DATA PROTECTION POLICY FOR HEALTHCARE PROFESSIONALS

1. Introduction

This data protection notice describes how we process personal data of healthcare professionals when we provide them scientific and product information, samples of medicinal products, organize and carry out events, webinars and surveys or process their product orders.

2. Who is responsible for the processing of personal data?

Mylan IRE Healthcare Limited, Unit 35/36, Grange Parade, Baldoyle Industrial Estate, Dublin 13, Ireland (herein referred to as “we”) is responsible for the processing of your personal data.

3. Which personal data do we process?

We process the following categories of your personal data: first and last name, title, specialty, business contact details and, if applicable, registration for and participation in an event, webinar or survey, product interest or product orders.

If you participate in a webinar, we may also process your IP address, webinar user ID, browser version, operating system, attendance times and messages in webinar chat.

If you order samples of medicinal products, we also process information on the type, extent and date on which the samples were provided.

4. For which purposes and on which legal basis do we process your personal data?

We process your personal data in order to announce visits from our sales department and to provide you with scientific information as well as information about pharmaceutical products, events, webinars or surveys of our group (herein referred to as "information purposes").

If you give us your voluntary consent for processing of your personal data for information purposes, the legal basis for this data processing is Article 6 paragraph 1 sentence 1 letter a in connection with Article 7 GDPR.

If you have not given your consent, we process your personal data based on legitimate interests. Our legitimate interests are the processing for information purposes and data exchange within our group for the related internal administrative purposes. We may analyze personal data related to your webinar participation to measure the success of our webinar. We may also ask you to participate in a survey. The legal basis for this data processing is Article 6 paragraph 1 sentence 1 letter f GDPR. Upon request, you can obtain the details of the balancing test in accordance with this legal provision from our data protection officer, see section 12.

If you agree to participate in an event or webinar, we process your personal data in order to organize and carry out this event or webinar. If you order a sample of a medicinal products or a product, your personal data will be used to process your order. The legal basis for this data processing is Article 6 paragraph 1 sentence 1 letter b GDPR.

If we provide you with samples of a medicinal product, we process your personal data in order to document it in accordance with legal requirements. The legal basis for this data processing is Article 6 paragraph 1 sentence 1 letter c GDPR.

5. Which cookies and tracking technologies do we use?

5.1. Oracle Eloqua cookies and email tracking

If you give us your consent for use of analytics cookies, we can use Oracle Eloqua to analyze your use of our websites. Oracle Eloqua is provided by Oracle America, Inc., 500 Oracle Parkway, Redwood Shores, CA, 94065, USA.
When you browse on our website, Oracle Eloqua uses cookies and your IP address to create your visitor profile that may include:

  • cookie ID
  • your name and contact details (if you provided these data to us e.g. filling out a form on our website)
  • location (based on your IP address)
  • time zone
  • browser version
  • Internet service provider
  • search engines you used and websites from which you were directed to our website
  • visited pages on our website with date, time and duration of visit
  • submitted forms on our website

We use these data to analyze which topics are of interest to you in order to improve our websites and information on our products and services that we provide to you.

Oracle Eloqua cookies remain in the browser until you delete them or expire after 13 months. You can withdraw your consent for use of Oracle Eloqua cookies at any time adjusting your settings at https://www.oracle.com/marketingcloud/opt-status.html

If you give us your consent for email tracking, we may also use pixel tags in our emails to track if you received an email, opened it or clicked on any links in it. Pixel tags are invisibly embedded in the email and measure the success of our marketing campaigns. These data can be combined with your visitor profile created using Oracle Eloqua cookies. You can withdraw your consent at any time by clicking the unsubscribe link in our email.

5.2. Veeva email tracking

We use a customer relationship management system (CRM) of Veeva Systems Inc., 4280 Hacienda Drive, Pleasanton, CA 94588 USA. If you give us your consent for email tracking, we may also use portable network graphics (PNG) files in our emails sent from Veeva to track if you received an email, opened it, clicked on any links, viewed or downloaded any documents in it. PNG files are invisibly embedded in the email and measure the success of our marketing campaigns. You can withdraw your consent at any time by contacting your Sales contact person or clicking the unsubscribe link in our email.

You can find further information on cookies and other tracking technologies in the data protection notice of our websites.

6. Are you obliged to provide your personal data to us?

Your consent is voluntary. The provision of personal data for information purposes (see section 4) is not a statutory or contractual requirement. You are not obliged to provide your personal data. If you do not provide your personal data, this will not have any consequences for you.

In relation to participation in an event or webinar, processing of product orders and provision of samples of a medicinal product, the processing of your personal data is necessary for the handling of your request. If you do not provide your personal data, we will not be able to fulfil your request.

7. Who has access to your personal data?

Your personal data will only be made available to a limited number of recipients, including our employees and departments in the companies of our group, who need it according to their area of responsibility or legal requirements.
We also use third-party service providers (e.g., hosting and IT support providers) who may also have access to your personal data to provide their services.
Within the scope of our legal obligations, we may transfer your personal data to the competent supervisory authorities. If data processing is necessary for establishment, exercise or defense of legal claims, we may also transfer your personal data to our lawyers and insurers.

8. Will your personal data be transferred to third countries?

We may transfer your personal data to other companies in our group or third-party service providers located outside the European Economic Area (EEA) for the above purposes. This includes countries that do not have the same level of protection for personal data as the EEA. In such cases, we will ensure that these transfers are carried out in accordance with the applicable data protection laws. Data transfers to other companies in our group or third-party service providers are protected by appropriate contractual safeguards such as EU standard contractual clauses or EU-US Privacy Shield certification. To obtain a copy of the relevant documents, you can contact our data protection officer, see section 12.

9. How long do we store your personal data?

Your personal data will be stored in the form that allows your identification as long as necessary for the purposes for which they are processed.

If you have given us your consent for processing of your personal data for information purposes (see section 4), we will store your personal data until you withdraw your consent. In any case, we will not use your personal data for longer than 17 months after we contacted you last time.

If you participate in an event, webinar or survey, we will delete your personal data within one year after the end of the event, webinar or survey, unless longer storage is necessary according to statutory retention requirements. The data which are processed for performance of a contact with you including any product orders are stored during the business relationship and then archived for the duration of the statutory retention periods. The retention periods according to tax law and commercial law are up to 10 years. The evidence relating to provision of samples of medicinal products is stored for a period of 10 years.

We can store your personal data longer if and insofar as your personal data is necessary for the establishment, exercise or defense of legal claims.

10. Which rights do you have under data protection law?

You have the right to withdraw your consent at any time, without the withdrawal affecting the lawfulness of processing based on your consent before it. You can contact us for this purpose, see section 12.

You have the right to obtain from us confirmation as to whether or not your personal data are being processed, and, where that is the case, you have the right of access to your personal data and to the information listed in detail in Article 15 GDPR.

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and, where appropriate, to have incomplete personal data completed (Article 16 GDPR).

You have the right to obtain from us the erasure of your personal data without undue delay, if one of the grounds stated in Article 17 GDPR applies, for example, if your personal data are no longer necessary in relation to the pursued purposes (right to erasure).

You have the right to obtain from us restriction of processing where one of the grounds stated in Article 18 GDPR applies, for example, if the accuracy of your personal data is contested by you, for a period enabling us to verify the accuracy of your personal data.

You have the right according to Article 20 GDPR to receive your personal data, which you provided to us, in a structured, commonly used and machine-readable format (data portability). You also have the right to transmit those data to another controller without hindrance from us.

You have the right to object (Article 21 GDPR), on grounds relating to your particular situation, at any time to processing of your personal data. We will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, if you consider that the processing of your personal data infringes the GDPR (Article 77 GDPR). You can exercise this right at the supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.

11. From which source do your personal data originate?

We have collected your personal data directly from you or received them from an address broker.

12. How can you contact us or our Data Protection Officer?

To exercise your rights or make a request concerning the processing of your personal data, you may contact our compliance hotline via the phone number indicated at https://www.tnwgrc.com/mylan/newdialing2.htm or send an email to our Data Protection Officer via dataprivacy@mylan.com.

Job Code: NON-2020-2223
Date of Preparation: October 2020