Ipsen understands the importance of the privacy and the personal data protection.
Ipsen is committed to ensure an adequate level of data protection for all persons with whom Ipsen interacts in accordance with applicable privacy and data protection laws, including the European Union General Data Protection Regulation (GDPR), and any other applicable local laws that regulate the storage, processing, access and transfer of personal data.
This includes, in particular:
• Healthcare professionals;
• Job applicants;
• Participants in clinical trials and researches;
• Patients and their relatives;
• Representatives of Ipsen’s contractors and business partners;
• Representatives of the scientific community etc;
• Users of Ipsen’s products and services;
• Websites and apps’ users.
If necessary, specific privacy notices (“Privacy Notice”) and/or consent forms will be communicated to you regarding specific situations where Ipsen may process your Personal Data in order to describe in more detail how your Personal Data will be processed in relation with the processing in question.
For the purposes of this Policy Ipsen is considered as the Data Controller of your Personal Data.
In order to comply with any new regulation, this Policy may periodically be modified without prior notification.
The objective of this Policy is to help you understand:
• Categories of Personal Data Processed: what types of Personal Data may be processed;
• The purposes: the reasons for which your Personal Data will be processed;
• Legal basis: on which legal basis does Ipsen process your data;
• Personal Data recipients: the authorised parties that can access to your Personal Data;
• Personal Data Transfers: from where Ipsen and its authorised parties may process your Personal Data;
• Security: how your Personal Data is protected;
• Term of retention of Personal Data: how long your Personal Data will be processed;
• Your rights: what your rights are and how you can exercise them;
• How to contact us.
Categories of Personal Data Processed
Ipsen may process the following types of Personal Data:
• Identification data (e.g. name, place of birth, date of birth, gender);
• Employment Information (e.g. job title, professional email, academic information, education);
• Economic, administrative and financial data (e.g. bank account number, social security number, travel expenses);
• Connection Data (e.g. IP address, Cookies, logging data);
• Special categories of Personal Data may be processed too (e.g. Health data).
Ipsen collects your Personal Data from different sources:
Data that is collected directly from you: Through various media, through registrations, applications surveys or direct and indirect interactions with Ipsen.
For example, data you provide to register to scientific events sponsored by Ipsen, to submit an online application, to send us a request for information, etc.
Data that is collected automatically: When following your interactions with our websites, platforms, applications and services through certain technologies, such as cookies:
Data that is collected in accordance with applicable law from public sources available:
including data that is published by you in all supports.
Data that is collected legally from third parties: For example, when we may need to confirm contact or financial information or to verify licensure of healthcare professionals.
Regarding children Personal Data
Following applicable laws, Ipsen may collect Personal Data about children with the consent of their parents or guardians for the provision of its services such as clinical activities or for patient support programs, Ipsen do not otherwise knowingly solicit Personal Data from, or market to, children.
If a parent or guardian becomes aware that her or his child has provided Ipsen with personal information, she or he should contact Ipsen as described below. Ipsen will take steps to delete such information from our database in accordance with applicable legal requirements.
Ipsen collects your Personal Data for the following purposes:
Communicate with you:
Respond to your requests or inquiries;
Supply support for products and services;
Provide you with important information, administrative information, required notices, and promotional materials;
Send you news and information about our products, our services, our brands, our operations; Organize and manage professional events and congresses, including your participation to such events.
Identify or authenticate you:
Provide or verify your credentials including via passwords, password hints, security information and questions, government-issued ID or passport, healthcare professional number.
Carry out our business operations:
Perform marketing and sales;
To keep track of our interactions and meetings, such as when you contact us for information and support;
Respond to your requests or inquiries.
Carry out the purposes of human resources:
Comply with legal or regulatory obligations that apply to Ipsen:
Manage adverse events;
Realise prevention and investigatory activities;
Perform administrative formalities, registration, declarations or audits.
Conduct research and development:
Perform studies, registries and trials;
Manage and validate the recruitment and participation of individuals to studies, trials and other operations;
Analyse demographic data;
Carry out market or consumer studies;
Offer special programs, activities, trials, events or promotions via our services.
Improve and develop our products and services:
Identify usage trends to develop new products and services;
Understand how you and your device interacts with our services;
Determine the effectiveness of our promotional campaigns, conduct surveys;
Track and respond to safety concerns.
Offer donations and sponsorships;
Personalise your experience when using our services:
Ensure that our services are presented appropriately and effectively to you;
Understand your professional and personal interests in our content, products and services or other content and adapt our content to your needs and preferences;
Present you products and offers tailored to you.
Protect our rights and interests:
Protect the health, safety, and security of Ipsen personnel and premises;
Realise internal audits, asset management, system and other business controls;
Manage business administration (finance and accounting, fraud monitoring and prevention); Maintain the security of our services and operations;
Protect our rights, privacy, safety or property, to allow us to pursue available remedies or limit the damages that we may incur as necessary;
To protect ourselves against possible fraudulent actions.
Provide patient support:
Healthcare support services, patient engagement and prescription information;
Provide you access to online services, application, platforms and websites:
Manage your online accounts;
Perform website analytics and measure website performance;
Personalize your experience;
Track and monitor adverse events and other activities related to pharmacovigilance;
Maintain the Website, including for security purposes.
Respond to legal requests from administrative or judicial authorities, in accordance with applicable laws.
Ipsen will process your Personal Data on either one of the following legal basis:
Your prior consent:
Where you have clearly expressed your approval of Ipsen’s processing of your Personal Data.
In practice, this will generally mean that Ipsen will ask you to sign a document, or to fill-in an online “opt-in” form or to follow any relevant procedure to allow you to be fully informed and then either clearly accept or refuse the data processing envisaged.
Contractual relationship between you and Ipsen:
In such case, the processing of your Personal Data is generally necessary to the execution or the performance of the contract.
Legal obligations applicable to Ipsen’s activities:
Ipsen is required to implement pharmacovigilance procedures to monitor adverse effects of marketed products, which generally involves the collection and retention of Personal Data.
The legitimate interest of Ipsen in the sense of applicable data protection law:
In such a case, Ipsen shall consider your fundamental rights and interests in determining whether the processing is legitimate and lawful.
Personal Data recipients
For the purposes described above, Ipsen may need to share your Personal Data with the authorised third parties such as Ipsen’s affiliates and Ipsen’s partners as well as with the selected suppliers, service providers or vendors acting upon Ipsen instructions. Also, Ipsen may need to share your Personal Data with the legal or administrative authorities as required by applicable laws.
In any case, Ipsen will require that such third parties:
• Commit to comply with data protection laws and the principles of this Policy;
• Only process the Personal Data for the purposes described in this Policy and under Ipsen’s instructions;
• Implement appropriate technical and organizational security measures to protect your Personal Data.
Personal Data Transfers
Ipsen is a global biopharmaceutical group with affiliates, partners and subcontractors located in many countries around the world.
For that reason, Ipsen may need to transfer your Personal Data in other jurisdictions, including from the European Economic Area to outside the European Economic Area, in countries which may not be regarded as providing the same level of protection as the jurisdiction you are based in.
In cases that Ipsen needs to transfer Personal Data outside the European Union, it shall ensure that adequate safeguards, as required under applicable data protection legislation, will be implemented (including, notably, the European Commission’s Standard Contractual Clauses, as applicable).
Ipsen has implemented a variety of technological and organizational procedures and measures to ensure the integrity and confidentiality of your Personal Data from unauthorized access, use and disclosure, so that your Personal Data will be stored on secure servers and maintained strictly confidential.
Term of retention of Personal Data
Ipsen will retain your Personal Data only for the period necessary to achieve the purposes specified in this Policy.
As an exception, Ipsen may be required to retain your Personal Data for longer periods as required or permitted by law, or as necessary to protect its rights and interests.
In such a case, you will be informed of the intended retention period in the applicable Privacy Notice.
You have the following rights regarding your Personal Data depending on the circumstances and applicable legislation:
|Right||What does this mean?|
|a. The right of access||You have the right to obtain access to the information processed by Ipsen.|
|b. The right to rectification||You are entitled to have your information corrected if it is inaccurate or incomplete.|
|c. The right to erasure||This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for Ipsen to keep using it. This is not a general right to erasure; there are exceptions.|
|d. The right to restrict processing||You have rights to ‘block’ or suppress further use of your information in certain circumstances. When processing is restricted, Ipsen can still store your information, but may not use it further.|
|e. The right to data portability||You have rights to obtain and reuse your personal data in a structured, commonly used and machine-readable format in certain circumstances.|
|f. The right to object||The right to object You have the right to object to certain types of processing, in certain circumstances.|
If you would like to exercise any of these rights, please send us a Data Subject right request by completing this form.
If you are not satisfied with the response to your complaint or believe the processing of your information does not comply with data protection law, you can make a complaint to the relevant data supervisory authority.
How to contact us
If you have any questions or comments about this Privacy Notice please send us an email at the email address of Ipsen’s Data Protection Officer at email@example.com.