Privacy Notice for Website Visitors
Last Updated: May 1, 2020
This Privacy Notice is provided by Celltrion Healthcare Co., Ltd. (hereinafter "Celltrion Healthcare" or "we") and its subsidiaries/branches to explain who we are, how we collect, share, and use personal data about visitors of our website (hereinafter "you" or "user"), as well as how visitors can exercise their privacy rights. If you have any questions or concerns about our use of your personal data, or would like to exercise any of your rights — including, but not limited to, objecting to the processing of your personal data in the ways that we describe here — then please contact us using the details provided at the end of this Privacy Notice.
Celltrion Healthcare does its best to protect your privacy rights.
WHO WE ARE
Celltrion Healthcare is a global pharmaceutical company whose ultimate parent company is headquartered in Incheon, Republic of Korea (South). For more information about us, please visit our website at https://www.celltrionhealthcare.com
We do not require registration to visit our websites. However, some services may require visitors to provide us with Personal Data, such as contact details and interests.
"Personal Data" may refer to any data that identifies one as an individual or relates to an identifiable individual, such as:
• Contact details (name, telephone numbers and email addresses);
• Interests (health conditions, specific requests made through the website).
If you are a Healthcare Professional ("HCP"), we may request additional Personal Data related to our professional interaction with you.
* HCP refers to any member of the medical, dental, pharmacy, or nursing professions or any other person who, in the course of his or her professional activities, may prescribe, purchase, supply, or administer a medicinal product.
* Additional Personal Data includes, but is not limited to:
• Professional biography/credentials;
• Data related to licenses, specialties, professional affiliations, publications, credentials, and other occupational achievements; or
• Data related to your use of our products, your interactions with us, and services for those whom you care for. Providing us with, or giving us permission to collect, any Personal Data relating to individuals other than yourself requires you to have valid authority to do so pursuant to relevant legislation.
HOW WE USE PERSONAL DATA
We use Personal Data in order to maintain functionalities on our websites such as:
• Providing customer service to users;
• Responding to user inquiries and fulfilling any user requests;
• Sending administrative information to users, such as changes to our terms, conditions, and policies, as well as market information that we believe may be of interest to you.
We also use Personal Data to ensure that our business operations comply with any relevant legal obligations and match our legitimate interests.
Our business activities may include:
• Data analysis;
• Internal data audits;
• Identifying usage trends for our websites;
• Detecting, preventing, and investigating fraud in the use of our websites;
• Cyber security monitoring;
• Developing, enhancing, or modifying our products and services;
• Validating users' ability to access or utilize our products and services;
• Understanding how our products and services impact you and those in your care;
• Expanding our business network and scale of operations.
The Personal Data that you and other website users provide may be aggregated. We may use and disclose such aggregated data for any purpose. Aggregated data does not personally identify you or any other individual.
HOW WE DISCLOSE PERSONAL DATA
We disclose Personal Data to third parties as follows:
• Our subsidiaries and affiliates worldwide for the purposes described in this Privacy Notice.
• Service providers in order to provide services including, but not limited to: website hosting, data analysis, information technology, infrastructural provision, customer service, email delivery, and auditing.
• Other companies with whom we collaborate regarding particular products or services, including our co-promoting partners for products that we develop and market jointly.
We also disclose your Personal Data as we believe to be necessary or appropriate:
• (i) To comply with applicable law, as well as our regulatory monitoring and reporting obligations (including laws outside your country of residence), (ii) to respond to requests from both public and government authorities (including authorities outside your country of residence), (iii) to cooperate with law enforcement, or (iv) for other legal purposes.
LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION (EEA visitors only)
If you are a visitor from the European Economic Area, our legal basis for collecting and using the personal information as described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will generally collect personal information from you only where we have your consent to do so, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.
If we ask you to provide personal information to comply with a legal requirement or for contacting purposes, we will make this clear at the relevant time and advise you whether or not the provision of your personal information is mandatory (as well as of the possible consequences of not providing your personal information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will alert you and clarify what those legitimate interests are at the relevant time.
On some of our websites, you have the option to update your profile online.
If you would like to request to review, correct, update, suppress, restrict, or delete Personal Data that you have provided us through these websites, or if you would like to request to receive an electronic copy of your Personal Data for the purpose of transmitting it to another company, you may contact us as indicated in the "CONTACT US" section. We will respond to your request promptly, in compliance with applicable laws.
In your request, please let us know what Personal Data you would like to have changed, whether you would like to have it suppressed from our database, or set certain limitations on our use of your data. We may need to verify your identity before implementing your request. We will try our best to respond to your request as soon as reasonably practicable.
When asked to provide Personal Data, you may decline. However, choosing not to provide necessary information may limit our ability to supply you with requested services.
Please note that we may need to retain certain types of Personal Data for record keeping purposes.
We seek to use reasonable organizational, technical, and administrative measures in order to protect your Personal Data. This includes encrypting your personal information in transit and at rest.
DATA RETENTION PERIOD
We will retain your Personal Data for as long as needed or permitted in light of the purpose(s) for which it was obtained and as outlined in this Privacy Notice.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, if your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until it can be safely deleted.
INTERNATIONAL DATA TRANSFERS
Your personal information may be transferred to, and processed in countries other than the one in which you are resident. These countries may have data protection laws that are different from the laws in your country.
The servers of this website are located in the Republic of Korea (South). We may transfer your personal information with legitimate purpose to our subsidiaries/affiliates, third party service providers, and business partners located around the world.
However, we have taken appropriate safeguards to ensure that your personal information will remain protected in accordance with this Privacy Notice. This includes implementing the European Commission's Standard Contractual Clauses for transfers of personal information between our group companies, which requires all group companies to protect personal information they process from the EEA in accordance with the European Union data protection laws.
Appropriate safeguards have also been implemented with our third party service providers and partners. Further details, along with our Standard Contractual Clauses, can be provided upon request.
USE BY MINORS
Our websites and online services are not intended to be used by anyone under the age of 18.
We may update this Privacy Notice from time to time in response to changing legal, technical, or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws. This Privacy Notice was last updated as of the "Last Updated" date shown above.
If you have any questions or concerns about our use of your personal information, please contact our data protection officer using the following details: DPO.CTHC@celltrionhc.com
If you are a resident of the EEA, you may also contact our data protection officer for the EU/EEA region at DPO@chaucer.com (Chaucer Consulting: 10 Lower Thames St, London EC3R 6EN, +44 (0) 203 141 8400).
You also have the right to file a complaint with your local data protection authority: (such as https://edpb.europa.eu/about-edpb/board/members_en for EEA residents).