Data Privacy Statements Grünenthal Ltd, UK

Data Privacy Notice

This website, www.grunenthal.com, (hereinafter “Website”) is provided by Grünenthal Limited (hereinafter “we”, “our” or “us”). We respect your privacy and are committed to protecting your information. The privacy policy below discloses our practices regarding information collection and usage for the website located at www.grunenthal.co.uk and Grunenthal Limited in connection with the provision of our product and services (the “Services”).

We may handle your personal data in relation to our Website because this is necessary to make certain functionalities of our website available and give you the best possible experience.

This Privacy Notice applies to the use of your personal data obtained by us, whether from you directly or from a third party.
With this privacy policy we would like to inform you about:

  1. Who do we collect information about?
  2. What data do we collect and what do we use it for?
  3. How is your data transferred?
  4. How long do we keep your personal data?
  5. Third party websites/services
  6. What rights do you have with regard to your data?
  7. What happens if you fail to provide your personal data?
  8. Requests and complaints

 

Handling of personal data

At Grünenthal, we believe transparency is the foundation of trustful collaboration. Below we have provided you with information on how we handle your personal data when you use our Website and our Services “Grunenthal UK”.

About Us

The Website and our Services are made available by Grünenthal Limited. Grünenthal Limited is the data controller responsible for your personal data. Grünenthal Limited (company no 03658396) is an English company with its registered office at 1 Stokenchurch Business Park, Ibstone Road, Stokenchurch, Bucks HP14 3FE.

A. Who do we collect information about?
We collect and process personal data from the following people:

  • Website visitors - If you browse our Website, contact us with an enquiry through our Website, submit a complaint through our Website or use any Services available on our Website, we will collect and process your personal data in connection with your interaction with us and our Website. See section 1 below for more detail.
  • Participants – if you are involved in a trial or participate in one of our research projects, we may process personal data about you in connection with your participation. See section B2 below for more detail.
  • Event attendees - If you attend one of our events, we will process personal data about you in connection with your attendance at the event. For example, we may ask you to complete a registration or feedback form, or other document relating to the event. See section 3 below for more detail.
  • Personnel that work for our clients, partners and suppliers (including subcontractors) - If you (or your organisation) supply products or services to us or otherwise partner with us, we may collect and process your personal data in connection with our receipt of those products and services and/or partnership. See section 5 below for more detail.
  • Job applicants - if you apply for a job with us, whether through the Website or otherwise, we will collect and process your personal data in connection with your application. See section 6 below for more detail.

For information regarding how we process your personal data if you are a healthcare professional, please refer to the Data Privacy Statement HCP.

B. What data do we collect and what do we use it for?
We collect and receive personal data using different methods and we use it for the following purposes:

1. Requests for information
You can contact us directly by using the contact forms available on our website. In particular, you may provide us with the following information:

  • Name, surname and title
  • Address (Street, Postal Code, City)
  • Country
  • Contact data (e.g. e-mail address, phone number)
  • Message

We collect, process and use the information you provide via the contact forms exclusively for the processing of your specific request.

For example, the PMCPA Code of Practice and the ABPI allows pharmaceutical companies to provide grants or donations to third parties to improve patient care, full guidance can be viewed on the ABPI website. We (at Grunenthal) have created a fair, open and transparent applications process via our online “Contact Form” on www.grunenthal.co.uk

Requests for Support is open to everyone, there is specific guidance on the nature of the requests we may consider and also notes on activities that we do not currently support, you will be asked to provide information outlined above as well as descriptors on the objective, project outlines and more.

We will store the information you provide to us in contact forms for as long as we are legally obliged to or for as long as we have a legitimate interest.

Our legal basis for processing

It is in our legitimate interest to use your personal data in the ways described above to ensure that we are able to help you with your enquiry and provide a good standard of service to you.

The same applies to data you send to us when using one of the designated email addresses indicated on our website.

2. Provision of our Service
We may collect and maintain personal data that you submit to us or we otherwise obtain for the purpose of supplying our Services.
If you work for a client or partner or subcontractor the personal data we process may include:

  • name;
  • address;
  • email address;
  • telephone number;
  • your contact preferences;
  • the name of your organisation;
  • bank and account details;
  • information relating to a particular transaction;

We process this information so that we can fulfil the supply of Services, maintain our user databases and to keep a record of how our Services are being used and provided.
If you are participating in a trial or research project, the personal data we process may include

  • name;
  • address;
  • email address;
  • telephone number;
  • your contact preferences;
  • bank and account details;
  • information about your health;

Our legal basis for processing

It is in our legitimate interest or the legitimate interest of the organisation with whom you work to use personal data in such a way to ensure that we provide the Services to our clients in an effective and efficient way.
Where we process information about your health, we will only do so with your explicit consent.

3. Communicating digitally
Primarily we keep connected with you via face to face interactions, however from time to time we may communicate to you via a digital channel, a telephone call, one to one calls (Veeva Engage) or meetings via other platforms such as MS teams or Zoom.

Digital Channel Communication Process:

  • We capture e-consent verbally either via face to face interactions or by telephone with interested parties.
  • Once consent has been granted, we send a proforma email from our CRM (Customer relationship Management) system, this email outlines the permissions to be granted and the user is presented with an option to “ACCEPT” the e-permission.
  • This Explicit Permission is automatically captured against the individual’s record.

The e-permission provides a secure channel for business to business contact via all of our digital channels. All subsequent communication from Grünenthal UK will include an opportunity for the recipient to “Unsubscribe” from the category of email sent. For example:

An electronic promotional email will include an unsubscribe button at the footer, giving the recipient control over the type of communication they receive in the future.

Our legal basis for processing

The PMCPA code of practice, conditions that all “Promotional” contact via digital channels requires explicit consent / permission. Therefore, we will rely on your consent to communicate with you digitally. Our process for “Communicating with us digitally” is designed to comply with the PMCPA Code of Practice, UK Data Protection and GDPR legislation.

4. Hosting and managing events
From time to time, we may organise and host events for the purpose of medical education or promotional purposes. We may process the following data to communicate with you about such events where you have specifically requested information about such events or where we have another lawful basis for sending that information to you:

  • name;
  • address;
  • email address;
  • telephone number;
  • your contact preferences; and
  • the name of your organisation;

If you attend one of our events, we may use your personal data to record your attendance at the event and for related record-keeping purposes and, if relevant, we may collect and process any dietary requirements you may have. You may also feature in photographs taken at our events and such photographs may appear in publications that we make available.

Our legal basis for processing

It is necessary for us to use your personal data in this way to perform our obligations in accordance with any contract that we may have with you where you have signed up to attend an event, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that the event is operated in an effective way.

Where we communicate with you digitally in relation to the event, we may rely on your consent to process your data in this way. Please see the ‘Communicating digitally’ section above.

We may specifically ask your permission to use your photographs, quotes, testimonials, or other content that you make available or publish at the event. Where this is the case, our processing of your such personal data will be based on consent.

5. Insight, Analysis and Retargeting through Cookies
We and our third-party partners use cookies, web beacons, pixel tags and other similar technologies (which we generically refer to as “Cookies”) to collect data from the devices that you use to access our Website. The data that is collected includes IP address, Date and time of access, time zone difference to Greenwich Mean Time (GMT), Content of request (specific site), Status of access/HTTP status code, transferred volume of data, Website requesting access, browser, language settings, version of browser software operating system and surface.

We and our third-party partners use this data to enable certain functionality on the Website, analyse how you use Website and the effectiveness of our Website and for retargeting purposes.

Please see our Cookie Notice for further information of the data we collect and how we use it, including details of our third-party partners.

Our legal basis for processing

Where your data is collected through the use of non-essential cookies, we rely on consent to collect [and use] your data.

Please see our Cookie Notice for further details about how you can withdraw your consent.

6. Marketing
We may send you (or the organisation you represent) marketing communications by email. We may process the following data:

  • name;
  • address;
  • email address;
  • telephone number;
  • your contact preferences; and
  • the name of your organisation;

Our email marketing communications will include press releases and information including industry news, recent work, and thought leadership, as well as general information about our organisation, our Website, the Services we provide and the events and promotions we offer.

Our legal basis for processing

We rely on your consent to send you such email marketing communications.

7. Receipt of services from suppliers
If we have engaged you or the organisation you represent to provide us with products or services (for example, if you or the organisation you represent provide us with services such as IT support or financial advice), we will collect and process your personal data in order to manage our relationship with you or the organisation you represent, to receive products and services from you or the organisation you represent and, where relevant, to provide our Services to others.
We may process the following data:

  • name;
  • address;
  • email address;
  • telephone number;
  • your contact preferences;
  • the name of your organisation;
  • bank and account details;
  • information relating to a particular transaction;

and any other personal data you volunteer which is relevant to our relationship with you or the organisation you represent.

Our legal basis for processing

It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you or it is in our legitimate interest to use personal data in such a way to ensure that we have an effective working relationship with you or the organisation you represent and are able to receive the services that you or your organisation provides, and provide our Services to others, in an effective way.

Where we communicate with you digitally in relation to the services you provide, we may rely on your consent to process your data in this way. Please see the ‘Communicating digitally’ section above.

8. Recruitment.
We use your personal data for recruitment purposes, in particular, to assess your suitability for any of our positions that you apply for, whether such application has been received by us online, by email or by hard copy and whether submitted directly by you or by a third party recruitment agency on your behalf. We also use your personal data to communicate with you about the recruitment process, to keep records about our recruitment process and to comply with our legal and regulatory obligations in relation to recruitment.

We will process any personal data about you that you volunteer, including during any interview, when you apply for a position with us. We may also process your personal data obtained from any third parties we work with in relation to our recruitment activities, including without limitation, recruitment agencies, background check providers, credit reference agencies and your referees.

The personal data we process may include:

  • name;
  • address;
  • email address;
  • telephone number;
  • social media handle;
  • your contact preferences;
  • date of birth;
  • gender;
  • country;
  • nationality;
  • username
  • any KYC information that we may collect;
  • details of your education, qualifications and employment history;
  • any other personal data which appears in your curriculum vitae or application;
  • any personal data that you volunteer during an interview or your interactions with us; or
  • any personal data which is contained in any reference about you that we receive.

Such information may also include special categories of personal data (such as information about your health, any medical conditions and your health and sickness records) and information relating to criminal convictions and offences if that information is relevant to the role you are applying for.

We also use your personal data for the purposes of reviewing our equal opportunity profile in accordance with applicable legislation. We do not discriminate on the grounds of gender, race, ethnic origin, age, religion, sexual orientation, disability or any other basis covered by local legislation. All employment-related decisions are made entirely on merit.

Our legal basis for processing

Where we use your personal data in connection with recruitment, it will be in connection with us taking steps at your request to enter into a contract we may have with you or it is in our legitimate interest to use personal data in such a way to ensure that we can make the best recruitment decisions. We will not process any special (or sensitive) categories of personal data or personal data relating to criminal convictions or offences except where we are able to do so under applicable legislation or with your explicit consent.

C. How is your data transferred?

1. Who do we transfer data to?
When processing your personal data, we may need to share it with third parties (including other entities within our group of companies), such as:

  • Third-party organisations that provide applications/functionality, data processing or IT services (e.g. Veeva CRM or SAP)
  • Payment providers and banks
  • Event partners and suppliers
  • Recruitment agencies and related organisations
  • Auditors, lawyers, accountants and other professional advisers
  • Law enforcement or other government and regulatory agencies and bodies

Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, or to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

We carefully select and regularly monitor such service contractors, and we will only share personal data with others when we are legally permitted to do so. They will only process personal data upon our instruction and strictly in accordance with our instructions, based on respective data processor agreements which include data protection, confidentiality and security standards and obligations.

2. Processing of data outside the EU/the EEA
Your data will partly be processed in countries outside the European Union (“EU”) or the European Economic Area (“EEA”). The respective countries may have a lower data protection level than European countries. When transferring your personal data outside the EU or the EEA, we will comply with our legal and regulatory obligations in relation to your personal data, including having a lawful basis for transferring personal data and putting appropriate safeguards in place to ensure an adequate level of protection for the personal data.

We will take reasonable steps to ensure the security of your personal data in accordance with applicable data protection laws.

When transferring your personal data outside the EU or the EEA, we will ensure that, where required by applicable law, at least one of the following safeguards is implemented:

Adequacy decisions: We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see  https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en

Model clauses: Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see  https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en

D. How long do we keep your personal data?
In respect of personal data that we process in connection with the supply of our Services, we may retain your personal data for up to six years from the date of supply of the relevant Services and in compliance with our data protection obligations. We may then destroy such files without further notice or liability.

In respect of any other personal data that we process, we will retain relevant personal data for up to three years from the date of our last interaction with you and in compliance with our data protect obligations. We may then destroy such files without further notice or liability.

If any personal data is only useful for a short period (e.g. for a specific event or marketing campaign or in relation to recruitment), we will not retain it for longer than the period for which it is used by us.

If you have opted out of receiving marketing communications from us, we will need to retain certain personal data on a suppression list indefinitely so that we know not to send you further marketing communications in the future.

E. Third party websites/services
This privacy statement does not apply to your interaction with services provided by third parties.

We include third-party services and/or content on our Website. When you use such third-party services or when third-party content is displayed, communication data are exchanged between you and the respective provider for technical reasons. The respective provider of the services or content may also process your data for their own additional purposes. To the best of our knowledge, we have configured the services and content of providers known to process data for their own purposes in such a way that either:

a) any communication for other purposes than to present their services or content on our Website is blocked, or
b) communication only takes place once you have actively opted to use the respective service.

Your browsing and interactions on any other websites, or your dealings with any other third party service provider, is subject to that website’s or third party service provider’s own rules and policies.

For further information regarding the scope and purpose of such collection and processing of your data, please consult the privacy statements of the providers whose services and/or content we include and who are responsible for the protection of your data in this context. We do not monitor, control or endorse the privacy practices of any third parties.

For the purpose of the interactive design of our Website, third-party content from Youtube and Vimeo is integrated into this Website.

Where we process your personal data for this integration, we do so for the purposes of legitimate interests to present our services and our activities in a multimedia format.

Please refer to our Cookie Notice for more information.

F. What rights do you have with regard to your data?
You have the following rights according to applicable data privacy laws:

  • right of information about your personal data stored by us;
  • right to request the correction, deletion (provided that we are not legally obliged to keep the data)or restricted processing of your personal data;
  • right to object to a processing for reasons of our own legitimate interest, public interest or profiling, unless we are able to prove that there are compelling, warranted reasons overruling your interests, rights and freedom exist, or that such processing is done for purposes of the assertion, exercise or defense of legal claims;
  • right to data portability;
  • right to file a complaint with a data protection authority.
  • You may revoke your consent to the collection, processing and use of your personal data at any time with future effect. For further information please refer to the chapters above describing the processing of data based on your consent.

G. What happens if you fail to provide your personal data?
Where we are required by law to collect your personal data, or we need to collect your personal data under the terms of a contract we have with you, and you fail to provide that personal data when we request it, we may not be able to perform the contract we have or are trying to enter into with you. This may apply where you do not provide the personal data we need in order to provide the Services you have requested from us or to process an application for employment with us. In this case, we may have to cancel your application or the provision of the relevant Services to you, in which case we will notify you.

H. Requests and complaints
If, as the data subject, you have any questions regarding our data privacy or if you do not agree with the way in which Grünenthal or persons at Grünenthal process your data you can get in touch with Grünenthal’s Global Data Protection officer by using the following email address: ukdataprotectionofficer@grunenthal.com

Data Protection Supervisory Authority
You may address questions and complaints also to the Authority:

Information Commissioner Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113


By Webchat: https://ico.org.uk/global/contact-us/live-chat/

Further details are available through their website https://ico.org.uk/global/contact-us/

Amendment of Privacy Statement
We may update our Data Privacy Statement from time to time and we will publish these updates on our Website. They become effective upon publication. So we recommend you regularly visit the site to keep yourself informed on possible amendments.

This Data Privacy Statement was last updated on May 2022.

M-N/A-UK-05-23-0010-MAY 2023