It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
2 Data Protection Officer
Glenmark has appointed Dr. Karsten Kinast, of KINAST Rechtsanwaltsgesellschaft mbH as its Data Protection Officer (DPO).
Glenmark has also appointed Data Protection Coordinator for the Glenmark entities listed in Annexure 1 below, who will liaise directly with the DPO as required and act as an immediate point of contact within Glenmark. The Data Protection Coordinators can be contacted at firstname.lastname@example.org.
3 Principles and Purposes of Processing Personal Data
Personal data is information relating to an identified or identifiable natural person. This may include information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior. It does not include data where the identity has been removed (anonymous data).
We use personal data about you:
- to answer your inquiries and meet your requests, for instance, to send you the requested information.
- to send you important information about our business relationship with you, about our terms of business or use and/or to send you other information related to the processing of your data.
- to promote our business interests, for example for data analysis, for checks, for the development of new products and services, to improve our interactions with you, to enhance our website, to personalise your use of our website, by presenting you with products and offers tailored to you, as well as to identify the effectiveness of our advertising campaigns. In this respect, we adhere strictly to legal stipulations and as far as possible only use anonymized data, which does not allow inferences to be made about you as an individual. The law may provide separate preconditions for the individual uses of data.
- to operate use-based online information; more information on this can be found under cookie information.
We will only use your personal data when the law allows us to.
4 How Your Data is Collected
We use different methods to collect data from and about you including through:
- Direct Interactions: You may give us your data by filling in forms, applying for jobs with us, or by corresponding with us by post, phone, email or otherwise. This may include personal data you provide when you purchase or use our products, subscribe to our services or publications, request marketing to be sent to you, enter a competition, promotion or survey or provide us with feedback.
- Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources.
5 Our Legal Basis for Using your Data
We must have a valid basis for using your personal information and we may not collect store or use the information other than as described in this policy. There are four ways we may have a valid basis for using your personal information:
- Fulfilling the contract: The information we collect from you may be necessary to allow us to fulfill our contract with you or to enter into a contract with you.
- Legitimate interest: We may also have a legitimate interest in using your personal information, for example, to ensure that the content on our website is presented to you and your computer as effectively as possible. If this is our reason for using your personal information, we must make sure that our interests do not override yours and you can object to this use of your personal information.
- Legal obligation: Lastly, we may have a legal obligation to use your personal information in certain ways or to protect your interests, for example, we may exchange information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
6 Data Retention
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
7 Website Cookies
1. Scope and Purpose of the Processing
- Necessary Cookies
- Performance Cookies
- Functionality / personalisation Cookies
- Targeting Cookies. Various types of cookies are used on our website, the type and function are explained as follows:
2. Categories of Cookies
Performance cookies: These cookies collect information about how visitors use a website, for example, which pages they visit most frequently and whether they receive error messages from websites. These cookies do not collect any data that can be used to identify visitors. All information collected with the help of these cookies is anonymous and serves exclusively to improve the functionality and service of the website. We, therefore, use performance cookies to generate statistics on how our website is used and to see how effective our advertising campaigns are.
Functionality/personalization cookies: These cookies allow websites to remember a visitor’s previous information (e.g. user name, language or selected market) in order to offer optimised features tailored to the visitor. For example, a website can provide you with up-to-date information about your market by storing your current location in a cookie. These cookies also serve to maintain the settings you make on the website (e.g. font or font size and other user-adjustable options). They are also used to provide services you have requested, for example when you want to watch a video. These cookies are not able to track your browser activity on other websites. They do not collect any information about you that can be used for advertising purposes and cannot trace where you were on the Internet outside our website. We, therefore, use functionality/personalization cookies to recognise you the next time you visit our website and to personalise content and save your settings (for example, your preferred market).
Targeting Cookies: These cookies are used to tailor advertising even more specifically to you and your interests. They also serve to limit how often you see an advert, measure the effectiveness of an advertising campaign and understand people’s behavior after viewing an advert. Targeting cookies are usually placed on the pages of advertising networks with the consent of the website operator. You recognise that the user has visited a website and pass this information on to other companies, e.g. advertising companies. They are often linked to website functionality provided by this company. We therefore use targeting cookies to link to social networks that may then use the information about your visit to tailor advertising on other websites to you and to provide the advertising networks we use with information about your visit so that, based on your browsing behaviour, you can later be presented with the advertising that you may be interested in.
3. Browser Settings
Most browsers are already set to accept cookies by default. However, you can change your browser settings so that it only accepts certain cookies or no cookies at all. However, we would like to point out that you may no longer be able to use all the functions of our website if cookies are disabled by your browser settings on our website.
You can also use your browser settings to delete cookies already stored in your browser. Furthermore, it is possible to set your browser so that it informs you before cookies are stored. Since the different browsers may differ in their respective functions, we ask you to use the respective help menu of your browser for the setting options.
If you would like a comprehensive overview of all third-party access to your Internet browser, we recommend that you install specially developed plug-ins.
4. Passive processing via our website e.g. Tracking Tools (where applicable)
If you use this website, specific personal data can be processed in a passive way using various technologies, i.e. without you expressly entering it. Such passive information gathering primarily takes place in the following cases and for the following data:
Information from your browser: Specific information is typically processed by browsers and passed on automatically, such as your MAC address (unique device designation), the screen resolution, your operating system (Windows, Apple, Android), the version of your operating system, as well as the type and version of your internet browser.
Your IP address: Your IP address is a combination of figures issued automatically to the computer used by you by your internet provider. An IP address is automatically processed in the log files of our web server when a user calls up our website. Communication between the web server and the visitor’s computer is not possible without the IP address. If we log and store the visiting time on our websites under the IP address, the IP address is anonymized to rule out any reference to you by us.
Device information: We would like to point out that under certain circumstances and in the case of mobile terminals we process the unique device number (IMEI) – like the MAC address for computers. However, such processing only occurs when it is required to provide the respective requested service.
Website analysis: Technologies for website analysis are used with our website. Using this technology, data is saved and processed for marketing and optimisation purposes. The personal data required for this is also processed using cookies. In this regard, please be aware of our cookie information, detailed above.
This website may use Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files saved on your computer that facilitate an analysis of your use of the website. The personal data generated by the cookie on your use of this website is generally transferred to a Google server in the USA and saved there. In the case of activated IP anonymisation on this website, your IP address will, however, be abbreviated in advance by Google within Member States of the European Union or in other signatory countries to the Treaty on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and abbreviated there. On the orders of the operator of this website, Google will use this personal data to analyse your use of the website, to compile reports on website activities, and to provide further services for the website operator associated with website use and internet use. The IP address passed on by your browser within the scope of Google Analytics will not be merged with other Google data. You can prevent the saving of cookies through a relevant setting in your browser software; however, we would like to point out that in this case, you may not be able to make full use of all the functions of this website. You can countermand the collection and storage of data by Google Analytics at any time with future effect. You can prevent the processing of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in (deactivation add-on) from tools.google.com/dlpage/gaoptout.
8 Access to Sections of the Website Restricted to Professional Groups (if applicable)
Whilst some of the web pages and functions provided by Glenmark can be visited and used without personal registration, some pages are only open to specific groups of people and therefore require registration. Glenmark may only make certain information about prescription-only medications or medical content accessible if you belong to so-called professional groups in the sense of this Act (such as doctors and pharmacists). Please be aware that the information we offer you on our website through our services that require registration is of a general type and cannot provide any advice for the treatment of patients in individual cases.
9 Third-Party Websites
10 Third Parties and the Processing of your Personal Data
If necessary and legally allowed we may pass your personal data to the following third parties:
- Our business partners, with whom we offer advertising using shared brands and joint marketing. A precondition for this is that the law or your consent permits such a transfer. In addition, the business partners are contractually obliged to only use the personal data according to our specifications before the personal data is transferred.
- Service providers who provide services such as website hosting and moderation, the processing of your reviews of products and services, the provision of call center services, the hosting of mobile applications, data analysis, payment handling, order handling, infrastructure provision, IT services, customer services, delivery services for e-mails and direct advertising, credit-card settlements and audits, in order to carry out these services. Here, too, the contractual partners are accordingly bound by our contract to the stipulations under data protection law.
- Third parties in the case of reorganisations, mergers, sales, joint ventures, transfers or other disposals regarding our entire company or our entire assets or shares and/or parts thereof (for example, in association with insolvency or similar proceedings), if legally allowed.
Apart from that, we will only pass on your personal data to third parties if:
- you have given your express consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR,
- it is legally permissible and necessary for the fulfillment of a contractual relationship with you pursuant to Art. 6 (1) sentence 1 lit. b GDPR,
- there is a legal obligation to pass on the data in accordance with Art. 6 (1) sentence 1 lit. c GDPR,
- the disclosure pursuant to Art. 6 (1) sentence 1 lit. f GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.
11 Your Rights as a Data Subject
If your personal data are processed, you are a data subject within the meaning of the General Data Protection Regulation (GDPR) and the following rights apply to you:
- Pursuant to Art. 15 GDPR you can request information about your personal data processed by us. In particular, you may obtain information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the right to lodge a complaint with a supervisory authority, the origin of your data, if not collected from us, about transfer to third countries or international organisations, and the existence of automated decision-making, including profiling and, where applicable, meaningful information about the logic involved.
- Pursuant to Art. 16 GDPR you can immediately demand the correction of incorrect data or the completion of your personal data stored with us.
- Pursuant to Art. 17 GDPR, you may request the deletion of your personal data stored by us, provided that the processing is not necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
- In accordance with Art. 18 GDPR, you have the right to obtain from the controller restriction of processing if you dispute the accuracy of the personal data is contested, the processing is unlawful, we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims. You also have the right according to Art. 18 GDPR if you have filed an objection against the processing in accordance with Art. 21 GDPR.
- Pursuant to Art. 20 GDPR, you have the right to receive the personal data provided by you to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
- Pursuant to Art. 7 para. 3 GDPR you can withdraw your consent at any time. As a consequence, we are no longer allowed to continue the data processing based on this consent for the future.
- Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. Usually, you can contact the supervisory authority of your habitual residence, your place of work or our company headquarters.
You can exercise these rights by contacting Glenmark as detailed below.
12 Your Right to Object
When processing your personal data is based on legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have – as already mentioned above – the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons arising from your particular situation.
Please send your objection to the email address provided below.
13 Cross-border Transfer
Your data can be saved and processed in any country in which we maintain branches or employ service providers, for example to our parent company, Glenmark Pharmaceuticals Limited, in India. A precondition for the transfer is that the permissibility of both the transfer and receipt is guaranteed by the legal requirements in the country of the third-party transfer. To this end, standard contractual clauses of the European Commission are used. In this way, we have taken precautions so that there is a level of data protection that corresponds to EU law when the recipient receives your data. If you would like to view a copy of such aforementioned standard contractual clauses, please write to the email address detailed below.
14 Data Security and Security Measures
We commit ourselves to protect your privacy and to treat your personal data confidentially. In order to prevent manipulation, loss or misuse of your data stored with us, we take extensive technical and organisational measures, which are regularly checked and adapted to technological progress.
However, we would like to point out that due to the structure of the internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions for which we are not responsible.
In particular, unencrypted data – e.g. if this is done by e-mail – can be read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data provided by him against misuse by encryption or in any other way.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.