Data Protection Information for Website Users
This Website Data Protection Notice (this “Notice”) is also available in German.
1. Subject of this data protection notice
We are pleased about your interest in our Internet presence and our offers on our websites under www.daiichi-dankyo.eu (our “Website”). The protection of your Personal Data (as described below) is of great and very important concern to us. In the following we would therefore like to inform you in detail about which Personal Data is collected during your visit to our Website and the use of our offers there and how this Personal Data is processed by us. Furthermore, we would like to inform you about the rights you are entitled to and the technical and organisational protective measures we have taken with regard to the processing of your Personal Data.
"Personal Data" refers to any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Name and address of the data controller and service provider
The controller in relation to the processing of your Personal Data in the scope of this website Data Protection Notice is Daiichi Sankyo Europe GmbH (hereinafter also referred to briefly as "Daiichi Sankyo" or "we"), Zielstattstrasse 48, 81379 Munich.
If you have any questions or comments about this data protection notice or data protection in general, please send them to the following e-mail address: Data-Protection@daiichi-sankyo.eu
You can contact Daiichi Sankyo's data protection officer as follows:
Daiichi Sankyo Europe GmbH
Attn: Data Protection Officer
Zielstattstrasse 48, 81379 Munich, Germany
dpo@daiichi-sankyo.eu
3. Collection and use of your data
The extent, type and use of your Personal Data will differ depending on whether you visit our website only to access information, or use services offered by us or log into a protected area for health care professionals (“HCP”):
a. Informational use
For the informational use of our website we only collect and use those of your data that your Internet browser automatically transmits to us. These are in particular the following:
- date and time of access to one of our Internet pages
- your browser type
- the last page you visited on our Website
- the transferred data volume and the access status (file transferred, file not found, etc.) as well as
- your IP address.
The data is stored in log files on the server generally up to 14 days for security purposes unless, in individual cases, a longer storage period is necessary, e.g., for investigating security incidents. Except for the IP address, we only process this data in non-personal form during an informational visit. This is done in order to enable you to access and use the website and for us to be able to check whether our websites are optimally displayed to you. The processing is carried out on the legal basis of Art. 6(1)(f) GDPR and in our interest in order to be able to display our website to you reliably and as trouble-free as possible. The data arising during the informational use including your IP address are stored in order to ensure the operation of the website and to be able to react to problems. A personal evaluation of the data does not take place. Only statistical evaluations of the use of the website are made, as described further below in this Notice.
b. Use of the contact form
If you would like to contact us via our contact form, we collect the following data from you:
- title, first name, surname
- contact data (e-mail address, postal address, phone, telefax)
- subject *
- question/ concern *
- department *
- attachments/files
- captcha *
* Mandatory information
We use this data to forward your inquiry to the department responsible at our company and to be able to answer it by email or, if necessary, by telephone, post or fax. In addition, we can use your details to personalise our response and provide you with specific information for your business.
We process the captcha request to verify that it is a real request and not a "login robot" or automated spam requests. Your entry there will only be used for this check and will not be stored.
If your inquiry relates to an existing contractual relationship with you or if you are interested in concluding a contract, e.g. with regard to a consultant activity, the data processing is carried out on the legal basis of Art. 6(1)(b) GDPR (contract fulfilment and initiation).
Otherwise, the Personal Data will be processed on the legal basis of Art. 6(1)(f) GDPR (balancing of interests). It is in our interest to be able to answer your inquiry with the information relevant to you by our internal department. The data processing of the captcha query is in our interest in order to prevent automated logins via logon robots or spam requests. We store the Personal Data collected via the contact form for processing and answering the respective inquiry.
c. Login to the non-public area
We also offer registered users the opportunity to log in to the non-public area. This is reserved for HCPs.
On our website you have the possibility to log-in with a "DocCheck" account. For this purpose, your log-in data will be transmitted to DocCheck Medical Services GmbH, Vogelsanger Straße 66, D-50823 Cologne ("DocCheck") who will process your data as a separate and independent controller. In case of a successful log-in at DocCheck.com, DocCheck will inform us and you will get access to the non-public area of website.
If you do not have a DocCheck account or have forgotten the password to your account, you can register on the DocCheck website or have your password reset. In such a case you will be redirected from our website to the DocCheck website. The processing of your Personal Data by DocCheck is solely subject to DocCheck's data protection notices which can be found at info.doccheck.com/de/privacy/. They will also provide you with further information on your rights regarding this processing of your Personal Data.
The processing of your data on our website for logging into the non-public sector is based on the legal basis of our legitimate interests to comply with regulatory requirements and standards (Art. 6(1)(f) GDPR) to verify that only members of medical professionals have access to information on prescription products.
d. Data processing of reports of adverse reactions
As a pharmaceutical company Daiichi Sankyo and its affiliated companies must adhere to local statutory obligations to monitor the safety of all their pharmaceutical products on the market. The monitoring and assessment of potential adverse reactions in relation to the use of our products is called pharmacovigilance. In this context we may collect and further process Personal Data of the individuals who suffered the suspected adverse reaction (“Patients”) as well as the treating physician of the Patient or any other HCPs, or third parties, e.g., a family members of the Patient, who report the adverse reaction event to us (altogether referred to as "Reporting Persons").
If you, as a Reporting Person, report adverse reactions directly to Daiichi Sanko Europe GmbH – which is possible, e.g., via phone or email, please see for details here – we will collect and further process Personal Data about the Patient and the Reporting Person, in particular, the following data categories:
- Patient: initials of the first and last name of the patient, date of birth, gender, height, weight, information on the suspected medication (including information on the brand name of the drug, daily dose, dose form, the duration of the therapy, interacting drugs), the course of the adverse reaction (including the duration, the severeness and the outcome of the adverse reaction), concomitant medication, relevant concomitant diseases and medical history (including information on previous and current pregnancies);
- Reporting Person: profession, name, address and contact information (including telephone / fax number and email address).
If you, as a Reporting Person, report adverse reactions, e.g. by email or phone, to one of our national subsidiaries in Europe – you can find a full list of our subsidiaries here – (“Daiichi Sankyo Subsidiaries”), the above data of the Patient and the Reporting Person will be collected and further processed by the respective Daiichi Sankyo Subsidiary to which you report to and which will act as separate and individual controller. Please refer to the respective data protection notice of the relevant Daiichi Sankyo Subsidiary to obtain further information on how they collect and process your Personal Data in this regard. The Daiichi Sankyo Subsidiary will submit a report about adverse reaction in pseudonymised form to us. This means that we do not receive any Personal Data, such as names or contact details, that could be used to directly identify the Patient or the Reporting Person without the use of additional information. The additional information which would allow us such re-identification is stored securely by the Daiichi Sankyo Subsidiary without us having access to it.
The pharmacovigilance department at Daiichi Sankyo Europe GmbH will medically assess and evaluate the information on the potential adverse events obtained to identify the necessary next steps to ensure compliance with applicable pharmacovigilance rules and company procedures, e.g., where necessary, notifying the adverse event to the competent drug safety authorities and relevant institutions.
In both cases, i.e. where you report the adverse reaction directly to us (Daiichi Sankyo Europe GmbH) or to a Daiichi Sankyo Subsidiary which submits the report to us (as described above), we will forward and store the report with the adverse reaction in pseudonymised form for internal documentation purposes in our global Daiichi Sankyo Safety Database which is operated by Daiichi Sankyo Co. Ltd. ("DSJ") and hosted on servers in the USA. As a rule, the pseudonymised reports will be stored in the Daiichi Sankyo Safety Database for a period of at least 10 years after the expiration of the marketing authorisation for the product to which the adverse reaction report relates.
Daiichi Sankyo Europe GmbH, the Daiichi Sankyo Subsidiaries and DSJ process the Reporting Person’s and Patient’s Personal Data exclusively for processing to the extent necessary to fulfil their legal obligations, for reasons of public interests in the area of public health, in particular to ensure high standards of quality and safety in healthcare and medicinal products, and to safeguard their legitimate interests (ensuring compliance with legal pharmacovigilance requirements and asserting, exercising and defending our legal claims) according to Art. 6(1)(c) and (f), and Art. 9(2)(i) GDPR. This includes the processing of data for the internal documentation, review and support of the adverse reaction case, including the review of any claims.
e. Data processing in case of medical enquiries
If you contact a Daiichi Sankyo Subsidiary to enquire about product information in the medical field, Daiichi Sankyo receives and stores the Personal Data which you provided at the time of contact. To ensure we are dealing with an HCP, this data includes your name, professional details and contact data as well as the date and time of this contact. The purpose of this processing of Personal Data is to be able to respond to your medical enquiry.
You will find the name and contact data for Daiichi Sankyo Subsidiaries as well as contact data for their respective Data Protection Officers in the respective data protection notice of the contacted Daiichi Sankyo Subsidiary. You can find a full list of Daiichi Sankyo Subsidiaries here.
The legal basis for such data processing is Art. 6(1)(f) GDPR. The Personal Data is deleted when the specific enquiry is no longer relevant from any conceivable perspective. In general, this will occur 10 years after the expiration of the marketing authorisation for the medicine to which the enquiry relates or earlier, should you request deletion.
f. Website analytics (etracker)
We use the services of etracker GmbH from Hamburg, Germany on this website (https://www.etracker.com) to analyse usage data, including the data categories listed in Section 3(a) in this Notice, in order improve and optimise our website and services. For this analysis, we only use data that your browser transmits automatically when you visit our website or that is generated directly through interaction with our website. However, we do not use cookies and/or similar technologies in order to obtain further data for the web analysis. The data generated with etracker is processed and stored by etracker on behalf of Daiichi Sankyo exclusively in Germany and is therefore subject to the strict German and European data protection laws and standards. etracker has been independently audited, certified and awarded the data protection seal of approval in this respect. The processing of your data is carried out on the basis of our legitimate interests in improving and optimising our website and services (Art. 6(1)(f) GDPR). Since the privacy of our visitors is important to us, the data that may allow a reference to an individual person, such as the IP address, login or device identifiers, are anonymised or pseudonymised as soon as possible. No other use, merging with other data or disclosure to third parties takes place. You can object to the data processing described above at any time by clicking on the slider. The objection has no negative consequences. If no slider is displayed, data collection has already been prevented by other blocking measures.
4. Use of cookies
We use cookies on our website. Cookies are small text files that are sent from our web server to your browser during your visit to our website and are stored on your computer, tablet computer or smartphone for later retrieval. Cookies may act as a memory for a website and allow that website to remember your device on your return visits. Cookies can also be used to remember your preferences, improve the user experience and tailor the content or advertisements to your personal preferences.
a. Which cookies do we use?
Some of the cookies we use on our website are strictly necessary, i.e., they are essential for the correct functioning of the website and enabling of basic features thereof. They are required to give you access to our website and features, such as site navigation, authentication and secure login and remembering your cookie preferences. Since the website will not function without them, you do not have the option to opt-out of strictly necessary cookies.
Other cookies may not be strictly necessary but help us to analyse how you use and interact with our website (including page views, searches, number of visits), so we can improve the functionality and experience on our websites (functional cookies) or optimise content according to the interests and preferences of the website users (analytics/marketing cookies). We will only place functional and analytics/marketing cookies, and process your related Personal Data, if you provide your prior consent.
Some of the cookies used on our website are set by us (first party cookies), while others are set by third parties (third party cookies).
In the following you can find an overview of cookies that we use on our websites:
Name of cookie | Service provider | Type of cookie
| Purpose and function of cookie
| Lifespan of cookie |
CONSENT | Youtube (Google LLC)
| Third party cookie | Used to determine whether the visitor has accepted the marketing category in the cookie banner. This cookie is necessary to ensure compliance with the GDPR (functional cookie) | 2 years |
ytidb::LAST_RESULT_ENTRY_KEY | Youtube (Google LLC) | Third party cookie | Saves the user settings when retrieving a Youtube video integrated on other websites (functional cookie) | Persistent |
yt-remote-cast-available | Youtube (Google LLC) | Third party cookie | Saves the user settings when retrieving a Youtube video integrated on other websites (functional cooky) | Session |
yt-remote-cast-installed | Youtube (Google LLC) | Third party cookie | Saves the user settings when retrieving a Youtube video integrated on other websites (functional cookie) | Session |
yt-remote-connected-devices | Youtube (Google LLC) | Third party cookie | Saves the user settings when retrieving a Youtube video integrated on other websites (functional cookie) | Persistent |
yt-remote-device-id | Youtube (Google LLC) | Third party cookie | Saves the user settings when retrieving a Youtube video integrated on other websites (functional cookie) | Persistent |
yt-remote-fast-check-period | Youtube (Google LLC) | Third party cookie | Saves the user settings when retrieving a Youtube video integrated on other websites (functional cookie) | Session |
yt-remote-session-app | Youtube (Google LLC) | Third party cookie | Saves the user settings when retrieving a Youtube video integrated on other websites (functional cookie) | Session |
yt-remote-session-name | Youtube (Google LLC) | Third party cookie | Saves the user settings when retrieving a Youtube video integrated on other websites (functional cookie) | Session |
LAST_RESULT_ENTRY_KEY | Youtube (Google LLC) | Third party cookie | Saves the user settings when retrieving a Youtube video integrated on other websites (functional cookie) | Session |
nextId | Youtube (Google LLC) | Third party cookie | Records a unique ID to keep statistics on which YouTube videos the user has watched. (analytical cookie) | Session |
requests | Youtube (Google LLC) | Third party cookie | Records a unique ID to keep statistics on which YouTube videos the user has watched (analytical cookie) | Session |
doccheck | DocCheck Medical Services GmbH | Third party cookie
| Functional cookie that is used to identify you as a HCP on our website, when you try to log-in to a non-public area of the Website. It is needed to restrict access to information on prescription products for medical professionals for legal reasons. It contains an encrypted value for validating the DocCheck login (functional cookie).
| 24 hours |
b. Managing your cookie preferences
You can manage your cookie preferences and withdraw your consent at any time via the privacy preferences tool which you can also access at any time by clicking on the “change cookie preferences” link at the footer of our websites.
Whether cookies can be set and retrieved can also be determined by the settings in your browser. For example, you can completely deactivate the storage of cookies in your browser, limit it to certain websites or configure your browser so that it automatically informs you as soon as a cookie is to be set and asks you for feedback. You can block or delete individual cookies. For technical reasons, however, this can lead to some functions of our internet presence being impaired and no longer functioning completely.
5. YouTube and Google Maps
We also use Google Maps and YouTube on our website. We embed Google Maps on our website, to display interactive environmental maps to you. The YouTube videos and plug-ins embedded on our website are stored on YouTube.com and may be played directly on our website.
Google Maps is a service provided by Google (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). YouTube is provided by YouTube LLC (901 Cherry Ave., San Bruno, CA 94066, USA; "YouTube"), which is a subsidiary of Google.
The services are deactivated by default and you can decide whether you want to use them by clicking on the respective buttons on the thumbnail of the content displayed on our Website. For embedded YouTube content, this approach is supported by our use of the extended data protection mode, which, according to the information provided by Google, already prevents the placement of cookies prior to the playback of the respective videos without further measures.
If you decide to use the services by clicking on the respective buttons on the thumbnail of the content displayed on our website, the information about which subpage of the website you have accessed as well as the data referred to in section 3 (a) of this Notice will be transferred to Google in the USA, a country which does not provide for the same level of data protection as considered adequate in the European Union. This happens regardless of whether you are logged into a Google user account or whether no user account exists. If you are logged into a Google Account, this information will be directly associated with your account. If you do not wish to be associated with your profile, you must first log out of your Google Account by navigating to one of the Google services that you use, clicking on your photo on the top right of the displayed page and then on the button that reads "sign out".
Google stores your data as user profiles and processes them for purposes of targeted advertising and marketing research. Such evaluation is particularly carried out for the purpose of needs-based advertising. For more information on the purpose and scope of data collection and its processing by Google, please refer to Google's privacy policy where you will also find further information on your rights in this regard and setting options for protecting your privacy: http://www.google.de/intl/de/policies/privacy. You have the right to object to the creation of user profiles by Google which you can exercise by contacting Google under: https://adssettings.google.com/authenticated.
We do not receive any information from Google and do not carry out any specific processing of your Personal Data on our own in connection with the use of Google Maps or YouTube. The legal basis for the processing of your Personal Data is your consent (insofar as data are transferred to Google). By clicking on the second thumbnail displayed and activating the respective Google services, you consent to the use of cookies by Google as well as to the processing of your Personal Data in this regard (Art. 6(1)(a) GDPR), including the transfer of your Personal Data to Google in the USA. To ensure an adequate level of data protection for such transfers of Personal Data, Google has committed to adhere to the EU Standard Contractual Clauses (please see https://business.safety.google/adsprocessorterms/sccs/). Also, Google has implemented supplementary measures to ensure the protection of your Personal Data.
For more information on the purpose and scope of data collection and processing by YouTube and Google, please see Google's privacy policy at https://www.google.com/intl/de_en/policies/privacy/, where you will find further information about your rights in this regard and setting options to protect your privacy.
6. Involvement of service providers and transfer of data to third parties
Your data will be passed on to service providers supporting us (e.g. website hosting and support) for the provision of this website and for the aforementioned purposes, including support services in order to optimise pharmacovigilance case processing, which we have of course carefully selected and commissioned in writing.
These service providers are bound by our instructions and are regularly checked by us.
We may also disclose information about you, where we are obliged to do so by law, regulation or legal process (such as a court order or subpoena), in response to requests by government agencies, such as law enforcement authorities, or when we believe disclosure is necessary to prevent physical harm or financial loss as well as in connection with an investigation of suspected or actual fraudulent or illegal activity.
7. International transfers of Personal Data
Some of the service providers we share your Personal Data with are located outside the European Economic Area including the USA. Further, as described above under section 3.d., we share certain Personal Data in the context of pharmacovigilance with DSJ which is located in Japan and hosting the data in the Daiichi Sankyo Safety Database in the USA. For data transfers to Japan we rely on the adequacy decision for Japan enacted by the European Commission (Art. 45 GDPR). With regard to the data transfers to recipients in the USA and further third countries which do not benefit from an adequacy decision we have implemented appropriate safeguards in the form of the execution of EU Standard Contractual Clauses, and where necessary, supplementary measures, with each recipient to ensure an adequate level of data protection as required by applicable EU data protection laws. For more information on the appropriate safeguards in place and to collect a copy of such safeguards, please contact us at the contact information set forth above.
8. Referral to external websites and services
We have integrated various third-party services into our websites, such as registration for our protected area via DocCheck.com. In these cases you technically leave our websites and enter the websites of the respective third party provider. In such cases, the respective third party provider is responsible for the processing of any Personal Data. If you have any questions relating to the data processing carried out by the third-party service provider, please contact the third party service provider directly via the contact data provided on their websites.
This also applies, where we refer you by link to the websites of third parties. We use such links, for example, on various social networks, however, we do not use so-called social media plug-ins for data protection reasons.
For both of the above cases we will inform you about the circumstance that a certain area of our website is offered by a third party or that you will be forwarded to a third party.
9. Retention of your Personal Data
We retain your Personal Data for as long as needed for the purpose the data was collected and further processed pursuant to this Notice.
Any Personal Data which you disclose to us in the context of an enquiry, a request for information or any other communication will generally be retained only for as long as it is necessary for the complete processing and handling of your request or enquiry, except in case as longer storage is necessary to achieve the further purposes described in this Notice.
The Personal Data collected for informational use of the website will be stored in log files on the server generally up to 14 days for security purposes unless, in individual cases, a longer storage period is necessary, e.g., for investigating security incidents.
Personal Data from reports of adverse reactions will be retained for at least 10 years after the expiration of the marketing authorisation for the medicine to which the adverse reaction report relates.
Your Personal Data will then be deleted, except where any further storage is necessary to comply with our legal obligations, in particular any applicable data retention obligations, or for the establishment, exercise or defense of our legal claims (e.g., the need to retain records in order to resolve disputes, and investigate or defend against potential claims).
For more information about the specific retention periods that apply to your Personal Data, please contact us using the contact details set out above.
10. Your rights
According and subject to applicable data protection laws you have the following rights regarding the processing of your Personal Data:
- You have the right to request confirmation from us whether Personal Data relating to you is processed; if this is the case, you have a right of access to this Personal Data and the information specified in Art. 15 GDPR.
- You have the right to request us to rectify any incorrect Personal Data concerning you and, if necessary, to complete incomplete Personal Data without delay (Art. 16 GDPR).
- You have the right to request us to delete Personal Data relating to you immediately if one of the reasons listed in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued (right of deletion).
- You have the right to request us to restrict processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have filed an objection to the processing, for the duration of our examination.
- You have the right to receive from us the data concerning you that you have provided to us in a structured, common and machine-readable format. You can also transfer this data to other locations or have it transferred by us (right to data portability according to Art. 20 GDPR).
- You have the right to object at any time for reasons arising from your particular situation to the processing of Personal Data concerning you, which is carried out on the basis of Art. 6(1)(e) or (f) GDPR. We will then no longer process the personal data unless we can prove compelling reasons worthy of protection for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims (Art. 21 GDPR). Where Personal Data is processed for direct marketing purposes based on our legitimate interests, you have the right to object at any time to processing for such marketing. We will then no longer process your data for such purposes.
Where the processing of your Personal Data is based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal (right to withdraw consent). You can do this at any time via the cookie preferences tool (with regard to the collection and further processing of your data by means of cookies), or by contacting us at the below contact information.
For exercising any of your above rights, please contact us at: Data-Protection@daiichi-sankyo.eu
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a competent supervisory authority, e.g., if you believe that the processing of your Personal Data is contrary to the GDPR (Art. 77 GDPR). You can contact for this purpose, in particular, the data protection supervisory authority of Bavaria (Bayerisches Landesamt für Datenschutzaufsicht), P.O. Box 606, 91511 Ansbach, www.lda.bayern.de.
11. Data security
We also use technical and organisational security measures to protect personal data that is collected, in particular against accidental or intentional manipulation, loss, destruction or against the attack of unauthorised persons. Our security measures are continuously improved in line with technological developments.
When using our website, your personal data is encrypted using SSL/TLS technology to prevent access by unauthorised third parties.
Last updated: January 2024
Data Protection Notice for Healthcare Professionals
This data protection information is also available in German.
The protection of personal data is of utmost importance for Daiichi Sankyo Europe GmbH (“Daiichi Sankyo” or “we”). We process any personal data exclusively in accordance with the legal requirements, in particular with the EU General Data Protection Regulation (“GDPR”).
This HCP Data Protection Notice explains which types of personal data we collect from Health Care Professionals (“HCPs”) in the course of their interaction and engagement with Daiichi Sankyo, how we process the data, and which rights HCPs have in this regard. To the extent that we process your data for purposes of complying with our regulatory requirements related to pharmaceutical and product safety (pharmacovigilance), we will inform you about the relevant processing in a separate privacy notice that we provide to you when you report adverse events.
1. Who is responsible for the processing of my data and how can I contact Daiichi Sankyo?
You can reach Daiichi Sankyo at any time under the following contact details:
Daiichi Sankyo Europe GmbH
Zielstattstr. 48
81379 Munich, Germany
Data-Protection@daiichi-sankyo.eu
Daiichi Sankyo’s Data Protection Officer can be reached at any time at dpo@daiichi-sankyo.eu
2. Which of my data will be processed?
We collect and process data that you disclose to us or that we otherwise collect in the course of interaction and cooperation with you, in particular: Surname, first name, title, area of expertise, specialisation, status (practicing physician/employed physician), professional address (e.g., clinic/practice address), professional contact information (e-mail, phone and/or fax), contract history (e.g. relating to activities as a speaker, author or consultant), documentation regarding medical/scientific inquiries, information regarding your medical practice and your preferences regarding our products, documentation of sales force visits as well as other interaction (time, type of interaction, discussed preparations), information regarding your participation in congresses, events and/or seminars, documentation of any fees, allowances and monetary benefits, documentation regarding requested information or pharmaceutical samples, technical information (e.g., information about your device, browser, operating system and data captured through the use of cookies and similar technologies). The data is collected either directly from you or from third parties (including Daiichi Sankyo Group companies, service providers, business partners and event organizers) or from public sources (e.g. Internet). In particular, we regularly receive master and address data (name, title, company information, professional addresses, employment details, area of expertise and specialisation) from IQVIA Operations France SAS, 17 Tour D2 bis Place des Reflets, F-99099 La Defense Cedex, Paris, which is an external service provider and data supplier in the healthcare sector, in order to obtain relevant contacts in the business areas of interest to us and to ensure the quality and actuality of the data we hold.
3. For which purposes and on which legal bases will my data be processed?
- Management and performance of contractual relationships (in particular, participation in training events, speaker, author and/or consultant activities, and provision of digital downloadable content you request). The processing of your data in this regard is based on the necessity of the processing for the performance of the respective contract with you or taking steps prior to entering the contract at your request (Art. 6(1)(b) GDPR).
- Legitimate interests. a) Documenting, managing and maintaining the business relationship with you, including ensuring effective and targeted support and advice through personal visits by our sales force; b) Analysing and evaluating data to optimize target-group specific development of our products and services and interacting with HCP; c) Handling medical/scientific inquiries and complaints about products; d) Handling orders for free professional and patient information; e) Providing information about our products and services by mail; f) Ensuring and documenting compliance with applicable legal or regulatory requirements or industry standards and practices; g) Establishment, exercise and defence of legal claims. The processing of your data in this regard is carried out on the basis of the necessity of the respective processing for Daiichi Sankyo's legitimate interests in achieving the aforementioned purposes (Art. 6(1)(f) GDPR).
- Compliance with laws (in particular, tax and commercial law retention obligations). The processing of your data in this regard is based on the necessity of the processing to comply with our legal obligations (Art. 6(1)(c) GDPR).
- Consent (in particular, provision of promotional content related to Daiichi Sankyo products and services, including events and surveys, utilization of cookies and similar technologies to measure for example your email opening and click rate on articles as well as your usage of our services in order to provide you with personalised content and information by email). The processing of your data in this regard is based on your consent (Art. 6(1)(a) GDPR), which we separately ask you to provide. You can at any time with future effect withdraw your consent to the use of your personal data for these purposes.
- EFPIA Disclosure Code. We fully support transparency and are prepared to disclose proper documentation of all our transfers of value to healthcare professionals (HCP), healthcare organisations (HCO) and patient organisations under the EFPIA Disclosure Code and according to country specific applicable laws and regulations. For this purpose, we process your Data, in particular, for the documentation, reporting and annual publication of information on monetary benefits (e.g. consulting fees) provided directly or indirectly to you for your benefit by Daiichi Sankyo. Insofar as we publish the monetary benefits provided to you on the website https://www.daiichi-sankyo.eu/sustainability/ethics-compliance-transparency/, by mentioning your name, your practice or business address and, if applicable, the processing in this regard is based on your consent (Art. 6(1)(a) GDPR), which we separately ask you to provide. If you do not give us your consent, we will publish monetary benefits provided to you exclusively in an aggregated/anonymised form, i.e. without reference to your identity. The processing of your Data for documentation and reporting purposes, including, where applicable, anonymization prior to publication in aggregated form, is based on the necessity for our legitimate interests in ensuring and documenting compliance with regulatory requirements and industry standards, including the EFPIA Disclosure Code (Art. 6(1)(f) GDPR).
4. Do I have to provide my data?
You are neither legally, contractually nor otherwise obliged to provide your data. However, we may need your data in certain cases, for example to establish or perform a contract with you. Failure to provide such data may result in us not being able to conclude a contract with you, or not being able to perform it, or only being able to do so with a delay.
5. To whom will my data be disclosed?
We do not disclose your data to third parties unless this is necessary for the performance of a contract with you (e.g. in connection with the transfer to travel agencies, hotels, event organizers or other service providers for the organization and execution of travels) or as set out in this privacy notice as follows.
- Affiliated entities: We may share your data with Daiichi Sankyo group companies in particular to the extent necessary to safeguard our legitimate interests, especially in the use of centralised and group-wide services and functions in an integrated global organisational structure (e.g., global IT systems and applications, to manage HCPs business relationships, including appropriate support, care and management of the relationship with HCPs).
- Service providers: We may disclose your data to external service providers, in particular to our technical service providers who provide technical support and hosting services for our internal CRM system as well as the sending of emails, or otherwise assist us in managing and processing your data for the purposes mentioned in Section 3, including in the area of analysis and evaluation of pseudonymised data for the optimisation of target-group specific development of our products and services and interaction with HCP.
- Business partners: We may share your data with our business partners in the context of joint development/research, distribution or marketing of our products and services.
- Successors: We may also share your data with companies in the event of corporate restructuring transactions, including mergers, acquisitions, spin-off and divestitures.
- Authorities, government agencies and other third parties: We disclose data to third parties when necessary to comply with legal and regulatory requirements or to establish, exercise or defend our legal claims.
In certain cases the aforementioned recipients may be located in countries outside the European Union and the contracting states of the European Economic Area (“Third Countries”), in particular the U.S.. The laws of these countries may not ensure the same level of data protection as is considered adequate by the European Commission based on adequacy decision. In such cases, Daiichi Sankyo will ensure that your Data is adequately protected under EU data protection laws through appropriate safeguards, such as entering into contracts based on the EU standard contractual clauses and implementing supplementary safety measures.
For more information on the recipients of your data, the affected Third Countries and the measures implemented to protect your data, and in order to receive a copy of these measures, please contact Daiichi Sankyo at the contact details set out in Section 1.
7. How long will my data be stored?
In general, your data will only be stored for as long as is necessary for the listed purposes, unless in individual cases a deletion conflicts with statutory retention obligations (in particular due to commercial and tax law requirements) or a longer retention is necessary in the specific case to fulfil other legal obligations or to protect our legitimate interests (establishment, exercise or defence of our legal claims, documentation of compliance with legal requirements).
8. Which rights do I have and how can I exercise them?
You have the right, subject to and in accordance with applicable law:
- to obtain information about the data processed concerning you and to receive a copy of the data (right of access);
- to obtain rectification of any incorrect or complete incomplete data, taking into account the purposes of the processing (right to rectification);
- if there are legitimate reasons, to request the deletion of your data (right to erasure);
- to request the restriction of the processing of your data, provided the statutory requirements are met (right to restriction of processing);
- provided the statutory requirements are met, receive your data in a structured, commonly used and machine-readable format and to transmit those data or, if technically feasible, have it transferred by Daiichi Sankyo to another controller (right to data portability); and
- not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you, except where the legal requirements are met. Automated decision-making does not take place at Daiichi Sankyo.
You also have the right to object, on grounds relating to your particular situation, to processing of your data which is based on the legitimate interests of Daiichi Sankyo, in accordance with the legal provisions (right to object). If your data is processed by Daiichi Sankyo for direct marketing purposes, you have the right to object to such processing at any time and without giving reasons.
If the processing of your data is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of the processing of your data before its withdrawal.
To exercise your rights (including the withdrawal of your consent) and if you have any questions about the processing of your data, you may contact Daiichi Sankyo at any time using the contact details set out in Section 1.
Without prejudice to other legal remedies, you also have the right to lodge a complaint with a supervisory authority at any time.
Last updated: January 2024