;

Data Privacy Statement

This website, www.grunenthal.co.uk, (hereinafter “website”) is provided by Grünenthal Ltd (hereinafter “we”, “our” or “us”). We respect your privacy and are committed to protecting your information. The privacy policy below discloses our practices regarding information collection and usage solely for the website located at www.grunenthal.co.uk. If you are looking for further information on the provider of this website, please refer to our contact details at the end of this data privacy statement.

  • Read the full Privacy Statement

    This Privacy Notice applies to the use of your personal data obtained by us, whether from you directly or from a third party.
    With this privacy policy we would like to inform you about:

    1. Who do we collect information about?
    2. What data do we collect and what do we use it for?
    3. How is your data transferred?
    4. How long do we keep your personal data?
    5. Third party websites/services
    6. What rights do you have with regard to your data?
    7. What happens if you fail to provide your personal data?
    8. Requests and complaints

     

    Handling of personal data

    At Grünenthal, we believe transparency is the foundation of trustful collaboration. Below we have provided you with information on how we handle your personal data when you use our Website and our Services “Grunenthal UK”.

    About Us
    The Website and our Services are made available by Grünenthal Limited. Grünenthal Limited is the data controller responsible for your personal data. Grünenthal Limited (company no 03658396) is an English company with its registered office at Regus Lakeside House, 1 Furzeground Way, Stockley Park East Uxbridge, Middlesex, UB11 1BD.

    A. Who do we collect information about?
    We collect and process personal data from the following people:

    • Website visitors - If you browse our Website, contact us with an enquiry through our Website, submit a complaint through our Website or use any Services available on our Website, we will collect and process your personal data in connection with your interaction with us and our Website. See section 1 below for more detail.
    • Participants – if you are involved in a trial or participate in one of our research projects, we may process personal data about you in connection with your participation. See section B2 below for more detail.
    • Event attendees - If you attend one of our events, we will process personal data about you in connection with your attendance at the event. For example, we may ask you to complete a registration or feedback form, or other document relating to the event. See section 3 below for more detail.
    • Personnel that work for our clients, partners and suppliers (including subcontractors) - If you (or your organisation) supply products or services to us or otherwise partner with us, we may collect and process your personal data in connection with our receipt of those products and services and/or partnership. See section 5 below for more detail.
    • Job applicants - if you apply for a job with us, whether through the Website or otherwise, we will collect and process your personal data in connection with your application. See section 6 below for more detail.

    For information regarding how we process your personal data if you are a healthcare professional, please refer to the Data Privacy Statement HCP.
    B. What data do we collect and what do we use it for?
    We collect and receive personal data using different methods and we use it for the following purposes:
    1. Requests for information
    You can contact us directly by using the contact forms available on our website. In particular, you may provide us with the following information:

    • Name, surname and title
    • Address (Street, Postal Code, City)
    • Country
    • Contact data (e.g. e-mail address, phone number)
    • Message

    We collect, process and use the information you provide via the contact forms exclusively for the processing of your specific request.

    For example, the PMCPA Code of Practice and the ABPI allows pharmaceutical companies to provide grants or donations to third parties to improve patient care, full guidance can be viewed on the ABPI website. We (at Grunenthal) have created a fair, open and transparent applications process via our online “Contact Form” on www.grunenthal.co.uk

    Requests for Support is open to everyone, there is specific guidance on the nature of the requests we may consider and also notes on activities that we do not currently support, you will be asked to provide information outlined above as well as descriptors on the objective, project outlines and more.

    We will store the information you provide to us in contact forms for as long as we are legally obliged to or for as long as we have a legitimate interest.

    Our legal basis for processing

    It is in our legitimate interest to use your personal data in the ways described above to ensure that we are able to help you with your enquiry and provide a good standard of service to you.

    The same applies to data you send to us when using one of the designated email addresses indicated on our website.

    2. Provision of our Service
    We may collect and maintain personal data that you submit to us or we otherwise obtain for the purpose of supplying our Services.
    If you work for a client or partner or subcontractor the personal data we process may include:

    • name;
    • address;
    • email address;
    • telephone number;
    • your contact preferences;
    • the name of your organisation;
    • bank and account details;
    • information relating to a particular transaction;

    We process this information so that we can fulfil the supply of Services, maintain our user databases and to keep a record of how our Services are being used and provided.
    If you are participating in a trial or research project, the personal data we process may include

    • name;
    • address;
    • email address;
    • telephone number;
    • your contact preferences;
    • bank and account details;
    • information about your health;

    Our legal basis for processing

    It is in our legitimate interest or the legitimate interest of the organisation with whom you work to use personal data in such a way to ensure that we provide the Services to our clients in an effective and efficient way.
    Where we process information about your health, we will only do so with your explicit consent.

    3. Communicating digitally
    Primarily we keep connected with you via face to face interactions, however from time to time we may communicate to you via a digital channel, a telephone call, one to one calls (Veeva Engage) or meetings via other platforms such as MS teams or Zoom.

    Digital Channel Communication Process:

    • We capture e-consent verbally either via face to face interactions or by telephone with interested parties.
    • Once consent has been granted, we send a proforma email from our CRM (Customer relationship Management) system, this email outlines the permissions to be granted and the user is presented with an option to “ACCEPT” the e-permission.
    • This Explicit Permission is automatically captured against the individual’s record.

    The e-permission provides a secure channel for business to business contact via all of our digital channels. All subsequent communication from Grünenthal UK will include an opportunity for the recipient to “Unsubscribe” from the category of email sent. For example:

    An electronic promotional email will include an unsubscribe button at the footer, giving the recipient control over the type of communication they receive in the future.

    Our legal basis for processing

    The PMCPA code of practice, conditions that all “Promotional” contact via digital channels requires explicit consent / permission. Therefore, we will rely on your consent to communicate with your digitally. Our process for “Communicating with us digitally” is designed to comply with the PMCPA Code of Practice, UK Data Protection and GDPR legislation.

    4. Hosting and managing events
    From time to time, we may organise and host events for the purpose of medical education or promotional purposes. We may process the following data to communicate with you about such events where you have specifically requested information about such events or where we have another lawful basis for sending that information to you:

    • name;
    • address;
    • email address;
    • telephone number;
    • your contact preferences; and
    • the name of your organisation;

    If you attend one of our events, we may use your personal data to record your attendance at the event and for related record-keeping purposes and, if relevant, we may collect and process any dietary requirements you may have. You may also feature in photographs taken at our events and such photographs may appear in publications that we make available.

    Our legal basis for processing

    It is necessary for us to use your personal data in this way to perform our obligations in accordance with any contract that we may have with you where you have signed up to attend an event, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that the event is operated in an effective way.

    Where we communicate with you digitally in relation to the event, we may rely on your consent to process your data in this way. Please see the ‘Communicating digitally’ section above.

    We may specifically ask your permission to use your photographs, quotes, testimonials, or other content that you make available or publish at the event. Where this is the case, our processing of your such personal data will be based on consent.

    5. Insight, Analysis and Retargeting through Cookies
    We and our third-party partners use cookies, web beacons, pixel tags and other similar technologies (which we generically refer to as “Cookies”) to collect data from the devices that you use to access our Website. The data that is collected includes IP address, Date and time of access, time zone difference to Greenwich Mean Time (GMT), Content of request (specific site), Status of access/HTTP status code, transferred volume of data, Website requesting access, browser, language settings, version of browser software operating system and surface.

    We and our third-party partners use this data to enable certain functionality on the Website, analyse how you use Website and the effectiveness of our Website and for retargeting purposes.

    Please see our Cookie Notice for further information of the data we collect and how we use it, including details of our third-party partners.

    Our legal basis for processing

    Where your data is collected through the use of non-essential cookies, we rely on consent to collect [and use] your data.
    Please see our Cookie Notice for further details about how you can withdraw your consent.

    6. Marketing
    We may send you (or the organisation you represent) marketing communications by email. We may process the following data:

    • name;
    • address;
    • email address;
    • telephone number;
    • your contact preferences; and
    • the name of your organisation;

    Our email marketing communications will include press releases and information including industry news, recent work, and thought leadership, as well as general information about our organisation, our Website, the Services we provide and the events and promotions we offer.

    Our legal basis for processing

    We rely on your consent to send you such email marketing communications.

    7. Receipt of services from suppliers
    If we have engaged you or the organisation you represent to provide us with products or services (for example, if you or the organisation you represent provide us with services such as IT support or financial advice), we will collect and process your personal data in order to manage our relationship with you or the organisation you represent, to receive products and services from you or the organisation you represent and, where relevant, to provide our Services to others.
    We may process the following data:

    • name;
    • address;
    • email address;
    • telephone number;
    • your contact preferences;
    • the name of your organisation;
    • bank and account details;
    • information relating to a particular transaction;

    and any other personal data you volunteer which is relevant to our relationship with you or the organisation you represent.

    Our legal basis for processing

    It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you or it is in our legitimate interest to use personal data in such a way to ensure that we have an effective working relationship with you or the organisation you represent and are able to receive the services that you or your organisation provides, and provide our Services to others, in an effective way.

    Where we communicate with you digitally in relation to the services you provide, we may rely on your consent to process your data in this way. Please see the ‘Communicating digitally’ section above.

    8. Recruitment.
    We use your personal data for recruitment purposes, in particular, to assess your suitability for any of our positions that you apply for, whether such application has been received by us online, by email or by hard copy and whether submitted directly by you or by a third party recruitment agency on your behalf. We also use your personal data to communicate with you about the recruitment process, to keep records about our recruitment process and to comply with our legal and regulatory obligations in relation to recruitment.

    We will process any personal data about you that you volunteer, including during any interview, when you apply for a position with us. We may also process your personal data obtained from any third parties we work with in relation to our recruitment activities, including without limitation, recruitment agencies, background check providers, credit reference agencies and your referees.

    The personal data we process may include:

    • name;
    • address;
    • email address;
    • telephone number;
    • social media handle;
    • your contact preferences;
    • date of birth;
    • gender;
    • country;
    • nationality;
    • username
    • any KYC information that we may collect;
    • details of your education, qualifications and employment history;
    • any other personal data which appears in your curriculum vitae or application;
    • any personal data that you volunteer during an interview or your interactions with us; or
    • any personal data which is contained in any reference about you that we receive.

    Such information may also include special categories of personal data (such as information about your health, any medical conditions and your health and sickness records) and information relating to criminal convictions and offences if that information is relevant to the role you are applying for.

    We also use your personal data for the purposes of reviewing our equal opportunity profile in accordance with applicable legislation. We do not discriminate on the grounds of gender, race, ethnic origin, age, religion, sexual orientation, disability or any other basis covered by local legislation. All employment-related decisions are made entirely on merit.

    Our legal basis for processing

    Where we use your personal data in connection with recruitment, it will be in connection with us taking steps at your request to enter into a contract we may have with you or it is in our legitimate interest to use personal data in such a way to ensure that we can make the best recruitment decisions. We will not process any special (or sensitive) categories of personal data or personal data relating to criminal convictions or offences except where we are able to do so under applicable legislation or with your explicit consent.

    C. How is your data transferred?

    1. Who do we transfer data to?
    When processing your personal data, we may need to share it with third parties (including other entities within our group of companies), such as:

    • Third-party organisations that provide applications/functionality, data processing or IT services (e.g. Veeva CRM or SAP)
    • Payment providers and banks
    • Event partners and suppliers
    • Recruitment agencies and related organisations
    • Auditors, lawyers, accountants and other professional advisers
    • Law enforcement or other government and regulatory agencies and bodies

    Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, or to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

    We carefully select and regularly monitor such service contractors, and we will only share personal data with others when we are legally permitted to do so. They will only process personal data upon our instruction and strictly in accordance with our instructions, based on respective data processor agreements which include data protection, confidentiality and security standards and obligations.

    2. Processing of data outside the EU/the EEA
    Your data will partly be processed in countries outside the European Union (“EU”) or the European Economic Area (“EEA”). The respective countries may have a lower data protection level than European countries. When transferring your personal data outside the EU or the EEA, we will comply with our legal and regulatory obligations in relation to your personal data, including having a lawful basis for transferring personal data and putting appropriate safeguards in place to ensure an adequate level of protection for the personal data.

    We will take reasonable steps to ensure the security of your personal data in accordance with applicable data protection laws.
    When transferring your personal data outside the EU or the EEA, we will ensure that, where required by applicable law, at least one of the following safeguards is implemented:

    Adequacy decisions: We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see  https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en

    Model clauses: Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see  https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en

    D. How long do we keep your personal data?
    In respect of personal data that we process in connection with the supply of our Services, we may retain your personal data for up to six years from the date of supply of the relevant Services and in compliance with our data protection obligations. We may then destroy such files without further notice or liability.

    In respect of any other personal data that we process, we will retain relevant personal data for up to three years from the date of our last interaction with you and in compliance with our data protect obligations. We may then destroy such files without further notice or liability.

    If any personal data is only useful for a short period (e.g. for a specific event or marketing campaign or in relation to recruitment), we will not retain it for longer than the period for which it is used by us.

    If you have opted out of receiving marketing communications from us, we will need to retain certain personal data on a suppression list indefinitely so that we know not to send you further marketing communications in the future.

    E. Third party websites/services
    This privacy statement does not apply to your interaction with services provided by third parties.
    We include third-party services and/or content on our Website. When you use such third-party services or when third-party content is displayed, communication data are exchanged between you and the respective provider for technical reasons. The respective provider of the services or content may also process your data for their own additional purposes. To the best of our knowledge, we have configured the services and content of providers known to process data for their own purposes in such a way that either:

    a) any communication for other purposes than to present their services or content on our Website is blocked, or
    b) communication only takes place once you have actively opted to use the respective service.

    Your browsing and interactions on any other websites, or your dealings with any other third party service provider, is subject to that website’s or third party service provider’s own rules and policies.

    For further information regarding the scope and purpose of such collection and processing of your data, please consult the privacy statements of the providers whose services and/or content we include and who are responsible for the protection of your data in this context. We do not monitor, control or endorse the privacy practices of any third parties.
    For the purpose of the interactive design of our Website, third-party content from Youtube and Vimeo is integrated into this Website.
    Where we process your personal data for this integration, we do so for the purposes of legitimate interests to present our services and our activities in a multimedia format.

    Please refer to our Cookie Notice for more information.

    F. What rights do you have with regard to your data?
    You have the following rights according to applicable data privacy laws:

    • right of information about your personal data stored by us;
    • right to request the correction, deletion (provided that we are not legally obliged to keep the data)or restricted processing of your personal data;
    • right to object to a processing for reasons of our own legitimate interest, public interest or profiling, unless we are able to prove that there are compelling, warranted reasons overruling your interests, rights and freedom exist, or that such processing is done for purposes of the assertion, exercise or defense of legal claims;
    • right to data portability;
    • right to file a complaint with a data protection authority.
    • You may revoke your consent to the collection, processing and use of your personal data at any time with future effect. For further information please refer to the chapters above describing the processing of data based on your consent.

    G. What happens if you fail to provide your personal data?
    Where we are required by law to collect your personal data, or we need to collect your personal data under the terms of a contract we have with you, and you fail to provide that personal data when we request it, we may not be able to perform the contract we have or are trying to enter into with you. This may apply where you do not provide the personal data we need in order to provide the Services you have requested from us or to process an application for employment with us. In this case, we may have to cancel your application or the provision of the relevant Services to you, in which case we will notify you.

    H. Requests and complaints
    If, as the data subject, you have any questions regarding our data privacy or if you do not agree with the way in which Grünenthal or persons at Grünenthal process your data you can get in touch with Grünenthal’s Global Data Protection officer by using the following email address: ukdataprotectionofficer@grunenthal.com

    Data Protection Supervisory Authority
    You may address questions and complaints also to the Authority:

    Information Commissioner Office
    Wycliffe House
    Water Lane
    Wilmslow
    Cheshire
    SK9 5AF

    Telephone: 0303 123 1113


    By Webchat: https://ico.org.uk/global/contact-us/live-chat/
    Further details are available through their website https://ico.org.uk/global/contact-us/

    Amendment of Privacy Statement
    We may update our Data Privacy Statement from time to time and we will publish these updates on our Website. They become effective upon publication. So we recommend you regularly visit the site to keep yourself informed on possible amendments.

    This Data Privacy Statement was last updated on February 2021.

    M-N/A-UK-02-21-0007 February 2021

Data Privacy Statement HCP

In this Data Privacy Statement, “Grünenthal”, “we”, “us”’’ and ‘’our’’ refers to Grünenthal GmbH. As a science-based pharmaceutical company, we may process your personal data for the purposes and by the manners described in this Privacy Statement.

We take the privacy and security of your personal data very seriously. In particular, with this privacy policy, we would like to inform you about the data we may collect from you, the purposes of processing these data, the way the data are collected, processed and protected, and to what extent they are transmitted to third parties. We also explain which rights you have with regards to this data and provide useful contact details in case you have questions or concerns. 

  • Read the full Privacy Statement for Healthcare Professionals

    The collection and processing of personal data is carried out in accordance with the applicable law, namely the General Data Protection Regulation (GDPR).

    What information do we collect / process, and for what purposes?
    The types of personal data and the purposes why we process your data differ depending on the specific data processing activities, and can be grouped according to the following categories:

    1. Professional data
    2. Interaction documentation
    3. Medical information requests
    4. Information about our contractual relationships with you

    Click on each category to find out more about the types of personal data processed and the purposes for the processing of your data in each case. Categories 2, 3 and 4 only apply for registered healthcare professionals.

    I. Professional data

    What are professional data?
    Examples of professional data that we collect are:

    • Your name
    • Your professional address
    • Professional contact details such as phone numbers, fax numbers and e-mail address (es)
    • Technical information about your device when you visit our websites, social media or similar digital channels, such as your IP address, device type, device and advertising identifiers, browser type and version, and other standard server log information
    • Other personal data you choose to provide to us

    In case you are a registered healthcare professional in your country we may also collect:

    • Medical specialty
    • Name of your practice / clinic / hospital
    • General Medical Council (GMC) identifier
    • Name and job title of clinic and nursing staff
    • Other professional data you choose to provide to us

    How do we collect professional data?
    We gather professional data from public registers, from data brokers like, for instance, IQVIA Commercial GmbH & Co. KG (formerly IMS GmbH) and from our sales force and/or other Grünenthal employees that interact with you. Information deriving from activities in our websites, social media profiles, etc. is collected via so-called “cookies”. Cookies are small text files that are stored in the memory of your terminal via your browser and store certain information (for example your preferred language or site settings). Your browser may retransmit these to us when you revisit our website, depending on the lifespan of the cookie.

    Why do we process your professional data?
    Professional data is stored and processed by us for different purposes:

    • Sending drug safety-relevant information (e.g. Dear Doctor Letter)
    • Contacting you in case of queries about reported adverse reactions or to answer your scientific questions
    • Planning for further interactions
    • Sending newsletters or reaching out to you through digital means, such as e-mail, if you have given us a consent for this purpose
    • If necessary, sending information material by post
    • Documentation and correspondence on contract-related topics and other interactions with you
    • Complaint management
    • Analyse the effectiveness of our different campaigns and assess if they meet the predefined goals
    • Evaluate the effectiveness and impact of our marketing material
    • Analyse how to best optimize our resources and design the customer experience

    What is the legal basis for the processing of your professional data?
    The legal basis for the processing of these professional personal data may be: your consent for processing for specific purposes pursuant to Art. 6 (1) a) GDPR granted by you (e. g. for sending you our newsletter), our legitimate interest under Art. 6 (1) f) GDPR (e. g. for the planning of sales force visits or assessing the effectiveness of campaigns and impact of our marketing material) and / or in accordance with Art. 6 (1) (c) GDPR, fulfilment of a legal obligation to which the responsible is subject (e. g. for the information exchange relevant for drug safety and pharmacovigilance).

    II. Interaction documentation

    What is “interaction documentation” data?
    Interaction documentation includes the following data:

    • Date of interaction
    • Name of the conversation partner, if applicable
    • Information about giving a sample, if applicable
    • Name of the products that have been discussed, if applicable
    • Indications that have been discussed
    • Your voluntary information on product and information interests
    • Your voluntary information about the prescription of our products in practice

    How do we collect “interaction documentation” data?
    Interaction documentation is registered by our teams in our systems during and/or after each interaction, especially if you are a registered healthcare professional in your country.
      
    Why do we process “interaction documentation” data?
    We use the data collected during the interaction for the following purposes:

    • To coordinate the visits of our field staff
    • For legally required sample documentation
    • To plan the submission of informational materials to you
    • To respect our legal obligations to document HCP interactions
    • Analyse the effectiveness of our different campaigns and assess if they meet the predefined goals
    • Evaluate the effectiveness and impact of our marketing material
    • Analyse how to best optimize our resources and design the customer experience

    What is the legal basis for the processing of “interaction documentation” data?

    The legal basis for the collection and processing of this data may be: a consent granted by you for processing for specific purposes pursuant to Art. 6 (1) a) GDPR (e. g. for sending information materials to you), our legitimate interest under Art. 6 (1) f) GDPR (e. g. for the coordination of visits of our field staff or assessing the effectiveness of campaigns and impact of our marketing material) and the fulfilment of a legal obligation according to Art. 6 (1) c) GDPR (e. g. for the purpose of documenting giving away a sample.)

    III. Information about your medical information requests and other professional interests

    What information do we process about your medical information requests and other professional interests?
    We process the following information about your medical information requests and other professional interests in our systems:

    • Product or indication related questions
    • Product or indication related areas of interests and focus
    • Scientific / medical and / or professional fields of interest
    • General information about the patient population
    • Membership in medical associations
    • Publications, including postings and announcements in social media channels
    • Documentation of the consent ("opt-in") allowing us to send you our newsletter or reach out to you by digital means
    • Your interest in a contractual collaboration (lectures, events, medical education, consultancy)
    • Your activities on our websites and online presences (e.g. viewed pages, visits on our social media profiles, received newsletters, clicks on our online advertisements)
    • Technical information about your device when you visit our websites, social media or similar digital channels, such as your IP address, device type, device and advertising identifiers, browser type and version, and other standard server log information

    How is the information about your medical information requests and other professional interests collected?
    This information is usually collected by phone, email, fax or direct face to face interaction with our team members. Information deriving from activities in our websites, social media profiles, etc. is collected via so-called “cookies”. Cookies are small text files that are stored in the memory of your terminal via your browser and store certain information (for example your preferred language or site settings). Your browser may retransmit these to us when you revisit our website, depending on the lifespan of the cookie. We also collect information about your interests in our products, campaigns and other related content, when you have given us your explicit consent to receive this information through digital means from us. For example, when you receive an e-mail about a certain campaign from us, we are able to see whether you have accessed the content of this e-mail; this helps us assess the effectiveness of our different campaigns and improve the manner in which the information is presented.

    Why do we process information about medical information requests and other professional interests?
    Information about your medical information requests and other professional interests is used for the following purposes:

    • Answering your medical information requests
    • Planning the distribution of scientific and other information materials
    • Relaying individually tailored information
    • Sending newsletters
    • Offers for contractual cooperation
    • Invitations to events
    • Analyse the effectiveness of our different campaigns and assess if they meet the predefined goals
    • Evaluate the effectiveness and impact of our marketing material
    • Analyse how to best optimize our resources and design the customer experience

    What is the legal basis for the processing of information about medical information interests and other professional interests?
    The basis for the collection / storage of data is a consent granted by you pursuant to Art. 6 (1) a GDPR (e. g. for sending newsletters) or our legitimate interest under Art. 6 (1) f) GDPR (e. g. for assessing the effectiveness of campaigns and impact of our marketing material).

    IV. Information about our contractual relationship with you

    What information do we process about our contractual relationship with you?
    We collect and process data to plan and fulfil our contractual relationships with you. These include:

    • Contract documentation
    • Fees
    • Invoices, payment documentation, travel expense reports
    • Employer authorizations obtained for hospital doctors
    • Documentation of the services provided
    • Invitations to events
    • Covered event costs, travel expenses
    • Documentation of participation in events

    How do we collect this data?
    The data is usually collected while setting up the contract, insofar as this is necessary for the execution, fulfilment and documentation of the collaboration.

    Why do we process this data?
    The processing of this data serves the following purposes:

    • Execution of the contract
    • Pre-contractual measures
    • Fulfilment of the legal obligations to establish transparency and fulfilment of documentation requirements ("compliance")
    • To disclose payments under local Transparency Codes
    • Planning and execution of events
    • Analyse the effectiveness of our different campaigns and assess if they meet the predefined goals
    • Evaluate the effectiveness and impact of our marketing material
    • Analyse how to best optimize our resources and design the customer experience

    What is the legal basis for the processing of this data?
    The legal basis for the collection and processing of this data may be a consent granted by you for processing for specific purposes pursuant to Art. 6 (1) a) GDPR (e.g. disclosing payment information in accordance with the Transparency Code), for fulfilling a contract or precontractual measures pursuant to Art. 6 (1) b) GDPR (e. g. for execution of the contract), for fulfilment of a legal obligation under Art. 6 (1) c) GDPR (e. g. for the purposes of meeting the requirements of compliance regulations) or a legitimate interest pursuant to Art. 6 (1) f) GDPR (e. g. for the avoidance of any compliance risks or assessing the effectiveness of campaigns and impact of our marketing material).

    Where is your data stored?
    Grünenthal uses different IT systems and applications to store and process your data. You can be identifiable in these systems based on the use of direct identifiers, such as your name or e-mail address, or indirect identifiers, such as your registration ID or IP address.

    Grünenthal uses a central Customer Relationship Management System (“CRM”) in which we combine, update and rectify your personal data which you have provided to us or which was collected by us as outlined above in a central customer profile. This is necessary to pursue our legitimate interests in managing your personal data in the most effective way (for example, centralising your personal data helps us to easily keep it up-to-date), efficiently managing our relationship with you and enhance your customer experience as well as to facilitate our direct marketing efforts in the most efficient manner. You have the right to object to this kind of processing at any time. In such case Grünenthal will carefully evaluate your request and only continue to process your personal data to the extent that it is legally required or in accordance with your explicit consent.

    In addition, in order to keep you up to date and informed about our products, we are collecting and maintaining your contact data and information regarding your professional skills with the help of OneKey, a database containing the current contact data and latest information regarding professional skills of active health professionals. OneKey is operated by IQVIA™ Commercial GmbH & Co. OHG, Albert-Einstein-Allee 3, 64625 Bensheim. All data processing is carried out in compliance with the so called ‘balance-of-interests clause’ as specified in Art. 6 (1) f) GDPR. When your data is registered in the OneKey database, IQVIA™ will then contact you in order to verify your data or update it if necessary, and then it can be accessed by other pharmaceutical companies. You have the right to object to the inclusion of your data into OneKey at any time. If you wish to raise an objection, please contact IQVIA™ or the OneKey data protection officer. In this case, please reach out to DatenschutzOneKeyDE@iqvia.com via e-mail. You will also find further information about OneKey at https://www.iqvia.com/OneKeyGermanyDE.

    How is your data protected?
    We ensure that the personal data we process from you is adequately protected by taking state of art technical and organizational measures. Access to our systems is strictly personal and purpose based on a graduated authorization concept, that is, only those of our employees may access the data who require access for the particular processing purposes outlined above.

    How long will your personal data be processed for?
    We will store and process your personal data as long as we can claim a legitimate interest, you have provided a valid consent or if there is a legal requirement for a specific time period which is determined by applicable laws and the company´s IT security and data privacy policies, as the case may be.

    Will your data be transferred?
    Your personal data may be transferred to other Grunenthal affiliates and may be stored by contracted third parties as software vendors and IT solution providers. We use Grunenthal proprietary and standard industry solutions to process your data in a safe environment.

    We may also share categories of your personal data listed above with certain service providers or third parties such as: IT providers for the purposes of system development and technical support (for example, IQVIA, Salesforce, Veeva or DOMO); auditors and consultants to verify our compliance with external and internal requirements; statutory bodies, law enforcement agencies and litigants, as per a legal reporting requirement or claim.

    Some of these parties are located outside the European Union (“EU”) or the European Economic Area (“EEA”), which means that your data will partly be processed in countries that may have a lower data protection level than European countries. In such cases, Grünenthal will ensure that a sufficient level of protection is provided for your data, e.g. by concluding specific agreements with these contractual partners.

    Grunenthal does not sell personal data to third parties. We do permit third parties to collect information through our website but only for the purposes described herein and as described in our Cookie Notice. 

    What are your data privacy rights?
    The following rights are available to you based on applicable privacy laws:

    • Right to information about personal data on you stored by us
    • Right to deletion or restriction of processing, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or in the event that the processing serves the enforcement, exercise or defence of legal claims
    • Right to correct your personal data
    • Right to object to processing that serves our legitimate interest, a public interest or profiling, unless we can establish compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or, in case, that the processing serves the enforcement, exercise or defence of legal claims
    • Right to data transferability
    • Right to complain to a supervisory authority
    • You may withdraw your consent to the collection, processing and use of your personal data at any time from that point in time onwards.

    If you want to exercise your rights, please address your request to dataprivacy.de@grunenthal.com

    or ukdataprotectionofficer@grunenthal.com

    Who can you contact in case of questions or concerns regarding the processing of your data?

    In case of any questions regarding our data privacy you can get in touch with our company data protection team at the following address:
    Grünenthal GmbH, Zieglerstr. 652078 Aachen

    Or by e-mail:
    dataprivacy.de@grunenthal.com

    You may also directly contact Grünenthal´s external Data Protection Officer by using the following email address: datenschutz.grunenthal@two-towers.eu

     

    M-NA-UK-02-21-0008 February 2021

M-N/A-UK-03-21-0008 March 2021

 

External Link:

You are now leaving the Grünenthal (UK) website. You will be re-directed to an external website. Grünenthal UK Ltd. accepts no responsibility for the content of other websites.

... Cancel ... Ok