Data Privacy Notice

  • Read the full Privacy Statement

    This website, www.grunenthal.ie, (hereinafter “Website”) is provided by Grünenthal Pharma Limited (hereinafter “we”, “our” or “us”). We respect your privacy and are committed to protecting your information. The privacy policy below discloses our practices regarding information collection and usage for the website located at www.grunenthal.ie and Grunenthal Pharma Limited in connection with the provision of our product and services (the “Services”).

    We may handle your personal data in relation to our Website because this is necessary to make certain functionalities of our website available and give you the best possible experience.

    This Privacy Notice applies to the use of your personal data obtained by us, whether from you directly or from a third party.

    With this privacy policy we would like to inform you about:

    (A) Who do we collect information about?

    (B) What data do we collect and what do we use it for?

    (C) How is your data transferred?

    (D) How long do we keep your personal data?

    (E) Third party websites/services

    (F) What rights do you have with regard to your data?

    (G) What happens if you fail to provide your personal data? 

    (H) Requests and complaints

     

    Handling of personal data


    At Grünenthal, we believe transparency is the foundation of trustful collaboration. Below we have provided you with information on how we handle your personal data when you use our Website and our Services “Grunenthal Pharma Ltd”.
    About Us
    The Website and our Services are made available by Grünenthal Pharma Limited. Grünenthal Pharma Limited is the data controller responsible for your personal data. Grünenthal Limited (company no 317040) is an Irish company with its registered office at 4045 Kingswood Road, Citywest Business Park, Citywest, Co Dublin, D24 VO6K
    Who do we collect information about?
    We collect and process personal data from the following people:

    Website visitors - If you browse our Website, contact us with an enquiry through our Website, submit a complaint through our Website or use any Services available on our Website, we will collect and process your personal data in connection with your interaction with us and our Website. See section 1 below for more detail.
    Participants – if you are involved in a trial or participate in one of our research projects, we may process personal data about you in connection with your participation. See section B2 below for more detail.
    Event attendees - If you attend one of our events, we will process personal data about you in connection with your attendance at the event. For example, we may ask you to complete a registration or feedback form, or other document relating to the event. See section 3 below for more detail.
    Personnel that work for our clients, partners and suppliers (including subcontractors) - If you (or your organisation) supply products or services to us or otherwise partner with us, we may collect and process your personal data in connection with our receipt of those products and services and/or partnership. See section 5 below for more detail.
    Job applicants - if you apply for a job with us, whether through the Website or otherwise, we will collect and process your personal data in connection with your application. See section 6 below for more detail.
    For information regarding how we process your personal data if you are a healthcare professional, please refer to the Data Privacy Statement HCP.

    A. What data do we collect and what do we use it for?


    We collect and receive personal data using different methods and we use it for the following purposes:

    1. Requests for information


    You can contact us directly by using the contact forms available on our website. In particular, you may provide us with the following information:

    name, surname and title
    Address (Street, Postal Code, City) 
    Country
    contact data (e.g. e-mail address, phone number)
    message
    We will store the information you provide to us in contact forms for as long as we are legally obliged to or for as long as we have a legitimate interest.

    Our legal basis for processing

    It is in our legitimate interest to use your personal data in the ways described above to ensure that we are able to help you with your enquiry and provide a good standard of service to you.

    The same applies to data you send to us when using one of the designated email addresses indicated on our website.
    A. What data do we collect and what do we use it for?
    We collect and receive personal data using different methods and we use it for the following purposes:
    1. Requests for information

    You can contact us directly by using the contact forms available on our website. In particular, you may provide us with the following information:

    name, surname and title
    Address (Street, Postal Code, City) 
    Country
    contact data (e.g. e-mail address, phone number)
    message
    We will store the information you provide to us in contact forms for as long as we are legally obliged to or for as long as we have a legitimate interest.

    Our legal basis for processing

    It is in our legitimate interest to use your personal data in the ways described above to ensure that we are able to help you with your enquiry and provide a good standard of service to you.

    The same applies to data you send to us when using one of the designated email addresses indicated on our website.

    2. Provision of our Service

    We may collect and maintain personal data that you submit to us or we otherwise obtain for the purpose of supplying our Services.

    If you work for a client or partner or subcontractor the personal data we process may include:

    • name;
    • address;
    • email address;
    • telephone number;
    • your contact preferences;
    • the name of your organisation;
    • bank and account details;
    • information relating to a particular transaction;

    We process this information so that we can fulfil the supply of Services, maintain our user databases and to keep a record of how our Services are being used and provided.

    If you are participating in a trial or research project, the personal data we process may include 

    • name;
    • address;
    • email address;
    • telephone number;
    • your contact preferences;
    • bank and account details;
    • information about your health;

    Our legal basis for processing

    It is in our legitimate interest or the legitimate interest of the organisation with whom you work to use personal data in such a way to ensure that we provide the Services to our clients in an effective and efficient way.

    Where we process information about your health, we will only do so with your explicit consent.


    3. Communicating digitally

    Primarily we keep connected with you via face to face interactions, however from time to time we may communicate to you via a digital channel, a telephone call, one to one calls (Veeva Engage) or meetings via other platforms such as MS teams or Zoom.

    Digital Channel Communication Process:

    • We capture e-consent verbally either via face to face interactions or by telephone with interested parties.
    • Once consent has been granted, we send a proforma email from our CRM (Customer relationship Management) system, this email outlines the permissions to be granted and the user is presented with an option to “ACCEPT” the e-permission.
    • This Explicit Permission is automatically captured against the individual’s record.

    The e-permission provides a secure channel for business to business contact via all of our digital channels. All subsequent communication from Grünenthal Pharma Ltd. will include an opportunity for the recipient to “Unsubscribe” from the category of email sent. For example:

    An electronic promotional email will include an unsubscribe button at the footer, giving the recipient control over the type of communication they receive in the future.

    Our legal basis for processing

    The IPHA code of practice, conditions that all “Promotional” contact via digital channels requires explicit consent / permission. Therefore, we will rely on your consent to communicate with your digitally. Our process for “Communicating with us digitally” is designed to comply with the IPHA Code of Practice, Local Data Protection and GDPR legislation.



    4. Hosting and managing events

    From time to time, we may organise and host events for the purpose of medical education or promotional purposes. We may process the following data to communicate with you about such events where you have specifically requested information about such events or where we have another lawful basis for sending that information to you:

    • name;
    • address;
    • email address;
    • telephone number;
    • your contact preferences; and the name of your organisation;

    If you attend one of our events, we may use your personal data to record your attendance at the event and for related record-keeping purposes and, if relevant, we may collect and process any dietary requirements you may have. You may also feature in photographs taken at our events and such photographs may appear in publications that we make available.

    Our legal basis for processing

    It is necessary for us to use your personal data in this way to perform our obligations in accordance with any contract that we may have with you where you have signed up to attend an event, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that the event is operated in an effective way.

    Where we communicate with you digitally in relation to the event, we may rely on your consent to process your data in this way. Please see the ‘Communicating digitally’ section above.

    We may specifically ask your permission to use your photographs, quotes, testimonials, or other content that you make available or publish at the event. Where this is the case, our processing of your such personal data will be based on consent.



    5. Insight, Analysis and Retargeting through Cookies

    We and our third-party partners use cookies, web beacons, pixel tags and other similar technologies (which we generically refer to as “Cookies”) to collect data from the devices that you use to access our Website. The data that is collected includes IP address, Date and time of access, time zone difference to Greenwich Mean Time (GMT), Content of request (specific site), Status of access/HTTP status code, transferred volume of data, Website requesting access, browser, language settings, version of browser software operating system and surface.

    We and our third-party partners use this data to enable certain functionality on the Website, analyse how you use Website and the effectiveness of our Website and for retargeting purposes.

    Please see our Cookie Notice for further information of the data we collect and how we use it, including details of our third-party partners.

    Our legal basis for processing

    Where your data is collected through the use of non-essential cookies, we rely on consent to collect [and use] your data.

    Please see our Cookie Notice for further details about how you can withdraw your consent.


    6. Marketing

    We may send you (or the organisation you represent) marketing communications by email. We may process the following data: 

    • name;
    • address;
    • email address;
    • telephone number;
    • your contact preferences; and
    • the name of your organisation;

    Our email marketing communications will include press releases and information including industry news, recent work, and thought leadership, as well as general information about our organisation, our Website, the Services we provide and the events and promotions we offer.

    Our legal basis for processing

    We rely on your consent to send you such email marketing communications.



    7. Receipt of services from suppliers

    If we have engaged you or the organisation you represent to provide us with products or services (for example, if you or the organisation you represent provide us with services such as IT support or financial advice), we will collect and process your personal data in order to manage our relationship with you or the organisation you represent, to receive products and services from you or the organisation you represent and, where relevant, to provide our Services to others.

    We may process the following data:

    • name;
    • address;
    • email address;
    • telephone number;
    • your contact preferences;
    • the name of your organisation;
    • bank and account details;
    • information relating to a particular transaction; and any other personal data you volunteer which is relevant to our relationship with you or the organisation you represent.

    Our legal basis for processing

    It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you or it is in our legitimate interest to use personal data in such a way to ensure that we have an effective working relationship with you or the organisation you represent and are able to receive the services that you or your organisation provides, and provide our Services to others, in an effective way.

    Where we communicate with you digitally in relation to the services you provide, we may rely on your consent to process your data in this way. Please see the ‘Communicating digitally’ section above.


    8. Recruitment

    We use your personal data for recruitment purposes, in particular, to assess your suitability for any of our positions that you apply for, whether such application has been received by us online, by email or by hard copy and whether submitted directly by you or by a third party recruitment agency on your behalf. We also use your personal data to communicate with you about the recruitment process, to keep records about our recruitment process and to comply with our legal and regulatory obligations in relation to recruitment.

    We will process any personal data about you that you volunteer, including during any interview, when you apply for a position with us. We may also process your personal data obtained from any third parties we work with in relation to our recruitment activities, including without limitation, recruitment agencies, background check providers, credit reference agencies and your referees.

    The personal data we process may include:

    • name;
    • address;
    • email address;
    • telephone number;
    • social media handle;
    • your contact preferences;
    • date of birth;
    • gender;
    • country;
    • nationality;
    • username;
    • any KYC information that we may collect;
    • details of your education, qualifications and employment history;
    • any other personal data which appears in your curriculum vitae or application;
    • any personal data that you volunteer during an interview or your interactions with us; or
    • any personal data which is contained in any reference about you that we receive.

    Such information may also include special categories of personal data (such as information about your health, any medical conditions and your health and sickness records) and information relating to criminal convictions and offences if that information is relevant to the role you are applying for.

    We also use your personal data for the purposes of reviewing our equal opportunity profile in accordance with applicable legislation. We do not discriminate on the grounds of gender, race, ethnic origin, age, religion, sexual orientation, disability or any other basis covered by local legislation. All employment-related decisions are made entirely on merit.

    Our legal basis for processing

    Where we use your personal data in connection with recruitment, it will be in connection with us taking steps at your request to enter into a contract we may have with you or it is in our legitimate interest to use personal data in such a way to ensure that we can make the best recruitment decisions. We will not process any special (or sensitive) categories of personal data or personal data relating to criminal convictions or offences except where we are able to do so under applicable legislation or with your explicit consent.


    B. How is your data transferred?


    1. Who do we transfer data to?

    When processing your personal data, we may need to share it with third parties (including other entities within our group of companies), such as:

    • Third-party organisations that provide applications/functionality, data processing or IT services (e.g. Veeva CRM or SAP)
    • Payment providers and banks
    • Event partners and suppliers
    • Recruitment agencies and related organisations
    • Auditors, lawyers, accountants and other professional advisers
    • Law enforcement or other government and regulatory agencies and bodies

    Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, or to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

    We carefully select and regularly monitor such service contractors, and we will only share personal data with others when we are legally permitted to do so. They will only process personal data upon our instruction and strictly in accordance with our instructions, based on respective data processor agreements which include data protection, confidentiality and security standards and obligations.



    We carefully select and regularly monitor such service contractors, and we will only share personal data with others when we are legally permitted to do so. They will only process personal data upon our instruction and strictly in accordance with our instructions, based on respective data processor agreements which include data protection, confidentiality and security standards and obligations.

    2. Processing of data outside the EU/the EEA

    Your data will partly be processed in countries outside the European Union (“EU”) or the European Economic Area (“EEA”). The respective countries may have a lower data protection level than European countries. When transferring your personal data outside the EU or the EEA, we will comply with our legal and regulatory obligations in relation to your personal data, including having a lawful basis for transferring personal data and putting appropriate safeguards in place to ensure an adequate level of protection for the personal data.

    We will take reasonable steps to ensure the security of your personal data in accordance with applicable data protection laws.

    When transferring your personal data outside the EU or the EEA, we will ensure that, where required by applicable law, at least one of the following safeguards is implemented:

    Adequacy decisions: We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en

    Model clauses: Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en


    C. How long do we keep your personal data?

    In respect of personal data that we process in connection with the supply of our Services, we may retain your personal data for up to six years from the date of supply of the relevant Services and in compliance with our data protection obligations. We may then destroy such files without further notice or liability.

    In respect of any other personal data that we process, we will retain relevant personal data for up to three years from the date of our last interaction with you and in compliance with our data protect obligations. We may then destroy such files without further notice or liability.

    If any personal data is only useful for a short period (e.g. for a specific event or marketing campaign or in relation to recruitment), we will not retain it for longer than the period for which it is used by us.

    If you have opted out of receiving marketing communications from us, we will need to retain certain personal data on a suppression list indefinitely so that we know not to send you further marketing communications in the future.



    D. Third party websites/services

    This privacy statement does not apply to your interaction with services provided by third parties.

    We include third-party services and/or content on our Website. When you use such third-party services or when third-party content is displayed, communication data are exchanged between you and the respective provider for technical reasons. The respective provider of the services or content may also process your data for their own additional purposes. To the best of our knowledge, we have configured the services and content of providers known to process data for their own purposes in such a way that either:

    a) any communication for other purposes than to present their services or content on our Website is blocked, or

    b) communication only takes place once you have actively opted to use the respective service.

    Your browsing and interactions on any other websites, or your dealings with any other third party service provider, is subject to that website’s or third party service provider’s own rules and policies.

    For further information regarding the scope and purpose of such collection and processing of your data, please consult the privacy statements of the providers whose services and/or content we include and who are responsible for the protection of your data in this context. We do not monitor, control or endorse the privacy practices of any third parties.

    For the purpose of the interactive design of our Website, third-party content from Youtube and Vimeo is integrated into this Website.

    Where we process your personal data for this integration, we do so for the purposes of legitimate interests to present our services and our activities in a multimedia format.

    Please refer to our Cookie Notice for more information.



    E. What rights do you have with regard to your data?

    You have the following rights according to applicable data privacy laws:

    • right of information about your personal data stored by us;
    • right to request the correction, deletion (provided that we are not legally obliged to keep the data) or restricted processing of your personal data;
    • right to object to a processing for reasons of our own legitimate interest, public interest or profiling, unless we are able to prove that there are compelling, warranted reasons overruling your interests, rights and freedom exist, or that such processing is done for purposes of the assertion, exercise or defense of legal claims;
    • right to data portability;
    • right to file a complaint with a data protection authority.
    • You may revoke your consent to the collection, processing and use of your personal data at any time with future effect. For further information please refer to the chapters above describing the processing of data based on your consent.

    F. What happens if you fail to provide your personal data?

    Where we are required by law to collect your personal data, or we need to collect your personal data under the terms of a contract we have with you, and you fail to provide that personal data when we request it, we may not be able to perform the contract we have or are trying to enter into with you. This may apply where you do not provide the personal data we need in order to provide the Services you have requested from us or to process an application for employment with us. In this case, we may have to cancel your application or the provision of the relevant Services to you, in which case we will notify you.

    G. Contact Details

    If you have any questions regarding our data privacy you can get in touch with our company data protection team at the following address: ukdataprotectionofficer@grunenthal.com

    Requests and complaints

    If, as the data subject, you do not agree with the way in which Grünenthal Ltd. or persons at Grünenthal Ltd. process your data and wish to inform the data protection officer directly, please use the following email address: ukdataprotectionofficer@grunenthal.com

    You can only reach our data protection officer at this email address. The data protection officer is obliged to keep your identity confidential. Should it come to the conclusion that your identity could be inferred in the course of clarifying a complaint, the data protection officer will point this out to you in advance and, if necessary, ask you to release him from his obligation to secrecy.

    Data Protection Supervisory Authority

    You may address questions and complaints also to the Ireland’s independent data protection authority:

    Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28. Telephone: +353 (0) 761 104 800 or +353 (0) 57 868 4800 from 09:15 - 17:30 (17:15 Fridays).

    Further details are available through their website https://www.dataprotection.ie/

    Information on side effects and quality complaints

    We understand you may wish to report side effects or make a quality complaint. You Can do this as follows:

    Reporting by Healthcare Professionals

    Adverse events should be reported to HPRA Pharmacovigilance, Earls fort Terrace, Dublin 2. Telephone: +353 1 676 4971. Fax: +353 1 676 2517. Email: medsafety@hpra.ie Reporting forms and information can be found at www.hpra.ie. Adverse events should also be reported to Grünenthal Ltd. Telephone +44 870 351 8960. Email: medicalinformationie@grunenthal.com Quality complaints should also be reported.

    Reporting of side effects by patients/carers, members of the public

    If you get any side effects, talk to your doctor pharmacist or nurse. This includes any possible side effects not listed in the package leaflet. You can also report side effects directly to HPRA Pharmacovigilance, Earls fort Terrace, Dublin 2. Telephone: +353 1 676 4971. Fax: +353 1 676 2517. Email: medsafety@hpra.ie Reporting forms and information can be found at www.hpra.ie. By reporting side effects you can help provide more information on the safety of this medicine. Quality complaints should also be reported.

    If you report side effects or other issues regarding the safeness or quality of our products directly to Grünenthal Ltd, we will be legally bound to deal with your communication and may have to contact you for clarification purposes. Subsequently, we may have to notify the health authorities. For patients and members of the public, your information will be forwarded in pseudonymised form, that means no information by which you may be directly identified will be passed on. We may also have to forward this information to our group companies and cooperation partners, to the extent these are likewise obliged to notify their respective health authorities.

    Amendment of Privacy Statement

    We may update our Data Privacy Statement from time to time and we will publish these updates on our Website. They become effective upon publication. So we recommend you regularly visit the site to keep yourself informed on possible amendments. This Data Privacy Statement was last updated on May 2022.

     

    M-N/A-IE-05-22-0008 May 2022

     

Data Privacy Notice HCP

  • Read the full Privacy Statement for Healthcare Professionals

    Grünenthal IE Data Privacy Statement for Health Care Professionals and Site Staff

     

    As a science-based pharmaceutical company, we may process your personal data if you are a Healthcare Professional or a member of the site staff. Protecting your data and privacy is of the utmost importance to us. With this privacy statement, we (Grünenthal GmbH and Grünenthal Pharma GmbH & Co. KG, also referred together to us "Grünenthal", "we", "us", “our”) would like to inform you about how we process your personal data and for what purposes.

    The collection and processing of personal data is carried out in accordance with applicable data privacy laws, including the EU General Data Protection Regulation (GDPR).

     

    Who is responsible for the processing of your personal data?

    The data controller responsible for the processing of your personal data is Grünenthal GmbH, Zieglerstraße 6, 52099 Aachen, Germany and the Irish Affiliate Grünenthal Pharma Ltd. 4045 Kingswood Road, Citywest Business Park, Citywest, Co Dublin

     

    In addition, other Grünenthal entities worldwide might also be responsible for the processing of your personal data, for example if you provide your consent or if your professional address is in a country where Grünenthal has an affiliate.  You can find more information about how that entity processes your personal data in the privacy statement available in its corresponding website. 

    You can reach Grünenthal´s Data Protection Data Protection Team at the following contact email address:

    dataprivacy.de@grunenthal.com  or locally ukdataprotectionofficer@grunenthal.com

     

    You may also directly contact Grünenthal´s external Data Protection Officer by using the following email address:

    datenschutz.grunenthal@two-towers.eu

     

    What types of personal data do we process about you, for what purposes and based on what legal basis, and what are the applicable retention periods?

    The types of personal data and the purposes why we process your data differ depending on the specific data processing activities. In the table below you can find a detailed description of each of these activities:

    Types of personal data processed

    Processing activity purposes and legal basis

    Data retention periods

    Professional data, such as:

    • Full name
    • Professional address
    • Contact details
    • Medical specialty
    • Name of your practice or workplace
    • Medical Identification Number
    • Name and job title of clinic and nursing staff
    • Any other data that you choose to provide to us

    We use your professional data for the following purposes:

    • Planning our interactions with you, according to our legitimate interests to promote our business interests and inform you about our products (Art. 6 (1) (f) GDPR)
    • If necessary, sending information material by post in accordance with these interests (Art. 6 (1) (f) GDPR)
    • Sending drug safety-relevant information (e.g. Dear Doctor Letter) in order to comply with applicable regulations (Art. 6 (1) (c) GDPR)
    • If you wish to access restricted content for Healthcare Professionals, in order to ensure that you are authorized to access such content in line with applicable regulations (Art. 6 (1) (c) GDPR)

    In general, we will process your professional data only for as long as you practise as an active healthcare professional and your medical specialty is of relevance for us, unless there is a legal obligation to process these data beyond that period or if we claim a legitimate interest. Under certain circumstances, you also have the right to object to the processing of your data.

    Interaction information and professional interests, such as:

    • Full name
    • Contact details
    • Medical specialty
    • Name of your practice or workplace
    • Date of the interaction
    • Name of the products and indications that have been discussed
    • General information about the patient population
    • Information about giving a sample (if applicable)
    • Scientific/medical/ professional fields of interests
    • Membership in medical associations
    • Publications (including postings and announcements in social media channels)
    • Your interest in a contractual collaboration (lectures, events, medical education, consultancy)
    • Information about your product/information interests or about the prescription of our products in your practice
    • Documentation of the consent ("opt-in") allowing us to reach out to you by digital means
    • Your activities on our websites and online presences (e.g. viewed pages, visits on our social media profiles, received newsletters, clicks on our online advertisements, emails opened, etc)
    • Technical information about your device when you visit our websites, social media or similar digital channels, such as your IP address, device type, device and advertising identifiers, browser type and version, and other standard server log information
    • Your interaction channels of preference
    • Any other voluntary information you provide

    We use interaction information and information about your professional interests for the following purposes:

    • Planning our interactions with you, according to our legitimate interests to promote our business interests and inform you about our products (Art. 6 (1) (f) GDPR)
    • Sending customized marketing and other communications to you, based on the creation of a profile considering your preferences and interests as communicated to us or as a result of the tracking of your behaviour across online and offline sources, if you provide your consent (Art. 6 (1) (a) GDPR) or, when applicable, based on our legitimate interests (Art. 6 (1) (f) GDPR) to provide our customers with tailored information about our products or other educational or scientific content
    • Analysing the effectiveness of our different campaigns and assessing if they meet the predefined goals, evaluating the effectiveness and impact of our marketing material and analysing how to best optimize our resources and design the customer experience, if you provide your consent (Art. 6 (1) (a) GDPR) or, when applicable, in accordance to our legitimate interests (Art. 6 (1) (f) GDPR) to structure and organize our commercial and marketing efforts
    • To respect our legal obligations to document HCP interactions, for example, if we provide a product sample to you and we are legally required to keep this information for a certain period of time (Art. 6 (1) (c) GDPR)
    • To offer you contractual cooperation or participation in projects sponsored by us, or to invite you to events that might be of interest to you, if you have given your consent to establish communications with you by digital means when required (Art. 6 (1) (a) GDPR), or according to our legitimate interests to promote our business interests and inform you about our products (Art. 6 (1) (f) GDPR)

    In general, we will process the information about our interactions with you and professional interests only for as long as you practise as an active healthcare professional and your medical specialty is of relevance for us, unless there is a legal obligation to process these data beyond that period or if we claim a legitimate interest. If the processing of your personal data is based on your freely-given consent, we will process your personal data for as long as your consent remains valid (e. g. we will stop processing your personal data if you withdraw your consent). Under certain circumstances you also have the right to object to the processing of your data.

    Information related to adverse events, medical information enquiries and product quality complaints, such as:

    • Your name, profession, contact data
    • The circumstances of the event/enquiry/complaint itself
    • Any other data that you report about individuals that experience these events (e. g. patients), such as name or initials, age, gender, details of our products that were applied as well as other information regarding the circumstances of the event

    Information about adverse events, medical information enquiries and product quality complaints is processed for the following purposes:

    • Information related to adverse events (in particular, contact data from you as a reporter), is processed in order to investigate events and follow-up with you in order to gain additional information, if needed. We prepare reports (which may be translated into other languages) based on the information you provide that are shared with health authorities, our group entities and any concerned business partners worldwide in order to analyze and investigate specific events and define required actions. The processing of these data is necessary for compliance with a legal obligation to which we are subject according to Art. 6 (1) (c) GDPR, and art. 9 (2) (i) GDPR (processing is necessary for reasons of public interest in the area of public health, on the basis of Union or Member State law). More information can be found on the link: https://www.grunenthal.com/en/footer-links/data-protection-notice
    • Information related to medical enquiries is processed in order to answer the inquiry and maintain our medical information database up to date. The legal basis for the processing of your personal data is our legitimate interest to follow-up on enquiries and provide a Medical Information service in line with applicable laws (Art. 6 (1) (f) GDPR)
    • Information about product quality complaints is processed in order to evaluate, classify and assess the product complaint, to follow up on your request and to maintain this information in our database. The processing of your personal data is necessary in order to comply with a legal obligation (Art. 6 (1) (c) GDPR). If data about a patient is reported, the legal basis is Art. 9 (2) (i) GDPR.

    In general, information about adverse events is stored in our systems at least 10 years after the respective product has been withdrawn from the market.

    Information in relation to medical enquiries or product quality complaints will be kept for 3 years, unless we are legally obliged to keep the data for a longer period or for as long as we can claim a legitimate interest

    Information about contractual relationships, such as:

    • Full name, (professional) address, country, workplace, VAT number or bank account details
    • Contract documentation
    • Fees
    • Invoices, payment documentation, travel expense reports
    • Employer authorizations obtained for hospital doctors
    • Documentation of the services provided
    • Invitations to events
    • Covered event costs, travel expenses
    • Documentation of participation in events
    • If you participate in Market Research and similar projects, the answers you provide (although, in general, we will not be able to attribute these answers to you)
    • If you are an investigator interested in participating, or who participates, in Clinical Studies where we are the sponsor, or a member of the site staff, information such as full name, telephone number, email address, professional experience including your area of specialisation and qualifications, job history, recruitment and enrolment rates, the types of trials or studies you are interested but also experienced in, your participation and general experience in past and current trials and studies, interests -also financial- you may have, experience of staff / team, available resources, location, lab equipment, or other specific settings required for a specific clinical trial

    Information about contractual relationships is processed for the following purposes:

    • Generally, for pre-contractual measures and for the execution of the contract with us (Art. 6 (1) (b) GDPR).
    • The data might also be processed to disclose payments according to applicable laws or codes of practice of the pharmaceutical industry, based on your consent (Art. 6 (1) (a) GDPR) or in order to comply with a legal obligation (Art. 6 (1) (c) GDPR). This depends on the country where you have your professional address
    • To document our contractual relationships with you based on our legitimate interests to demonstrate compliance with applicable anti-corruption and similar legislation and to assess any reputational, legal and financial risks that the business relationship could expose Grünenthal to (Art. 6 (1) (f) GDPR)
    • The insights you provide in relation to your participation in (Scientific) Market Research and similar projects are processed to answer the specific project questions based on your consent (Art. 6 (1) (a) GDPR)
    • Data about investigators (and members of site staff) interested in participating in Clinical Studies are processed for the purposes of assessing the potential and suitabilityfor participating in a trial or study according to our legitimate interests to select suitable candidates to conduct the specific trials or studies (Art. 6 (1) (f) GDPR), or with your consent (Art. 6 (1) (a) GDPR). In addition, if you effectively participate in any such studies, we are legally required to process your personal data in accordance with applicable laws (Art. 6 (1) (c) GDPR). In such case, your data might be further processed insofar as this is necessary to continue the research and development in case we cease to pursue the Study (Art. 6 (1) (f) GDPR)

    In general, the information that is strictly necessary for the execution of the contract will be processed for as long as we are required to keep it according to tax law requirements (i. e. 10 years).

    Any other information will be kept for as long as our business relationship lasts, we can claim a legitimate interest, we are legally obliged to, we can claim a legitimate interest or as long as your consent remains valid (e. g. we will stop processing your personal data if you withdraw your consent).

     

     

    Where is your data stored?

    Grünenthal uses different IT systems and applications to store and process your data. You can be identifiable in these systems based on the use of direct identifiers, such as your name or e-mail address, or indirect identifiers, such as your registration ID or IP address.

    Grünenthal uses a central Customer Relationship Management system (“CRM”) in which we combine, update and rectify your personal data which you have provided to us or which was collected by us as outlined above in a central customer profile. This is necessary to pursue our legitimate interests to manage your personal data in the most effective way (for example, centralising your personal data helps us to easily keep it up-to-date), efficiently manage our relationship with you and enhance your customer experience as well as to facilitate our direct marketing efforts in the most efficient manner. You have the right to object to this kind of processing at any time. In such case Grünenthal will carefully evaluate your request and only continue to process your personal data to the extent that it is legally required or in accordance with your explicit consent.

    These data might be enriched as described above taking into account your preferences and interests as communicated to us or as a result of the tracking of your behaviour across online and offline sources, if you provide your consent or, when applicable, based on our legitimate interests to provide our customers with tailored information about our products or other educational or scientific content. In addition, in order to keep you up to date and informed about our products, we are collecting and maintaining your contact data and information regarding your professional skills with the help of OneKey, a database containing the current contact data and latest information regarding professional skills of active health professionals. OneKey is operated by IQVIA™ Commercial GmbH & Co. OHG, Albert-Einstein-Allee 3, 64625 Bensheim. All data processing is carried out in compliance with the so called ‘balance-of-interests clause’ as specified in Art. 6 (1) f) GDPR. When your data is registered in the OneKey database, IQVIA™ will then contact you in order to verify your data or update it if necessary, and then it can be accessed by other pharmaceutical companies. You have the right to object to the inclusion of your data into OneKey at any time. If you wish to raise an objection, please contact IQVIA™ or the OneKey data protection officer. In this case, please reach out to DatenschutzOneKeyDE@iqvia.com via e-mail. You will also find further information about OneKey at https://www.iqvia.com/OneKeyGermanyDE.

     

    Where do we receive your personal data from?

    We receive your personal data directly from you or as a result of the tracking of your behaviour across online and offline sources as outlined above (e. g. if you enter into a contractual relationship with us or if you visit our websites), and also from data suppliers and service providers, such as IQVIA or Contract Research Organizations if you are an investigator with an interest to participate, or who actually participates, in a clinical study where we are the sponsor. 

     

    How is your data protected?

    We ensure that the personal data we process from you is adequately protected by implementing state of the art technical and organizational measures. Access to our systems is strictly personal and purpose-driven based on a graduated authorization concept, that is, only those of our employees may access the data who require access for the particular processing purposes outlined above.

     

     

     

    Who will your data be shared with?

    Your personal data may be transferred to other Grünenthal affiliates and may be stored by contracted third parties such as software vendors and IT solution providers. We use Grünenthal proprietary and standard industry solutions to process your data in a safe environment.

    We may also share categories of your personal data listed above with certain service providers or third parties such as: IT providers for the purposes of system development and technical support (for example, IQVIA, Salesforce, Veeva or DOMO); auditors and consultants to verify our compliance with external and internal requirements; statutory bodies, law enforcement agencies and litigants, as per a legal reporting requirement or claim. If you consent to participate in (scientific) market research and similar projects, we may share your personal data with contracted parties to carry out such projects.

    Furthermore, if you are an investigator (or a member of the site staff) who is interested in participating, or who participates, in Clinical Studies where we are the sponsor, we may transfer your personal data to service providers (such as Contract Research Organizations that provide clinical trial management services to us), entities of the Grünenthal Group of companies, ethics committees, authorities (including via other business partners), external researchers, further third parties who may contribute to the research and development of the medicinal product tested (e.g., by funding clinical trials), or to commercial partners (i) who aim to continue the research and development in case we cease to pursue the study (e.g., for completion of the clinical trial) or (ii) in connection with the whole research and development program being licensed or sold as an asset by us to such commercial partners, in particular to enable them to comply with the statutory documentation requirements applicable to manufacturers or marketing authorization holders.

    Grünenthal does not sell personal data to third parties.

     

    Will your personal data be processed outside the European Union (“EU”)?

    While our internal servers are located within the EU, some of the third parties referred to above are located outside the EU or the European Economic Area (“EEA”), which means that your data will partly be processed in countries that may have a lower data protection level than European countries. In such cases, Grünenthal will ensure that a sufficient level of protection is provided for your data, e.g. by concluding specific agreements with these contractual partners and implementing any supplementary measures, if necessary.

     

    What are your data privacy rights?

    The following rights are available to you based on applicable privacy laws:

    • Right to information about personal data on you stored by us
    • Right to deletion or restriction of processing, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or in the event that the processing serves the enforcement, exercise or defence of legal claims
    • Right to correct your personal data
    • Right to object to processing on grounds of your own legitimate interest, public interest or our profiling, unless we can demonstrate compelling legitimate grounds which override your interests, rights and freedoms, or that such processing is for the purposes of asserting, exercising or defending legal claims
    • Right to data portability
    • Right to complain to a supervisory authority
    • You may withdraw your consent to the collection, processing and use of your personal data at any time, without affecting the lawfulness of processing based on consent before its withdrawal

    If you want to exercise your rights, you can address your request to dataprivacy.de@grunenthal.com or to the corresponding Grünenthal entity.

     

    This Data Privacy Statement was last updated on May 2022.

    M-N/A-IE-05-22-0009 May 2022

     

     

Data Privacy Notice Third Party Supplier

  • Read the full Privacy Statement for Third Party Suppliers

    GRÜNENTHAL Data Privacy Statement for Business Partners, Suppliers and other Third Parties

     

    Throughout this privacy statement, "GRÜNENTHAL," "we," "us," and

    "our(s)" means GRÜNENTHAL GmbH, GRÜNENTHAL Pharma GmbH & Co KG or the respective legal entity with which you may have a relationship. Grünenthal Pharma Limited (Ireland)

     

    We would like to give you an overview of the processing of your personal data by us, as well as inform you about your rights under the General Data Protection Regulation (Regulation (EU) 2016/679 - "GDPR"), The Data Protection Acts 1988-2018 (Ireland) and the German Federal Data Protection Act (“Bundesdatenschutzgesetz” - "BDSG").

     

    This privacy statement is relevant with regard to all personal data of data subjects with whom we enter into contractual-, business- or other relationships, as well as of governing bodies, managing directors, key account managers or other employees of our contractual or business partners, which we process in the context of existing or emerging contractual-, business- or other relationships. This includes, among others, existing or potential suppliers, service providers, customers or consultants, as well as existing or potential cooperation partners or other partner companies.

     

    What data do we process and where does it come from?

    The subject of the processing is your personal data that you yourself provide to us in the context of contractual and business relationships or that we receive from the respective contractual and business partners or that we have obtained otherwise. In some cases, we process personal data that we collect from publicly accessible sources such as trade registers, the press or the internet. Furthermore, in certain cases we receive information from third parties, e.g. credit agencies or business partners.

     

    The types of personal data concerned are primarily: surname, first name, address, bank details, billing address, tax number/VAT ID and other contact or master data, such as telephone number or e-mail address. However, the specific types of personal data processed by us will depend on the characteristics of your relationship with us. This data regularly relates solely to the business context, i.e. we only process private contact data in exceptional cases, for example if this is necessary to fulfill the contract with you.

     

    The scope of the data processed about a person also varies depending on the function in which the person appears to us, such as the position he or she holds with the respective (business) partner and the subject of the (business) relationship.

     

    What are the purposes and legal bases for the processing?

    We process the (your) personal data for the following purposes and on the basis of the following legal grounds:

     

    • Data processing is primarily carried out for the execution of contracts concluded with you or your employer with whom we have a business relationship, or for the execution of pre-contractual measures (Art. 6 (1) b GDPR). This relates, for example, to purchase and supply contracts and the processing of purchase and sales inquiries, authentication of contractual partners, processing and review of corresponding offers and inquiries, preparation and signing of contractual documents, execution of purchases and sales, invoicing and processing of purchase price payments, sending of information letters, service and work contracts as well as other contractual relationships.

     

    • In addition, we process your data on the basis of legal requirements pursuant to Art. 6 (1) c GDPR, as well as to protect our legitimate interests pursuant to Art. 6 (1) f GDPR. This is done in particular for the fulfillment of tax and other legal control and reporting obligations, as well as audits by tax or other authorities and to comply with legal retention periods. It also serves for optimal maintenance of contact support and customer relations, also with regard to the employees of our business partners, and to optimize our business processes, such as by maintaining a supplier or prospect database and centralizing or outsourcing corporate functions. Furthermore, this serves to mitigate default risks in our business processes by consulting credit agencies (e.g. Creditreform, Bürgel) and determining score values that help us assess the likelihood of contractual partners meeting their payment obligations in accordance with the contract on the basis of a recognized mathematical-statistical procedure. In this context, we may also receive information about the directors and shareholders of your company (e.g., names of directors and shareholders, nationality, triggers for potential conflicts of interest, etc.).  This information is needed to identify potential reputational and financial risks to which we may be exposed as a result of the business relationship and to comply with applicable anti-corruption, anti-money laundering and similar laws.

     

    • We may process your data for the assertion and defense of legal claims. This is the case, for example, if we conduct a judicial or extrajudicial dispute with you, for example, about the existence or non-existence of payment obligations. This also applies in particular in the case of claims asserted against us due to possible product defects. In this context, special types of personal data, e.g. concerning your state of health, may also be processed if this is necessary in an individual case, for example, in the event of claims for damages due to alleged damage to health caused by one of our products. In the context of legal disputes, we may transfer your data to our external legal advisors or experts. The legal basis for this processing is Art. 6 (1) f GDPR in conjunction with Art. 9 (2) f GDPR.

     

    • Insofar as you work with IT systems or hardware from GRÜNENTHAL in the course of your activities, personal data will be processed for the purposes of IT administration and security. This concerns, for example, login credentials, access logs and the like and serves to protect our systems from misuse and attacks by third parties. For more information, please refer to the specific terms of use for the respective system. The legal basis for the processing in this respect is Art. 6 (1) b GDPR, or Art. 6 (1) f GDPR.

     

    • If you use online meeting tools to interact with us, we might collect additional kinds of data. Please refer to the privacy statement on our website at gruntenthal.com for further details.

     

    • In individual cases, we process data because you have expressly consented to this (Art. 6 (1) a GDPR), for example in the receipt of advertising by electronic mail and/or telephone. You will receive specific information on this in the context of granting your consent.

     

    To whom do we transfer your personal data?

     

    Under certain circumstances (beyond the cases already mentioned above), your personal data might be passed on to third parties for the purposes mentioned above:

     

    • Personal data is transferred to other companies in our group of companies. Exchanges between different companies of the GRÜNENTHAL Group, including outside the European Union (“EU”), are based on EU standard data protection clauses and additional technical or organizational safeguards, if necessary.

     

    • Service providers, in particular data processors, receive personal data of our business partners or third parties we interact with that is required for the fulfillment of the respective service.

     

    • Information necessary for the processing of existing contracts is transferred to customers and suppliers.

     

    • Due to legal obligations to report and provide information, certain personal data is communicated to the competent authorities.

     

    • If it is necessary for the clarification or prosecution of illegal or abusive incidents or for the establishment, exercise or defense of legal claims, personal data is forwarded to our legal advisors, the law enforcement authorities and, if necessary, to injured third parties.

     

    • In the event of reorganizations or business restructurings, including financial restructurings, insolvency, M&A transactions, mergers, acquisitions, spin-offs, joint-ventures, assignments, sale or divestment of companies or parts thereof, any other sale or divestment of business or parts thereof, other business development activities such as in-licensing and out-licensing, personal data may be provided to the buyer, acquiring company, seller, merged companies, licensor, licensee, law firms and other consulting firms, liquidators, banks and other financial institutions, rating agencies and similar organizations. We will always carefully consider the need for such transfers and take steps (e.g., anonymization, pseudonymization or aggregation techniques) to reduce the amount of personal data to what is strictly necessary in such cases.

     

    • If you have designated recipients (e.g., emergency contacts), personal information will be provided to them when certain circumstances arise.

     

    In cooperation with service providers and other organizations, legal instruments are used to ensure that your personal data is processed lawfully and stored only as long as necessary. These are, for example, order processing agreements according to Art. 28 GDPR or agreements between joint controllers according to Art. 26 GDPR.

     

    As a rule, the servers on which your personal data is stored by us or one of our service providers are located on the territory of the EU. In the course of some processing activities, your personal data may be stored outside the EU or personal data may be accessed by persons performing their activities in countries outside the EU (e.g., helpdesk hotline staff). These countries might provide a lower level of data protection. If there is no adequacy decision according to Art. 45 GDPR for these countries, legal instruments are used that also ensure the confidentiality, integrity and availability of the (your) personal data. This includes in particular the signing of the so-called EU standard data protection clauses according to Art. 46 (2) c GDPR.

     

    How long do we store your data?

     

    We will retain and process your personal data for as long as we can claim a legitimate interest, we have valid consent from you, or there is a legal obligation for a certain period of time, which is determined or specified by applicable law and our company's IT security and data protection policies.

     

    What rights do you have?

     

    You have the following rights under applicable data protection laws:

     

    • Right to data portability if the legal requirements are met
    • Right to complain to a supervisory authority
    • Right to information about your personal data stored by us
    • The right to erasure or restriction of processing, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or in the event that the processing serves the purpose of asserting, exercising or defending legal claims
    • The right to have your personal data corrected
    • The right to object to processing which serves our legitimate interest, a public interest or profiling, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or in the event that the processing serves the purpose of asserting, exercising or defending legal claims
    • The right to withdraw your consent for the processing of your personal data at any time with effect for the future

     

    If you wish to exercise your rights, please send your request to dataprivacy.de@grunenthal.com.

     

    Who can you contact with questions or concerns about the processing of your data?

    In case of any questions regarding the protection of your personal data, you can contact our data protection team at the following address:

    Grünenthal’s Global Data Protection officer by using the following email address:

    dataprivacy.de@grunenthal.comOR ukdataprotectionofficer@grunenthal.com

    You may also contact GRÜNENTHAL's external data protection officer directly at the following email address: datenschutz.grunenthal@two-towers.eu

     

    You may also address questions and complaints also to Ireland’s Data Protection Supervisory Authority:

     

    Dublin Office

    Office of the Data Protection Commission

    21 Fitzwilliam Square

    Dublin 2

    D02 RD28

     

    You can contact the Office of the Data Protection Commission by emailing info@dataprotection.ie or by telephone at 01 7650100 / 1800 437 737.

    Status and amendment of this privacy statement

    The status of this privacy statement is 23.11.2021.

    We reserve the right to change this data protection declaration in the future within the framework of the applicable data protection laws and, if necessary, to adapt it to changed data processing realities. We will notify you separately of any significant changes to the content.

    M-N/A-IE-05-22-0010 May 2022

     

M-N/A-IE-05-22-0007 May 2022