Data Protection at Fresenius Kabi

Welcome to the Fresenius Kabi Hong Kong Ltd. (together with Fresenius Kabi APAC Ltd., “Fresenius Kabi” or “we”) data protection information page. As a global healthcare company that specializes in lifesaving medicines and technologies for infusion, transfusion and clinical nutrition, we need to collect, use and share your personal data to carry out our work. We need to ensure that this data is appropriately handled and protected.

This site explains how we incorporate data protection in our operations and how your data is used in our processes. Furthermore, you will find information on how to execute your rights.


How We Take Care of Your Data

Our Data Protection Organization

Fresenius Kabi operates a central data protection competence center. This center has set up a data protection management framework in alignment with ISO 29100 (privacy framework for the protection of personally identifiable information). The competence center aims to implement a harmonized and consistent way of processing personal data across all Fresenius Kabi entities. It sets the policies, procedures and standards for data protection and provides tools and processes for the employees as well as training and awareness material. Furthermore, this center provides expertise on all data protection topics.

Our local data privacy advisors at the various Fresenius Kabi legal entities support local management with their compliance programs. They do this by executing risk and compliance assessments for the different data processing activities. With these assessments we aim to integrate ‘Privacy by design’ into the design of our processes and IT systems.

The monitoring of our data protection compliance efforts is overseen by our data protection officer.

Our Data Protection Policy

The Fresenius Kabi Group has adopted Binding Corporate Rules on the protection of personal data. These rules have been approved by the European Data Protection Authorities and describe the principles for protecting personal data and determine how we apply them when collecting and using personal data.

The Fresenius Binding Corporate Rules, associated security policies and procedures aim to create a global adequate and uniform level of data protection across our group. They set the rules for the internal data transfers between Fresenius Kabi companies and our internal service providers worldwide.

Our Security Measures 

At Fresenius Kabi we know information security is important to our customers, patients, and business partners. We are committed to maintaining information security through responsible management, appropriate use, and protection of our and your data in accordance with legal and regulatory requirements and our agreements. Please find more about the Information Security at Fresenius Kabi.


Transparency on Our Data Processing Activities

We collect and use your personal data in various ways and for various purposes. We collaborate with other organizations to achieve our purposes. In the sections below you can find when and how we do that. If you have any further questions, requests, inquiries or complaints relating your personal data you can contact us.

Situations in Which We Collect Your Data

Last updated April 2024, replaced the previous version
 

Please be informed that our websites include links to external sites which are not covered by this data protection statement. Also, some of the Fresenius Kabi entities in our group provide data protection statements that may differ from this data protection statement. Your visit to such websites is subject to the respective data protection statement of that website.

Why we collect and use your data

We collect and use your data for the following purposes:

  • To make the website work and optimized for the device you use 
  • To provide the best possible service to you, enhance your user experience and store your preferences for your current or future browsing sessions
  • To further improve our websites.
What data we collect and how we do that

We collect your data of your visit to our website in the following ways:

Automatically by our website or by using cookies and other technologies

We collect and use the following internet protocol data or cookie data during your visits on our websites:

  • The name of your service provider including IP address
  • The website that directed you to our site
  • The pages you visited on our websites
  • Your web browser type
  • The date and length of your visit
  • The preferences you select.

You can accept all, accept only necessary or you can choose your own settings for the use of certain cookies & other technologies for this website. Please note that if you choose not to accept the use of certain cookies you may not be able to experience the full functionality of this website and may have to confirm certain dialogs once again.

Your cookie settings are always related to the web browser you are using, and the settings are of no effect if you use a different web browser upon your next use of this website. Alternatively, you can manage the settings of your web browser or on your mobile device. Here you can delete cookies at your own discretion at any time.

We use the following types of cookies:

Strictly necessary cookies

This type of cookies is required to make the website work. They are exclusively used by us during the session. They help to make the page load more quickly and to limit the number of sessions originating from a user to prevent a website-overload. 

We use a "cookie notifier" cookie which saves your decision either to agree with the usage of cookies on our website or not. It is saved automatically upon your click on one of the two options available. Your acceptance of our cookies is stored for one year from the acceptance date. If you decide to refuse our cookies, your decision will be stored for 30 days. During this time, the cookie information banner will not be shown again.

All other strictly necessary cookies remain valid during the session and are automatically deleted when you close the browser.

Functional cookies

Functional cookies save the choices and preferences you make while visiting this website in order to offer you an improved functionality and personal features. They can remember your login status, or the status of videos played. These will be stored for 30 days.

Analytical cookies

When you consent to the usage of analytical cookies, respective cookies will be stored on your device. Analytical cookies allow us to analyze the way the website is used, how often visitors use a page of our website, and if they get error messages from our pages. For this purpose, your IP address will be processed in a pseudonymized manner by deleting the last three digits. That way we are no longer able to directly identify you as an individual. We will delete this data within three years.

When activating social media plug-ins

If you activate plug-ins of social media providers (such as Facebook, X, YouTube, LinkedIn, Instagram or WhatsApp), your web browser will connect to the servers of the respective providers and send your specific user data to these providers.

In addition, if you are currently logged in to a social network of one of the above-mentioned providers, your activity may be linked to your user account with these providers at the same time.

In order to secure your privacy, we are using a tool called “Shariff.” Shariff enables you to decide whether and when to activate the share plug-ins on our website and, by doing so, whether to initiate a transfer of user specific data to the provider. Only if you specifically activate a plug-in via Shariff, your browser will connect to the servers of the respective provider and the user specific data (as further referenced below) will be sent to that provider. You activate a plug-in via Shariff, by clicking on one of the respective share buttons.

Legal basis to collect, use and share your data

We process your personal data on one or more of the following legal bases:

  • You have given us your consent for the intended processing or international transfer of your personal data, (e.g., in the EU Art. 6.1 a, and Art. 49.1 a GDPR). This is e.g. the case for cookies that are not strictly necessary and when you activate the social plug-ins.
  • The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR). These legitimate interests are:
    • the establishment, exercise or defense of legal claims
    • to provide information on our products and service via a working and optimized website.
With whom we share your data

Besides the general recipients as mentioned under With Whom We Share Your Data, we share your data with social media platforms if you activate the plug ins.

Fresenius Kabi has no influence on the scope or the kind of data that will be submitted by activating the plug-ins. Besides, further data processing operations could be triggered, on which we do not have any influence. To learn more about the scope of personal data collected and used, the purposes for which we may use your data, and your respective rights and configuration options to protect your privacy (including your right of withdrawal of consent), please refer to the respective social network’s data protection statement.

Facebook: https://www.facebook.com/about/privacy
X: https://twitter.com/en/privacy
YouTube: https://policies.google.com/privacy
Instagram: https://help.instagram.com/519522125107875
LinkedIn: https://www.linkedin.com/legal/privacy-policy
WhatsApp: https://www.whatsapp.com/legal/

How long we retain your data

Information collected via the website or cookies & similar technologies will be stored as long as your visit or as long as the cookie is valid as explained above.

Last updated April 2024, replaced the previous version
 

Why we collect and use your data

We may collect and use your data for the following purposes:

  • to verify if you are a healthcare professional. We do this to comply with laws and regulations relating to the marketing and provision of information about certain medical products and medicines. We also need to verify if you are registered as healthcare professional in the respective country of the website you are visiting, because our products have a different registration status with the health authorities and therefore information may differ from country to country.
  • to enhance your visits to our websites with content relevant to you
  • to tailor and optimize our communications and interactions with you based on your interests
What data we collect and how we do that

We collect your data of in the following ways:

Information we collect via the website

If you create an account or login with your account on our website, the following data may be processed:

  • Name
  • Username and password
  • Healthcare profession number
  • Professional email address
  • Country
  • Zip code
  • Profession, therapeutic area and specialty you are working in
  • Title, Gender
  • Your employers name and address
  • Date and time your account was created
  • The website your account was first enabled
  • Logfiles, containing information date and time you logged into or out a Fresenius website, the pages visited on our websites
Information we collect from other organizations

We may process data that is provided to us by contracted service providers, or obtained from publicly accessible sources, including official registers of healthcare professionals or data brokers which provide information about healthcare professionals. This may include:

  • Healthcare profession number
  • Professional email address
  • Country
  • Zip code
  • Profession, therapeutic area and specialty you are working in
  • Your employers name and address
Profiling and automated decision making

To tailor and optimize our communications, we create a profile of you. These are based on your profession, therapeutic area and specialty you are working in and the interactions on our website and used to tailor and optimize our communications and interactions with you.

An automated decision making (e.g., in the EU Art. 22 GDPR) occurs to fulfill our obligation to not market the use of medical products for human use to the general public. We therefore verify if you are a healthcare professional. This is done based on information obtained from official publicly available sources and/or external data brokers. If you are not recognized as a healthcare professional, you cannot access all information on such restricted areas of our website.

Legal basis to collect, use and share your data

We process your personal data on one or more of the following legal bases:

  • The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR). More specifically the legal obligations in relation to the marketing and provision of information about certain medical products and medicines for which we need to verify if you are a healthcare professional. Furthermore, the status of registration of certain products with the health authorities differs from country to country and must therefore be adapted per country.
  • You have given us your consent for the intended processing or transfer of your personal data, (e.g., in the EU Art. 6.1 a, and Art. 49.1 a GDPR). This is the case if you create or use a login from another party such as your account from Acxiom, DocCheck, IQVIA and/or Veeva.
  • The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR). These legitimate interests are:
    • The establishment, exercise or defense of legal claims
    • To provide information on our products and service via a working and optimized website
    • To obtain insights in the visitors of our website and their interests.
Requirements to provide personal data

Your personal data is required to make the website accessible to you. If you do not provide the personal data marked as compulsory during the account creation or login, you may not be able to access all information available on such restricted areas of our website.

How long we retain your data

Your credentials are stored for 2 years after your last login.

Your logfiles are stored for 13 months.

Last updated April 2024, replaced the previous version
 

Why we collect and use your data

We collect and use data you actively provided to us. For instance, when filling in online forms or when contacting us by other means of communication such as e-mail, telephone or mail. We may do this:

  • To validate, handle and respond to you based upon your inquiry or request
  • To fulfill our compliance requirements under pharmacovigilance and medicines laws.
What data we collect and how we do that

We collect the information you provide to us, which may include the following data:

  • Name
  • Gender
  • Contact and address information (e.g., address data, email address, phone number, fax number)
  • Country of residence
  • Organization / Company
  • Profession
  • Type of request and possible further information for the purpose of responding to your inquiry
Legal basis to collect, use and share your data

We process your personal data on one or more of the following legal bases:

  • The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR). More specifically legal obligations in relation to requirements under pharmacovigilance and medicines laws.
  • The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR). These legitimate interests are:
    • To validate, handle and respond to you based upon your inquiry or request
    • The establishment, exercise or defense of legal claims
    • To provide information on our products and service.
Requirements to provide personal data

Your contact details are required to be able to provide you an answer to your request.

How long we retain your data

Your contact details will be stored for up to six months after the inquiry has been completed unless legal obligation exists to retain data for a longer duration, which is the case if you report or are you mentioned in an adverse event or reaction associated with the use of medicinal products and safety of medical devices (vigilance).

Last updated April 2024, replaced the previous version
 

Why we collect and use your data

As our valued commercial prospect, client, vendor, interested business contact or otherwise representative of an organization we interact with (business contact), we may collect and use certain personal data from you. Depending on the business relationship we have with you and/or the organization you are working for, we may collect and use your data for the following purposes:

  • Asses a potential business relationship and/or maintaining our business relationship with you or the organization you are working for (including customer relationship management, supplier management, investor relations management, and business partner qualification)
  • Vendor assessment and qualification (e.g., whether you and your organization meet certain quality and certification requirements)
  • Procurement of products and services from you or the organization you are working for
  • Exchange of information related to existing contracts or potential future contracts with you or the organization you are working for
  • Fulfill our contract with the organization you are working for, including the enforcement of any rights we may have under such contract
  • Termination of contracts and agreements
  • Fulfillment of compliance requirements related to a business transaction (e.g., conflict checks, business partner due diligence, sanction list screening, anti-money laundering laws, secure supply chain requirements, customs and export law requirements, tracing requirements for products)
  • Manufacture and quality management of products
  • Provide and deliver products and services
  • Marketing (e.g., informing you about products and services or related information)
  • Carry out surveys to understand customer requirements in more detail
  • Relationship administration and key account management including external communication and public relationship
  • Assess and categorize which specific business needs match best with your abilities (e.g., when we look for a key opinion leader in a certain field or for specific products, the extent you belong to the group of scientific input providers, based on scientific or professional experience) or if you can influence in your professional capacity, the use, purchase, ordering, prescribing or recommendation of Fresenius Kabi products, or affect tender decisions, formulary placement, award status or other preferential or qualifying status of Fresenius Kabi products in accordance with applicable law
  • Finance and accounting, invoicing, payment collection and reporting
  • Assess your company’s financial solvency and credit risk
  • Assess potential investments in Fresenius shares, a potential acquisition, divestiture or joint venture transaction with us or any Fresenius Kabi affiliate
  • Improve our products and services
  • Organize, secure and improve internal processes including communication, administration, research and IT
  • Develop, provide, support and maintain IT infrastructure and solutions
  • Security analysis of our IT systems, to protect the confidentiality, availability, integrity of the data and systems
  • Facilitate mergers, acquisitions and re-organizations.
What data we collect and how we do that

We collect and use your personal data in the following ways:

Information you provide to us

We may collect your personal data when you contact us, order our products and services or enter into a contract with us for the supply of goods and services. Such personal data include:

  • First and last name
  • Gender
  • Contact and address information, including address, e-mail address, phone number, fax number
  • Country of residence
  • Role and function in your organization
  • Your areas of expertise
  • Your profession and qualifications
  • Information on the kind of a relationship you have with Fresenius Kabi
  • Employer name and employer address
  • Contact preferences
Information we collect from other organizations

We may process data that is provided to us by contracted service providers, by competent authorities or obtained from publicly accessible trade registers or trade associations and other publicly available sources, including rating agencies, financial solvency, risk information and financial service agencies and institutions, government or supranational agencies, in particular tender authorities or procurement agencies, data brokers, websites, blogs and printed media. Such personal data may include:

  • First and last name
  • Contact and address information (e.g., address, e-mail address, phone number, fax number)
  • Organization / Company
  • Your organization’s bank accounts
  • Your profession and qualifications
  • Professional identifiers
  • Organizational details, affiliation details of your company
  • Certifications and quality statements issued by your organization’s officers, representatives or auditors
  • Percentage of shares held
  • Details related to public filings, trade registers and professional boards
  • Details related to published transactions of your organization including tenders and financial arrangements
  • Details related to specially designated nationals or blocked persons lists
  • Previous interactions with Fresenius Kabi and any of our subsidiaries.
Profiling and automated decision making

An automated decision making (e.g., in the EU Art. 22 GDPR) occurs according to our obligation to conduct a sanction-control-procedure. Within this procedure we check if you, or your organization is listed on an official published sanctions list applicable to the business transaction or relation you have with us. This is necessary for entering into, or performance of, a contract between you and us. The consequence of this can be the refusal to enter into a contractual relationship with you.

We create profiles in our systems, that enable us to assess and categorize which specific business needs match best with your abilities (e.g. when we look for a key opinion leader in a certain field or for specific products, the extent you belong to the group of scientific input providers, based on scientific or professional experience) or if you can, in your professional capacity, influence the use, purchase, ordering, prescribing or recommendation of Fresenius Kabi products, or affect tender decisions, formulary placement, award status or other preferential or qualifying status of Fresenius Kabi products in accordance with applicable law

Legal basis to collect, use and share your data

Depending on the business contact we have with you and the purposes we collect and use your data, we process your personal data on one or more of the following legal bases:

  • The processing of your personal data is necessary for the performance of a contract (to be) concluded between you and us (e.g., in the EU Art. 6.1 b GDPR)
  • The processing of your personal data is necessary for us to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR). More specifically we are obliged to comply with laws on anti-money laundering, customs and export, secure supply chain requirements, product tracing requirements, statutory disclosure and notification requirements or similar compliance requirements that might require us to process certain of your personal data
  • The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR). These legitimate interests are:
    • Investigate your interests for a potential business relationship and/or maintaining our business relationship with you or the organization you are working for
    • Fulfilling our contract with the organization you are working for, including the enforcement of any rights we may have under such contract
    • Gather information and knowledge management related to the interests in and satisfaction about internal processes, products and services
    • Development, optimization and improvement of our products and services
    • Optimization of internal communication
    • Optimization of administration
    • Carrying out research work
    • Organizational management
    • Risk Management: safeguarding against e.g., financial / reputational risks
    • Maintenance of the IT infrastructure, IT security, guarantee of IT support and the detection and correction of errors
    • Complying with legal requirements outside the EEA
    • Establishment, exercise or defense of legal claims.
Requirements to provide personal data

You may need to provide your personal data to us for the purpose of fulfilling a contract with you or the organization you are working for, e.g., we might need your contact details if you are our business contact at a supplier. If you do not provide your personal data, we might not be able to enter into the respective contractual relationship.

With whom we share your data

Besides the general recipients as mentioned under With Whom We Share Your Data, we collaborate with professional data and analytics providers such as IQVIA, Veeva, CDQ and Acxiom to achieve our purposes.

How long we retain your data

We store your personal data for one of the following periods of time:

  • Until the purpose of the data collecting and using is fulfilled, e.g. for the term of the contractual relationship with you or the organization you are working for. The exact period depends on the organization you are working for and your position in the company.
  • As long as we have a duty to retain the data in line with applicable laws (e.g., because we are obliged to store the data for tax purposes)
  • If longer retention periods apply after the time periods listed above (e.g., because we are obliged to store the data for tax purposes or civil or criminal proceedings where initiated) our aim also includes that the data will be blocked until the end of the respective retention period and then erased.

Last updated April 2024, replaced the previous version

Why we collect and use your data

We may collect and use your data for the following purposes:

  • Execute the contract with you, including value transfers (such as payments and expenses), communication with you and the arrangement of hospitality and other facilities
  • Maintain a database of HCPs with whom we already collaborated and/or may collaborate in the future
  • Assess and categorize which specific business needs match best with your abilities (e.g., when we look for a key opinion leader in a certain field or for specific products, the extent you belong to the group of scientific input providers, based on scientific or professional experience)
  • Best practice sharing internally and externally
  • Disclosure of value transfers to you if you have given us your consent or if we are legally required to disclose such transfers
  • Fulfillment of our compliance requirements, e.g. from anti-corruption laws, anti-money laundering laws and other laws on economic crime, regulatory and pharmacovigilance and medicines laws, as well as disclosure obligations resulting from applicable laws and self-regulatory codes of conduct as a result of our membership in trade associations
What data we collect and how we do that

We may collect and use your personal data in the following ways:

Information you provide to us

We collect your personal data depending on the different types of interaction you have with us. Such personal data may include:

  • First and last name
  • Gender
  • Contact and address information, including address, e-mail address, phone number, fax number
  • Country of residence
  • Curriculum vitae information, including information on your professional experience, your engagement with us and other companies, events you attended, publications, organizations you worked for
  • Pictures of you
  • Audio-visual recordings of your voice, appearance and statements, if a presentation of yours is recorded and this has been agreed
  • Your areas of expertise and your areas of professional interest as an HCP
  • Information on payments made and benefits granted to you (transfers of value)
  • Your bank account number
  • Your tax identification number
  • Contract entered between you and us
Information we collect from publicly available sources

Before we enter in an interaction with you, we may collect information about you and your professional experience from publicly available sources, such as the internet, social media platforms, sanction lists and other online and print publications. Such data includes:

  • First and last name
  • Contact information
  • Country of residence
  • Curriculum vitae information, including information on your professional experience, your engagement with other companies, events you attended, publications etc.
  • Business address
  • Pictures and audio-visual recordings of you
Legal Basis for Processing Your Data

Depending on the business contact we have with you and the purposes we collect and use your data, we process your personal data on one or more of the following legal bases:

  • The processing of your personal data is necessary for the performance of a contract (to be) concluded between you and us (e.g., in the EU Art. 6.1 b, GDPR)
  • The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR). More specifically we 
    • are obliged to comply with national and, if applicable, international laws and regulations relating to the fight against corruption, anti-money laundering anti-terrorism financing and other economic crime. 
    • have to assess the appropriateness of the remuneration and other payments made and other support granted to you and are subject to certain documentation, publication and reporting obligations and therefore, can be obliged to disclose the remuneration paid or other support in kind availed to you as a speaker or other service provider, to your employer or to competent regulatory authorities, criminal prosecutors and other recipients responsible for the implementation of transparency rules upon request, or make such payments and in kind support available publicly. This includes particularly documentation, disclosure and reporting obligations in connection with medicines, medical devices and healthcare regulations, transparency laws, laws on anti-money laundering and self-regulatory regimes such as industry and patient codes
  • The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (e.g., in the EU Art. 6.1 f, GDPR). These legitimate interests are:
    • Maintenance of a database that contains all HCPs with whom we already collaborated or may collaborate in the future, to manage the interactions with you and other HCPs
    • Establishment, exercise or defense of legal claims
  • You have given us your consent for the intended processing of your personal data (e.g., in the EU Art. 6.1 a GDPR), e.g., for disclosing value transfers made to you, if not legally required or for publishing your photo or audiovisual recordings, if not contractually agreed.
Requirements to provide personal data

Your personal data is required to enter into and/or perform the respective interaction with you. If you do not provide your personal data, we may be required to refrain from entering into an interaction with you, as we could be unable to meet our due diligence and disclosure requirements under applicable laws and self-regulatory codes.

With whom we share your data

Besides the general recipients as mentioned under With Whom We Share Your Data, we also share your data with:

  • The general public, to the extent we are obliged to publicly disclose payments made to you and other benefits provided to you, e.g., meals, travel and accommodation as well as other hospitality. Where there is no statutory legal basis for public disclosure including the identity of the recipient, you may choose to withhold or withdraw your consent to such disclosure, and we would then disclose the payments and benefits on an anonymous aggregated basis
How Long We Retain Your Data

The personal data related to the publication of value transfers will be deleted 3 years at the end of the calendar year from publication. Your interactions with us will be deleted ten years after the completion of the last interaction with you, unless we are legally required to retain the data. 

Last updated April 2024, replaced the previous version

Why we collect and use your data

The quality and safety of Fresenius Kabi’s products (e.g., drugs, enteral nutrition, medical devices), services and therapies are of paramount importance. Our interactions with patients using our products do not end with the supply of products or the provision of services but involve the monitoring and analysis of applicability, effectiveness and safety for patients of our products on the market. The gained insights are the basis for identifying opportunities for continuous improvement of products and services. Therefore, Fresenius Kabi monitors and evaluates relevant information and feedback on the products, services and therapies during its use and where necessary reports these to health authorities.

The monitoring of adverse reactions or events (side effects) associated with the use of medicinal products is referred to as pharmacovigilance (drug safety). The statutory pharmacovigilance commitments relate to our medicinal products for human use. Similar regulations exist for medical devices.

With the help of our vigilance activities, Fresenius Kabi ensures that the patients’ safety of its products is always guaranteed, and that Fresenius Kabi is enabled to identify any changes in the benefit-risk-ratio at an early stage and react in a timely manner.

What data we collect and how we do that

We may collect and use your personal data in the following ways:

Information you provide to us, we collect from other organizations or from publicly available sources

We collect and use the data:

  • you provide directly to us (e.g., via phone, letter or webform), as patient using our products 
  • as reporter of adverse reactions or events 
  • as reported and published on publicly available sources such as social media and internet forums, literature or other reports we became aware of
  • as provided to us by healthcare organizations or organizations otherwise involved in the provision of care such as hospitals, our distributors and resellers or universities.

The exact amount and kind of data depends on the information submitted to us or the information that is published, posted or shared. Such data includes:

  • Information identifying the patient (potentially including first and last name, date of birth, gender)
    • Medical history and other characteristics including laboratory data, pregnancy, weight, height and age
    • Measures and treatment of adverse reactions and events
  • Information identifying the reporter or on the primary source of the data for potential follow-up requests
    • First and last name
    • Contact and address information (e.g., address, e-mail address, social media account name, phone number)
    • Signature (in case you report on behalf of a healthcare provider) 
  • Information on the adverse reactions and events or other information on the safety of our products
    • Description of the adverse reactions and events related data including start, stop, duration
    • Drug/active substance related data including dosage, application, suspected causality indication and duration of treatment
    • Medical device related data including application, and malfunctioning
    • Seriousness criteria of reaction such as death, life threatening, hospitalization or prolonged hospitalization, permanent injury or disability, important medical event
    • Outcome of reactions.
Legal Basis for Processing Your Data

We process your personal data on the following legal basis:

  • The processing of your personal data is necessary for reasons of public interest (e.g., in Europe Art. 6.1 e Art. 9.2 i GDPR) in the area of public health to ensure high standards of quality and safety of medicinal products and devices based on law. These laws include inter alia Section 63c of the German Medicines Act and Article 24 of Regulation (EC) No. 726/2004.
  • You have given us your consent for the intended processing (e.g., in Europe Art. 6.1 a GDPR and Art. 9.2 a GDPR) which can be the case if you participate in a clinical trial or research study)
  • The processing relates to personal data which is manifestly made public by you (e.g., in Europe Art. 9.2 e GDPR) which is e.g. the case if you publish it on social media
  • The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in Europe Art. 6.1 f GDPR). This legitimate interest is explained under ‘Why we collect and use your data'
  • The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in Europe Art. 6.1 c GDPR and Art. EU 9.2 i GDPR). More specifically we are obliged to have post market surveillance based on Regulation (EU) No 1235/2010 and Directive 2010/84/EU concerning the pharmacovigilance of medicinal products for human use. See also Commission Implementing Regulation No 520/2012 of 19 June 2012 and the European Medicines Agency (EMA) Guidelines on Good Pharmacovigilance Practices (GVP). Furthermore, legal obligations arise as part of a clinical trial, see Regulation (EU) No 536/2014 and as part of medical device regulations EU 745/2017 and 746/2017.
Requirements to provide personal data

If you do not provide all necessary personal data, we might not be able to respond or process your report properly because we cannot comply with the legal requirements as listed above.

How Long We Retain Your Data

Fresenius Kabi only stores personal data that is required to be compliant with the current legislation in our global safety databases. 

  • For events related to medicinal products / Drugs, the data will be kept for 10 years after the marketing authorization has ceased to exist or 5 years after the completion of formal discontinuation of the last clinical trial. 
  • For events related to medical devices the data will be kept for 10 years after the last device has been placed on the market (15 years for implantable devices). 
  • Complaint related documentation related to our products the data will be kept for 30 years after closing. 

Last updated April 2024, replaced the previous version
 

Why we collect and use your data

We collect and use your data to validate, handle and respond to your request, and to fulfill our accountability requirements arising from the General Data Protection Regulation or other data protection legislations.

What data we collect and how we do that
Information you provide to us 

We collect and use the data you provide to us. The exact amount and kind of data depends on what information you include in your request and what type of request you submit. Such data includes:

  • First and last name
  • Academic title
  • Gender
  • Contact and address information (e.g., address, e-mail address, phone number, fax number)
  • Country of residence
  • Information on your relationship with Fresenius Kabi and its entities
  • Your request
  • Data needed to identify yourself
Legal Basis for Processing Your Data

We process your personal data on one or more of the following legal bases:

  • The processing of your personal data is necessary for us in order to comply with a legal obligation, we are subject to (e.g., in Europe Art. 6.1 c GDPR). We are legally obliged to respond to your request and to process your personal data accordingly. More specifically, in Europe legal obligations in relation to requirements under the General Data Protection Regulation (Regulation (EU) 2016/679).
  • The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in Europe Art. 6.1 f GDPR). More specifically, these legitimate interests are the establishment, exercise or defense of legal claims
  • The processing is necessary for the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity (e.g., in Europe Art. 9.2 f GDPR)
Requirements to provide personal data

If you do not provide all necessary personal data, we may not be able to respond to or properly process your request.

How Long We Retain Your Data

We store your personal data until we have responded to your request. Afterwards, the respective personal data shall be blocked (i.e., we block your data for all other purposes) until the end of the respective statute of limitation for corresponding legal claims. After the end of this status of limitation (after four years), your data will be erased entirely.

If longer retention periods apply after the time periods listed above (e.g., because we are obliged to store the data for tax purposes or civil or criminal proceedings where initiated) our aim also includes that the data will be blocked until the end of the respective retention period and then erased.

Last updated April 2024, replaced the previous version
 

Why we collect and use your data

We may collect data about you for the following purposes:

  • to answer your inquiries you sent to us by direct message
  • to follow up and report on posted adverse events
  • follow up on any hate speech or other statements that allegedly threatens our employees, organization, our brand or reputation
  • to gain insights in our and your online presence and standing
  • to adapt our online presence with the respective platform or network to best suit the preferences and interests of its users
  • to provide advertisements to targeted groups
What data we collect and how we do that

We may collect and use your personal data in the following ways:

Information you post

We collect information you post about us, our brands, our employees, our markets, our products and services or otherwise affects us. This may include: 

  • Your name as selected by you for your social media user account, including your picture and profile description/bio
  • The content of your published posts
  • The content of your direct messages
Information obtained from social media providers

We collect information from social media providers which they collect when you use their platforms and they provide to us. This may include: 

  • your profile as determined by the social media provider, which can include:
    • Geography
    • Interests
    • Gender
    • The industry you are working in
    • Age groups
    • Values
    • Channels
Legal basis to collect, use and share your data

We process your personal data on one or more of the following legal bases:

  • The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR). More specifically legal obligations in relation to requirements under pharmacovigilance and medicines laws. These include inter alia Section 63c of the German Medicines Act and Article 24 of Regulation (EC) No. 726/2004.
  • The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR). These legitimate interests are:
    • To validate, handle and respond to you based upon your inquiry or request
    • To provide information on our products and service
    • To provide an adequate online presence which meets the demands of the users
    • To protect our employees, organization, brands and reputation
  • The processing relates to personal data which is manifestly made public by you (e.g., in Europe Art. 9.2 e GDPR)
With whom we share your data

Besides the general recipients as mentioned under With Whom We Share Your Data, we share your data with social media platform providers. These providers are responsible as Controller for the data they receive.

Responsibility regarding Facebook and Instagram

Please be aware that for obtaining the insights in your online presence, Fresenius Kabi is jointly with Facebook, controller of the activities. For all other processing of personal data related to Facebook and Instagram, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is the responsible controller.

You can find information on respective processing of personal data regarding Facebook here: https://facebook.com/about/privacy

You can find information on respective processing of personal data regarding Instagram here: https://help.instagram.com/519522125107875

Responsibility regarding X (formerly Twitter)

For all processing of personal data related to Twitter, Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07 Ireland, is the responsible controller.

You can find information on respective processing of personal data here: https://twitter.com/en/privacy

Responsibility regarding LinkedIn

For all processing of personal data related to LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, is the responsible controller.

You can find information on respective processing of personal data here: https://linkedin.com/legal/privacy-policy

Responsibility regarding YouTube

For all processing of personal data related to YouTube, Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA, is the responsible controller.

You can find information on respective processing of personal data here: https://policies.google.com/privacy?hl=en

How Long We Retain Your Data

We store your data for as long as it is necessary to answer your inquiry. So, until you receive the last relevant message from us to answer your query, plus a 6-month transition period so that we can respond if you have any further or follow-up questions. If your post or you are mentioned in a post that relates to an adverse event or reaction associated with the use of medicinal products and safety of medical devices (vigilance), we store the information longer.


With Whom We Share Your Data

In all the situations as mentioned above, we collaborate with other organizations to achieve our purposes. Therefore, we may send your personal data in parts or as a whole to other organizations.

Apart from the specific recipients as mentioned above for the specific situations, such recipients are:

  • Other Fresenius Kabi Group companies
  • Other Fresenius Group Companies
  • Service providers which process personal data on our behalf (e.g., for hosting or maintenance services) and have to follow our instructions on such processing; 
  • Authorities, courts and/or parties, or their delegated bodies, in a litigation in case we are required to do so to meet any applicable laws, regulations, legal processes or enforceable governmental requests
  • Professional advisors or auditors, such as tax advisors, financial auditors, lawyers, insurers, banks and other external professional advisors in the countries in which we operate
  • Other entities in the event of a change in ownership, a merger with, acquisition by, or sale of assets.

International data transfers

We may send your personal data in parts or as a whole to the above recipients in other countries. For some of these countries the European Commission or respective legislator or authority in your country has determined an adequate level of data protection to be in place that matches the level of data protection in your country. 

The European Commission has done this for the following countries / international organizations in which Fresenius entities are located: Argentina, Canada, Japan, South-Korea, United Kingdom, New Zealand, Switzerland or Uruguay.

For countries where the respective legislator or authority has not decided that an adequate level of data protection exists that matches the level of data protection in your country, we have provided safeguards in order to secure your personal data to a degree that is equivalent to the level of data protection in the European Union or your home country as a minimum.

These safeguards are:

  • For the exchange of data within our company: our Binding Corporate Rules for Controllers
  • For the exchange of data with our service providers and other international organizations: Standard Contractual Clauses that have been issued by the European Commission, and/or as issued by other authorities or legislators as applicable.

You can obtain a copy of these Standard Contractual Clauses and our Binding Corporate Rules, online, or upon request.

Changes to Our Personal Data Processing Activities

As our collection and use of your data may change over time, we may update the information on this site from time to time to correctly reflect our data processing practices. We encourage you to review it from time to time. Previous versions are available as link under the sections of the different situations in which we collect your data.

Contact, Requests, Inquiries and Complaints Relating to Your Data

For all the situations where we collect and use your data the following information is applicable.

Controller contact

The controller or designated responsible entity representing the Fresenius Kabi group, for processing of your personal data is:

Fresenius Kabi Hong Kong Limited
Room 5001-5016, 50/F,
Sun Hung Kai Centre, Wan Chai,
Hong Kong
General Contact Form

Requests and inquiries

By using this data protection contact form you can request information and execute your rights. Where applicable based on data protection legislation, you have the right to request:

  • confirmation whether or not we process your personal data
  • access to or a copy of your personal data: You an ask to access/receive information about e.g. the purpose of processing, the categories of personal data concerned, the recipients, storage periods, any existence of automated decision-making.
  • rectification of your personal data if they are incomplete or incorrect
  • deletion of your personal data, unless it must be maintained e.g. due to legal retention requirements
  • to restrict of processing of your personal data if either the accuracy of the personal data is contested, or the processing is unlawful (no longer required for the pursued purposes).
  • data portability of your data to another organization in a commonly used and machine-readable format, if the following conditions are met: 
    • Personal data have been provided by the individual
    • The processing is based on the individual’s consent or on a contract with the individual
    • The processing is carried out by automated means.
  • Object to processing on grounds specific to your situation or to direct marketing and profiling.
  • revocation or withdrawal of your previously given consent at any time. You can withdraw your consent to all processing or for individual purposes of your choice. The withdrawal of consent will not affect the lawfulness of processing based on your consent before the withdrawal.
    • to be not subject to automated decision making (incl. profiling) which could lead to legal or similar significant effects to your, unless:
    • It is necessary for entering into or performance of a contract between the you and Fresenius Kabi    It is based on your explicit consent.

If you submit a request, our data protection organization may contact you for additional information to confirm your identity and to clarify your request. We provide information free of charge unless requests are manifestly unfounded or excessive. In those circumstances we may charge a fee.

We aspire to answer your request within four weeks. We reserve the right to extend the period within the scope of the admissibility by law and will inform you if this is the case. Please do not inquire about your processing status.

If you want to submit a request to another Fresenius Kabi entity than listed in this form, please navigate to the website of the country the respective entity is located. Web addresses can be found here.

For more information on how we handle your personal data, please read the information under If you submit a data subject request.

The fields marked with * are mandatory. If you do not complete them, we cannot process your request.
 

Personal Information


Complaints

You have the right to lodge a complaint about the way we manage your personal data with our data protection officer, via our compliance hotline or with the data protection authority. You can contact those as follows:

Data Protection Officer:


Fresenius Kabi Hong Kong Limited
Room 5001-5016, 50/F,
Sun Hung Kai Centre, 30 Harbour Road, 

Wan Chai, Hong Kong

E-mail: dataprotectionhk@fresenius-kabi.com 

 
Data Protection Authority:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Presse- und Öffentlichkeitsarbeit
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Germany