Data Protection Statement for Data Subject Requests

We collect and use your data to validate, handle and respond to your request, and to fulfil our accountability requirements arising from the General Data Protection Regulation or other data protection legislation. 

We may collect and use your personal data in the following situation:

Information you provide to us

We collect and use the data you provide to us. The exact amount and kind of data depends on what information you include in your request and what type of request you submit. Such data includes:

• First and last name 
• Gender
• Contact and address information (including address, email address, phone number and fax number)
• Country of residence
• Information on your relationship with Fresenius Kabi and its entities 
• Your request 
• Data needed to identify yourself 

We process your personal data on the following legal basis:

• The processing of your personal data is necessary for us in order to comply with a legal obligation, we are subject to (Art. 6.1 c, GDPR). We are legally obliged to respond to your request and to process your personal data accordingly
• The processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (Art. 6.1 f GDPR). More specifically, these legitimate interests are the establishment, exercise or defense of legal claims

We collaborate with other organisations to achieve our purposes. Therefore, we may send your personal data in part or as a whole to other organisations. 

Such recipients are:

• Other Fresenius Group companies if such a transfer of personal data is required for the specific purpose (please refer to the overview of locations in which Fresenius Kabi Group companies are active). The scope of such transfer largely depends on the scope of your request, in particular, which entities you interacted with. For example, if you are a customer of a particular Fresenius Kabi entity, we will forward your request to this entity, in order to process the necessary information to respond to it
• Service providers which process personal data on our behalf (e.g. for hosting or maintenance services) and have to follow our instructions on such processing; these service providers will not be allowed to use your personal data for other than our purposes
• Authorities, court, parties in a litigation in case we are required to do so to meet any applicable laws, regulations, legal processes or enforceable governmental requests 
• Professional advisors or auditors, such as tax advisors, financial auditors, lawyers, insurers, banks and other external professional advisors in the countries in which we operate

International Data Transfers

We may send your personal data in parts or as a whole to Fresenius Group recipients in countries, which are not member states of the European Union or international organisations, for the purposes listed above. Please refer to the overview of the locations in which Fresenius Kabi Group companies are active in. 

We may send data to the following countries for which the European Commission has determined an adequate level of data protection to be in place that matches the level of data protection within the European Union in which Fresenius entities have been established: Argentina, Canada, Japan, New Zealand, Switzerland or Uruguay. 

With regards to such international data transfers to third countries, for which the European Commission has not decided that an adequate level of data protection exists, we have provided appropriate safeguards in order to secure your personal data to a degree that equals the level of data protection in the European Union. 

Safeguards used are:

• Standard Contractual Clauses that have been issues by the European Commission

You can obtain a copy of these Standard Contractual Clauses online, or upon request. 

We store your personal data until we have responded to your request. Afterwards, the respective personal data shall be blocked (i.e. we block your data for all other purposes) until the end of the respective statute of limitation for corresponding legal claims. After the end of this status of limitation (after four years), your data will be erased entirely. 

If longer retention periods apply after the time periods listed above (e.g. because we are obliged to store the data for tax purposes or civil or criminal proceedings where initiated) our aim also included that the data will be blocked until the end of the respective retention period and then erased. 

Depending on the situation you have certain rights regarding your personal data. 

You have the right to:

• Request access to your personal data 
• Request rectification of your personal data 
• Request the restriction of processing of your personal data 
• Data portability 
• Object on grounds specific to your situation

You can exercise these rights online by using the Data Protection Contact Form or contacting our Local Data Protection Advisor on data.protection-uk@fresenius-kabi.com

Controller and Contact

The controller and responsible entity for processing of personal data is:

Fresenius Kabi Limited

Cestrian Court, Eastgate Way, Runcorn, WA7 1NT, United Kingdom

Email: data.protection-UK@fresenius-kabi.com

You also have the right to lodge a complaint with our Data Protection Officer or the supervistory authority. 

Data Protection Officer:

Fresenius Kabi Limited
Data Protection Officer
Else-Kröner-Straße 1
61352 Bad Homburg
Germany
E-mail: dataprotectionofficer@fresenius-kabi.com

Data Protection Authority:

Information Commissioner's Office - https://ico.org.uk/global/contact-us/

Tel: 0303 123 1113

Requirements to provide personal data 

If you do not provide all necessary personal data, we may not be able to respond to or properly process your request

Changes to this data protection statement 

As our collection and use of your data may change over time, we may also modify this data protection statement to always correctly reflect our data processing practices. We encourage you to review it from time to time.