フレゼニウス カービにおけるデータ保護

フレゼニウス カービAG(フレゼニウス カービまたは当社)のデータ保護情報のページへようこそ。当社は、輸液、輸血、臨床栄養のための救命医薬品と技術を専門とするグローバルヘルスケア企業として、業務遂行のためにお客様の個人データを収集、使用、共有する必要があります。当社は、このデータが適切に取り扱われ、保護されることを保証する必要があります。

 

このサイトでは、当社の業務にデータ保護がどのように組み込まれているか、また当社のプロセスにおいてお客様のデータがどのように使用されているかについて説明しています。さらに、お客様の権利の行使方法に関する情報もご覧いただけます。

お客様のデータの取り扱いについて

データ保護組織

フレゼニウス カービは中央データ保護コンピテンスセンターを運営しています。このセンターは、ISO 29100(個人識別情報保護のためのプライバシーフレームワーク)に沿ったデータ保護管理フレームワークを構築しています。このコンピテンスセンターは、フレゼニウス カービの全事業体にわたって、調和された一貫性のある個人データ処理方法を実施することを目的としています。データ保護に関する方針、手順、基準を定め、従業員のためのツールやプロセス、研修や啓発資料を提供します。さらに、このセンターはデータ保護に関するあらゆるトピックに関する専門知識を提供します。

 

フレゼニウス カービの各法人におけるデータプライバシーアドバイザーは、コンプライアンスプログラムで現地の経営陣をサポートします。彼らは、さまざまなデータ処理活動のリスクおよびコンプライアンス評価を実施することにより、これを行います。これらの評価により、私たちは「プライバシー・バイ・デザイン」をプロセスとITシステムの設計に組み込むことを目指しています。

 

当社のデータ保護コンプライアンスへの取り組みの監視は、当社のデータ保護責任者が監督しています。

データ保護方針

フレゼニウス カービ グループは、個人データ保護に関する拘束力のある企業規則を採択しました。この規則は欧州のデータ保護当局によって承認されており、個人データ保護の原則を説明し、個人データの収集および使用時にどのように適用するかを定めています。

 

フレゼニウスの拘束力のある企業準則、関連するセキュリティポリシーおよび手順は、当社グループ全体でグローバルに適切かつ均一なレベルのデータ保護を実現することを目的としています。これらの規則は、フレゼニウス カービ各社および世界各地の社内サービスプロバイダー間の社内データ移転に関する規則を定めたものです。

当社のセキュリティ対策

フレゼニウス カービでは、情報セキュリティがお客様、患者様、ビジネスパートナーにとって重要であることを認識しています。フレゼニウス カービは、責任ある管理、適切な使用、そして法令や規制の要求事項および当社の契約に従って当社およびお客様のデータを保護することにより、情報セキュリティの維持に努めています。フレゼニウス カービの情報セキュリティについては、こちらをご覧ください。

データ処理活動の透明性

当社は、さまざまな方法および目的でお客様の個人データを収集し、使用します。当社は、目的を達成するために他の組織と協力しています。以下のセクションで、当社がどのような場合に、どのようにそれを行うかをご覧いただけます。お客様の個人情報に関するご質問、ご要望、お問い合わせ、苦情については、当社までご連絡ください。

当社がお客様のデータを収集する状況


最終更新2024年4月、旧バージョンと差し替え  

当社のウェブサイトには、このデータ保護に関する声明が適用されない外部サイトへのリンクが含まれています。また、当社グループのフレゼニウス カービ事業体の中には、このデータ保護声明とは異なるデータ保護声明を提供しているものもあります。このようなウェブサイトへのアクセスは、そのウェブサイトのデータ保護に関する声明に従うものとします

当社がお客様のデータを収集し使用する理由

当社は、以下の目的のためにお客様のデータを収集し、使用します:

 

  • ウェブサイトをご利用のデバイスに最適化するため
  • お客様に最適なサービスを提供し、ユーザーエクスペリエンスを向上させ、現在または将来のブラウジングセッションにおけるお客様の好みを保存するため。
  • 当社のウェブサイトをさらに改善するため

 

収集するデータとその方法

当社では、以下の方法でお客様のウェブサイト訪問に関するデータを収集します:

当社のウェブサイト、またはクッキーやその他の技術を使用して自動的に

当社は、お客様が当社のウェブサイトを訪問される際に、

以下のインターネットプロトコルデータまたはクッキーデータを収集し、使用します:

 

  • IPアドレスを含むサービスプロバイダー名
  • 当サイトへ誘導したウェブサイト
  • お客様が当社ウェブサイト上で閲覧したページ
  • ウェブブラウザの種類
  • 訪問日と滞在時間
  • 選択した環境設定

すべてのクッキーを受け入れるか、必要なクッキーのみを受け入れるか、または特定のクッキーの使用に関する設定を選択することができます。

クッキーの設定は、常にお客様が使用しているウェブブラウザに関連しており、次に当ウェブサイトを利用する際に別のウェブブラウザを使用した場合、設定は無効となります。また、ウェブブラウザや携帯端末の設定を管理することもできます。ここでは、いつでもご自身の判断でクッキーを削除することができます。

 

当社は、以下の種類のクッキーを使用します:

厳密に必要なクッキー

このタイプのクッキーは、ウェブサイトを機能させるために必要です。クッキーはセッション中にのみ使用されます。クッキーは、ページの読み込みをより速くし、ユーザーからのセッション数を制限してウェブサイトの過負荷を防ぐのに役立ちます。

当社は、当社のウェブサイトにおけるクッキーの使用に同意するか否かのお客様の決定を保存する「クッキー通知」クッキーを使用しています。このクッキーは、利用可能な2つのオプションのいずれかをクリックすると自動的に保存されます。お客様がクッキーを承諾した場合、承諾日から1年間保存されます。当社のクッキーを拒否する場合、お客様の決定は30日間保存されます。この間、クッキー情報のバナーは再度表示されません。

その他の厳密に必要なクッキーは、セッション中も有効で、ブラウザを閉じると自動的に削除されます。

 

機能性クッキー

機能的なクッキーは、機能性の向上や個人的な特徴を提供するために、このウェブサイトを訪問している間の選択や好みを保存します。クッキーは、お客様のログイン状態や再生されたビデオの状態を記憶します。これらは30日間保存されます。

 

分析クッキー

分析クッキーの使用に同意すると、それぞれのクッキーがお客様のデバイスに保存されます。分析クッキーを使用することで、ウェブサイトの使用方法、訪問者が当社ウェブサイトのページを使用する頻度、当社ページからエラーメッセージが表示されるかどうかを分析することができます。この目的のため、お客様のIPアドレスは、下3桁を削除することで仮名化された方法で処理されます。これにより、お客様個人を直接特定することができなくなります。このデータは3年以内に削除いたします。

 

ソーシャルメディア・プラグインを有効にする場合

ソーシャルメディアプロバイダー(Facebook、X、YouTube、LinkedIn、Instagram、WhatsAppなど)のプラグインを有効にすると、ウェブブラウザは各プロバイダーのサーバーに接続し、お客様固有のユーザーデータをこれらのプロバイダーに送信します。

さらに、上記のプロバイダーのソーシャルネットワークにログインしている場合、あなたの活動は同時にこれらのプロバイダーのユーザーアカウントにリンクされることがあります。

お客様のプライバシーを保護するため、弊社は "Shariff "と呼ばれるツールを使用しています。Shariffを使用することで、当社のウェブサイト上の共有プラグインを有効にするかどうか、またいつ有効にするかを決定することができ、そうすることでユーザー特定データのプロバイダーへの転送を開始するかどうかを決定することができます。お客様がShariffを通じてプラグインを有効にした場合のみ、お客様のブラウザは各プロバイダーのサーバーに接続し、ユーザー固有のデータ(以下でさらに言及される)がそのプロバイダーに送信されます。Shariff経由でプラグインを有効にするには、それぞれの共有ボタンのいずれかをクリックします。

 

お客様のデータを収集、使用、共有する法的根拠

当社は、以下の1つまたは複数の法的根拠に基づいてお客様の個人データを処理します:

  • お客様は、意図的な個人データの処理または国際的な転送について、当社に同意を与えています(例:EU第6条1項a、およびGDPR第49条1項a)。これは、厳密には必要でないクッキーの場合や、ソーシャルプラグインを有効にする場合などです
  • ただし、そのような利益が、個人データの保護を必要とするデータ主体の利益または基本的権利および自由によって優先される場合はこの限りではありません(EUのGDPR第6条1項fなど)。
  • これらの正当な利益とは
    • 法的請求の確立、行使または弁護
    • 最適化されたウェブサイトを通じて、当社の製品およびサービスに関する情報を提供するため
お客様のデータの共有先

当社がお客様のデータを共有する相手に記載されている一般的な受信者の他に、お客様がプラグインを有効化した場合、当社はお客様のデータをソーシャルメディアプラットフォームと共有します。

 

フレゼニウス カービは、プラグインを有効化することによって送信されるデータの範囲や種類に影響を及ぼすことはありません。また、更なるデータ処理業務が発生する可能性がありますが、これについても当社は影響を及ぼしません。収集および使用される個人データの範囲、当社がお客様のデータを使用する目的、およびお客様のプライバシーを保護するためのお客様の権利と設定オプション(同意の撤回権を含む)の詳細については、各ソーシャルネットワークのデータ保護に関する声明を参照してください。

Facebook: https://www.facebook.com/about/privacy
X: https://twitter.com/en/privacy
YouTube: https://policies.google.com/privacy
Instagram: https://help.instagram.com/519522125107875
LinkedIn: https://www.linkedin.com/legal/privacy-policy
WhatsApp: https://www.whatsapp.com/legal/

お客様のデータの保持期間

ウェブサイトまたはクッキーを通じて収集された情報

Last updated April 2024, replaced the previous version
 

Why we collect and use your data

We may collect and use your data for the following purposes:

  • to verify if you are a healthcare professional. We do this to comply with laws and regulations relating to the marketing and provision of information about certain medical products and medicines. We also need to verify if you are registered as healthcare professional in the respective country of the website you are visiting, because our products have a different registration status with the health authorities and therefore information may differ from country to country.
  • to enhance your visits to our websites with content relevant to you
  • to tailor and optimize our communications and interactions with you based on your interests
What data we collect and how we do that

We collect your data of in the following ways:

Information we collect via the website

If you create an account or login with your account on our website, the following data may be processed:

  • Name
  • Username and password
  • Healthcare profession number
  • Professional email address
  • Country
  • Zip code
  • Profession, therapeutic area and specialty you are working in
  • Title, Gender
  • Your employers name and address
  • Date and time your account was created
  • The website your account was first enabled
  • Logfiles, containing information date and time you logged into or out a Fresenius website, the pages visited on our websites
Information we collect from other organizations

We may process data that is provided to us by contracted service providers, or obtained from publicly accessible sources, including official registers of healthcare professionals or data brokers which provide information about healthcare professionals. This may include:

  • Healthcare profession number
  • Professional email address
  • Country
  • Zip code
  • Profession, therapeutic area and specialty you are working in
  • Your employers name and address
Profiling and automated decision making

To tailor and optimize our communications, we create a profile of you. These are based on your profession, therapeutic area and specialty you are working in and the interactions on our website and used to tailor and optimize our communications and interactions with you.

An automated decision making (e.g., in the EU Art. 22 GDPR) occurs to fulfill our obligation to not market the use of medical products for human use to the general public. We therefore verify if you are a healthcare professional. This is done based on information obtained from official publicly available sources and/or external data brokers. If you are not recognized as a healthcare professional, you cannot access all information on such restricted areas of our website.

Legal basis to collect, use and share your data

We process your personal data on one or more of the following legal bases:

  • The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR). More specifically the legal obligations in relation to the marketing and provision of information about certain medical products and medicines for which we need to verify if you are a healthcare professional. Furthermore, the status of registration of certain products with the health authorities differs from country to country and must therefore be adapted per country.
  • You have given us your consent for the intended processing or transfer of your personal data, (e.g., in the EU Art. 6.1 a, and Art. 49.1 a GDPR). This is the case if you create or use a login from another party such as your account from Acxiom, DocCheck, IQVIA and/or Veeva.
  • The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR). These legitimate interests are:
    • The establishment, exercise or defense of legal claims
    • To provide information on our products and service via a working and optimized website
    • To obtain insights in the visitors of our website and their interests.
Requirements to provide personal data

Your personal data is required to make the website accessible to you. If you do not provide the personal data marked as compulsory during the account creation or login, you may not be able to access all information available on such restricted areas of our website.

How long we retain your data

Your credentials are stored for 2 years after your last login.

Your logfiles are stored for 13 months.

Last updated April 2024, replaced the previous version
 

Why we collect and use your data

We collect and use data you actively provided to us. For instance, when filling in online forms or when contacting us by other means of communication such as e-mail, telephone or mail. We may do this:

  • To validate, handle and respond to you based upon your inquiry or request
  • To fulfill our compliance requirements under pharmacovigilance and medicines laws.
What data we collect and how we do that

We collect the information you provide to us, which may include the following data:

  • Name
  • Gender
  • Contact and address information (e.g., address data, email address, phone number, fax number)
  • Country of residence
  • Organization / Company
  • Profession
  • Type of request and possible further information for the purpose of responding to your inquiry
Legal basis to collect, use and share your data

We process your personal data on one or more of the following legal bases:

  • The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR). More specifically legal obligations in relation to requirements under pharmacovigilance and medicines laws.
  • The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR). These legitimate interests are:
    • To validate, handle and respond to you based upon your inquiry or request
    • The establishment, exercise or defense of legal claims
    • To provide information on our products and service.
Requirements to provide personal data

Your contact details are required to be able to provide you an answer to your request.

How long we retain your data

Your contact details will be stored for up to six months after the inquiry has been completed unless legal obligation exists to retain data for a longer duration, which is the case if you report or are you mentioned in an adverse event or reaction associated with the use of medicinal products and safety of medical devices (vigilance).

Last updated April 2024, replaced the previous version
 

Why we collect and use your data

As our valued commercial prospect, client, vendor, interested business contact or otherwise representative of an organization we interact with (business contact), we may collect and use certain personal data from you. Depending on the business relationship we have with you and/or the organization you are working for, we may collect and use your data for the following purposes:

  • Asses a potential business relationship and/or maintaining our business relationship with you or the organization you are working for (including customer relationship management, supplier management, investor relations management, and business partner qualification)
  • Vendor assessment and qualification (e.g., whether you and your organization meet certain quality and certification requirements)
  • Procurement of products and services from you or the organization you are working for
  • Exchange of information related to existing contracts or potential future contracts with you or the organization you are working for
  • Fulfill our contract with the organization you are working for, including the enforcement of any rights we may have under such contract
  • Termination of contracts and agreements
  • Fulfillment of compliance requirements related to a business transaction (e.g., conflict checks, business partner due diligence, sanction list screening, anti-money laundering laws, secure supply chain requirements, customs and export law requirements, tracing requirements for products)
  • Manufacture and quality management of products
  • Provide and deliver products and services
  • Marketing (e.g., informing you about products and services or related information)
  • Carry out surveys to understand customer requirements in more detail
  • Relationship administration and key account management including external communication and public relationship
  • Assess and categorize which specific business needs match best with your abilities (e.g., when we look for a key opinion leader in a certain field or for specific products, the extent you belong to the group of scientific input providers, based on scientific or professional experience) or if you can influence in your professional capacity, the use, purchase, ordering, prescribing or recommendation of Fresenius Kabi products, or affect tender decisions, formulary placement, award status or other preferential or qualifying status of Fresenius Kabi products in accordance with applicable law
  • Finance and accounting, invoicing, payment collection and reporting
  • Assess your company’s financial solvency and credit risk
  • Assess potential investments in Fresenius shares, a potential acquisition, divestiture or joint venture transaction with us or any Fresenius Kabi affiliate
  • Improve our products and services
  • Organize, secure and improve internal processes including communication, administration, research and IT
  • Develop, provide, support and maintain IT infrastructure and solutions
  • Security analysis of our IT systems, to protect the confidentiality, availability, integrity of the data and systems
  • Facilitate mergers, acquisitions and re-organizations.
What data we collect and how we do that

We collect and use your personal data in the following ways:

Information you provide to us

We may collect your personal data when you contact us, order our products and services or enter into a contract with us for the supply of goods and services. Such personal data include:

  • First and last name
  • Gender
  • Contact and address information, including address, e-mail address, phone number, fax number
  • Country of residence
  • Role and function in your organization
  • Your areas of expertise
  • Your profession and qualifications
  • Information on the kind of a relationship you have with Fresenius Kabi
  • Employer name and employer address
  • Contact preferences
Information we collect from other organizations

We may process data that is provided to us by contracted service providers, by competent authorities or obtained from publicly accessible trade registers or trade associations and other publicly available sources, including rating agencies, financial solvency, risk information and financial service agencies and institutions, government or supranational agencies, in particular tender authorities or procurement agencies, data brokers, websites, blogs and printed media. Such personal data may include:

  • First and last name
  • Contact and address information (e.g., address, e-mail address, phone number, fax number)
  • Organization / Company
  • Your organization’s bank accounts
  • Your profession and qualifications
  • Professional identifiers
  • Organizational details, affiliation details of your company
  • Certifications and quality statements issued by your organization’s officers, representatives or auditors
  • Percentage of shares held
  • Details related to public filings, trade registers and professional boards
  • Details related to published transactions of your organization including tenders and financial arrangements
  • Details related to specially designated nationals or blocked persons lists
  • Previous interactions with Fresenius Kabi and any of our subsidiaries.
Profiling and automated decision making

An automated decision making (e.g., in the EU Art. 22 GDPR) occurs according to our obligation to conduct a sanction-control-procedure. Within this procedure we check if you, or your organization is listed on an official published sanctions list applicable to the business transaction or relation you have with us. This is necessary for entering into, or performance of, a contract between you and us. The consequence of this can be the refusal to enter into a contractual relationship with you.

We create profiles in our systems, that enable us to assess and categorize which specific business needs match best with your abilities (e.g. when we look for a key opinion leader in a certain field or for specific products, the extent you belong to the group of scientific input providers, based on scientific or professional experience) or if you can, in your professional capacity, influence the use, purchase, ordering, prescribing or recommendation of Fresenius Kabi products, or affect tender decisions, formulary placement, award status or other preferential or qualifying status of Fresenius Kabi products in accordance with applicable law

Legal basis to collect, use and share your data

Depending on the business contact we have with you and the purposes we collect and use your data, we process your personal data on one or more of the following legal bases:

  • The processing of your personal data is necessary for the performance of a contract (to be) concluded between you and us (e.g., in the EU Art. 6.1 b GDPR)
  • The processing of your personal data is necessary for us to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR). More specifically we are obliged to comply with laws on anti-money laundering, customs and export, secure supply chain requirements, product tracing requirements, statutory disclosure and notification requirements or similar compliance requirements that might require us to process certain of your personal data
  • The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR). These legitimate interests are:
    • Investigate your interests for a potential business relationship and/or maintaining our business relationship with you or the organization you are working for
    • Fulfilling our contract with the organization you are working for, including the enforcement of any rights we may have under such contract
    • Gather information and knowledge management related to the interests in and satisfaction about internal processes, products and services
    • Development, optimization and improvement of our products and services
    • Optimization of internal communication
    • Optimization of administration
    • Carrying out research work
    • Organizational management
    • Risk Management: safeguarding against e.g., financial / reputational risks
    • Maintenance of the IT infrastructure, IT security, guarantee of IT support and the detection and correction of errors
    • Complying with legal requirements outside the EEA
    • Establishment, exercise or defense of legal claims.
Requirements to provide personal data

You may need to provide your personal data to us for the purpose of fulfilling a contract with you or the organization you are working for, e.g., we might need your contact details if you are our business contact at a supplier. If you do not provide your personal data, we might not be able to enter into the respective contractual relationship.

With whom we share your data

Besides the general recipients as mentioned under With Whom We Share Your Data, we collaborate with professional data and analytics providers such as IQVIA, Veeva, CDQ and Acxiom to achieve our purposes.

How long we retain your data

We store your personal data for one of the following periods of time:

  • Until the purpose of the data collecting and using is fulfilled, e.g. for the term of the contractual relationship with you or the organization you are working for. The exact period depends on the organization you are working for and your position in the company.
  • As long as we have a duty to retain the data in line with applicable laws (e.g., because we are obliged to store the data for tax purposes)
  • If longer retention periods apply after the time periods listed above (e.g., because we are obliged to store the data for tax purposes or civil or criminal proceedings where initiated) our aim also includes that the data will be blocked until the end of the respective retention period and then erased.

Last updated April 2024, replaced the previous version

Why we collect and use your data

We may collect and use your data for the following purposes:

  • Execute the contract with you, including value transfers (such as payments and expenses), communication with you and the arrangement of hospitality and other facilities
  • Maintain a database of HCPs with whom we already collaborated and/or may collaborate in the future
  • Assess and categorize which specific business needs match best with your abilities (e.g., when we look for a key opinion leader in a certain field or for specific products, the extent you belong to the group of scientific input providers, based on scientific or professional experience)
  • Best practice sharing internally and externally
  • Disclosure of value transfers to you if you have given us your consent or if we are legally required to disclose such transfers
  • Fulfillment of our compliance requirements, e.g. from anti-corruption laws, anti-money laundering laws and other laws on economic crime, regulatory and pharmacovigilance and medicines laws, as well as disclosure obligations resulting from applicable laws and self-regulatory codes of conduct as a result of our membership in trade associations
What data we collect and how we do that

We may collect and use your personal data in the following ways:

Information you provide to us

We collect your personal data depending on the different types of interaction you have with us. Such personal data may include:

  • First and last name
  • Gender
  • Contact and address information, including address, e-mail address, phone number, fax number
  • Country of residence
  • Curriculum vitae information, including information on your professional experience, your engagement with us and other companies, events you attended, publications, organizations you worked for
  • Pictures of you
  • Audio-visual recordings of your voice, appearance and statements, if a presentation of yours is recorded and this has been agreed
  • Your areas of expertise and your areas of professional interest as an HCP
  • Information on payments made and benefits granted to you (transfers of value)
  • Your bank account number
  • Your tax identification number
  • Contract entered between you and us
Information we collect from publicly available sources

Before we enter in an interaction with you, we may collect information about you and your professional experience from publicly available sources, such as the internet, social media platforms, sanction lists and other online and print publications. Such data includes:

  • First and last name
  • Contact information
  • Country of residence
  • Curriculum vitae information, including information on your professional experience, your engagement with other companies, events you attended, publications etc.
  • Business address
  • Pictures and audio-visual recordings of you
Legal Basis for Processing Your Data

Depending on the business contact we have with you and the purposes we collect and use your data, we process your personal data on one or more of the following legal bases:

  • The processing of your personal data is necessary for the performance of a contract (to be) concluded between you and us (e.g., in the EU Art. 6.1 b, GDPR)
  • The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR). More specifically we 
    • are obliged to comply with national and, if applicable, international laws and regulations relating to the fight against corruption, anti-money laundering anti-terrorism financing and other economic crime. 
    • have to assess the appropriateness of the remuneration and other payments made and other support granted to you and are subject to certain documentation, publication and reporting obligations and therefore, can be obliged to disclose the remuneration paid or other support in kind availed to you as a speaker or other service provider, to your employer or to competent regulatory authorities, criminal prosecutors and other recipients responsible for the implementation of transparency rules upon request, or make such payments and in kind support available publicly. This includes particularly documentation, disclosure and reporting obligations in connection with medicines, medical devices and healthcare regulations, transparency laws, laws on anti-money laundering and self-regulatory regimes such as industry and patient codes
  • The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (e.g., in the EU Art. 6.1 f, GDPR). These legitimate interests are:
    • Maintenance of a database that contains all HCPs with whom we already collaborated or may collaborate in the future, to manage the interactions with you and other HCPs
    • Establishment, exercise or defense of legal claims
  • You have given us your consent for the intended processing of your personal data (e.g., in the EU Art. 6.1 a GDPR), e.g., for disclosing value transfers made to you, if not legally required or for publishing your photo or audiovisual recordings, if not contractually agreed.
Requirements to provide personal data

Your personal data is required to enter into and/or perform the respective interaction with you. If you do not provide your personal data, we may be required to refrain from entering into an interaction with you, as we could be unable to meet our due diligence and disclosure requirements under applicable laws and self-regulatory codes.

With whom we share your data

Besides the general recipients as mentioned under With Whom We Share Your Data, we also share your data with:

  • The general public, to the extent we are obliged to publicly disclose payments made to you and other benefits provided to you, e.g., meals, travel and accommodation as well as other hospitality. Where there is no statutory legal basis for public disclosure including the identity of the recipient, you may choose to withhold or withdraw your consent to such disclosure, and we would then disclose the payments and benefits on an anonymous aggregated basis
How Long We Retain Your Data

The personal data related to the publication of value transfers will be deleted 3 years at the end of the calendar year from publication. Your interactions with us will be deleted ten years after the completion of the last interaction with you, unless we are legally required to retain the data. 

Last updated April 2024, replaced the previous version

Why we collect and use your data

The quality and safety of Fresenius Kabi’s products (e.g., drugs, enteral nutrition, medical devices), services and therapies are of paramount importance. Our interactions with patients using our products do not end with the supply of products or the provision of services but involve the monitoring and analysis of applicability, effectiveness and safety for patients of our products on the market. The gained insights are the basis for identifying opportunities for continuous improvement of products and services. Therefore, Fresenius Kabi monitors and evaluates relevant information and feedback on the products, services and therapies during its use and where necessary reports these to health authorities.

The monitoring of adverse reactions or events (side effects) associated with the use of medicinal products is referred to as pharmacovigilance (drug safety). The statutory pharmacovigilance commitments relate to our medicinal products for human use. Similar regulations exist for medical devices.

With the help of our vigilance activities, Fresenius Kabi ensures that the patients’ safety of its products is always guaranteed, and that Fresenius Kabi is enabled to identify any changes in the benefit-risk-ratio at an early stage and react in a timely manner.

What data we collect and how we do that

We may collect and use your personal data in the following ways:

Information you provide to us, we collect from other organizations or from publicly available sources

We collect and use the data:

  • you provide directly to us (e.g., via phone, letter or webform), as patient using our products 
  • as reporter of adverse reactions or events 
  • as reported and published on publicly available sources such as social media and internet forums, literature or other reports we became aware of
  • as provided to us by healthcare organizations or organizations otherwise involved in the provision of care such as hospitals, our distributors and resellers or universities.

The exact amount and kind of data depends on the information submitted to us or the information that is published, posted or shared. Such data includes:

  • Information identifying the patient (potentially including first and last name, date of birth, gender)
    • Medical history and other characteristics including laboratory data, pregnancy, weight, height and age
    • Measures and treatment of adverse reactions and events
  • Information identifying the reporter or on the primary source of the data for potential follow-up requests
    • First and last name
    • Contact and address information (e.g., address, e-mail address, social media account name, phone number)
    • Signature (in case you report on behalf of a healthcare provider) 
  • Information on the adverse reactions and events or other information on the safety of our products
    • Description of the adverse reactions and events related data including start, stop, duration
    • Drug/active substance related data including dosage, application, suspected causality indication and duration of treatment
    • Medical device related data including application, and malfunctioning
    • Seriousness criteria of reaction such as death, life threatening, hospitalization or prolonged hospitalization, permanent injury or disability, important medical event
    • Outcome of reactions.
Legal Basis for Processing Your Data

We process your personal data on the following legal basis:

  • The processing of your personal data is necessary for reasons of public interest (e.g., in Europe Art. 6.1 e Art. 9.2 i GDPR) in the area of public health to ensure high standards of quality and safety of medicinal products and devices based on law. These laws include inter alia Section 63c of the German Medicines Act and Article 24 of Regulation (EC) No. 726/2004.
  • You have given us your consent for the intended processing (e.g., in Europe Art. 6.1 a GDPR and Art. 9.2 a GDPR) which can be the case if you participate in a clinical trial or research study)
  • The processing relates to personal data which is manifestly made public by you (e.g., in Europe Art. 9.2 e GDPR) which is e.g. the case if you publish it on social media
  • The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in Europe Art. 6.1 f GDPR). This legitimate interest is explained under ‘Why we collect and use your data'
  • The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in Europe Art. 6.1 c GDPR and Art. EU 9.2 i GDPR). More specifically we are obliged to have post market surveillance based on Regulation (EU) No 1235/2010 and Directive 2010/84/EU concerning the pharmacovigilance of medicinal products for human use. See also Commission Implementing Regulation No 520/2012 of 19 June 2012 and the European Medicines Agency (EMA) Guidelines on Good Pharmacovigilance Practices (GVP). Furthermore, legal obligations arise as part of a clinical trial, see Regulation (EU) No 536/2014 and as part of medical device regulations EU 745/2017 and 746/2017.
Requirements to provide personal data

If you do not provide all necessary personal data, we might not be able to respond or process your report properly because we cannot comply with the legal requirements as listed above.

How Long We Retain Your Data

Fresenius Kabi only stores personal data that is required to be compliant with the current legislation in our global safety databases. 

  • For events related to medicinal products / Drugs, the data will be kept for 10 years after the marketing authorization has ceased to exist or 5 years after the completion of formal discontinuation of the last clinical trial. 
  • For events related to medical devices the data will be kept for 10 years after the last device has been placed on the market (15 years for implantable devices). 
  • Complaint related documentation related to our products the data will be kept for 30 years after closing. 

Last updated April 2024, replaced the previous version
 

Why we collect and use your data

We collect and use your data to validate, handle and respond to your request, and to fulfill our accountability requirements arising from the General Data Protection Regulation or other data protection legislations.

What data we collect and how we do that
Information you provide to us 

We collect and use the data you provide to us. The exact amount and kind of data depends on what information you include in your request and what type of request you submit. Such data includes:

  • First and last name
  • Academic title
  • Gender
  • Contact and address information (e.g., address, e-mail address, phone number, fax number)
  • Country of residence
  • Information on your relationship with Fresenius Kabi and its entities
  • Your request
  • Data needed to identify yourself
Legal Basis for Processing Your Data

We process your personal data on one or more of the following legal bases:

  • The processing of your personal data is necessary for us in order to comply with a legal obligation, we are subject to (e.g., in Europe Art. 6.1 c GDPR). We are legally obliged to respond to your request and to process your personal data accordingly. More specifically, in Europe legal obligations in relation to requirements under the General Data Protection Regulation (Regulation (EU) 2016/679).
  • The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in Europe Art. 6.1 f GDPR). More specifically, these legitimate interests are the establishment, exercise or defense of legal claims
  • The processing is necessary for the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity (e.g., in Europe Art. 9.2 f GDPR)
Requirements to provide personal data

If you do not provide all necessary personal data, we may not be able to respond to or properly process your request.

How Long We Retain Your Data

We store your personal data until we have responded to your request. Afterwards, the respective personal data shall be blocked (i.e., we block your data for all other purposes) until the end of the respective statute of limitation for corresponding legal claims. After the end of this status of limitation (after four years), your data will be erased entirely.

If longer retention periods apply after the time periods listed above (e.g., because we are obliged to store the data for tax purposes or civil or criminal proceedings where initiated) our aim also includes that the data will be blocked until the end of the respective retention period and then erased.

Last updated April 2024, replaced the previous version
 

Why we collect and use your data

We may collect data about you for the following purposes:

  • to answer your inquiries you sent to us by direct message
  • to follow up and report on posted adverse events
  • follow up on any hate speech or other statements that allegedly threatens our employees, organization, our brand or reputation
  • to gain insights in our and your online presence and standing
  • to adapt our online presence with the respective platform or network to best suit the preferences and interests of its users
  • to provide advertisements to targeted groups
What data we collect and how we do that

We may collect and use your personal data in the following ways:

Information you post

We collect information you post about us, our brands, our employees, our markets, our products and services or otherwise affects us. This may include: 

  • Your name as selected by you for your social media user account, including your picture and profile description/bio
  • The content of your published posts
  • The content of your direct messages
Information obtained from social media providers

We collect information from social media providers which they collect when you use their platforms and they provide to us. This may include: 

  • your profile as determined by the social media provider, which can include:
    • Geography
    • Interests
    • Gender
    • The industry you are working in
    • Age groups
    • Values
    • Channels
Legal basis to collect, use and share your data

We process your personal data on one or more of the following legal bases:

  • The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR). More specifically legal obligations in relation to requirements under pharmacovigilance and medicines laws. These include inter alia Section 63c of the German Medicines Act and Article 24 of Regulation (EC) No. 726/2004.
  • The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR). These legitimate interests are:
    • To validate, handle and respond to you based upon your inquiry or request
    • To provide information on our products and service
    • To provide an adequate online presence which meets the demands of the users
    • To protect our employees, organization, brands and reputation
  • The processing relates to personal data which is manifestly made public by you (e.g., in Europe Art. 9.2 e GDPR)
With whom we share your data

Besides the general recipients as mentioned under With Whom We Share Your Data, we share your data with social media platform providers. These providers are responsible as Controller for the data they receive.

Responsibility regarding Facebook and Instagram

Please be aware that for obtaining the insights in your online presence, Fresenius Kabi is jointly with Facebook, controller of the activities. For all other processing of personal data related to Facebook and Instagram, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is the responsible controller.

You can find information on respective processing of personal data regarding Facebook here: https://facebook.com/about/privacy

You can find information on respective processing of personal data regarding Instagram here: https://help.instagram.com/519522125107875

Responsibility regarding X (formerly Twitter)

For all processing of personal data related to Twitter, Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07 Ireland, is the responsible controller.

You can find information on respective processing of personal data here: https://twitter.com/en/privacy

Responsibility regarding LinkedIn

For all processing of personal data related to LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, is the responsible controller.

You can find information on respective processing of personal data here: https://linkedin.com/legal/privacy-policy

Responsibility regarding YouTube

For all processing of personal data related to YouTube, Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA, is the responsible controller.

You can find information on respective processing of personal data here: https://policies.google.com/privacy?hl=en

How Long We Retain Your Data

We store your data for as long as it is necessary to answer your inquiry. So, until you receive the last relevant message from us to answer your query, plus a 6-month transition period so that we can respond if you have any further or follow-up questions. If your post or you are mentioned in a post that relates to an adverse event or reaction associated with the use of medicinal products and safety of medical devices (vigilance), we store the information longer.

お客様のデータの共有先

上記のすべての状況において、当社は目的を達成するために他の組織と協力します。そのため、お客様の個人データの一部または全部を他の組織に送信することがあります。

 

上記の特定の状況における特定の受取人とは別に、そのような受取人は以下の通りである:

  • その他 Fresenius Kabi Group companies
  • その他Fresenius Group Companies
  • 当社に代わって個人データを処理し(ホスティングやメンテナンスサービスなど)、その処理に関して当社の指示に従わなければならないサービスプロバイダー;
  • 適用される法律、規制、法的手続き、または強制力のある政府からの要請を満たすために必要な場合、当局、裁判所、および/または当事者、またはその委任機関。
  • 税務アドバイザー、会計監査人、弁護士、保険会社、銀行、その他事業展開国における外部専門アドバイザーなどの専門アドバイザーまたは監査人
  • 所有者の変更、合併、買収、資産の売却が行われた場合の他の事業体

国際データ転送

当社は、お客様の個人データの一部または全部を、他の国の上記の受取人に送信することがあります。これらの国のいくつかについては、欧州委員会、またはお客様の国のそれぞれの立法者または当局が、お客様の国のデータ保護水準に見合う適切なデータ保護水準を定めています。

 

欧州委員会は、フレゼニウス社の事業体が所在する以下の国/国際機関に対し、これを行った:アルゼンチン、カナダ、日本、韓国、英国、ニュージーランド、スイス、ウルグアイ。

 

それぞれの立法者または当局が、お客様の国のデータ保護水準に見合う適切なデータ保護水準が存在すると決定していない国については、EUまたはお客様の国のデータ保護水準に最低限見合う程度にお客様の個人データを保護するための保護措置を講じています。

 

これらのセーフガードとは

  • 社内でのデータ交換:管理者のための拘束力のある企業規則
  • 当社のサービスプロバイダーおよびその他の国際機関とのデータ交換のため:欧州委員会が発行した標準契約条項、および/または該当する他の当局や立法機関が発行した標準契約条項。

これらの標準契約条項および当社の拘束力のある企業準則のコピーは、オンラインで、またはご要望に応じて入手することができます。

個人データ処理活動の変更

当社によるお客様のデータの収集および使用は時間の経過とともに変化する可能性があるため、当社のデータ処理慣行を正しく反映させるために、本サイトの情報を随時更新することがあります。当サイトの情報を随時確認することをお勧めします。以前のバージョンは、当社がお客様のデータを収集するさまざまな状況のセクションの下にあるリンクから入手できます。

お客様のデータに関するご連絡、ご要望、お問い合わせ、苦情について

当社がお客様のデータを収集し使用するすべての状況について、以下の情報が適用されます。

コントローラーコンタクト

フレゼニウス カービ グループを代表する、お客様の個人情報の管理者または指定責任者は以下の通りです:

Fresenius Kabi AG
Else-Kröner-Straße 1
61352 Bad Homburg
Germany
General Contact Form

ご要望・お問い合わせ

このデータ保護に関するお問合わせフォームを使用することで、情報を要求し、権利を実行することができます。データ保護法に基づいて適用される場合、お客様は要求する権利を有します:

  • 当社がお客様の個人データを処理するかどうかの確認
  • 個人データへのアクセスまたはそのコピーお客様は、処理の目的、関係する個人データのカテゴリー、受領者、保存期間、自動意思決定の有無などに関する情報へのアクセス/受領を求めることができます。
  • 個人データが不完全または不正確である場合の修正
  • 法的保持義務などにより、お客様の個人データを保持する必要がある場合を除き、お客様の個人データを削除
  • 個人データの正確性に異議がある場合、または処理が違法である場合(追求された目的のためにもはや必要でない場合)、お客様の個人データの処理を制限
  • 以下の条件を満たす場合、お客様のデータを、一般的に使用され、機械で読み取り可能な形式で、別の組織にデータポータビリティ
    • 本人から提供された個人情報
    • 本人の同意または本人との契約に基づく処理
    • 処理は自動化された手段によって実行
  • お客様の状況に特有の理由による処理、またはダイレクトマーケティングおよびプロファイリングに異議を唱える
  • 以前に付与された同意はいつでも撤回または取り消すことができます。お客様は、すべての処理またはお客様が選択した個別の目的に対する同意を撤回することができます。同意の撤回が、撤回前の同意に基づく処理の適法性に影響を及ぼすことはありません。
    • 法的または類似の重大な影響をお客様にもたらす可能性のある自動意思決定(プロファイリングを含む)の対象とならないこと:
    • お客様とフレゼニウス カービとの間の契約の締結または履行のために必要な場合 お客様の明示的な同意に基づく場合

お客様がリクエストを提出された場合、当社のデータ保護組織は、お客様の身元を確認し、お客様のリクエストを明確にするために、追加情報を求めてお客様に連絡することがあります。当社では、明らかに根拠がない、または過剰な要求でない限り、情報を無料で提供します。そのような場合、当社は手数料を請求することがあります。

 

弊社は、4週間以内にお客様のご要望にお答えすることを目指します。法律で認められる範囲内で、この期間を延長する権利を留保し、その場合はお客様にお知らせいたします。処理状況についてのお問い合わせはご遠慮ください。

 

このフォームに記載されている以外のフレゼニウス カービ事業体にリクエストを送信する場合は、それぞれの事業体が所在する国のウェブサイトをご覧ください。ウェブアドレスはこちらをご覧ください。

 

当社がお客様の個人データをどのように取り扱うかについての詳細は、「データ対象者のリクエストを提出する場合」の情報をお読みください。


*印は必須項目です。ご記入がない場合、ご依頼を処理することができません。  

個人情報

苦情

お客様は、当社のデータ保護責任者、当社のコンプライアンス・ホットライン、またはデータ保護当局に対し、当社の個人データ管理方法について苦情を申し立てる権利を有します。これらの連絡先は以下の通りです:

データ保護責任者:

Fresenius Kabi AG
Data Protection Officer
Else-Kröner-Straße 1
61352 Bad Homburg
Germany
E-mail: dataprotectionofficer@fresenius-kabi.com

データ保護局:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Presse- und Öffentlichkeitsarbeit
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Germany