About this Policy
This Policy applies to personal information which we receive from, or which relates to, our:
- business partners and associates;
- business contacts;
- agreement counterparties;
- website users;
- clinical trials; and
- any others from whom we collect and use personal information.
Where the personal information relates to your clients, employees, workers or contractors, you should bring this notice to their attention.
This Policy explains the type of personal information we collect and use, why we use the information, who we may need to share the information with, how we protect your personal information and your rights under applicable data protection laws.
Information We Collect
We collect two types of information:
- “personal information”: information that, either alone or in combination with other identifiers, lets us know specifics about you or who you are. This includes your name, e- mail address, and telephone number. Personal information also includes your financial information and online identifiers, including your IP address.
- “anonymized information”: information that cannot identify you and has not been associated with you.
How and Why We Collect Your Personal Information
- We collect your personal information directly in a variety of ways, including:
- when you engage us for the supply of our products and/or services;
- by telephone or in person;
- through email or letter correspondence;
- through the various websites operated by the entities in the EUSA Pharma Group, being: https:/eusapharma.com/; https://sylvant.com ; https://castlemansconnect.com
- when we enter into an agreement for the exchange of products and/or services;
- in or as part of client surveys; and
We also collect your personal information indirectly as set out below in “Information Received from Third Parties.”
EUSA Pharma collects your personal information for a variety of purposes depending on the nature of your relationship with us. The purposes for which we collect your personal information include:
- to comply with our legal and regulatory obligations under applicable law;
- to perform any agreement and/or contract we have with you;
- to manage our customer and/or supplier relationships;
- to provide you with any products and/or services you request;
- to market our products and/or services effectively and to provide you with any information which you request;
- to contact you regarding special offers, promotions, new product and/or service offerings or other marketing-related communications which we believe may be of interest to you (in accordance with any privacy preferences which you have expressed to us);
- to communicate with you and respond to your inquiries, including responding to complaints and adverse events and attempting to resolve them;
- to improve the content, functionality and usability of our websites, including performing statistical analysis on usage of our websites;
- to customize our websites’ content, layout and product and service offerings;
- to develop, manage and improve our products and/or services (including conducting research and analysis) and to test new products and/or services;
- to validate any product warranties;
- to administer auditing, billing and reconciliation activities as well as supplier due diligence, credit, anti-fraud checks and other internal and payment-related functions;
- to create an account with us (either through our websites or otherwise), manage such accounts, and process and deliver any products and/or services which you order through such accounts;
- to administer and protect the security of our business and IT infrastructure, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data;
- as part of any proposed mergers and acquisitions involving the EUSA Pharma Group;
- for any other purpose identified in an applicable privacy notice, click-through agreement or other agreement between you and us.
If you fail to provide certain information when requested, we may not be able to provide our products and/or services to you.
Information Received from Third Parties
We receive personal information about you from third parties such as:
- Companies that introduce you to us;
- Health care practitioners and/or health care providers;
- Comparison websites;
- Social networks;
- Public information, such as information available for public registries;
- Agents working on our behalf;
- Market researchers;
- Marketing consultants;
- Clinical Research Organisations (“CROs”), which manage and carry out clinical trials on our behalf;
- Government and law enforcement agencies;
- Credit reference and/or reporting agencies;
Information Received in connection with Clinical Trials
As part of developing and testing new products and/or services, EUSA Pharma sponsors certain clinical trials in the EU, the United States and other jurisdictions from time to time. EUSA Pharma does not conduct clinical trials directly ourselves and any data which we receive in connection with clinical trials which we sponsor is anonymized and/or aggregated and is not personally identifiable. In the unlikely event that EUSA Pharma receives the personal information (which if received would likely include sensitive personal information) of participants in the clinical trials, we comply with all applicable laws in respect of it.
Sharing of Information
We do not sell, trade or rent your personal information to others. We may share anonymized information, i.e. aggregate data, with third parties. Except as described herein, we will not provide any of your personal information to any third parties without your specific consent.
We share your personal information with the following categories of recipient:
- With group companies and affiliates: we share the information we collect about you with other member companies of the EUSA Pharma Group such as EUSA Pharma UK Limited, EUSA Pharma US LLC, Investors and board members.
- With professional advisors: this includes advisors appointed by you or advisors appointed by us, for example, legal advisors.
- With our service providers: third party banks, administrative and IT services and other service providers. All our third party service providers are required to take appropriate security measures to protect your personal information.
- With our sub-contractors: such as our couriers, import/export agents, shippers, service sub-contractors, payment processors and other sub-contractors.
- With government bodies or our regulators in the jurisdictions in which we operate: where we are required to do so by law or to assist with their investigations or initiatives.
- With police, law enforcement and security services: to assist with the investigation and prevention of crime and the protection of national security.
- With credit reference agencies.
- With any party approved by you.
Retention of Information
Your personal information will only be kept for as long as we reasonably consider necessary for achieving the purposes set out in this Policy or for as long as we are legally required to keep it.
When assessing the data retention period, we take into account the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the data, the purposes for which we process the data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Security of Information
We have reasonable and appropriate security measures in place to protect against the loss, misuse, and alteration of any personal information we receive about you. We maintain appropriate security standards to protect the personal information that we maintain.
For Users of EUSA Pharma Group Websites
We may obtain information, including personal information, about your general internet usage by using a cookie file which is stored on your browser or the hard drive of your device. Cookies contain information that is transferred to your device, which helps us to improve our website and to deliver a better and more personalized service to you. Some of the cookies we use are essential for the website to operate.
For more information about the web analytics services we may use, visit:
- Google Analytics: https://policies.google.com/technologies/partner-sites
- Mouseflow: https://mouseflow.com/privacy/
- Leadfeeder: https://www.leadfeeder.com/privacy/
If you would like to opt-out of having your data used by the web analytics services, please:
- Google Analytics: visit https://tools.google.com/dlpage/gaoptout/
- Mouseflow: visit https://mouseflow.com/opt-out/
- Leadfeeder: email email@example.com
Please note that EUSA Pharma makes no representations regarding the functionality of Google, Mouseflow, and Leadfeeder opt-out mechanisms, and further, opting out of Google Analytics, Mouseflow, and Leadfeeder will not preclude the use of your data by other analytics services.
Third Party Websites
Do Not Track Mechanisms
California law requires this Policy to address how we respond to any “Do-Not-Track (“DNT”) signal” delivered by your browser. Because of the changing state of technology and indecision within the industry regarding the meaning of DNT signals, we currently do not make any guarantee that we will honor DNT signals.
Privacy Rights in Other Jurisdictions
You may have rights in relation to your personal information under applicable data privacy laws in other jurisdictions. If you wish to exercise any such rights, please contact us using the contact information below.
In relation to marketing communications, we may provide you with an “opt in” or “opt-out” mechanism depending on where in the world you are located. An “opt-in” mechanism will provide you the opportunity to positively indicate that you would like or do not object to our sending you such further communications and we will not send you any unless you have “opted- in”. An “opt-out” mechanism will provide you the opportunity to indicate that you do not want us to send you such further communications, and if you “opt-out” we will not send you any.
We do not knowingly collect or use personal information from children under the age of . If we determine that we have collected the information of an individual under this age, we will not use or maintain his or her personal information without parent or guardian consent. If we become aware that we have unknowingly collected personal information from a child under the age of , we will make reasonable efforts to delete such information from our records.
Accuracy of Information
We strive to keep our records accurate and will make appropriate corrections when you notify us. Please let us know if there is incorrect information in any statements or other communications that you receive from us. If you would like to correct or update your personal information, please contact us using the contact details set out below.
Effective Date and Changes to this Policy
The effective date of this Policy is posted below. We reserve the right to update or modify this Policy at any time by providing any notice required under applicable law and by providing you with the revised version in hardcopy, electronically or by otherwise making the revised version available on our websites.
If you have any questions about this Policy or if you would like to exercise any rights you may have in relation to your personal information, please contact us at: firstname.lastname@example.org.
CALIFORNIA EMPLOYEE PRIVACY NOTICE
EUSA US (US) LLC and its affiliates and subsidiaries (“EUSA,” “we,” “us,” or “our”) provide this California Employee Privacy Notice (the “CCPA Employee Privacy Notice”) to describe our privacy practices as required by the California Consumer Privacy Act of 2018 (“CCPA”).
This CCPA Employee Privacy Notice applies solely to employees, contract employees (“contractors”) and employee applicants who are California residents that meet the definition of consumer under the California Consumer Privacy Act of 2018 (CCPA) (“consumers” or “you”). We adopt this notice to comply with the CCPA, and any terms defined in the CCPA have the same meaning when used in this notice.
The CCPA is a comprehensive new consumer protection law that took effect on January 1, 2020. It requires companies to inform consumers about the personal information that they collect and share, and gives them a right to access their information, to request deletion of their information, and to opt-out of having their information sold.
Until January 1, 2021, employee personal information is outside of the scope of the CCPA requirements, except for:
- The right to know, at or before the point of collection, the categories of personal information to be collected and the purposes for which the categories of personal information shall be used. Section 798.100(b)
- The right of private action in the event of a negligent data breach. Section 1798.150
This temporary exemption covers information collected in the course of the individual’s acting as a job applicant, employee, officer, director or contractor of EUSA, to the extent that EUSA uses such information in the context of the individual’s role (or former role) as an applicant, employee, etc. This includes emergency contact information and information necessary to administer benefits that an applicant, employee, etc. provides (which could include information about another individual who is the emergency contact or benefit recipient), so long as it is only used for that purpose.
Information We Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”). We have collected the following categories of personal information from consumers within the last twelve (12) months:
|Category||Examples of Data||Collected|
|A. Identifiers.||A real name, Internet Protocol address, email address, or other similar identifiers.||Yes|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||Yes|
|C. Protected classification characteristics under California or federal law.||Age, race, citizenship, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), veteran or military status.||Yes|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||No|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||No|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.||Yes|
|G. Geolocation data.||Physical location or movements.||Yes|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||Yes|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||Yes|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||No|
|K. Inferences drawn from other personal information.||Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||No|
Personal information does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from you or your agent. For example, from documents or forms that you may provide to us related to participating in EUSA’s health or retirement benefit programs or the job position for which you are applying.
- Indirectly from you or your agent. For example, from evaluating your performance in your job position or the job position for which you are applying.
- Directly and indirectly from your activity from your electronic activity on our websites, on our network or your use of an online application or business system provided by EUSA. For example, browsing history when you visit a website while on EUSA’s network or use EUSA email.
- From third party Service Providers that provide services to us in connection with our business operations. For example, employee drug testing program administrators or employment applicant contact information from our applicant tracking system provider.
USE OF PERSONAL INFORMATION
We may use or disclose the personal information we collect for one or more of the following business purposes:
- to evaluate an employment application;
- determining eligibility for employment;
- administering pay and benefits;
- processing employee work-related claims;
- establishing training and/or development requirements;
- conducting performance and goal reviews;
- assessing qualifications for a job or task;
- gathering evidence for disciplinary action or termination;
- establishing a contact in the event of an emergency;
- reporting on company metrics;
- compiling directories;
- complying with applicable labor or employment statutes;
- ensuring the security of company-held information; and
- other purposes as are reasonably required by EUSA.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
We do not and will not sell your personal information and so we do not offer an opt-out to the sale of personal information.
Sharing Personal Information
We may share your personal information solely for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
Category A: Identifiers
Category B: California Customer Records personal information categories
Category C: Protected classification characteristics under California or federal law
Category F: Internet or other similar network activity.
Category G: Geolocation
Category H: Sensory
Category I: Professional or employment-related information
We disclose your personal information for a Business Purpose to the following categories of third parties:
- Service providers.
In the preceding twelve (12) months, we have not sold or leased any personal information. EUSA does not sell or lease personal information.
Changes to our CCPA Privacy Notice
We reserve the right to amend this privacy notice at our discretion and at any time. When we make material changes to this privacy notice, we will inform employees, update the notice’s Effective Date above and request employee acknowledgment by electronic review and sign-off.
If you have any questions or comments about this notice, please contact the EUSA US Human Resources Department at 908.552.9509.