Data Protection at Fresenius Kabi

Welcome to the Fresenius Kabi SwissBioSim GmbH (“Fresenius Kabi” or “we”) data protection information page. As a global healthcare company that specializes in lifesaving medicines and technologies for infusion, transfusion and clinical nutrition, we need to collect, use and share your personal data to carry out our work. We need to ensure that this data is appropriately handled and protected.

This site explains how we incorporate data protection in our operations and how your data is used in our processes. Furthermore, you will find information on how to execute your rights.

Fresenius Kabi operates a central data protection competence center. This center has set up a data protection management framework in alignment with ISO 29100 (privacy framework for the protection of personally identifiable information). The competence center aims to implement a harmonized and consistent way of processing personal data across all Fresenius Kabi entities. It sets the policies, procedures and standards for data protection and provides tools and processes for the employees as well as training and awareness material. Furthermore, this center provides expertise on all data protection topics.

Our local data privacy advisors at the various Fresenius Kabi legal entities support local management with their compliance programs. They do this by executing risk and compliance assessments for the different data processing activities. With these assessments we aim to integrate ‘Privacy by design’ into the design of our processes and IT systems.

The monitoring of our data protection compliance efforts is overseen by our data protection officer.

The Fresenius Kabi Group has adopted Binding Corporate Rules on the protection of personal data. These rules have been approved by the European Data Protection Authorities and describe the principles for protecting personal data and determine how we apply them when collecting and using personal data.

The Fresenius Binding Corporate Rules, associated security policies and procedures aim to create a global adequate and uniform level of data protection across our group. They set the rules for the internal data transfers between Fresenius Kabi companies and our internal service providers worldwide.

At Fresenius Kabi we know information security is important to our customers, patients, and business partners. We are committed to maintaining information security through responsible management, appropriate use, and protection of our and your data in accordance with legal and regulatory requirements and our agreements. Please find more about the Information Security at Fresenius Kabi

We collect and use your personal data in various ways and for various purposes. We collaborate with other organizations to achieve our purposes. In the sections below you can find when and how we do that. If you have any further questions, requests, inquiries or complaints relating your personal data you can contact us

Last updated 21.02.2025, replaced this Version

Please be informed that our websites include links to external sites which are not covered by this data protection statement. Also, some of the Fresenius Kabi entities in our group provide data protection statements that may differ from this data protection statement. Your visit to such websites is subject to the respective data protection statement of that website.

We collect and use your data for the following purposes:

To make the website work and optimized for the device you use
To provide the best possible service to you, enhance your user experience and store your preferences for your current or future browsing sessions
To further improve our websites.

We collect your data of your visit to our website in the following ways:

We collect and use the following internet protocol data or cookie data during your visits on our websites:

• The name of your service provider including IP address

• The website that directed you to our site

• The pages you visited on our websites

• Your web browser type

• The date and length of your visit

• The preferences you select.

You can accept or refuse the use of certain cookies & other technologies for this website. Please note that if you choose not to accept the use of certain cookies you may not be able to experience the full functionality of this website and may have to confirm certain dialogs once again.

Your cookie settings are always related to the web browser you are using, and the settings are of no effect if you use a different web browser upon your next use of this website. Alternatively, you can manage the settings of your web browser or on your mobile device. Here you can delete cookies at your own discretion at any time.

We use the following types of cookies:

This type of cookies is required to make the website work. They are exclusively used by us during the session. They help to make the page load more quickly and to limit the number of sessions originating from a user to prevent a website-overload.

We use a "cookie notifier" cookie which saves your decision either to agree with the usage of cookies on our website or not. It is saved automatically upon your click on one of the two options available. Your acceptance of our cookies is stored for one year from the acceptance date. If you decide to refuse our cookies, your decision will be stored for 30 days. During this time, the cookie information banner will not be shown again.

All other strictly necessary cookies remain valid during the session and are automatically deleted when you close the browser.

Functional cookies save the choices and preferences you make while visiting this website in order to offer you an improved functionality and personal features. They can remember your login status, or the status of videos played. These will be stored for 30 days

When you consent to the usage of analytical cookies, respective cookies will be stored on your device. Analytical cookies allow us to analyze the way the website is used, how often visitors use a page of our website, and if they get error messages from our pages. For this purpose, your IP address will be processed in a pseudonymized manner by deleting the last three digits. That way we are no longer able to directly identify you as an individual. We will delete this data within three years.

When you consent to the usage of social media cookies or when you press ‘I consent’ in the social media feeds section, cookies will be placed. You are then able to see the activity streams of our corporate social media channels which are embedded on our website. Your consent is stored for the duration of your visit of our website through our “social media” cookie.

If you activate plug-ins of social media providers (such as Facebook, X, YouTube, LinkedIn, Instagram or WhatsApp), your web browser will connect to the servers of the respective providers and send your specific user data to these providers.

In addition, if you are currently logged in to a social network of one of the above-mentioned providers, your activity may be linked to your user account with these providers at the same time.

In order to secure your privacy, we are using a tool called “Shariff.” Shariff enables you to decide whether and when to activate the share plug-ins on our website and, by doing so, whether to initiate a transfer of user specific data to the provider. Only if you specifically activate a plug-in via Shariff, your browser will connect to the servers of the respective provider and the user specific data (as further referenced below) will be sent to that provider. You activate a plug-in via Shariff, by clicking on one of the respective share buttons.

We process your personal data on one or more of the following legal bases:

You have given us your consent for the intended processing or international transfer of your personal data, (e.g., in the EU Art. 6.1 a, and Art. 49.1 a GDPR). This is e.g. the case for cookies that are not strictly necessary and when you activate the social plug-ins.
The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR).

These legitimate interests are:

the establishment, exercise or defense of legal claims
to provide information on our products and service via a working and optimized website.

Besides the general recipients as mentioned on our With Whom We Share , we share your data with social media platforms if you activate the plug ins.

Fresenius Kabi has no influence on the scope or the kind of data that will be submitted by activating the plug-ins. Besides, further data processing operations could be triggered, on which we do not have any influence. To learn more about the scope of personal data collected and used, the purposes for which we may use your data, and your respective rights and configuration options to protect your privacy (including your right of withdrawal of consent), please refer to the respective social network’s data protection statement.

Facebook: https://www.facebook.com/about/privacy
X: https://twitter.com/en/privacy
YouTube: https://policies.google.com/privacy
Instagram: https://help.instagram.com/519522125107875
LinkedIn: https://www.linkedin.com/legal/privacy-policy
WhatsApp: https://www.whatsapp.com/legal/

Information collected via the website or cookies & similar technologies will be stored as long as your visit or as long as the cookie is valid as explained above.

Last updated 21.02.2025, replaced this Version

We may collect and use your data for the following purposes:

to verify if you are a healthcare professional. We do this to comply with laws and regulations relating to the marketing and provision of information about certain medical products and medicines. We also need to verify if you are registered as healthcare professional in the respective country of the website you are visiting, because our products have a different registration status with the health authorities and therefore information may differ from country to country.
to enhance your visits to our websites with content relevant to you
to tailor and optimize our communications and interactions with you based on your interests

We collect your data of in the following ways:

If you create an account or login with your account on our website, the following data may be processed:

- Name

- Username and password

- Healthcare profession number

- Professional email address

- Country

- Zip code

- Profession, therapeutic area and specialty you are working in

- Title, Gender

- Your employers name and address

- Date and time your account was created

- The website your account was first enabled

- Logfiles, containing information date and time you logged into or out a Fresenius website, the pages visited on our websites

We may process data that is provided to us by contracted service providers, or obtained from publicly accessible sources, including official registers of healthcare professionals or data brokers which provide information about healthcare professionals. This may include:

- Healthcare profession number

- Professional email address

- Country

- Zip code

- Profession, therapeutic area and specialty you are working in

- Your employers name and address

To tailor and optimize our communications, we create a profile of you. This may be based on your profession, therapeutic area and specialty you are working in, and the interactions on our website and is used to tailor and optimize our communications and interactions with you.

An automated decision making (e.g., in the EU Art. 22 GDPR) occurs to fulfill our obligation to not market the use of medical products for human use to the general public. We therefore verify if you are a healthcare professional. This is done based on information obtained from official publicly available sources and/or external data brokers. If you are not recognized as a healthcare professional, you cannot access all information on such restricted areas of our website.

We process your personal data on one or more of the following legal bases:

• The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR). More specifically the legal obligations in relation to the marketing and provision of information about certain medical products and medicines for which we need to verify if you are a healthcare professional. Furthermore, the status of registration of certain products with the health authorities differs from country to country and must therefore be adapted per country.

• You have given us your consent for the intended processing or transfer of your personal data, (e.g., in the EU Art. 6.1 a, and Art. 49.1 a GDPR). This is the case if you create or use a login from another party such as your account from Acxiom, DocCheck, IQVIA and/or Veeva.

• The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR). These legitimate interests are:

• The establishment, exercise or defense of legal claims

• To provide information on our products and service via a working and optimized website

• To obtain insights in the visitors of our website and their interests.

Your personal data is required to make the website accessible to you. If you do not provide the personal data marked as compulsory during the account creation or login, you may not be able to access all information available on such restricted areas of our website.

Your credentials are stored for 2 years after your last login.

Your logfiles are stored for 13 months.

Last updated 21.02.2025, replaced the previous version

We collect and use data you actively provided to us. For instance, when filling in online forms or when contacting us by other means of communication such as e-mail, telephone or mail. We may do this:

To validate, handle and respond to you based upon your inquiry or request
To fulfill our compliance requirements under pharmacovigilance and medicines laws.

We collect the information you provide to us, which may include the following data:

Name
Gender
Contact and address information (e.g., address data, email address, phone number, fax number)
Country of residence
Organization / Company
Profession
Type of request and possible further information for the purpose of responding to your inquiry

We process your personal data on one or more of the following legal bases:

· The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR). More specifically legal obligations in relation to requirements under pharmacovigilance and medicines laws.

· The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR). These legitimate interests are:

To validate, handle and respond to you based upon your inquiry or request
The establishment, exercise or defense of legal claims
To provide information on our products and service.

Your contact details are required to be able to provide you an answer to your request.

Your contact details will be stored for up to six months after the inquiry has been completed unless legal obligation exists to retain data for a longer duration, which is the case if you report or are you mentioned in an adverse event or reaction associated with the use of medicinal products and safety of medical devices (vigilance) .

Last updated 21.02.2024, replaced the previous version

As our valued commercial prospect, client, vendor, interested business contact or otherwise representative of an organization we interact with (business contact), we may collect and use certain personal data from you. Depending on the business relationship we have with you and/or the organization you are working for, we may collect and use your data for the following purposes:

Asses a potential business relationship and/or maintaining our business relationship with you or the organization you are working for (including customer relationship management, supplier management, investor relations management, and business partner qualification)
Vendor assessment and qualification (e.g., whether you and your organization meet certain quality and certification requirements)
Procurement of products and services from you or the organization you are working for
Exchange of information related to existing contracts or potential future contracts with you or the organization you are working for
Fulfill our contract with the organization you are working for, including the enforcement of any rights we may have under such contract
Termination of contracts and agreements
Fulfillment of compliance requirements related to a business transaction (e.g., conflict checks, business partner due diligence, sanction list screening, anti-money laundering laws, secure supply chain requirements, customs and export law requirements, tracing requirements for products)
Manufacture and quality management of products
Provide and deliver products and services
Marketing (e.g., informing you about products and services or related information)
Carry out surveys to understand customer requirements in more detail
Relationship administration and key account management including external communication and public relationship
Assess and categorize which specific business needs match best with your abilities (e.g., when we look for a key opinion leader in a certain field or for specific products, the extent you belong to the group of scientific input providers, based on scientific or professional experience) or if you can influence in your professional capacity, the use, purchase, ordering, prescribing or recommendation of Fresenius Kabi products, or affect tender decisions, formulary placement, award status or other preferential or qualifying status of Fresenius Kabi products in accordance with applicable law
Finance and accounting, invoicing, payment collection and reporting
Assess your company’s financial solvency and credit risk
Assess potential investments in Fresenius shares, a potential acquisition, divestiture or joint venture transaction with us or any Fresenius Kabi affiliate
Improve our products and services
Organize, secure and improve internal processes including communication, administration, research and IT
Develop, provide, support and maintain IT infrastructure and solutions
Security analysis of our IT systems, to protect the confidentiality, availability, integrity of the data and systems
Facilitate mergers, acquisitions and re-organizations.

We collect and use your personal data in the following ways:

We may collect your personal data when you contact us, order our products and services or enter into a contract with us for the supply of goods and services. Such personal data include:

First and last name
Gender
Contact and address information, including address, e-mail address, phone number, fax number
Country of residence
Role and function in your organization
Your areas of expertise
Your profession and qualifications
Information on the kind of a relationship you have with Fresenius Kabi
Employer name and employer address
Contact preferences

We may process data that is provided to us by contracted service providers, by competent authorities or obtained from publicly accessible trade registers or trade associations and other publicly available sources, including rating agencies, financial solvency, risk information and financial service agencies and institutions, government or supranational agencies, in particular tender authorities or procurement agencies, data brokers, websites, blogs and printed media.

Such personal data may include:

First and last name
Contact and address information (e.g., address, e-mail address, phone number, fax number)
Organization / Company
Your organization’s bank accounts
Your profession and qualifications
Professional identifiers
Organizational details, affiliation details of your company
Certifications and quality statements issued by your organization’s officers, representatives or auditors
Percentage of shares held
Details related to public filings, trade registers and professional boards
Details related to published transactions of your organization including tenders and financial arrangements
Details related to specially designated nationals or blocked persons lists
Previous interactions with Fresenius Kabi and any of our subsidiaries.

An automated decision making (e.g., in the EU Art. 22 GDPR) occurs according to our obligation to conduct a sanction-control-procedure. Within this procedure we check if you, or your organization is listed on an official published sanctions list applicable to the business transaction or relation you have with us. This is necessary for entering into, or performance of, a contract between you and us. The consequence of this can be the refusal to enter into a contractual relationship with you.

We create profiles in our systems, that enable us to assess and categorize which specific business needs match best with your abilities (e.g. when we look for a key opinion leader in a certain field or for specific products, the extent you belong to the group of scientific input providers, based on scientific or professional experience) or if you can, in your professional capacity, influence the use, purchase, ordering, prescribing or recommendation of Fresenius Kabi products, or affect tender decisions, formulary placement, award status or other preferential or qualifying status of Fresenius Kabi products in accordance with applicable law

Depending on the business contact we have with you and the purposes we collect and use your data, we process your personal data on one or more of the following legal bases:

The processing of your personal data is necessary for the performance of a contract (to be) concluded between you and us (e.g., in the EU Art. 6.1 b GDPR)
The processing of your personal data is necessary for us to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR). More specifically we are obliged to comply with laws on anti-money laundering, customs and export, secure supply chain requirements, product tracing requirements, statutory disclosure and notification requirements or similar compliance requirements that might require us to process certain of your personal data
The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR). These legitimate interests are:
- Investigate your interests for a potential business relationship and/or maintaining our business relationship with you or the organization you are working for
- Fulfilling our contract with the organization you are working for, including the enforcement of any rights we may have under such contract
- Gather information and knowledge management related to the interests in and satisfaction about internal processes, products and services
- Development, optimization and improvement of our products and services
- Optimization of internal communication
- Optimization of administration
- Carrying out research work
- Organizational management
- Risk Management: safeguarding against e.g., financial / reputational risks
- Maintenance of the IT infrastructure, IT security, guarantee of IT support and the detection and correction of errors
- Complying with legal requirements outside the EEA
- Establishment, exercise or defense of legal claims.

You may need to provide your personal data to us for the purpose of fulfilling a contract with you or the organization you are working for, e.g., we might need your contact details if you are our business contact at a supplier. If you do not provide your personal data, we might not be able to enter into the respective contractual relationship.

Besides the general recipients as mentioned on our With Whom We Share , we may collaborate with professional data and analytics providers such as IQVIA, Veeva, CDQ and Acxiom to achieve our purposes

We store your personal data for one of the following periods of time:

Until the purpose of the data collecting and using is fulfilled, e.g. for the term of the contractual relationship with you or the organization you are working for. The exact period depends on the organization you are working for and your position in the company.
As long as we have a duty to retain the data in line with applicable laws (e.g., because we are obliged to store the data for tax purposes)
If longer retention periods apply after the time periods listed above (e.g., because we are obliged to store the data for tax purposes or civil or criminal proceedings where initiated) our aim also includes that the data will be blocked until the end of the respective retention period and then erased.

Last updated 21.02.2025, replaced the previous version

We may collect and use your data for the following purposes:

Execute the contract with you, including value transfers (such as payments and expenses), communication with you and the arrangement of hospitality and other facilities
Maintain a database of HCPs with whom we already collaborated and/or may collaborate in the future
Assess and categorize which specific business needs match best with your abilities (e.g., when we look for a key opinion leader in a certain field or for specific products, the extent you belong to the group of scientific input providers, based on scientific or professional experience)
Best practice sharing internally and externally
Disclosure of value transfers to you if you have given us your consent or if we are legally required to disclose such transfers
Fulfillment of our compliance requirements, e.g. from anti-corruption laws, anti-money laundering laws and other laws on economic crime, regulatory and pharmacovigilance and medicines laws, as well as disclosure obligations resulting from applicable laws and self-regulatory codes of conduct as a result of our membership in trade associations

We may collect and use your personal data in the following ways:

We collect your personal data depending on the different types of interaction you have with us. Such personal data may include:

· First and last name

· Gender

· Contact and address information, including address, e-mail address, phone number, fax number

· Country of residence

· Curriculum vitae information, including information on your professional experience, your engagement with us and other companies, events you attended, publications, organizations you worked for

· Pictures of you

· Audio-visual recordings of your voice, appearance and statements, if a presentation of yours is recorded and this has been agreed

· Your areas of expertise and your areas of professional interest as an HCP

· Information on payments made and benefits granted to you (transfers of value)

· Your bank account number

· Your tax identification number

· Contract entered between you and us

Before we enter in an interaction with you, we may collect information about you and your professional experience from publicly available sources, such as the internet, social media platforms, sanction lists and other online and print publications.

Such data includes:

· First and last name

· Contact information

· Country of residence

· Curriculum vitae information, including information on your professional experience, your engagement with other companies, events you attended, publications etc.

· Business address

· Pictures and audio-visual recordings of you

Depending on the business contact we have with you and the purposes we collect and use your data, we process your personal data on one or more of the following legal bases:

The processing of your personal data is necessary for the performance of a contract (to be) concluded between you and us (e.g., in the EU Art. 6.1 b, GDPR)
The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR). More specifically we
- are obliged to comply with national and, if applicable, international laws and regulations relating to the fight against corruption, anti-money laundering anti-terrorism financing and other economic crime.
- have to assess the appropriateness of the remuneration and other payments made and other support granted to you and are subject to certain documentation, publication and reporting obligations and therefore, can be obliged to disclose the remuneration paid or other support in kind availed to you as a speaker or other service provider, to your employer or to competent regulatory authorities, criminal prosecutors and other recipients responsible for the implementation of transparency rules upon request, or make such payments and in kind support available publicly. This includes particularly documentation, disclosure and reporting obligations in connection with medicines, medical devices and healthcare regulations, transparency laws, laws on anti-money laundering and self-regulatory regimes such as industry and patient codes
The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (e.g., in the EU Art. 6.1 f, GDPR). These legitimate interests are:

Maintenance of a database that contains all HCPs with whom we already collaborated or may collaborate in the future, to manage the interactions with you and other HCPs

Establishment, exercise or defense of legal claims

You have given us your consent for the intended processing of your personal data (e.g., in the EU Art. 6.1 a GDPR), e.g., for disclosing value transfers made to you, if not legally required or for publishing your photo or audiovisual recordings, if not contractually agreed.

Your personal data is required to enter into and/or perform the respective interaction with you. If you do not provide your personal data, we may be required to refrain from entering into an interaction with you, as we could be unable to meet our due diligence and disclosure requirements under applicable laws and self-regulatory codes.

Besides the general recipients as mentioned under with whom we share your data, we also share your data with:

The general public, to the extent we are obliged to publicly disclose payments made to you and other benefits provided to you, e.g., meals, travel and accommodation as well as other hospitality. Where there is no statutory legal basis for public disclosure including the identity of the recipient, you may choose to withhold or withdraw your consent to such disclosure, and we would then disclose the payments and benefits on an anonymous aggregated basis

The personal data related to the publication of value transfers will be deleted 3 years at the end of the calendar year from publication. Your interactions with us will be deleted ten years after the completion of the last interaction with you, unless we are legally required to retain the data.

Last updated 21.02.2025, replaced the previous version

The quality and safety of Fresenius Kabi’s products (e.g., drugs, enteral nutrition, medical devices), services and therapies are of paramount importance. Our interactions with patients using our products do not end with the supply of products or the provision of services but involve the monitoring and analysis of applicability, effectiveness and safety for patients of our products on the market. The gained insights are the basis for identifying opportunities for continuous improvement of products and services. Therefore, Fresenius Kabi monitors and evaluates relevant information and feedback on the products, services and therapies during its use and where necessary reports these to health authorities.

The monitoring of adverse reactions or events (side effects) associated with the use of medicinal products is referred to as pharmacovigilance (drug safety). The statutory pharmacovigilance commitments relate to our medicinal products for human use. Similar regulations exist for medical devices.

With the help of our vigilance activities, Fresenius Kabi ensures that the patients’ safety of its products is always guaranteed, and that Fresenius Kabi is enabled to identify any changes in the benefit-risk-ratio at an early stage and react in a timely manner.

We may collect and use your personal data in the following ways:

We collect and use the data:

you provide directly to us (e.g., via phone, letter or webform), as patient using our products
as reporter of adverse reactions or events
as reported and published on publicly available sources such as social media and internet forums, literature or other reports we became aware of
as provided to us by healthcare organizations or organizations otherwise involved in the provision of care such as hospitals, our distributors and resellers or universities.

The exact amount and kind of data depends on the information submitted to us or the information that is published, posted or shared. Such data includes:

Information identifying the patient (potentially including first and last name, date of birth, gender)
- Medical history and other characteristics including laboratory data, pregnancy, weight, height and age
- Measures and treatment of adverse reactions and events
Information identifying the reporter or on the primary source of the data for potential follow-up requests
- First and last name
- Contact and address information (e.g., address, e-mail address, social media account name, phone number)
- Signature (in case you report on behalf of a healthcare provider)
Information on the adverse reactions and events or other information on the safety of our products
- Description of the adverse reactions and events related data including start, stop, duration
- Drug/active substance related data including dosage, application, suspected causality indication and duration of treatment
- Medical device related data including application, and malfunctioning
- Seriousness criteria of reaction such as death, life threatening, hospitalization or prolonged hospitalization, permanent injury or disability, important medical event
- Outcome of reactions.

We process your personal data on the following legal basis:

The processing of your personal data is necessary for reasons of public interest in the area of public health to ensure high standards of quality and safety of medicinal products and devices based on law (e.g., in Europe Art. 6.1 e Art. 9.2 i GDPR). These laws include inter alia Section 63c of the German Medicines Act and Article 24 of Regulation (EC) No. 726/2004.
You have given us your consent for the intended processing (e.g., in Europe Art. 6.1 a GDPR and Art. 9.2 a GDPR) which can be the case if
The processing relates to personal data which is manifestly made public by you (e.g., in Europe Art. 9.2 e GDPR) which can e.g. be the case if you publish it on social media
The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in Europe Art. 6.1 f GDPR). This legitimate interest is explained under ‘Why we collect and use your data'
The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in Europe Art. 6.1 c GDPR and Art. EU 9.2 i GDPR). More specifically we are obliged to have post market surveillance based on Regulation (EU) No 1235/2010 and Directive 2010/84/EU concerning the pharmacovigilance of medicinal products for human use. See also Commission Implementing Regulation No 520/2012 of 19 June 2012 and the European Medicines Agency (EMA) Guidelines on Good Pharmacovigilance Practices (GVP). Furthermore, legal obligations arise as part of a clinical trial, see Regulation (EU) No 536/2014 and as part of medical device regulations EU 745/2017 and 746/2017.

If you do not provide all necessary personal data, we might not be able to respond or process your report properly because we cannot comply with the legal requirements as listed above.

Fresenius Kabi only stores personal data that is required to be compliant with the current legislation in our global safety databases.

For events related to medicinal products / Drugs, the data will be kept for 10 years after the marketing authorization has ceased to exist or 5 years after the completion of formal discontinuation of the last clinical trial.
For events related to medical devices the data will be kept for 10 years after the last device has been placed on the market (15 years for implantable devices).
Complaint related documentation related to our products the data will be kept for 30 years after closing.

Last updated 21.02.2025, replaced the previous version

We collect and use your data to validate, handle and respond to your request, and to fulfill our accountability requirements arising from the General Data Protection Regulation or other data protection legislations.

We collect and use the data you provide to us. The exact amount and kind of data depends on what information you include in your request and what type of request you submit. Such data includes:

First and last name
Academic title
Gender
Contact and address information (e.g., address, e-mail address, phone number, fax number)
Country of residence
Information on your relationship with Fresenius Kabi and its entities
Your request
Data needed to identify yourself

We process your personal data on one or more of the following legal bases:

The processing of your personal data is necessary for us in order to comply with a legal obligation, we are subject to (e.g., in Europe Art. 6.1 c GDPR). We are legally obliged to respond to your request and to process your personal data accordingly. More specifically, in Europe legal obligations in relation to requirements under the General Data Protection Regulation (Regulation (EU) 2016/679).
The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in Europe Art. 6.1 f GDPR). More specifically, these legitimate interests are the establishment, exercise or defense of legal claims
The processing is necessary for the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity (e.g., in Europe Art. 9.2 f GDPR)

If you do not provide all necessary personal data, we may not be able to respond to or properly process your request.

We store your personal data until we have responded to your request. Afterwards, the respective personal data shall be blocked (i.e., we block your data for all other purposes) until the end of the respective statute of limitation for corresponding legal claims. After the end of this status of limitation (after four years), your data will be erased entirely.

If longer retention periods apply after the time periods listed above (e.g., because we are obliged to store the data for tax purposes or civil or criminal proceedings where initiated) our aim also includes that the data will be blocked until the end of the respective retention period and then erased.

Last updated 21.02.2025, replaced the previous version

We may collect data about you for the following purposes:

to answer your inquiries you sent to us by direct message
to follow up and report on posted adverse events
follow up on any hate speech or other statements that allegedly threatens our employees, organization, our brand or reputation
to gain insights in our and your online presence and standing
to adapt our online presence with the respective platform or network to best suit the preferences and interests of its users
to provide advertisements to targeted groups

We may collect and use your personal data in the following ways:

We collect information you post about us, our brands, our employees, our markets, our products and services or otherwise affects us. This may include:

Your name as selected by you for your social media user account, including your picture and profile description/bio
The content of your published posts
The content of your direct messages

We collect information from social media providers which they collect when you use their platforms and they provide to us. This may include:

your profile as determined by the social media provider, which can include:

Geography
Interests
Gender
The industry you are working in
Age groups
Values
Channels

We process your personal data on one or more of the following legal bases:

The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR). More specifically legal obligations in relation to requirements under pharmacovigilance and medicines laws. These include inter alia Section 63c of the German Medicines Act and Article 24 of Regulation (EC) No. 726/2004.
The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR). These legitimate interests are:
- To validate, handle and respond to you based upon your inquiry or request
- To provide information on our products and service
- To provide an adequate online presence which meets the demands of the users
- To protect our employees, organization, brands and reputation

The processing relates to personal data which is manifestly made public by you (e.g., in Europe Art. 9.2 e GDPR)

Besides the general recipients as mentioned on our With Whom We Share , we share your data with social media platform providers. These providers are responsible as Controller for the data they receive.

Please be aware that for obtaining the insights in your online presence, Fresenius Kabi is jointly with Facebook, controller of the activities. For all other processing of personal data related to Facebook and Instagram, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is the responsible controller.

You can find information on respective processing of personal data regarding Facebook here: https://facebook.com/about/privacy

You can find information on respective processing of personal data regarding Instagram here: https://help.instagram.com/519522125107875

For all processing of personal data related to Twitter, Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07 Ireland, is the responsible controller.

You can find information on respective processing of personal data here: https://twitter.com/en/privacy

For all processing of personal data related to LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, is the responsible controller.

You can find information on respective processing of personal data here: https://linkedin.com/legal/privacy-policy

For all processing of personal data related to YouTube, Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA, is the responsible controller.

You can find information on respective processing of personal data here: https://policies.google.com/privacy?hl=en

We store your data for as long as it is necessary to answer your inquiry. So, until you receive the last relevant message from us to answer your query, plus a 6-month transition period so that we can respond if you have any further or follow-up questions. If your post or you are mentioned in a post that relates to an adverse event or reaction associated with the use of medicinal products and safety of medical devices (vigilance), we store the information longer.

First published March 2025

If you request information as a visitor of our congress booth, we collect and use certain personal data of you. We may collect and use your data for the following purposes:

follow up your comments or request as indicated in the app
assess and qualify the potential business relationship with you or the organisation you are working for
exchange of information related to potential future contracts or existing contracts with you or the organization you are working for
Marketing (e.g., informing you about products and services or related information)
Relationship administration and key account management including external communication and public relationship

We collect and use your personal data in the following ways:

First and last name
Gender
Contact and address information, including address, e-mail address, phone number, fax number
Your profession and qualifications
Country of residence
The organisation you work for
Role and function in your organization
Your areas of expertise
Your area of interest
Your request and how to follow up

A qualification of your needs based on type of request, urgency and available budget for the request, your decision authority.
The name of the event where we captured your data
Invite to a follow up meeting (if requested)

First and last name
Gender
Contact and address information, including address, e-mail address, phone number, fax number
Your profession and qualifications
Country of residence
The organisation you work for
Role and function in your organization
Your areas of expertise
Your area of interest
Your request and how to follow up

To tailor and optimize our communications, we create a profile of you. These are based on your profession, therapeutic area and specialty you are working and used to tailor and optimize our communications and interactions with you.

We process your personal data based on our legitimate interest (e.g in Europe, Art. 6.1 b GDPR):

Investigate your interests for a potential business relationship and/or maintaining our business relationship with you or the organization you are working for
Fulfilling our contract with the organization you are working for, including the enforcement of any rights we may have under such contract
Gather information and knowledge management related to the interests in and satisfaction about internal processes, products and services
Development, optimization and improvement of our products and services
Optimization of internal communication
Optimization of administration
Carrying out research work
Organizational management

You need to provide your personal data to us for the purpose of following up your request. If you do not provide your personal data, we might not be able to contact you.

Besides the general recipients as mentioned under With Whom We Share Your Data, we do not share your data with others.

We store your personal data for 2 years after the last interaction we have had with you.

First published March 2025

If you subscribe or follow an online training in our Fresenius Learning Center, we collect and use your data for the following purposes:

to make the training technically available to you
provide you with the necessary knowledge for your daily work in or on behalf of Fresenius or the service provider, distributor, supplier, or health care organization you work for.
to document your learning history,
to create reports or provide proof and documentation of attendance and receive feedback to help improve our trainings,
to enable the issuing of certificates of completion,
to follow up on any questions and queries

We collect and use your personal data in the following ways:

If you create your profile, or your employer as initiated the enrolment into a course or training, we collect and use the following information

The training(s) to follow
First and last name
Login name and password
Job title, role or position, such as sales representative, fire-protection assistant, security administrator, truck driver, first responder
The organisation and department you work for
The country or location you work in
Your supervisor or relevant HR contact
Email address
Files you uploaded yourself, such as certificates or CVs.

We collect and use the following data during your visits on our Fresenius Learning Center environment:

When you entered into the system
When you left the system
Which course you followed
When you opened a course
When you closed the course
Where you left a course
Training status
Completion dates
Account creation date
Account expiration date
The name of your service provider including IP address
Your web browser type
The preferences you select.

We do this by using strictly necessary cookies. They are required to make the website work. They for example help to make the page load more quickly and to limit the number of sessions originating from a user to prevent a website-overload. They remain valid during the session and are automatically deleted when you close the browser.

The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR). These legitimate interests are:

to provide you with the necessary and available knowledge for your daily work to support knowledge transfer of position related, legally and regularly prescribed as well as operation related content (applicable to internal Fresenius employees)
to provide a working and optimized modern online training environment.
the establishment, exercise or defense of legal claims
The processing of your personal data is necessary for the performance your employment contract (e.g., in the EU Art. 6.1 b GDPR) which requires you to be trained on certain topics depending on the position you hold within your organization or within Fresenius.
The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR). More specifically the legal obligations in relation to legally required trainings such as in the area of health and safety regulations where we need proof that you are being trained.

Besides the general recipients as mentioned on our With Whom We Share, and depending on the agreement with your employer, we share the status of completion of trainings with your employer, which can be your supervisor, the HR department, the compliance department or the department that has issued the training.

Information collected via the website or cookies & similar technologies will be stored as long as your visit or as long as the cookie is valid as explained above.

Your profile and status on completed trainings will remain in our system for 120 months.

First published March 2025

If you visit our location or site, we will collect your data for the following purposes:

Provide access to buildings for authorized people (access control)
Prevent and detect access of unwanted individuals or illegitimate access to buildings or specific areas within a building
Protection of the householder's rights in the sense of averting the danger of theft, burglary and vandalism
Efficient and effective access to buildings
Ensure safety and security of people, building and properties in case of calamities
preserving evidence to allow reporting and supporting police investigations in the prosecution of criminal offences and taking disciplinary actions
Ensure safety of the people (workplace safety)
Preserve evidence of theft, burglary or vandalism

If you register at our visitor registration we capture the following information

First and last name
Reason of your visit
Internal contact person you are about to visit
Time of arrival
Time of leaving
Signature
Badge number provided to you

Our video monitoring system captures:

Images of our premises, including time and date of events

Our electronic entrance system (badge, fence, biometric)

Badge number
Mathematic representation of your fingerprint
Time of entry
Time of exit

Your personal data is required to provide access to our buildings and premises. If you do not provide the personal data you cannot legitimately access them.

Besides the general recipients as mentioned on our With Whom We Share, we share information with police, justice and private investigators and security guards.

Information provided by yourself is stored for a week

Information captured by our video surveillance is stored for one week

Information captured by our electronic entrance system is stored for one week.

In all the situations as mentioned above, we collaborate with other organizations to achieve our purposes. Therefore, we may send your personal data in parts or as a whole to other organizations.

Apart from the specific recipients as mentioned above for the specific situations, such recipients are:

Other Fresenius Kabi Group companies
Other Fresenius Group Companies
Service providers which process personal data on our behalf (e.g., for hosting or maintenance services) and have to follow our instructions on such processing;
Authorities, courts and/or parties, or their delegated bodies, in a litigation in case we are required to do so to meet any applicable laws, regulations, legal processes or enforceable governmental requests
Professional advisors or auditors, such as tax advisors, financial auditors, lawyers, insurers, banks and other external professional advisors in the countries in which we operate

Other entities in the event of a change in ownership, a merger with, acquisition by, or sale of assets

We may send your personal data in parts or as a whole to the above recipients in other countries. For some of these countries the European Commission or respective legislator or authority in your country (e.g., the Federal Council in Switzerland) has determined an adequate level of data protection to be in place that matches the level of data protection in your country.

The European Commission has done this for the following countries / territories: Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, New Zealand, Japan, Jersey, South-Korea, Switzerland, United Kingdom, the United States (for commercial organisations certified under the EU-US Data Privacy Framework) and Uruguay.

For Switzerland these are: the countries in the European Union and the European Economic Area, Andorra, Argentina, Canada, (for commercial organizations), Faroe Islands, Gibraltar, Guernsey, Israel, Isle of Man, Jersey, Monaco, United Kingdom, New Zealand, United Kingdom, United States for commercial organisations certified under the Swiss-US Data Privacy Framework) and Uruguay.

For countries where the respective legislator or authority has not decided that an adequate level of data protection exists that matches the level of data protection in your country, we have provided safeguards in order to secure your personal data to a degree that is equivalent to the level of data protection in the European Union or your home country as a minimum.

These safeguards are:

For the exchange of data within our company: our Binding Corporate Rules for Controllers.
For the exchange of data with our service providers and other international organizations: Standard Contractual Clauses that have been issued by the European Commission, and/or as issued by other authorities or legislators as applicable.

You can obtain a copy of these Standard Contractual Clauses and our Binding Corporate Rules , online, or upon request.

As our collection and use of your data may change over time, we may update the information on this site from time to time to correctly reflect our data processing practices. We encourage you to review it from time to time. Previous versions are available as link under the sections of the different situations in which we collect your data.

For all the situations where we collect and use your data the following information is applicable.

The controller or designated responsible entity representing the Fresenius Kabi group, for processing of your personal data is:

Fresenius Kabi SwissBioSim GmbH

Terre Bonne Business Park,

Route de Crassier 23, Bâtiment A3,

CH-1262 Eysins

Switzerland

By using this data protection contact form you can request information and execute your rights. Where applicable based on data protection legislation, you have the right to request:

confirmation whether or not we process your personal data
access to or a copy of your personal data: You an ask to access/receive information about e.g. the purpose of processing, the categories of personal data concerned, the recipients, storage periods, any existence of automated decision-making.
rectification of your personal data if they are incomplete or incorrect
deletion of your personal data, unless it must be maintained e.g. due to legal retention requirements
to restrict of processing of your personal data if either the accuracy of the personal data is contested, or the processing is unlawful (no longer required for the pursued purposes).
data portability of your data to another organization in a commonly used and machine-readable format, if the following conditions are met:
- Personal data have been provided by the individual
- The processing is based on the individual’s consent or on a contract with the individual
- The processing is carried out by automated means.
Object to processing on grounds specific to your situation or to direct marketing and profiling.
revocation or withdrawal of your previously given consent at any time. You can withdraw your consent to all processing or for individual purposes of your choice. The withdrawal of consent will not affect the lawfulness of processing based on your consent before the withdrawal.
to be not subject to automated decision making (incl. profiling) which could lead to legal or similar significant effects to your, unless:
- It is necessary for entering into or performance of a contract between you and Fresenius Kabi;
- It is based on your explicit consent.

In this context, you have the right to express your point of view about the automated decision and to have the automated decision reviewed by a natural person. To exercise these rights, please refer to Section 2.4.3 (Complaints).

If you submit a request, our data protection organization may contact you for additional information to confirm your identity and to clarify your request. We provide information free of charge unless requests are manifestly unfounded or excessive. In those circumstances we may charge a fee.

We aspire to answer your request within four weeks. We reserve the right to extend the period within the scope of the admissibility by law and will inform you if this is the case. Please do not inquire about your processing status.

If you want to submit a request to another Fresenius Kabi entity than listed in this form, please navigate to the website of the country the respective entity is located. Web addresses can be found here.

For more information on how we handle your personal data, please read the information under If you submit a data subject request

You have the right to lodge a complaint about the way we manage your personal data with our data protection officer, via our compliance hotline or with the data protection authority. You can contact those as follows:

Fresenius Kabi AG

Data Protection Officer

Else-Kröner-Straße 1

61352 Bad Homburg

Germany

E-mail: dataprotectionofficer@fresenius-kabi.com

Federal Data Protection and Information Commissioner
Feldeggweg 1
CH – 3003 Bern

The fields marked with * are mandatory. If you do not complete them, we cannot process your request.

Other Relationship to Fresenius Kabi

Please specify your request.

Personal Information

Title

First Name

Last Name

E-mail

Street

Street Number

Zip Code

City

Schnellzugriff

Über uns

Portfolio

Offene Stellen

Data Protection at Fresenius Kabi

Über uns

Portfolio

Offene Stellen

Data Protection at Fresenius Kabi

1 How We Take Care of Your Data

1.1 Our Data Protection Organization

1.2 Our Data Protection Policy

1.3 Our Security Measures

2 Transparency on Our Data Processing Activities

2.1 Situations in which we collect your data

2.1.1 If you visit our websites

2.1.1.1 Why we collect and use your data

2.1.1.2 What data we collect and how we do that

2.1.1.2.1 Automatically by our website or by using cookies and other technologies

2.1.1.2.1.1 Strictly necessary cookies

2.1.1.2.1.2 Functional cookies

2.1.1.2.1.3 Analytical Cookies

2.1.1.2.1.4 Social Media Cookies

2.1.1.2.2 When activating social media plug-ins

2.1.1.3 Legal basis to collect, use and share your data

2.1.1.4 With whom we share your data

2.1.1.5 How long we retain your data

2.1.2. If you create an account or login as healthcare professional on our website

2.1.2.1. Why we collect and use your data

2.1.2.2 What data we collect and how we do that

2.1.2.2.1 Information we collect via the website

2.1.2.2.2 Information we collect from other organizations

2.1.2.3 Profiling and automated decision making

2.1.2.4 Legal basis to collect, use and share your data

2.1.2.5 Requirements to provide personal data

2.1.2.6 How long we retain your data

2.1.3 If you contact us by mail, phone or via an online form

2.1.3.1 Why we collect and use your data

2.1.3.2 What data we collect and how we do that

2.1.3.3 Legal basis to collect, use and share your data

2.1.3.4 Requirements to provide personal data

2.1.3.5 How long we retain your data

2.1.4 If you interact with us as a business contact

2.1.4.1 Why we collect and use your data

2.1.4.2 What data we collect and how we do that

2.1.4.2.1 Information you provide to us

2.1.4.2.2 Information we collect from other organizations

2.1.4.3 Profiling and automated decision making

2.1.4.4 Legal basis to collect, use and share your data

2.1.4.5 Requirements to provide personal data

2.1.4.6 With whom we share your data

2.1.4.7 How long we retain your data

2.1.5 If you interact with us as a speaker, advisor or otherwise in your capacity as a healthcare professional

2.1.5.1 Why we collect and use your data

2.1.5.2 What data we collect and how we do that

2.1.5.2.1 Information you provide to us

2.1.5.2.2 Information we collect from publicly available sources

2.1.5.3 Legal Basis for Processing Your Data

2.1.5.4 Requirements to provide personal data

2.1.5.5 With whom we share your data

2.1.5.6 How Long We Retain Your Data

2.1.6 If you report or are mentioned in an adverse event or reaction associated with the use of medicinal products and safety of medical devices (vigilance)

2.1.6.1 Why we collect and use your data

2.1.6.2 What data we collect and how we do that

2.1.6.2.1 Information you provide to us, we collect from other organizations or from publicly available sources

2.1.6.3 Legal Basis for Processing Your Data

2.1.6.4 Requirements to provide personal data

2.1.6.5 How Long We Retain Your Data

2.1.7 If you submit a data subject request

2.1.7.1 Why we collect and use your data

2.1.7.2 What data we collect and how we do that

2.1.7.2.1 Information you provide to us

2.1.7.3 Legal Basis for Processing Your Data

2.1.7.4 Requirements to provide personal data

2.1.7.5 How Long We Retain Your Data

2.1.8 If you interact with us on social media

2.1.8.1 Why we collect and use your data

2.1.8.2 What data we collect and how we do that

2.1.8.2.1 Information you post

2.1.8.2.2 Information obtained from social media providers

2.1.8.3 Legal basis to collect, use and share your data

2.1.8.4 With whom we share your data

2.1.8.4.1 Responsibility regarding Facebook and Instagram

2.1.8.4.2 Responsibility regarding X (formerly Twitter)

2.1.8.4.3 Responsibility regarding LinkedIn