Data Protection

We welcome your interest in Fresenius Kabi AG (“Fresenius Kabi”). Protecting the personal data of our patients, healthcare professionals, suppliers, customers and other business contacts is important to us. As a global healthcare company in the digital age, data forms a cornerstone and enabler of our worldwide business. With data being one of our key assets we need to ensure that it is appropriately handled and protected.

This site explains how our organization incorporates data protection into its operations. We also explain how your data is used in our processes. Furthermore, you will find information on how to obtain insight and execute your rights.

How We Take Care of Your Data

Fresenius Kabi operates a central data protection center of competence. This center has set up a data protection management framework in alignment with ISO 29100 (privacy framework for the protection of personally identifiable information). The competence center aims to implement a harmonized and consistent way of processing personal data across all Fresenius Kabi entities. It sets the policies, procedures and standards for data protection and provides tools and processes for the employees as well as training and awareness material. Furthermore, this center provides expertise on all data protection topics.

Our data protection and security policies, associated procedures as well as our guidelines for processing personal data aim to create a uniform and basic level of adequate data protection across all Fresenius Kabi entities.

Our local data privacy advisors at the various Fresenius Kabi legal entities support local management in their compliance efforts. They do this by executing risk and compliance assessments for the different data processing activities. With these assessments we aim to integrate data protection requirements into the design of a process or a system.

Our internal IT service provider, Fresenius Netcare, has implemented a certified management system for information security according to ISO 27001 in order to provide high security standards for data centers. Our Global Cybersecurity Emergency Response Team (CERT) identifies, evaluates and responds to security incidents and acts as a central contact point for security-related topics.

The monitoring of our data protection compliance efforts is overseen by our data protection officer.

Transparency on our data processing activities

If you interact with us, e.g. as a patient, healthcare professional, supplier, customer or website user, we collect and use your personal data. In the data protection statements below, we explain how we collect and use your data in these different contexts.

Business Partners (Vendor,client, interested business contact)

As our Business Contact, we mostly collect and use your personal data in order to prepare, fulfill or perform an agreement or contract with you or with your organization for the provision of products and services. This includes:

the evaluation of our relationship with the company you work for (business partner evaluation), and

the fulfillment of compliance requirements such as business partner due diligence, sanction list screening and money laundering laws.

In our data protection statement for business contacts you will find further details.

Healthcare Professionals

If you are a healthcare professional we mostly collect and use your data to send you product and service related information and to assess whether you are a suitable contact for specific business needs, e.g. when we look for an expert in a certain field or for a specific product.

In our data protection statement for healthcare professionals you will find further details

Website Users

If you are using our website, we also collect data about you. How and why we do that is stated in our data protection statement for website visitors.

Obtain insight and manage your data

By using our data protection contact form you can request information regarding the processing of your personal data including but not limited to the origin and recipients of your data and the purposes of the processing. You can also request to have access to your data or to object to the processing of your data. If your personal data are incorrect, incomplete or not processed in compliance with applicable law, you have the right to have this data rectified, deleted or blocked. Furthermore, you can in certain cases, also ask to directly transfer them to another organisation (portability).

If you submit a request, our data protection organization may contact you for additional information to confirm your identity and to ensure rapid clarification of your question. We provide information free of charge unless requests are manifestly unfounded or excessive. In that case we may charge a fee.

We aspire to answer your request within four weeks. We reserve the right to extend the period within the scope of the admissibility by law and will inform you if this is the case. Please do not inquire about your processing status. More information on how we handle your request is stated in our data protection statement for data subject requests.

You also have the right to file a complaint about the way we manage your personal data with our data protection officer.