PRIVACY NOTICE
This privacy notice relates to Healthcare professionals (HCPs) who interact with us, or who are participants in Ipsen activities or projects or events, or who are customers or potential customers of Ipsen products or services.
Who is the controller of your personal information?
For the purposes of this Global Privacy Notice, Ipsen Pharma SAS, headquartered at 65, quai Georges Gorse – 92100 Boulogne-Billancourt, France, and its affiliates, are data controllers for the personal data processing described (referred to as Ipsen, we or us in this notice).
Ipsen is an international group of companies. As our headquarters are based in France, this notice is based on GDPR. For information related to Ipsen activity in your country and adherence to local privacy laws, please refer to the Privacy Notices on your country’s Ipsen website, which can be accessed via www.ipsen.com
What personal information do we collect about you?
Ipsen processes information about HCPs for a range of purposes. We will only process information about you that is relevant to our work and that we have a lawful basis to process. Depending on our interaction with you, we process the following information:
| Contact information | Basic contact details including your first, last name, title, email address, postal address, telephone/mobile numbers |
| Professional information | Information about your place of work and job title, medical field, specialities, professional qualifications and your CV. Information about your scientific experience, such as participation in past or current studies and trials, events, publication of academic or scientific research and articles. Your membership in associations and boards, links to universities, education, awards, editorial boards and other related activity. |
| Information to arrange events or visiting us | Information relating to arranging attendance at professional events, including, as needed, your passport, visa information, residency, nationality, travel, special diet and accommodation requirements. Professional information you share for an event, and any presentations or papers that contain personal information about you. Photographs or film footage of you at events. At some meetings, where we use online tools, we may ask to record meeting contents. If you visit one of our sites, we will collect basic information to manage access to the building and we may also capture images on our CCTV cameras. |
| Contracting, payments and transfers of value | Information we need to contract with you and to pay you, including bank account details and VAT or other tax details. Details of our interactions with you in relation to any grants, donations or sponsorship activities. Details of all direct or indirect transfers of value, whether in cash, in kind or otherwise, provided to you. |
| Information about our interactions with you and your views and opinions | Information relating to your interactions with members of the Ipsen group, such as meetings we have had with you and topics of interest. Information about the promotional, scientific and medical activities/interactions you have with us. Information about your views and opinions collected during an event, through surveys, polls or Q&A sessions. |
| Medical enquiries, reporting Adverse Events or product quality issues | Information about you or others when you submit medical enquiries, Adverse Event or product quality issues to us. For more information about this, please see the privacy notice for this on this site. |
| Accessing products or services | Identification information used to deliver products or services, such as access to particular websites for example, login details, passwords, or online identifiers. |
| Consent records | Records of consents you have given us for different activities. |
Why are we allowed to collect and use your personal information?
Ipsen processes data about HCPs for a range of purposes and related to those purposes we rely on a number of different legal bases for that processing, as detailed in the table below.
| Article 6 1 (f) Legitimate interests | We collect and use personal data for the purposes of the legitimate interests of Ipsen to manage our relationship with you in terms of professional and scientific activities and promoting and providing information and support about our products and services. This includes: – Our field teams keeping in touch with you, recording their interactions and sharing information about our products and therapy areas. – Responding to your requests or enquiries. – Providing you with important information, safety issues, administrative information, or required notices. – Providing you with promotional materials and access to support tools and services. – Gathering your views and opinions on our products, our activities, or therapy areas through discussion, meetings, events or surveys, market research or other activities. – Inviting you to be part of advisory boards or to undertake other activities related to your specialism. – Gathering information about you to understand your professional expertise in order to target our interaction with you, and to develop databases of thought leaders and specialists in different therapy areas. – Setting fair payment rates for particular activities. – Managing arrangements for events. Including inviting you to speak or participate and sharing data with event organisers. – Taking film or photographs at events. If you do not wish to be filmed or photographed as part of the audience, please inform your contact person at Ipsen before the event. Where appropriate, we will ask for your consent to use videos or photos that focus on you as an individual. Working with you when you participate in Ipsen activities, such as clinical studies, grants and donations or sponsorship activities. – Verifying your credentials including via passwords, password hints, security information and questions, government-issued ID or passport or appropriate evidence of healthcare professional status, where required. Sharing data as appropriate related to audit and compliance activities, or for mergers or acquisitions. |
| Article 6 1 (b) Contract | We collect and use personal data for the purposes of contracting with you for your professional inputs, including engaging you to provide services to Ipsen, such as speaking, or taking part in expert groups, or inputting into projects or initiatives. Paying you for services and or expenses. |
| Article 6 1 (a) Consent Or where appropriate, Article 6 1 (f) Legitimate interests Or Article 6 1 (c) Legal Obligation | We collect and use personal data for the purposes of meeting our obligations to evidence transactions and ensure transparency on Transfers of Value under the European Federation of Pharmaceutical Industries and Associations (EFPIA) Code of Practice for the Pharmaceutical Industry, and/or local requirements in your country. This involves disclosing details about payments made to you, to the relevant disclosure body. Depending on the rules in relevant code in your country, we will disclose transfers of value under the relevant legal basis, which can be legal obligation, or consent or legitimate interests. The legal basis for the disclosure will be provided to you in your agreement with Ipsen. We also disclose certain information about you, where required to auditors, or government agencies, or in response to authorized information requests, or as otherwise required by laws, regulations, or industry codes. We do this for legitimate interests or because there is a legal obligation to do so. |
| Article 6 1 (a) Consent | We ask for your consent for processing your personal data in some circumstances and where appropriate, which may include: – Sending you promotional materials by email (unless you have specifically asked us to send materials to you). – In some cases, where we provide Apps or Services that operate based on your consent. – Collecting information about special dietary requirements if this includes information about your health or religion. – Using individual photographs or film or testimonials about you. |
| Article 6 1 (c) Legal obligation | – Perform administrative formalities, registration, or declarations that are required by law. – We process personal information in order to meet our legal obligations to manage quality and safety issues, such as adverse events or product quality investigations. A separate detailed privacy notice is available for these activities. |
Where do we get your personal data from?
We collect basic information about you from a range of sources, including directly from you, or from your employer. We also collect some data from publicly available sources, websites or publication databases, journals, or from third party providers of HCP data services such as IQVIA’s OneKey Service.
We may need to collect data in order to confirm contacts or financial information or to verify your licensure as a healthcare professional.
We may also receive some data about you from our third-party event organisers, or from other third parties working with us to fulfil other services.
With whom do we share your personal information?
Information related to you will only be accessed by authorised employees at Ipsen, with a relevant and tangible need to access your information.
Information related to you may also be made available to employees of other entities within the Ipsen group of companies, for the purpose of better managing our interaction with HCPs from a global perspective, to help harmonise Ipsen’s key business processes, hereby facilitating a more consistent approach across all markets.
Ipsen engages service providers to process your personal data on behalf of Ipsen, to undertake various activities (as noted above) on our behalf. Such service providers may only process your personal data in accordance with the Ipsen’s express instructions and may not use your data for their own purposes. These service providers include Veeva Systems Inc (the provider of our HCP CRM system), HCP database providers, fulfilment and communications providers, suppliers supporting payments, accounting services and event suppliers, like event organisers, hotel and transport companies that support us.
Information relevant to Transfers of Value will be shared with the relevant national association on an individual named or aggregate basis, in compliance with the European Federation of Pharmaceutical Industries and Associations (EFPIA) Code of Practice which requires Ipsen to document and publicly disclose direct or indirect Transfers of Value whether in cash, in kind or otherwise provided to you under agreements or services between you and Ipsen.
We also disclose certain information about you, where required to auditors, or government agencies, or in response to authorized information requests, or as otherwise required by laws, regulations, or industry codes.
How long do we keep your personal information?
We will only retain your information in order to meet our operational needs and to comply with legislative requirements for retention in line with Ipsen’s retention policies.
How do we protect your personal information?
To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Ipsen and its third-party service providers have put in place appropriate physical, electronic, and organizational procedures to safeguard and secure the information we collect.
Transfer of personal data outside of your home country?
We work all over the world. Therefore, personal data may be processed, accessed, or stored in a country outside the country where you are located, which may not offer the same level of protection of personal data as your home country.
When we transfer personal data to external companies in other countries, or across our International Ipsen entities, we will protect personal data by putting in place appropriate contractual agreements. When we transfer personal data from Ipsen companies in the European Economic Area (“EEA”) to a third country without an adequacy decision from the EU Commission, we will do so on the basis of standard contractual clauses approved by the European Commission. Similarly, we will protect personal data transfers from other countries including the UK and Switzerland using appropriate contractual clauses approved by the relevant authorities in those countries.
What are your rights regarding your information?
You may have the following rights regarding your information depending on the circumstances and applicable legislation:
1. The right of access
You have the right to obtain access to the information processed by Ipsen.
2. The right to rectification
You are entitled to have your information corrected if it is inaccurate or incomplete.
3. The right to erasure
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for Ipsen to keep using it. This is not a general right to erasure; there are exceptions.
4. The right to restrict processing
You have rights to ‘block’ or suppress further use of your information in certain circumstances. When processing is restricted, Ipsen can still store your information, but may not use it further.
5. The right to data portability
You have rights to obtain and reuse your personal data in a structured, commonly used, and machine-readable format in certain circumstances.
6. The right to object
You have the right to object to certain types of processing, in certain circumstances.
7. The right to withdraw consent
If we are using your personal data on the basis of your consent, you have the right to withdraw that consent at any time.
Contact information
- If you would like to exercise any of these rights, please use this form
- If you would like to ask us about how we handle your personal data, you can contact our Global Privacy team by contacting dataprivacy@ipsen.com
If you are not satisfied with how Ipsen is handling your personal data, or you think that our processing is not compliant with data protection laws you have the right to complain to the relevant data protection supervisory authority.
Ipsen’s lead authority in the EU is the Commission Nationale de l’Informatique et des Libertés (CNIL), 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, FRANCE.
Contact details for data protection authorities in other European countries can be found here:
For other countries, please refer to the local Ipsen website for details.
V1.2s Mar 24 GHPN
Related links
