HCP Privacy Notice (EEA)
This Privacy Notice is for Health Care Professionals (“HCP Privacy Notice” ) and describes the Personal Data that EUSA companies ( “us” or “EUSA”) based in the EEA region, collect data about you as a healthcare professional (“HCP”) when EUSA interact with you.
Set out below is the how we process your data.
“Personal Data” is data that identifies you as an individual, or relates to an identifiable individual. EUSA will collect Personal Data when you participate in EUSA educational programs, industry events, sponsored congress, or in connection with your communications with us.
EUSA also collect Personal Data from data companies (like Veeva) providing information services in the healthcare sector, publicly accessible sources of professional information, and marketing partners.
Personal Data that EUSA may collect includes:
- Your name
- Contact information (postal address, telephone numbers, email address, fax number)
- Your preferred language, Your professional interests (such as in health care topics about which you request information from us)
- Professional biography including data related to your education, licensures, specialties, professional affiliations (e.g., memberships in medical societies or HCP networks), publications, credentials, and other professional achievements
- Data related to your use of our products, your interactions with us, your preferred method of communications with us, and services for those you care for
- Where required to pay you; financial and banking data that you provide so that EUSA can reimburse professional fees, travel, accommodation and out of pocket expenses which may include a National ID number, passport details, tax identification number
If you choose not to provide data that is necessary for EUSA or its agents to provide requested services or perform contractual obligations, EUSA may not be able to provide you those services.
HOW EUSA USE PERSONAL DATA
Personal Data is used to interact and engage with you when EUSA have a contractual relationship, or a legitimate interest. This may include:
- Contractual relationship with you under an agreement (e.g., medical events, publications, advisory meetings, etc.) and, where applicable, paying you for defined or agreed upon services or reimbursing pre- approved expenses, planning calls, meetings, trips and other related interactions with you, sending administrative support information to you, and documenting our interactions with you.
- Direct response to an inquiry/requests.
- Creating and maintaining EUSA’s database of health care providers to identify and, if applicable, engaging with you (by digital or other means) as a scientific expert, or a key opinion leader, in various health care fields based on your professional expertise and opinions, and where applicable, your past interactions with us, such as:
- inviting you to attend congresses/panels, HCP professional meetings and educational activities;
- reaching out to you for your professional expertise by communicating information about our products through our professional representatives or in the context of surveys relating to pharmaceutical products or services.
- Operate our business to comply with our legal obligations, to meet our legitimate interests in maintaining our business.
Operating our business includes:
- Complying with our regulatory monitoring and reporting obligations, including those related to adverse events, product complaints and product safety.
- Verifying your eligibility to access certain products, services and data that may be provided only to licensed HCPs or otherwise conducting background checks to ensure EUSA are not precluded from working with you.
- Conducting training and ensuring quality control.
- Detecting, preventing, or investigating misconduct.
- Complying with anti-corruption and transparency obligations.
- Analysing or predicting HCP preferences in order to identify aggregated trends to develop, improve or modify our products, services and business activities.
- Protecting our rights, privacy, safety or property, and/or that of our affiliates, you or others.
- Provide you with marketing and promotional communications on scientific/health matters (by digital means or otherwise), which may be personalized to your professional area and interests when EUSA have your consent or a legitimate interest.
WHAT ARE YOUR RIGHTS?
Under the European Privacy laws, you can request to review, correct, update, suppress, restrict, object or delete Personal Data that you have provided to us, withdraw a consent or if you would like to request to receive an electronic copy of such Personal Data for purposes of transmitting it to another company, you may contact us at firstname.lastname@example.org
In your request, please tell us what Personal Data you would like to have reviewed corrected or changed, whether you would like to have it suppressed from our database, or otherwise let us know what limitations you would like to put on our use of it. For your protection, EUSA may need to verify your identity before implementing your request. EUSA will try to comply with your request as soon as reasonably practicable.
Please note that EUSA may need to retain certain Personal Data for record keeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion, such as finance details to comply with reporting obligations.
HOW EUSA DISCLOSE PERSONAL DATA
EUSA disclose Personal Data as follows:
- To other EUSA companies for the purposes described in this Privacy Notice.
- To our third party service providers, to provide services such as data analysis, data technology and related infrastructure provision, customer service, auditing and other services.
- To comply with a regulatory requirement, judicial proceeding, court order, government request, or legal process served on us.
- To take legal action or otherwise protect the safety, rights, or property of our customers, the public, EUSA and our affiliates.
- To prepare, complete and implement any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
DISCLOSURES OF TRANSFER OF VALUE
Public disclosures of the transfers of value that you receive from any EUSA company according to local Code of Conduct and/or applicable local law (such as payment of professional fees, travel, accommodations and out of pocket expenses) will be disclosed in accordance with reporting laws of that country.
Unless otherwise required by law, EUSA will disclose your identity, city and country of professional practice, date, nature and amount of value that you received from EUSA. If local laws require, we may use your ID or social security number. These disclosures will be published on our EUSA websites and/or local pharmaceutical industry association websites. If legally required, disclosure will also occur on relevant government websites. The data, once published, will be available for 3 years (unless another legal period applies in your country). EUSA disclose this data pursuant to consent, law or legitimate interests.
EUSA seek to use reasonable organizational, technical and administrative measures to protect your Personal Data.
HOW LONG WILL EUSA KEEP YOUR DATA?
EUSA will retain your Personal Data for as permitted in light of the purpose(s) for which it was obtained and as outlined in this Privacy Notice. The criteria used to determine our retention periods include: (i) the length of time EUSA have an ongoing relationship with you and (ii) whether there is a legal obligation to which EUSA is subject; or (iii) whether retention is advisable in light of our legal position (e.g statutes of limitations, litigation or regulatory investigations).
CROSS BORDER TRANSFERS
The data EUSA collect through this notice may be stored and processed in any country where EUSA have facilities or in which EUSA engage service providers, including in the U.S. and where our affiliate operate.
Some non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here). For transfers from the EEA to countries not considered adequate by the European Commission, EUSA have put in place adequate measures, such as by ensuring that the party handling your Data is bound by EU Standard Contractual Clauses, to protect your Personal Data.