Contractors, suppliers and customers


This Privacy Notice applies to suppliers, customers and service providers, and their representatives.

Who is the controller of your personal information?

For the purposes of this Global Privacy Notice, Ipsen Pharma SAS, headquartered at 65, quai Georges Gorse – 92100 Boulogne-Billancourt, France, and its affiliates, are data controllers for the personal data processing described (referred to as Ipsen, we or us in these notices).

Ipsen is an international group of companies. As our headquarters are based in France, this notice is based on GDPR. For information related to Ipsen activity in your country and adherence to local privacy laws, please refer to the Privacy Notices on your country’s Ipsen website, which can be accessed via

What personal information do we collect about you?

Depending on our relationship with you, we collect, use and store the following types of personal data about you:

  • Contact information, name, email address, telephone numbers, postal address
  • Job function, title, job title and company details and relevant business activity records
  • Professional qualification or certifications or status information, as relevant
  • Payment details, bank account details
  • Records and results of any Health and Safety or Security training undertaken (if visiting our sites)
  • Car registration, picture and badge number and CCTV footage (if visiting our sites)
  • System login information (if working on our systems)

Why are we allowed to collect and use your personal information?

Article 6 1 (f) Legitimate interestsWe will process your personal data, where relevant to the activity, for Ipsen’s legitimate interests in undertaking the following:
– Sharing data as needed as part of a tendering or contracting process.
– Evaluating third-party suppliers to Ipsen in order to identify and mitigate any potential risks, such as using contact information to issue and evaluate risk assessment questionnaires and/or look-up supplier entity information on third-party industry databases.
– Managing health and safety and security at our sites, including giving access to, and recording information about training we require and CCTV recordings.
– Giving access to relevant IT resources, tools, and systems.
– Providing customer service support and dealing with enquiries.
– Managing audit and declaration requirements.
– Giving you access to our systems as needed for your interaction with us.
– Checking qualifications or certifications where relevant.
– Dealing with possible misconduct or fraud cases.
Article 6 1 (b) ContractWe will use your personal data to manage any contracts we have with you directly, to facilitate the contract and manage payments.
Article 6 1 (c) Legal obligationsYour personal data may be used where necessary, to comply with legal obligations in relation to Health and Safety requirements, such as keeping records of training or incidents.

Where do we get your personal data from?

We collect data about suppliers, customers and service providers either directly from individuals or from their employers. We also collect personal data through our building access systems, training records and through CCTV on sites. We may also collect information from third party industry databases as part of our due diligence activities.

With whom do we share your personal information?

Information related to you will only be accessed by employees at Ipsen with a relevant and tangible need to see your information. Information related to you may also be made available to other entities within the Ipsen group of companies for the purpose of managing our activities with you.

We will also, as necessary, share data with third parties who work with Ipsen to support our activities, for example, audit providers, distributers, payment processors, external lawyers, IT service and system providers. Your personal data may be made available to third parties who work with Ipsen to help provide industry-wide business and/or sustainability ratings, including on Environmental, Social & Governance (ESG) factors. For example, EcoVadis SAS or EcoVadis Inc. These third parties are obliged to protect the security and confidentiality of any personal data and comply with data protection legislation.

How long do we keep your personal information?

We will only retain your information in order to meet our operational needs and to comply with legislative requirements for retention in line with Ipsen’s retention policies.

How do we protect your personal information?

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Ipsen and its third-party service providers have put in place appropriate physical, electronic, and organizational procedures to safeguard and secure the information we collect.

Transfer of personal data outside of your home country?

We work all over the world. Therefore, personal data may be processed, accessed, or stored in a country outside the country where you are located, which may not offer the same level of protection of personal data as your home country.

When we transfer personal data to external companies in other countries, or across our International Ipsen entities, we will protect personal data by putting in place appropriate contractual agreements. When we transfer personal data from Ipsen companies in the European Economic Area (“EEA”) to a third country without an adequacy decision from the EU Commission, we will do so on the basis of standard contractual clauses approved by the European Commission. Similarly, we will protect personal data transfers from other countries including the UK and Switzerland using appropriate contractual clauses approved by the relevant authorities in those countries.

What are your rights regarding your information?

You may have the following rights regarding your information depending on the circumstances and applicable legislation:

Alert Icon

Contact information

  • If you would like to exercise any of these rights, please use this form.
  • If you would like to ask us about how we handle your personal data, you can contact our Global Privacy team by contacting

If you are not satisfied with how Ipsen is handling your personal data, or you think that our processing is not compliant with data protection laws you have the right to complain to the relevant data protection supervisory authority.

Ipsen’s lead authority in the EU is the Commission Nationale de l’Informatique et des Libertés (CNIL), 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, FRANCE.

Contact details for data protection authorities in other European countries can be found here:

Our Members | European Data Protection Board (

For other countries, please refer to the local Ipsen website for details.

Alert Icon

V1.1s Mar 24 GSCC