Effective Date: 14 07, 2021
1. Information We Collect
Information You Provide Directly
Some Services enable you to give us information directly. For example:
- When you communicate in any manner with our Customer Service staff or others regarding a customer inquiry, your communications and other information required to respond to and satisfy your requests will be processed through our systems.
- When you participate in a clinical trial, scientific research and/or medical testing conducted by us, we will collect from you your name initials, date of birth, age or age group, sex, height, weight and other patient identifiers, country and trial site. We will also collect health information (e.g., your health status, medical background, history, medication details, adverse events), health care information (e.g., identity and contact information of your healthcare professionals) and racial/ethnic origin.
- When you report to us any information in connection to our pharmacovigilance activities, such as post-marketing surveillance, we will collect from you your name initials, date of birth, age or age group, sex, height, weight and other patient identifiers, country and trial site. We will also collect health information (e.g., your health status, medical background, history, medication details, adverse events), health care information (e.g., identity and contact information of your healthcare professionals) and racial/ethnic origin.
Information We Collect From Third Parties
We may also collect information about you from third parties, such as your healthcare professionals, hospitals/clinics, contact research organisations and clinical trial investigators, our licencees and business partners, government agencies or public records, third party service providers, industry and patient groups and associations.
Information We Collect When You Use Our Website
In addition to the information you provide, we will collect information during your use of our website through software on your devices (e.g., web browser) and by other means, namely your location (country) and IP address.
Links to Other Websites, Devices, Apps and Features
Our Services may enable you to connect to other websites, devices, apps and other features, which may operate independently from us and have their own privacy notices or policies, which we strongly suggest you review. To the extent any linked website, device, app or other feature is not owned or controlled by us, we are not responsible for its content, use or privacy practices.
Other Information We Collect
We may also collect other information about you, your devices, or your use/participation of the Services with your consent or where required by law.
2. How We Use the Information We Collect
The information we collect will be used for the following purposes. In each case, we will rely on a legal basis of processing under the General Data Protection Regulation of the European Union (“GDPR”).
To operate our website and responds to your inquiries
We process your personal data when this is necessary to enable you to use our website or respond to your requests, questions and instructions, based on our legitimate interests.
To perform, conduct and administer clinical trials, scientific research, medical testing and/or pharmacovigilance activities
We process your personal data when this is necessary to conduct clinical trials, research and/or medical testing in which you are participating in, as well as any related activities supporting the same including, without limitation, pharmacovigilance activities. This may include activities relating to the detection, assessment, understanding and prevention of adverse effects, tracking and responding to safety and product quality concerns, conducting related scientific and medical research, supporting public health initiatives, attributing to academic and promotional materials and any other product-related issues.
Such use of your personal data may be based on performing a contract we executed with you or our legitimate interests. We make sure to consider and balance any potential impact on you and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you, unless we have your consent or are otherwise required or permitted to by law.
We will only process your sensitive personal data (such as health related information) when allowed by law.
To use information based on your consent
On other occasions where we ask you for consent, we will use the data for the purpose which we explain at that time.
For purposes which are required by law
We may process your personal data in order to comply with and enforce applicable law requirements and to respond to requests from government or law enforcement. This includes complying with regulatory monitoring and reporting obligations, such as those related to adverse events, product complaints and patient safety.
3. Information Sharing
We may disclose personal data about you as described below:
- JW affiliates, subsidiaries, and personnel. We share personal data with our personnel, including contractors and agents, and other companies in our group, to the extent this is necessary to provide our Services and to fulfil the purposes set out in section 2 above.
- Business partners. We may share your personal data with our business partners, including but not limited to licensees of our products, to the extent this is necessary to conduct and perform pharmacovigilance activities, such as adverse event or quality reporting, as further detailed in section 2 above.
- Third Party service providers. We may disclose your information to carefully selected companies that provide services on our behalf, for example, companies that help us develop and operate systems for the Services; providers of IT services, security, hosting, customer care activities, mailing, billing, marketing services; clinical research organisations and clinical trial investigators. These entities are only authorised to access and use your personal data to the extent this is necessary for them to provide us with their services, and they are not allowed to use this information for other purposes. Our service providers may be located in countries outside of Europe.
- Other Parties When Required by Law or as Necessary to Protect Our Services. There may be instances when we disclose your information to other parties:
- to comply with the law or respond to compulsory legal process (such as a search warrant or other court order);
- to verify or enforce compliance with the policies and regulations governing our Services (such as complying with monitoring and reporting obligations to government authorities); and
- to protect and defend the rights, property, and the security or safety of us, or, in compliance with data protection laws, any of our respective affiliates, business partners, our customers, or members of the public.
4. Retention of Personal Data
We take appropriate steps to ensure that we process and retain information about you in accordance with the following principles:
- at least the duration for which the information is used to provide you with our Services and to fulfill the purposes set out in section 2 above;
- as required under law, a contract, or with regard to our statutory obligations (e.g., tax laws); or
- only for as long as is necessary for the purpose for which it was collected, is processed, or longer if required under any contract, by applicable law, or, in anonymised form, for statistical purposes, subject to appropriate safeguards.
- Where we process your information for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data indefinitely so that we can respect your request in future.
5. Your Rights
Your personal data belongs to you. To the extent provided by applicable law, you can ask us for a copy of the personal data we hold about you, and you can ask us to delete it or correct any inaccuracies. You can also ask us to restrict or limit the processing of your personal data, as well as to provide to you your personal data that you provided to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this data to another controller.
In addition, to the extent provided by applicable law, you can object to the processing of your personal data in some circumstances (in particular, where we do not have to process the data to meet a contractual or other legal requirement). You have the right to object at any time to the use of your personal data for direct marketing purposes, including profiling relating to direct marketing.
These rights may be limited, however, for example if fulfilling your request would reveal personal data about another person, where it would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in both the GDPR and in national laws. We will inform you of relevant exemptions we rely upon when responding to any request you make. To make a request concerning your rights or to make an inquiry, see the Contact Us section below.
6. Protection of Personal Data
We take protection of your information seriously and have put in place appropriate physical, technical, and organisational measures to safeguard the information we collect in connection with theServices. However, please note that although we take reasonable steps to protect your information, no website, Internet transmission, computer system, or wireless connection is completely secure.
7. International Transfer of Information
[For European Economic Area (EEA) Residents]
If you are in the EEA, UK or Switzerland, we will transfer your personal data to the Republic of Korea and other countries outside the EEA or Switzerland. When transferring information outside the EEA, we will take appropriate measures, in compliance with applicable laws, to ensure that your personal data remains protected. Such measures include for instance the use of the European Commission-approved Standard Contractual Clauses to safeguard the transfer of information outside of the EEA, or reliance on your explicit consent. To request more information or obtain a copy of the contractual agreements or other safeguards in place, please contact us using the contact details set out in the Contact Us section below.
9. Contact Us
To exercise your rights, or for further information about how we use your personal data, please contact our Data Protection Officer, Byon-Joon Kwon, at firstname.lastname@example.org or via post to 2477, Nambusunhwan-ro, Seocho-gu, Seoul, Republic of Korea.
10. EEA representative
"To comply with the General Data Protection Regulation (2016/679) we have appointed a European representative. If you wish to contact them, their details are as follows:
Bird & Bird GDPR Representative Services SRL
Avenue Louise 235
Key Contact: Vincent Rezzouk-Hammachi
Our EEA Representative can only be contacted for queries in relation to data protection."