards used are:
- For the exchange of data within our company: Binding Corporate rules for Controllers
- For the exchange of data with our service providers and other international organizations: Standard Contractual Clauses that have been issued by the European Commission
You can obtain a copy of these Standard Contractual Clauses and our Binding Corporate Rules online, or upon request.
We store your personal data until we have responded to your request. Afterwards, the respective personal data shall be blocked (i.e. we block your data for all other purposes) until the end of the respective statute of limitation for corresponding legal claims. After the end of this status of limitation (after four years), your data will be erased entirely.
If longer retention periods apply after the time periods listed above (e.g., because we are obliged to store the data for tax purposes or civil or criminal proceedings where initiated) our aim also includes that the data will be blocked until the end of the respective retention period and then erased.
Depending on the situation you have certain rights regarding your personal data. You have the right to:
- Request access to your personal data
- Request rectification of your personal data
- Request erasure of your personal data
- Request the restriction of processing of your personal data
- Data portability
- Object on grounds specific to your situation
You can exercise these rights online by using the data protection contact form.
You also have the right to lodge a complaint with our data protection officer or the supervisory authority.
Data Protection Officer:
Fresenius Kabi AG
Data Protection Officer
61352 Bad Homburg
Data Protection Authority:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Presse- und Öffentlichkeitsarbeit
Requirements to provide personal data
If you do not provide all necessary personal data, we may not be able to respond to or properly process your request.
Changes to this data protection statement
As our collection and use of your data may change over time, we may also modify this data protection statement to always correctly reflect our data processing practices. We encourage you to review it from time to time.
The controller and responsible entity for processing of personal data is:
Fresenius Kabi AG
61352 Bad Homburg