PRIVACY NOTICE
This notice provides general information about how personal data is used when you visit one of our sites. Please also refer to any privacy notices provided by the site you are visiting.
Who is the controller of your personal information?
For the purposes of this Global Privacy Notice, Ipsen Pharma SAS, headquartered at 65, quai Georges Gorse – 92100 Boulogne-Billancourt, France, and its affiliates, are data controllers for the personal data processing described (referred to as Ipsen, we or us in these notices).
Ipsen is an international group of companies. As our headquarters are based in France, this notice is based on GDPR. For information related to Ipsen activity in your country and adherence to local privacy laws, please refer to the Privacy Notices on your country’s Ipsen website, which can be accessed via www.ipsen.com
What personal information do we collect about you?
We will collect the following information about visitors to our sites:
- Your name, and email address
- Organisation that you work for
- Purpose of your visit
- Your vehicle registration
- Badge number and validity date
- Date and times of your visit, exit and entry times and records of which areas of the building you have accessed
- Photograph
- CCTV images
- Records of Health and Safety training, where required
- Where necessary, fingerprint data may be required (see below)
We may ask you for ID when you visit one of our sites. We will look at this ID, but we will not record or copy it.
We provide a “Guest Wifi” network for visitors. An IP address is dynamically allocated to your device. The hardware identifier and traffic information (sites visited, duration and dates) are logged for security reasons.
Why are we allowed to collect and use your personal information?
| Article 6 1 (f) Legitimate interests | The information we collect from you is used to ensure the security of access to our premises, and to protect health and safety on our sites. The CCTV surveillance system is used to assist in providing secure and safe site management. We may also use CCTV images in relation to preventing, investigating and detecting possible non-compliance with company regulations and procedures or to contribute to investigations of potential criminal activity and anti-social activity. |
| Article 6 1 (c) Legal obligations | Certain areas at some of our sites require additional security measures to ensure your safety and to protect the activities in our facilities. For these areas, we may also require use fingerprints as part of access control systems for highly secure areas, where we have a legal obligation to maintain this level of security**. We may also be required to disclose certain personal data, such as CCTV images, for legal purposes in some situations. |
| Article 6 1 (a) Consent | **If we use fingerprint data to access certain site areas or systems where we are not under a legal obligation to do so, but have a legitimate and necessary reason to use this approach, we will ask for your consent for this, where it is appropriate to do so. |
Where do we get your personal data from?
We will usually collect your personal data directly from you when you visit our site, but we may sometimes obtain your personal data from your employer.
With whom do we share your personal information?
nformation related to you will only be accessed by employees at Ipsen with a relevant and tangible need to see your information, such as our reception team and site management and security staff.
We will also, as necessary, use third party systems to support visitor, building access processes or security services. These third parties are obliged to protect the security and confidentiality of any personal data and comply with data protection legislation.
CCTV recordings may be disclosed to authorised agencies to support investigations. The recorded data may be disclosed to site management and Ipsen’s global security team to support investigations relating to health, safety or security issues on the site. In some circumstances we may be required to disclosure CCTV images to the police.
How long do we keep your personal information?
We will only retain your information in order to meet our operational needs and to comply with legislative requirements for retention, in line with Ipsen’s retention policies.
CCTV images are retained for 30 days. However, in the event of an incident related to the safety of people and property, CCTV images may be extracted and then kept on another medium for the time it takes to settle and keep appropriate records of the incident.
How do we protect your personal information?
To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Ipsen and its third-party service providers have put in place appropriate physical, electronic, and organizational procedures to safeguard and secure the information we collect.
Transfer of personal data outside of your home country?
We work all over the world. Therefore, personal data may be processed, accessed, or stored in a country outside the country where you are located, which may not offer the same level of protection of personal data as your home country.
When we transfer personal data to external companies in other countries, or across our International Ipsen entities, we will protect personal data by putting in place appropriate contractual agreements. When we transfer personal data from Ipsen companies in the European Economic Area (“EEA”) to a third country without an adequacy decision from the EU Commission, we will do so on the basis of standard contractual clauses approved by the European Commission. Similarly, we will protect personal data transfers from other countries including the UK and Switzerland using appropriate contractual clauses approved by the relevant authorities in those countries.
What are your rights regarding your information?
You may have the following rights regarding your information depending on the circumstances and applicable legislation:
1. The right of access
You have the right to obtain access to the information processed by Ipsen.
2. The right to rectification
You are entitled to have your information corrected if it is inaccurate or incomplete.
3. The right to erasure
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for Ipsen to keep using it. This is not a general right to erasure; there are exceptions.
4. The right to restrict processing
You have rights to ‘block’ or suppress further use of your information in certain circumstances. When processing is restricted, Ipsen can still store your information, but may not use it further.
5. The right to data portability
You have rights to obtain and reuse your personal data in a structured, commonly used, and machine-readable format in certain circumstances.
6. The right to object
You have the right to object to certain types of processing, in certain circumstances.
7. The right to withdraw consent
If we are using your personal data on the basis of your consent, you have the right to withdraw that consent at any time.
Contact information
- If you would like to exercise any of these rights, please use this form.
- If you would like to ask us about how we handle your personal data, you can contact our Global Privacy team by contacting dataprivacy@ipsen.com
If you are not satisfied with how Ipsen is handling your personal data, or you think that our processing is not compliant with data protection laws you have the right to complain to the relevant data protection supervisory authority.
Ipsen’s lead authority in the EU is the Commission Nationale de l’Informatique et des Libertés (CNIL), 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, FRANCE.
Contact details for data protection authorities in other European countries can be found here:
Our Members | European Data Protection Board (europa.eu)
For other countries, please refer to the local Ipsen website for details.
V2.0s Mar 24 GVPN
Related links
