Privacy Statement for Healthcare Professionals (HCPs)
In your capacity as a Healthcare Professional, Fresenius Kabi will process certain personal data from you, when you provide a service to us, or when we interact with you otherwise.
Protecting your data personal data is important to us. We would like to inform you how personal data about you is collected, processed and used by the Fresenius Kabi legal entity contracting or otherwise interacting with you (hereinafter “Fresenius Kabi” “we”, or “us”).
Processing of personal data by us is governed by the General Data Protection Regulation of the European Union (“GDPR”).
What data we collect and how we do that
Information you provide
The personal data you provide for the interaction will depend on the type of interaction. Such data particularly may include the following data:
- First and last name
- Country of residence
- Curriculum vitae information, including information on your professional experience, your engagement with us and other companies, events you attended, publications etc.
- Pictures of you
- Audio-visual recordings of your voice and appearance, if a presentation of yours is recorded
- Your areas of expertise and your areas of professional interest as an HCP
- Contact details, including private home address, e-mail or telephone number
- Business address
- Employer name and employer address
- Information on payments made and benefits granted to you
- Your bank account number
- Your tax identification number
Information that we collect from publicly available sources
Even before we enter into an interaction with you we may collect information about you and your professional experience from publicly available sources, such as the internet, social media platforms, sanction lists and other online and print publications. Such data may include the following:
- First and last name
- Curriculum vitae information, including information on your professional experience, your engagement with other companies, events you attended, publications etc.
- Business address
- Pictures of you
Why we collect and use the data
We process and use the data specified above for various purposes:
- carrying out the contract with you including payment transfers to you
- maintaining a database of HCPs with whom we already collaborated or may collaborate in the future
- contact management and communicating with you
- key opinion leader categorization
- best practice sharing
- meeting compliance requirements, such as anti-corruption laws, anti-money laundering laws and other laws on economic crime, regulatory and pharmacovigilance and medicines laws, as well as disclosure requirements resulting from applicable laws and self-regulatory codes of conduct as a result of our membership in trade associations
We might process your data on servers in different countries within the European Union. Therefore, your data might be processed in a country outside of your country of residence.
Legal basis for the data processing
We process your personal data, as the case may be:
- the processing of your personal data is necessary in order to carry out the concluded contract between you and us (Art. 6.1 b, GDPR).
- the processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (Art. 6.1 c, GDPR). We are specifically obliged to comply with national and, if applicable, international laws and regulations relating to fight against corruption, money laundering and other economic crime, have to assess the appropriateness of the remuneration and other payments made and other support granted to you and are subject to certain documentation, publication and reporting obligations and therefore, can be obliged to disclose the remuneration paid or other support in kind availed to you as a speaker or other service provider, to your employer or to competent regulatory authorities, criminal prosecutors and other recipients responsible for the implementation of transparency rules upon request, or make such payments and in kind support available publicly. This includes particularly documentation, disclosure and reporting obligations in connection with medicines, medical devices and healthcare regulations, transparency laws, laws on anti-money laundering and self-regulatory regimes such as industry and patient codes.
- processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data. (Art. 6.1 f, GDPR). These legitimate interests are the maintenance of a database that contains all HCPs with whom we already collaborated or may collaborate in the future, to manage the interactions with you and other HCPs.
- you have been informed about the intended international transfer of your personal data, and have given us your consent (Art. 6.1 a, GDPR).
You can always withdraw your consent. You can withdraw your consent to all processing, or for individual purposes of your choosing. The withdrawal of consent will not affect the lawfulness of processing based on your consent before the withdrawal.
You can withdraw your consent by sending an email to email@example.com
We share your data
We may transfer your personal data in parts or as a whole to recipients in third countries, which are not Member States of the European Union. Such countries can be around the world and where the Fresenius group is active. Please refer to the overview of the locations in which Fresenius Kabi is active. The data will be shared only on a need-to-know basis. This applies particularly to payment and other financial data and contract data that will be accessible only to a very limited number of recipients who have a need to know the data for the fulfillment of their tasks, subject to any disclosure obligations.
Such other recipients may include:
- other Fresenius legal entities that may be interested in working with you
- competent regulatory authorities, criminal prosecutors and other recipients responsible for the implementation of transparency rules as well as criminal laws and administrative laws
- authorities, courts, parties in a litigation to the extent required to meet any applicable law, regulation, legal process or enforceable governmental request
- the general public to the extent we are obliged to publicly disclose payments made to you and other benefits provided to you, e.g. meals, travel and lodging as well as other hospitality. Where there is no statutory legal basis for public disclosure including the identity of the recipient, you may choose to withhold your consent to such disclosure, and we would then disclose the payments and benefits on an anonymous aggregated basis
How long we retain the data
The personal data related to your interactions with us, e.g. contract entered between you and us, payments made or benefits granted to you, will be deleted after ten years after the completion of the last interaction with you, unless we are legally required to retain the data.
Rights of the data subject
As a data subject, you have certain rights towards your personal data. You have the right to request access to your personal data, the right to request rectification of your personal data, the right to request erasure of your personal data, the right to request the restriction of processing of your personal data, and the right to data portability. You also have the right to object on ground specific to your situation.
You also have the right to lodge a complaint with a supervisory authority.
Requirement to provide personal data
Your personal data is a requirement necessary to enter into the relevant interaction with you. If you fail to provide your personal data, we may be required to refrain from entering into an interaction with you, as we could be unable to meet our due diligence and disclosure requirements under applicable laws and self-regulatory codes.
Changes to this data protection information
As our collection and processing of your data may change over time, we might also modify this Data Protection Information to always correctly reflect our data processing practices. We encourage you to review it from time to time.
Controller and contact
The controller and responsible entity for processing of personal data is the Fresenius Kabi legal entity contracting with you or, if there is no contract in place, Fresenius Kabi Deutschland GmbH, Else-Kröner-Straße 1, 61352 Bad Homburg, Germany.
We have designated a data protection officer. You can contact the data protection officer for all requests and questions concerning your personal data via: firstname.lastname@example.org.