Privacy Policy

This privacy notice describes how personal data is used when visiting this website.

Who is the controller of your personal information?

For the purposes of this Privacy Notice, Ipsen Limited, Ipsen Biopharm Limited, Sterix Limited and Ipsen Bioinnovation Limited in the U.K. and Ipsen Pharmaceuticals Limited and Ipsen Manufacturing Limited in Ireland (together “Ipsen”)are data controllers for the personal data processing described (referred to as Ipsen, we or us in this notice).

For information related to Ipsen activity in other countries and adherence to local privacy laws, please refer to the Privacy Notices on your country’s Ipsen website, which can be accessed via www.ipsen.com

What personal information do we collect about you?

We only collect the minimum amount of personal data we need to run this website, manage security, track usage and manage users.

If you submit a contact us form, or sign up for further contacts or a newsletter, we will collect basic information to manage your request, such as:

• Name
• Email address
• Role or job title
• Country
• Your query

This website also collects data using cookies or other tracking technology. Through this we collect technical data, such as IP address, type of browser used, operating system, domain name and where visitors have come to the website from. We also collect information about the pages visited by users on the web, access time and time spent on each page, analysis of the internal path and other parameters relating to the user’s operating system and IT environment. Such technical data are collected and used in an aggregated form to help us to manage and improve the website.

When you interact with us on social media, you might provide us with some information from your social media profiles such as your name, email address or social media identifiers. See the Cookie Policy for the website you are visiting for more information.

Why are we allowed to collect and use your personal information?

Article 6 1 (f) Legitimate interests – We will process personal data in Ipsen’s legitimate interests to:

• maintain and monitor this website
• ensure the website are functions properly
• maintain the security and integrity of the website
• respond to your requests or enquiries
• perform website analytics and measure website performance
• for audits or monitoring

Where necessary, personal data may be used in Ipsen’s legitimate interest to determine liability in the event of alleged IT or electronic crimes that cause damage to the website.

Article 6 1 (c) Legal obligation – We have a legal obligation to keep informed of any side effects, or adverse events or quality issues with our products. So, if you provide us with information about this via a website form, we will process this information on the basis of that legal obligation. There is a full privacy notice related to this on our privacy page.

Article 6 1 (a) Consent – Before we can use certain types of ‘optional’ cookies or similar tracking technology, we will ask for your consent.

Where do we get your personal data from?

We collect any personal data entered when you submit a web from on this website directly from you.

We will collect some personal data indirectly, through the use of cookies and similar technologies. Please see the Cookie Policy for this website for more information.

With whom do we share your personal information?

Ipsen may need to share your personal data with the following authorised third parties:

• Ipsen and its affiliates
• Selected suppliers, service providers or vendors acting upon Ipsen’s instructions for website hosting, data analysis, order fulfilment, information technology and related infrastructure provision, customer service, email delivery, auditing, etc.
• Legal or administrative authorities: as required by applicable laws including laws outside your country of residence
• Potential acquirers and other stakeholders in the event of a merger, legal restructuring operation such as, acquisition, joint venture, assignment, spin-off or divestitures

Your personal data will not be sold, shared or otherwise distributed to third parties without an appropriate legal basis, or where we are required to do so because of an applicable law, court order or governmental regulation, or if such disclosure is otherwise necessary in support of any criminal or other legal investigation or proceeding here or abroad.

How long do we keep your personal information?

We will only retain your personal information in order to meet our operational needs and to comply with legislative requirements for retention in line with Ipsen’s retention policies. Any personal data collected from cookies or similar technologies will only be retained for 13 months.

Links to other websites

When visiting this website, you may also be able to use links to go to other websites, or you may be directed to other websites hosted by third parties. Ipsen is not responsible for how any third-party websites use your personal data, please review the privacy policies of those websites before providing any of your information.

Social media links

To make it possible to incorporate Social Network functions directly within our website (e.g. the “Like” function on Facebook, the “Follow” function on Twitter), some special tools named social plug-ins might be present on our website. All the social plug-ins are marked by the respective social network logo. When you interact with a social plug-in presents on our website (e.g. by clicking the “Like” button) or leaving a comment, the corresponding information is sent by the browser directly to the social network platform (in this example, Facebook) and recorded by it. Please consult the privacy policy of the social network if you would like to have more information about how that platform processes your personal data as well as for details of how to exercise your rights.

Cookies and similar technologies

This website use cookies and similar technologies (“cookies”). Cookies are small data files which are placed on your computer, smartphone or other device. When you enter the website, you can:

• Accept the use of cookies; or
• Refuse the use of cookies; or
• Set your cookies preference.

Please consult our Cookies Policy on the website, for more information.

How do we protect your personal information?

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Ipsen and its third-party service providers have put in place appropriate physical, electronic, and organizational procedures to safeguard and secure the information we collect.

Transfer of personal data outside of your home country?

We work all over the world. Therefore, personal data may be processed, accessed, or stored in a country outside the country where you are located, which may not offer the same level of protection of personal data as your home country.

When we transfer personal data to external companies in other countries, or across our International Ipsen entities, we will protect personal data by putting in place appropriate contractual agreements. When we transfer personal data from Ipsen companies in the European Economic Area (“EEA”) to a third country without an adequacy decision from the EU Commission, we will do so on the basis of standard contractual clauses approved by the European Commission. Similarly, we will protect personal data transfers from other countries including the U.K. and Switzerland using appropriate contractual clauses approved by the relevant authorities in those countries.

What are your rights regarding your information?

You may have the following rights regarding your information depending on the circumstances and applicable legislation:

1. The right of access – You have the right to obtain access to the information processed by Ipsen.
2. The right to rectification – You are entitled to have your information corrected if it is inaccurate or incomplete.
3. The right to erasure – This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for Ipsen to keep using it. This is not a general right to erasure; there are exceptions.
4. The right to restrict processing – You have rights to ‘block’ or suppress further use of your information in certain circumstances. When processing is restricted, Ipsen can still store your information, but may not use it further.
5. The right to data portability – You have rights to obtain and reuse your personal data in a structured, commonly used, and machine-readable format in certain circumstances.
6. The right to object – You have the right to object to certain types of processing, in certain circumstances.
7. The right to withdraw consent – If we are using your personal data on the basis of your consent, you have the right to withdraw that consent at any time.

If you would like to exercise any of these rights, please use this form.

If you would like to ask us about how we handle your personal data, you can contact our Global Privacy team by contacting dataprivacy@ipsen.com

If you are not satisfied with how Ipsen is handling your personal data, or you think that our processing is not compliant with data protection laws you have the right to complain to the relevant data protection supervisory authority which in the U.K. and Ireland are the following:

The U.K. ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk

The Irish Data Protection Commission’s address:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
DO2 RD28
Ireland

Telephone: 017650100 / 1800437 737
DPC website: https://www.dataprotection.ie

This privacy notice applies to processing personal data in relation to medical information requests, safety information and product quality complaints. This notice is for individuals requesting or reporting information on their own behalf or on behalf of others.

We understand that privacy is important to you. We are committed to treating your personal information with care and integrity.

Our privacy notice tells you what personal information we collect and how we collect it. It explains what we use your personal information for, how we process it and how we protect your personal information and keep it safe. This privacy notice explains our general practices. However, where local laws or regulations require that we process information differently, or refrain from such processing, we will always comply with the applicable local law.

Ipsen value your privacy. When we say ‘we,’ ‘us’ or ‘our,’ we are referring to Ipsen.

Personal information means any information or piece of information which could identify you either directly (e.g., your name) or indirectly (e.g., a unique identification number).

Who is the controller of your personal information?

For the purposes of this Privacy Notice, Ipsen Limited, Ipsen Biopharm Limited, Sterix Limited and Ipsen Bioinnovation Limited in the U.K. and Ipsen Pharmaceuticals Limited and Ipsen Manufacturing Limited in Ireland (together “Ipsen”), are data controllers for the personal data processing described (referred to as Ipsen, we or us in this notice).

For information related to Ipsen activity in other countries and adherence to local privacy laws, please refer to the Privacy Notices on your country’s Ipsen website, which can be accessed via www.ipsen.com

What personal information do we collect about you?

Where the requestor or reporter is a Healthcare Professional (HCP), we will collect and process (as relevant):

• Basic information- your name, last name (including prefix or title).
• Contact information – information that enables us to contact you e.g., your personal or business email, mailing address, telephone number.
• Professional information and experience- information related to your qualifications, areas of expertise, place of practice.

Where the requestor or reporter is a patient or a member of the public, we will process (as relevant)

• Basic information- your name, last name (including prefix or title).
• Contact information – information that enables us to contact you e.g., your personal or business email, mailing address, telephone number.

• Contact details of any HCP who can provide further information.
• Patient’s identification data (e.g., initials, age, date/year of birth, gender, weight, height).
• Patient’s health data: treatments administered, test results, nature of any side effect(s), personal or family history, associated diseases or events, risk factors, information on the method of prescribing and use of the medicines and on the therapeutic conduct of the prescriber or health professionals involved in the management of the disease or side effect (s).
• Patient’s family situation (e.g., information relating to family history and descent, conception, progress, and outcome of pregnancy).
• Patient’s habits and behaviours (e.g., addiction, assistance, physical exercise, diet and exercise, dietary behaviour).

Why are we allowed to collect and use your personal information?

The personal data we collect in relation to this privacy notice will be used only for the specific purposes:

• Enable the prevention, monitoring, evaluation and management of adverse events or safety issues related to our medicines.
• Meet our legal obligation to report adverse events/safety issues to health authorities.
• Respond to medical information requests about our medicines.
• Monitor product quality complaints, product quality and potential of a market recall.

• In the context of medical information:

The legal basis for processing the personal data collected in the context of medical information is Ipsen legitimate interest to respond to your requests or inquiries. The processing of special categories of data, corresponding to your health data, is necessary for reasons of important public interest.

If you provide us with special category data of patient (e.g., about health) when you submit a medical information inquiry, you undertake to inform the patient or, where required, to obtain from the individual the consent to process that data.

The condition for processing special category data in the context of medical information is to meet our legal obligations in relation to public health, or, where required, based on the patient’s consent.

• In the context of pharmacovigilance:

The legal basis for processing the personal data collected in the context of pharmacovigilance is to meet relevant legal obligations and applicable health legislation. The processing of special categories of data, corresponding to your health data, is necessary for reasons of important public interest.

• In the context of product quality complaints:

The legal basis for processing the personal data collected in the context of product quality complaints is to meet relevant legal obligations and applicable health legislation.

If you provide us personal data of a patient when you make a medical information request, report a side effect/safety issue or product complaint/ quality issue you undertake to provide the link to this Privacy Notice to the individual.

How do we protect your personal information?

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Ipsen and its third-party service providers have put in place appropriate physical, electronic, and organizational procedures to safeguard and secure the information we collect.

With whom do we share your personal information?

We share your personal information on a need-to-know basis and to the extent necessary to follow laws and regulations. We only share your personal information with teams in Ipsen companies who need to see it to do their jobs and fulfil the request made (e.g., to answer a question you have asked the company). This will include service providers who carry out certain activities on our behalf. We will also have to share your personal information with other Ipsen companies to manage our obligations. We will do this only where necessary, and these may include for example:

• Any entity who may acquire us or part of our business or brands.
• Suppliers managing side effects reports.
• Local or Global regulators, courts, governments, and law enforcement authorities.
• Professional advisors such as auditors.

Transfer of personal data outside of your home country?

We work all over the world. Therefore, personal data may be processed, accessed, or stored in a country outside the country where you are located, which may not offer the same level of protection of personal data as your home country.

When we transfer personal data to external companies in other countries, or across our International Ipsen entities, we will protect personal data by putting in place appropriate contractual agreements. When we transfer personal data from Ipsen companies in the European Economic Area (“EEA”) to a third country without an adequacy decision from the EU Commission, we will do so on the basis of standard contractual clauses approved by the European Commission. Similarly, we will protect personal data transfers from other countries including the U.K. and Switzerland using appropriate contractual clauses approved by the relevant authorities in those countries.

How long do we keep your personal information?

We will only retain the personal data, in relation to this privacy notice, for as long as we reasonably need to achieve the purposes described above and as required under applicable laws.

• In the context of medical information:

In no instance will your data be retained for longer than 25 years unless there is any legal or regulatory provision requiring otherwise.

• In the context of pharmacovigilance:

70 years after the product is withdrawn in the last country where the product is marketed.

• In the context of product quality complaints:

Personal data in relation to product quality complaints is kept for a minimum of 5 years.

What are your rights regarding your information?

You may have the following rights regarding your information depending on the circumstances and applicable legislation:

1. The right of access – You have the right to obtain access to the information processed by Ipsen.
2. The right to rectification – You are entitled to have your information corrected if it is inaccurate or incomplete.
3. The right to erasure – This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for Ipsen to keep using it. This is not a general right to erasure; there are exceptions.
4. The right to restrict processing – You have rights to ‘block’ or suppress further use of your information in certain circumstances. When processing is restricted, Ipsen can still store your information, but may not use it further.
5. The right to data portability – You have rights to obtain and reuse your personal data in a structured, commonly used, and machine-readable format in certain circumstances.
6. The right to object – You have the right to object to certain types of processing, in certain circumstances.
7. The right to withdraw consent – If we are using your personal data on the basis of your consent, you have the right to withdraw that consent at any time.

Contact information.

If you would like to exercise any of these rights, have any questions about this privacy notice, need more information or would like to raise a concern you can contact us as follows:

• If you are not a patient, please send us a Data Subject rights request by completing this form.
• If you are a patient, please contact Ipsen Global Data Privacy Team at dataprivacy@ipsen.com, you should be aware that your identity will be revealed to the Data Protection Team.

If you are not satisfied with how Ipsen is handling your personal data, or you think that our processing is not compliant with data protection laws you have the right to complain to the relevant data protection supervisory authority which in the U.K. and Ireland are the following:

The U.K. ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk

The Irish Data Protection Commission’s address:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
DO2 RD28
Ireland

Telephone: 017650100 / 1800437 737
DPC website: https://www.dataprotection.ie

This privacy notice relates to Healthcare professionals (HCPs) who interact with us, or who are participants in Ipsen activities or projects or events, or who are customers or potential customers of Ipsen products or services.

Who is the controller of your personal information?

For the purposes of this Privacy Notice, Ipsen Limited, Ipsen Biopharm Limited, Sterix Limited and Ipsen Bioinnovation Limited in the U.K. and Ipsen Pharmaceuticals Limited and Ipsen Manufacturing Limited in Ireland (together “Ipsen”) are data controllers for the personal data processing described (referred to as Ipsen, we or us in this notice).

For information related to Ipsen activity in other countries and adherence to local privacy laws, please refer to the Privacy Notices on your country’s Ipsen website, which can be accessed via www.ipsen.com

What personal information do we collect about you?

Ipsen processes information about HCPs for a range of purposes. We will only process information about you that is relevant to our work and that we have a lawful basis to process. Depending on our interaction with you, we process the following information:

• Contact information – Basic contact details including your first, last name, title, email address, postal address, telephone/mobile numbers.
• Professional information – Information about your place of work and job title, medical field, specialities, professional qualifications and your CV.Information about your scientific experience and expertise, such as participation in past or current studies and trials, events, congresses, publication of academic or scientific research and articles. Your membership in associations and boards, links to universities, education, awards, editorial boards and other related activity. Publicly available social media posts and media mentions.
• Information to arrange events or visiting us – Information relating to arranging attendance at professional events, including, as needed, your passport, visa information, residency, nationality, travel, special diet and accommodation requirements.Professional information you share for an event, and any presentations or papers that contain personal information about you.Photographs or film footage of you at events. At some meetings, where we use online tools, we may ask to record meeting contents.If you visit one of our sites, we will collect basic information to manage access to the building and we may also capture images on our CCTV cameras.
• Contracting, payments and transfers of value – Information we need to contract with you and to pay you, including bank account details and VAT or other tax details.Details of our interactions with you in relation to any grants, donations or sponsorship activities.Details of all direct or indirect transfers of value, whether in cash, in kind or otherwise, provided to you.
• Information about our interactions with you and your views and opinions – Information relating to your interactions with members of the Ipsen group, such as meetings we have had with you and topics of interest.Information about the promotional, scientific and medical activities/interactions you have with us.Information about your views and opinions collected during an event, through surveys, polls or Q&A sessions.
• Medical enquiries, reporting Adverse Events or product quality issues – Information about you or others when you submit medical enquiries, Adverse Event or product quality issues to us. For more information about this, please see the privacy notice for this on this site.
• Accessing products or services – Identification information used to deliver products or services, such as access to particular websites for example, login details, passwords, or online identifiers.
• Consent records – Records of consents you have given us for different activities.

Why are we allowed to collect and use your personal information?

Ipsen processes data about HCPs for a range of purposes and related to those purposes we rely on a number of different legal bases for that processing, as detailed in the table below.

Article 6 1 (f) Legitimate interests – We collect and use personal data for the purposes of the legitimate interests of Ipsen to manage our relationship with you in terms of professional and scientific activities and promoting and providing information and support about our products and services. This includes:

• Our field teams keeping in touch with you, recording their interactions and sharing information about our products and therapy areas.
• Responding to your requests or enquiries.
• Providing you with important information, safety issues, administrative information, or required notices.
• Providing you with promotional materials and access to support tools and services.
• Gathering your views and opinions on our products, our activities, or therapy areas through discussion, meetings, events or surveys, market research or other activities.
• Inviting you to be part of advisory boards or to undertake other activities related to your specialism.
• Gathering information about you to understand your professional expertise in order to target our interaction with you, and to develop databases of thought leaders and specialists in different therapy areas.
• Setting fair payment rates for particular activities.
• Managing arrangements for events. Including inviting you to speak or participate and sharing data with event organisers.
• Taking film or photographs at events. If you do not wish to be filmed or photographed as part of the audience, please inform your contact person at Ipsen before the event. Where appropriate, we will ask for your consent to use videos or photos that focus on you as an individual.
• Working with you when you participate in Ipsen activities, such as clinical studies, grants and donations or sponsorship activities.
• Verifying your credentials including via passwords, password hints, security information and questions, government-issued ID or passport or appropriate evidence of healthcare professional status, where required.
• Sharing data as appropriate related to audit and compliance activities, or for mergers or acquisitions.
• Gathering information about you to understand your professional expertise in order to target our interaction with you, and to develop databases of thought leaders and specialists in different therapy areas. This includes gathering information from public sources, such as media activity and professional participation in events, studies, collaborations etc.

Article 6 1 (b) Contract – We collect and use personal data for the purposes of contracting with you for your professional inputs, including engaging you to provide services to Ipsen, such as speaking, or taking part in expert groups, or inputting into projects or initiatives. Paying you for services and or expenses.

Article 6 1 (f) Legitimate interests – We collect and use personal data for the purposes of meeting our obligations to evidence transactions and ensure transparency on Transfers of Value under the Association of the British Pharmaceutical Industry (ABPI) Code of Practice or the Irish Pharmaceutical Healthcare Association (IPHA) Code of Practice, as relevant. This involves disclosing details about payments made to you, to Disclosure U.K. and IPHA in Ireland. We will disclose transfers of value under the legal basis, legitimate interests.

We also disclose certain information about you, where required to auditors, or government agencies, or in response to authorized information requests, or as otherwise required by laws, regulations, or industry codes. We do this for legitimate interests or because there is a legal obligation to do so.

Article 6 1 (a) Consent – We ask for your consent for processing your personal data in some circumstances and where appropriate, which may include:

• Sending you promotional materials by email (unless you have specifically asked us to send materials to you).
• In some cases, where we provide Apps or Services that operate based on your consent.
• Collecting information about special dietary requirements if this includes information about your health or religion.
• Using individual photographs or film or testimonials about you.

Article 6 1 (c) Legal obligation – Perform administrative formalities, registration, or declarations that are required by law.
We process personal information in order to meet our legal obligations to manage quality and safety issues, such as adverse events or product quality investigations. A separate detailed privacy notice is available for these activities.

Where do we get your personal data from?

We collect basic information about you from a range of sources, including directly from you, or from your employer. We also collect some data from publicly available sources, websites or publication databases, journals, or from third party providers of HCP data services such as IQVIA’s OneKey Service and Veeva Link.

We may need to collect data in order to confirm contacts or financial information or to verify your licensure as a healthcare professional.

We may also receive some data about you from our third-party event organisers, or from other third parties working with us to fulfil other services.

With whom do we share your personal information?

Information related to you will only be accessed by authorised employees at Ipsen, with a relevant and tangible need to access your information.

Information related to you may also be made available to employees of other entities within the Ipsen group of companies, for the purpose of better managing our interaction with HCPs from a global perspective, to help harmonise Ipsen’s key business processes, hereby facilitating a more consistent approach across all markets.

Ipsen engages service providers to process your personal data on behalf of Ipsen, to undertake various activities (as noted above) on our behalf. Such service providers may only process your personal data in accordance with the Ipsen’s express instructions and may not use your data for their own purposes. These service providers include Veeva Systems Inc (the provider of our HCP CRM system), HCP database providers, fulfilment and communications providers, suppliers supporting payments, accounting services and event suppliers, like event organisers, hotel and transport companies that support us.

Information relevant to Transfers of Value will be shared with the relevant national association on an individual named or aggregate basis, in compliance with the European Federation of Pharmaceutical Industries and Associations (EFPIA) Code of Practice which requires Ipsen to document and publicly disclose direct or indirect Transfers of Value whether in cash, in kind or otherwise provided to you under agreements or services between you and Ipsen.

We also disclose certain information about you, where required to auditors, or government agencies, or in response to authorized information requests, or as otherwise required by laws, regulations, or industry codes.

How long do we keep your personal information?

We will only retain your information in order to meet our operational needs and to comply with legislative requirements for retention in line with Ipsen’s retention policies.

How do we protect your personal information?

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Ipsen and its third-party service providers have put in place appropriate physical, electronic, and organizational procedures to safeguard and secure the information we collect.

Transfer of personal data outside of your home country?

We work all over the world. Therefore, personal data may be processed, accessed, or stored in a country outside the country where you are located, which may not offer the same level of protection of personal data as your home country.

When we transfer personal data to external companies in other countries, or across our International Ipsen entities, we will protect personal data by putting in place appropriate contractual agreements. When we transfer personal data from Ipsen companies in the European Economic Area (“EEA”) to a third country without an adequacy decision from the EU Commission, we will do so on the basis of standard contractual clauses approved by the European Commission. Similarly, we will protect personal data transfers from other countries including the U.K. and Switzerland using appropriate contractual clauses approved by the relevant authorities in those countries.

What are your rights regarding your information?

You may have the following rights regarding your information depending on the circumstances and applicable legislation:

1. The right of access – You have the right to obtain access to the information processed by Ipsen.
2. The right to rectification – You are entitled to have your information corrected if it is inaccurate or incomplete.
3. The right to erasure – This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for Ipsen to keep using it. This is not a general right to erasure; there are exceptions.
4. The right to restrict processing – You have rights to ‘block’ or suppress further use of your information in certain circumstances. When processing is restricted, Ipsen can still store your information, but may not use it further.
5. The right to data portability – You have rights to obtain and reuse your personal data in a structured, commonly used, and machine-readable format in certain circumstances.
6. The right to object – You have the right to object to certain types of processing, in certain circumstances.
7. The right to withdraw consent – If we are using your personal data on the basis of your consent, you have the right to withdraw that consent at any time.

If you would like to exercise any of these rights, please use this form.

If you would like to ask us about how we handle your personal data, you can contact our Global Privacy team by contacting dataprivacy@ipsen.com

If you are not satisfied with how Ipsen is handling your personal data, or you think that our processing is not compliant with data protection laws you have the right to complain to the relevant data protection supervisory authority which in the U.K. and Ireland are the following:

The U.K. ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk

The Irish Data Protection Commission’s address:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
DO2 RD28
Ireland

Telephone: 017650100 / 1800437 737
DPC website: https://www.dataprotection.ie

This privacy notice explains how we use personal data during recruitment processes.

Who is the controller of your personal information?

For the purposes of this Privacy Notice, Ipsen Limited, Ipsen Biopharm Limited, Sterix Limited and Ipsen Bioinnovation Limited in the U.K. and Ipsen Pharmaceuticals Limited and Ipsen Manufacturing Limited in Ireland (together “Ipsen”) are data controllers for the personal data processing described (referred to as Ipsen, we or us in this notice).

For information related to Ipsen activity in other countries and adherence to local privacy laws, please refer to the Privacy Notices on your country’s Ipsen website, which can be accessed via www.ipsen.com

What personal information do we collect about you?

When you apply for a job at Ipsen, we will collect the following types of personal data:

• Name and contact details, including email, phone number, home address
• Academic and professional qualifications
• Information about your skills and expertise
• Information about your work history
• Application letter, remuneration levels, and availability
• Your right to work in the country that in which the job will be located
• Details about your most recent employer and / or referees

We will record information about you on our careers systems and we will keep records of our interactions with you and notes about any interviews we carry out with you. We may also hold information about any assessments or tasks we ask you to complete during the application process. If you are successful, we will record details of your offer.

If you accept a role with Ipsen, we will then load your data onto our HR system. Before you start at Ipsen, we may complete background checks as relevant to the role. To carry out these checks we will request documents and information from you as relevant to the checking process, such as:

• identity documents e.g. identity card, passport
• evidence of academic and professional qualifications documents
• and other information relevant to the role and position in the company.

Why are we allowed to collect and use your personal information?

Article 6 1 (f) Legitimate interests – We collect and use your personal data for our legitimate interests to process your application, to make decisions about shortlisting and to contact you during the application process. We will also share data with any third parties that may be assisting us with the recruitment process.

We may ask you to complete assessments or tasks during the application process and we will keep personal data about that to help us to make a decision.

Article 6 1 (b) Contract – If you are offered a post, we will process your personal data to take steps to prepare for a contract with you, including:

• to send you messages, information or meeting invitations before you start
• to prepare and agree your contract
• to make organisational arrangements for you to start at Ipsen, such as setting you up on our IT systems
• to share your personal data with any third parties that work with us to provide any benefits.

Article 6 1(c) Legal obligations – We may be required to make checks on your right to work in the relevant country, by collecting documents or information from or about you. Where this is required by law, we will process this data on the basis of our legal obligations.

Where we process special category personal data about you, we do so in line with the relevant conditions for processing this type of data, as follows:

Article 9 2 (b) Employment rights – Where necessary we may need to process certain special category data, such as health, or ethnicity information during the recruitment process for a range of purposes, such as:

• to check your right to work in the country
• to carry out background checks on your health as relevant to your role
• to make special arrangements for your interview
• collecting ethnicity data, which we use in aggregated form to monitor equality

Where do we get your personal data from?

We collect personal information about you when you enter your details or upload your CV and other information about yourself when applying for a job. Ipsen also collects data about applicants from recruitment agencies and from recruitment platforms such as “LinkedIn” or other online job boards we decide to use.

With whom do we share your personal information?

Personal data related to you will only be accessed by HR, the hiring manager or other relevant managers, IT and only others who have a legitimate need to access your personal data.

Your personal information is shared with relevant staff in other entities in the Ipsen group where necessary and with third parties who process personal data on behalf of Ipsen within the scope of the purposes mentioned in this Notice.

We will ensure that the third parties we use adequately protect the information entrusted to them and these third parties will be bound by data protection contract clauses, as appropriate to our respective roles. Ipsen will only provide those companies the personal data they need to deliver the service.

We work with third parties in relation to recruitment and starting up relationships with new starters, for the following types of activity:

• recruitment agencies assisting with aspects of the recruitment process
• technology providers processing recruitment data
• background check providers

How long do we keep your personal information?

We will keep your personal data for no longer than necessary to fulfil the purpose for which it was collected and to meet any legal or regulatory provision requiring otherwise.

If you are not successful in your application, your personal data will be stored on our Careers system for two years in order to recontact you for other relevant opportunities. If you do not want us to keep your personal data in this way, please see our careers website portal for how to do this, or you can use this form.

How do we protect your personal information?

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Ipsen and its third-party service providers have put in place appropriate physical, electronic, and organizational procedures to safeguard and secure the information we collect.

Transfer of personal data outside of your home country?

We work all over the world. Therefore, personal data may be processed, accessed, or stored in a country outside the country where you are located, which may not offer the same level of protection of personal data as your home country.

When we transfer personal data to external companies in other countries, or across our International Ipsen entities, we will protect personal data by putting in place appropriate contractual agreements. When we transfer personal data from Ipsen companies in the European Economic Area (“EEA”) to a third country without an adequacy decision from the EU Commission, we will do so on the basis of standard contractual clauses approved by the European Commission. Similarly, we will protect personal data transfers from other countries including the U.K. and Switzerland using appropriate contractual clauses approved by the relevant authorities in those countries.

What are your rights regarding your information?

You may have the following rights regarding your information depending on the circumstances and applicable legislation:

1. The right of access – You have the right to obtain access to the information processed by Ipsen.
2. The right to rectification – You are entitled to have your information corrected if it is inaccurate or incomplete.
3. The right to erasure – This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for Ipsen to keep using it. This is not a general right to erasure; there are exceptions.
4. The right to restrict processing – You have rights to ‘block’ or suppress further use of your information in certain circumstances. When processing is restricted, Ipsen can still store your information, but may not use it further.
5. The right to data portability – You have rights to obtain and reuse your personal data in a structured, commonly used, and machine-readable format in certain circumstances.
6. The right to object – You have the right to object to certain types of processing, in certain circumstances.
7. The right to withdraw consent – If we are using your personal data on the basis of your consent, you have the right to withdraw that consent at any time.

If you would like to exercise any of these rights, please use this form.

If you would like to ask us about how we handle your personal data, you can contact our Global Privacy team by contacting dataprivacy@ipsen.com

If you are not satisfied with how Ipsen is handling your personal data, or you think that our processing is not compliant with data protection laws you have the right to complain to the relevant data protection supervisory authority which in the U.K. and Ireland are the following:

The U.K. ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk

The Irish Data Protection Commission’s address:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
DO2 RD28
Ireland

Telephone: 017650100 / 1800437 737
DPC website: https://www.dataprotection.ie

This Privacy Notice applies to suppliers, customers and service providers, and their representatives.

Who is the controller of your personal information?

For the purposes of this Privacy Notice, Ipsen Limited, Ipsen Biopharm Limited, Sterix Limited and Ipsen Bioinnovation Limited in the U.K. and Ipsen Pharmaceuticals Limited and Ipsen Manufacturing Limited in Ireland (together “Ipsen”)are data controllers for the personal data processing described (referred to as Ipsen, we or us in these notices).

For information related to Ipsen activity in other countries and adherence to local privacy laws, please refer to the Privacy Notices on your country’s Ipsen website, which can be accessed via www.ipsen.com

What personal information do we collect about you?

Depending on our relationship with you, we collect, use and store the following types of personal data about you:

• Contact information, name, email address, telephone numbers, postal address
• Job function, title, job title and company details and relevant business activity records
• Professional qualification or certifications or status information, as relevant
• Payment details, bank account details
• Records and results of any Health and Safety or Security training undertaken (if visiting our sites)
• Car registration, picture and badge number and CCTV footage (if visiting our sites)
• System login information (if working on our systems)

Why are we allowed to collect and use your personal information?

Article 6 1 (f) Legitimate interests – We will process your personal data, where relevant to the activity, for Ipsen’s legitimate interests in undertaking the following:

• Sharing data as needed as part of a tendering or contracting process.
• Evaluating third-party suppliers to Ipsen in order to identify and mitigate any potential risks, such as using contact information to issue and evaluate risk assessment questionnaires and/or look-up supplier entity information on third-party industry databases.
• Managing health and safety and security at our sites, including giving access to, and recording information about training we require and CCTV recordings.
• Giving access to relevant IT resources, tools, and systems.
• Providing customer service support and dealing with enquiries.
• Managing audit and declaration requirements.
• Giving you access to our systems as needed for your interaction with us.
• Checking qualifications or certifications where relevant.
• Dealing with possible misconduct or fraud cases.

Article 6 1 (b) Contract – We will use your personal data to manage any contracts we have with you directly, to facilitate the contract and manage payments.

Article 6 1 (c) Legal obligations – Your personal data may be used where necessary, to comply with legal obligations in relation to Health and Safety requirements, such as keeping records of training or incidents.

Where do we get your personal data from?

We collect data about suppliers, customers and service providers either directly from individuals or from their employers. We also collect personal data through our building access systems, training records and through CCTV on sites. We may also collect information from third party industry databases as part of our due diligence activities.

With whom do we share your personal information?

Information related to you will only be accessed by employees at Ipsen with a relevant and tangible need to see your information. Information related to you may also be made available to other entities within the Ipsen group of companies for the purpose of managing our activities with you.

We will also, as necessary, share data with third parties who work with Ipsen to support our activities, for example, audit providers, distributers, payment processors, external lawyers, IT service and system providers. Your personal data may be made available to third parties who work with Ipsen to help provide industry-wide business and/or sustainability ratings, including on Environmental, Social & Governance (ESG) factors. For example, EcoVadis SAS or EcoVadis Inc. These third parties are obliged to protect the security and confidentiality of any personal data and comply with data protection legislation.

How long do we keep your personal information?

We will only retain your information in order to meet our operational needs and to comply with legislative requirements for retention in line with Ipsen’s retention policies.

How do we protect your personal information?

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Ipsen and its third-party service providers have put in place appropriate physical, electronic, and organizational procedures to safeguard and secure the information we collect.

Transfer of personal data outside of your home country?

We work all over the world. Therefore, personal data may be processed, accessed, or stored in a country outside the country where you are located, which may not offer the same level of protection of personal data as your home country.

When we transfer personal data to external companies in other countries, or across our International Ipsen entities, we will protect personal data by putting in place appropriate contractual agreements. When we transfer personal data from Ipsen companies in the European Economic Area (“EEA”) to a third country without an adequacy decision from the EU Commission, we will do so on the basis of standard contractual clauses approved by the European Commission. Similarly, we will protect personal data transfers from other countries including the U.K. and Switzerland using appropriate contractual clauses approved by the relevant authorities in those countries.

What are your rights regarding your information?

You may have the following rights regarding your information depending on the circumstances and applicable legislation:

1. The right of access – You have the right to obtain access to the information processed by Ipsen.
2. The right to rectification – You are entitled to have your information corrected if it is inaccurate or incomplete.
3. The right to erasure – This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for Ipsen to keep using it. This is not a general right to erasure; there are exceptions.
4. The right to restrict processing – You have rights to ‘block’ or suppress further use of your information in certain circumstances. When processing is restricted, Ipsen can still store your information, but may not use it further.
5. The right to data portability – You have rights to obtain and reuse your personal data in a structured, commonly used, and machine-readable format in certain circumstances.
6. The right to object – You have the right to object to certain types of processing, in certain circumstances.
7. The right to withdraw consent – If we are using your personal data on the basis of your consent, you have the right to withdraw that consent at any time.

If you would like to exercise any of these rights, please use this form.

If you would like to ask us about how we handle your personal data, you can contact our Global Privacy team by contacting dataprivacy@ipsen.com

If you are not satisfied with how Ipsen is handling your personal data, or you think that our processing is not compliant with data protection laws you have the right to complain to the relevant data protection supervisory authority which in the U.K. and Ireland are the following:

The U.K. ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk

The Irish Data Protection Commission’s address:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
DO2 RD28
Ireland

Telephone: 017650100 / 1800437 737
DPC website: https://www.dataprotection.ie

This privacy notice explains how we use personal data related to the people we work with in Patient Organizations and that of other key industry stakeholders (referred to as ‘you’ or ‘your’ in this notice).

Who is the controller of your personal information?

For the purposes of this Privacy Notice, Ipsen Limited, Ipsen Biopharm Limited, Sterix Limited and Ipsen Bioinnovation Limited in the U.K. and Ipsen Pharmaceuticals Limited and Ipsen Manufacturing Limited in Ireland (together “Ipsen”) are data controllers for the personal data processing described (referred to as Ipsen, we or us in these notices).

For information related to Ipsen activity in other countries and adherence to local privacy laws, please refer to the Privacy Notices on your country’s Ipsen website, which can be accessed via www.ipsen.com

What personal information do we collect about you?

We hold the following types of information about you, depending on the work we are doing:

• Name, email address, telephone numbers
• Organisation, role, business contact details
• Information about your activities with Ipsen
• Interests and professional activities (such as, your professional position and background, event activities, publications, media and social media activities, links to other organisations)
• Filming, photographs or recordings

Why are we allowed to collect and use your personal information?

Legal bases Purposes Article 6 1 (f) – Legitimate interests We will only use your personal data for specific purposes as needed to support our activities and in our legitimate interests related to stakeholder engagement including:

• Identifying key stakeholders
• Understanding your interests and where these relate to Ipsen’s work
• Managing our activities with you

For our work with Patient Organisations, we will keep your information on a central database to ensure long term and consistent ways of working between Ipsen and Patient Organisations. Keeping track of our data will facilitate any handover changes and continuity within our projects and collaborations, as well as providing transparency in ongoing projects and activities.

Article 6 1 (a) Consent –  Where appropriate, when you take part in activity that involves individual filming or testimonials, we will ask for your consent.

Where do we get your personal data from?

Some information is collected directly from you, but we also collect data from public sources such as websites or social media, and from third parties such as consultancy companies.

With whom do we share your personal information?

Information related to you will only be accessed by employees at Ipsen with a relevant and tangible need to see your information. Information related to you may also be made available to other entities within the Ipsen group of companies where this is relevant to our work. We will also potentially, as necessary share data with third parties who work with Ipsen to support our activities, for example, Public Affairs or Healthcare PR consultancies, or other partners with whom we are working on specific projects. These third parties are obliged to protect the security and confidentiality of any personal data and comply with data protection legislation.

How long do we keep your personal information?

We will only retain your information in order to meet our operational needs and to comply with legislative requirements for retention in line with Ipsen’s retention policies.

How do we protect your personal information?

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Ipsen and its third-party service providers have put in place appropriate physical, electronic, and organizational procedures to safeguard and secure the information we collect.

Transfer of personal data outside of your home country?

We work all over the world. Therefore, personal data may be processed, accessed, or stored in a country outside the country where you are located, which may not offer the same level of protection of personal data as your home country.

When we transfer personal data to external companies in other countries, or across our International Ipsen entities, we will protect personal data by putting in place appropriate contractual agreements. When we transfer personal data from Ipsen companies in the European Economic Area (“EEA”) to a third country without an adequacy decision from the EU Commission, we will do so on the basis of standard contractual clauses approved by the European Commission. Similarly, we will protect personal data transfers from other countries including the U.K. and Switzerland using appropriate contractual clauses approved by the relevant authorities in those countries.

What are your rights regarding your information?

You may have the following rights regarding your information depending on the circumstances and applicable legislation:

1. The right of access You have the right to obtain access to the information processed by Ipsen.
2. The right to rectification You are entitled to have your information corrected if it is inaccurate or incomplete.
3. The right to erasure This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for Ipsen to keep using it. This is not a general right to erasure; there are exceptions.
4. The right to restrict processing You have rights to ‘block’ or suppress further use of your information in certain circumstances. When processing is restricted, Ipsen can still store your information, but may not use it further.
5. The right to data portability You have rights to obtain and reuse your personal data in a structured, commonly used, and machine-readable format in certain circumstances.
6. The right to object You have the right to object to certain types of processing, in certain circumstances.
7. The right to withdraw consent If we are using your personal data on the basis of your consent, you have the right to withdraw that consent at any time.

If you would like to exercise any of these rights, please use this form.

If you would like to ask us about how we handle your personal data, you can contact our Global Privacy team by contacting dataprivacy@ipsen.com

If you are not satisfied with how Ipsen is handling your personal data, or you think that our processing is not compliant with data protection laws you have the right to complain to the relevant data protection supervisory authority which in the U.K. and Ireland are the following:

The U.K. ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk

The Irish Data Protection Commission’s address:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
DO2 RD28
Ireland
Telephone: 017650100 / 1800437 737
DPC website: https://www.dataprotection.ie

This notice provides general information about how personal data is used when you visit one of our sites. Please also refer to any privacy notices provided by the site you are visiting.

Who is the controller of your personal information?

For the purposes of this Privacy Notice, , Ipsen Limited, Ipsen Biopharm Limited, Sterix Limited and Ipsen Bioinnovation Limited in the U.K. and Ipsen Pharmaceuticals Limited and Ipsen Manufacturing Limited in Ireland (together “Ipsen”) are data controllers for the personal data processing described (referred to as Ipsen, we or us in these notices).

For information related to Ipsen activity in other countries and adherence to local privacy laws, please refer to the Privacy Notices on your country’s Ipsen website, which can be accessed via www.ipsen.com

What personal information do we collect about you?

We will collect the following information about visitors to our sites:

• Your name, and email address
• Organisation that you work for
• Purpose of your visit
• Your vehicle registration
• Badge number and validity date
• Date and times of your visit, exit and entry times and records of which areas of the building you have accessed
• Photograph
• CCTV images
• Records of Health and Safety training, where required
• Where necessary, fingerprint data may be required (see below)

We may ask you for ID when you visit one of our sites. We will look at this ID, but we will not record or copy it.

We provide a “Guest Wifi” network for visitors. An IP address is dynamically allocated to your device. The hardware identifier and traffic information (sites visited, duration and dates) are logged for security reasons.

Why are we allowed to collect and use your personal information?

Article 6 1 (f) Legitimate interests – The information we collect from you is used to ensure the security of access to our premises, and to protect health and safety on our sites.

The CCTV surveillance system is used to assist in providing secure and safe site management. We may also use CCTV images in relation to preventing, investigating and detecting possible non-compliance with company regulations and procedures or to contribute to investigations of potential criminal activity and anti-social activity.

Article 6 1 (c) Legal obligations – Certain areas at some of our sites require additional security measures to ensure your safety and to protect the activities in our facilities. For these areas, we may also require use fingerprints as part of access control systems for highly secure areas, where we have a legal obligation to maintain this level of security**.

We may also be required to disclose certain personal data, such as CCTV images, for legal purposes in some situations.

Article 6 1 (a) Consent – **If we use fingerprint data to access certain site areas or systems where we are not under a legal obligation to do so, but have a legitimate and necessary reason to use this approach, we will ask for your consent for this, where it is appropriate to do so.

Where do we get your personal data from?

We will usually collect your personal data directly from you when you visit our site, but we may sometimes obtain your personal data from your employer.

With whom do we share your personal information?

Information related to you will only be accessed by employees at Ipsen with a relevant and tangible need to see your information, such as our reception team and site management and security staff.

We will also, as necessary, use third party systems to support visitor, building access processes or security services. These third parties are obliged to protect the security and confidentiality of any personal data and comply with data protection legislation.

CCTV recordings may be disclosed to authorised agencies to support investigations. The recorded data may be disclosed to site management and Ipsen’s global security team to support investigations relating to health, safety or security issues on the site. In some circumstances we may be required to disclosure CCTV images to the police.

How long do we keep your personal information?

We will only retain your information in order to meet our operational needs and to comply with legislative requirements for retention, in line with Ipsen’s retention policies.

CCTV images are retained for 30 days. However, in the event of an incident related to the safety of people and property, CCTV images may be extracted and then kept on another medium for the time it takes to settle and keep appropriate records of the incident.

How do we protect your personal information?

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Ipsen and its third-party service providers have put in place appropriate physical, electronic, and organizational procedures to safeguard and secure the information we collect.

Transfer of personal data outside of your home country?

We work all over the world. Therefore, personal data may be processed, accessed, or stored in a country outside the country where you are located, which may not offer the same level of protection of personal data as your home country.

When we transfer personal data to external companies in other countries, or across our International Ipsen entities, we will protect personal data by putting in place appropriate contractual agreements. When we transfer personal data from Ipsen companies in the European Economic Area (“EEA”) to a third country without an adequacy decision from the EU Commission, we will do so on the basis of standard contractual clauses approved by the European Commission. Similarly, we will protect personal data transfers from other countries including the U.K. and Switzerland using appropriate contractual clauses approved by the relevant authorities in those countries.

What are your rights regarding your information?

You may have the following rights regarding your information depending on the circumstances and applicable legislation:

1. The right of access You have the right to obtain access to the information processed by Ipsen.
2. The right to rectification You are entitled to have your information corrected if it is inaccurate or incomplete.
3. The right to erasure This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for Ipsen to keep using it. This is not a general right to erasure; there are exceptions.
4. The right to restrict processing You have rights to ‘block’ or suppress further use of your information in certain circumstances. When processing is restricted, Ipsen can still store your information, but may not use it further.
5. The right to data portability You have rights to obtain and reuse your personal data in a structured, commonly used, and machine-readable format in certain circumstances.
6. The right to object You have the right to object to certain types of processing, in certain circumstances.
7. The right to withdraw consent If we are using your personal data on the basis of your consent, you have the right to withdraw that consent at any time.

If you would like to exercise any of these rights, please use this form.

If you would like to ask us about how we handle your personal data, you can contact our Global Privacy team by contacting dataprivacy@ipsen.com

If you are not satisfied with how Ipsen is handling your personal data, or you think that our processing is not compliant with data protection laws you have the right to complain to the relevant data protection supervisory authority which in the U.K. and Ireland are the following:

The U.K. ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk

The Irish Data Protection Commission’s address:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
DO2 RD28
Ireland

Telephone: 017650100 / 1800437 737
DPC website: https://www.dataprotection.ie