We welcome your interest in Fresenius Kabi Ireland. Protecting privacy for our patients, healthcare professionals, suppliers and customers is important to us. As a global healthcare company in the digital age, data forms a cornerstone and enabler of our worldwide business. With data being one of our key assets we need to ensure that it is appropriately handled and protected.
We would like to provide you with the relevant information on how our organization incorporates data privacy into its operations. With this we aim to ensure compliance and provide transparency and trust. You will also find information on how to execute your rights as a patient, healthcare professional, supplier, customer or website user.
Our Approach to Protect Your Privacy
Our Data Privacy Organization
Fresenius Kabi operates a central data privacy center of competence. This center has set up a data privacy management framework in alignment with ISO 29100 (privacy framework for the protection of personally identifiable information). The competence center aims to implement a harmonized and consistent way of processing personal data across all Fresenius Kabi entities. It sets the policies, procedures and standards for data privacy and provides tools and processes for the employees as well as training and awareness material. Furthermore, this center provides expertise on all data privacy topics.
Our data protection and security policies, associated procedures as well as our guidelines for processing personal data create a uniform and basic level of adequate data protection across all Fresenius Kabi entities.
Our Local Data Privacy Advisors at the various Fresenius Kabi legal entities support local management in their compliance efforts. They do this by executing risk and compliance assessments for the different data processing activities. With these assessments we aim to integrate privacy requirements into the design of a process or a system.
Our internal IT service provider, Fresenius Netcare, has implemented a certified management system for information security according to ISO 27001 in order to provide high security standards for data centers. Our Global Cybersecurity Defense Team (CERT) identifies, evaluates and responds to security incidents and acts as a central contact point for security-related topics.
The monitoring of our compliance efforts is overseen by our Data Protection Officer.
In these assessments we ensure that all relevant data protection principles have been taken into consideration within the design. In certain cases a data protection impact assessment might be necessary before starting the respective processing activity.
We register the data processing activities within Fresenius Kabi in the “Records of Processing Activities”. This register contains essential information to comply with the data protection laws.
Transparency on Our Data Processing Activities
If you interact with us, e.g. as a patient, healthcare professional, supplier, customer or website user, we collect and use your personal data while adhering to the data protection principles. This means that we collect and use your personal data only lawfully, fairly, in a transparent manner and only for the purposes they were collected.
Why we are collecting and using Personal Data
Business Partners (Suppliers, Customers)
As our Business Partner, we mostly process your personal data in order to prepare, fulfill or perform an agreement or contract with you or with your organization for the provision of products and services. This includes:
- the evaluation of our relationship with the company you work for (business partner evaluation), and
- the fulfillment of compliance requirements such as business partner due diligence, sanction list screening and money laundering laws.
In our privacy statement on business partner data you will find further details.
If you are a healthcare professional we use your data to send you product and service related information and to assess whether you are a suitable contact for specific business needs, e.g. when we look for an expert in a certain field or for a specific product.
In our data privacy statement for healthcare professionals you will find further details.
Obtain Insight and Manage Your Data
By using our data privacy contact form you can request information regarding the processing of your personal data including but not limited to the origin and recipients of your data and the purposes of the processing. You can also request to have access to your data or to object to the processing of your data. If your personal data are incorrect, incomplete or not processed in compliance with applicable law, you have the right to have this data rectified, deleted or blocked. Furthermore, you can in certain cases, also ask to directly transfer them to another organization (portability).
If you submit a request, our data protection organization may contact you for additional information to confirm your identity and to ensure rapid clarification of your question. We provide information free of charge unless requests are manifestly unfounded or excessive. In that case we may charge a fee.
We aspire to answer your request within four weeks. We reserve the right to extend the period within the scope of the admissibility by law and will inform you if this is the case. Please do not enquire about your processing status.You also have the right to file a complaint about the way we manage your personal data with our Data Protection Officer.
Find out more about how we handle your request in a dedicated privacy statement.
The security of your data is important to us and we have made significant effort to ensure that your personal information is respected and protected.