GDPR Health Care Professional Privacy Notice
Effective Date: May 25, 2018
The new General Data Protection Regulation (GDPR) came into effect on May 25th 2018. It builds on existing EU data privacy rules, strengthening in many key areas and non-compliance potentially results in severe financial penalties.
GC Aesthetics is highly committed to maintaining high standards of information security, privacy and transparency, whether as a data controller or data processor.
We take our responsibilities in relation to the protection and security of our data and that of our employees, customers, vendors and partners incredibly seriously and the changes being introduced to ensure GDPR compliance are part of a continuous, ongoing process that has always been central to what we do.
Going forwards, GC Aesthetics will comply with applicable GDPR regulations when they take effect on 25th May 2018, while also working closely with our clients and vendors to meet contractual obligations for our products and services.
This EU General Data Protection Regulation (GDPR) Privacy Notice explains how GC Aesthetics, including our affiliated including affiliated companies (Nagor and Eurosilicone – referred to collectively as “GC Aesthetics,” “we,” “our,” or “us”) handles your Personal Data and can include Personal Data about others where you share their Personal Data with us. It details how we collect your Personal Data, why we collect it, and to whom we may share it. This Privacy Notice also discloses your Personal Data rights. It applies to all your Personal Data, including Personal Data stored electronically or in hard copy.
GC Aesthetics collects and processes your Personal Data, which can come directly from you, publicly available sources (for example, academic journals you may have published an article in), or third-parties with whom we contract (for example IMS/IQVIA). Personal Data includes all information that identifies you or can be used to identify you.
The types of your Personal Data we collect depends on the nature of your relationship with GC Aesthetics and applicable laws. The Personal Data we process about you, includes the data we collect directly from you either as part of your business relationship with us or through other interactions you may have with us. In addition, we may obtain Personal Data about you from publicly available sources and third parties, which may include the following categories of Personal Data:
Processing of your Personal Data includes where we may record, organize, structure, store, adapt or alter, retrieve, consult, use, disclose by transmission, dissemination, or otherwise make available, align or combine, restrict, erase, or destroy your Personal Data
We may process your Personal Data for the following purposes:
For any additional purposes where we are required to notify you and get your consent, including those purposes required by local law, we will obtain your consent before we process your Personal Data for those purposes.
The applicable legal basis for which we process your Personal Data for the specific purposes listed above, include the following:
Based on your consent: In some cases, we may ask you for your consent to collect and process your Personal Data. If you choose to provide us with your consent, you may later withdraw your consent (or opt-out) by contacting us as described in the “how do you contact us” section below. Please note that if you withdraw your consent it will not affect any processing of your Personal Data that has already occurred. Where we process your Personal Data based on consent, we will provide more detailed information to you at the time when we obtain your consent.
Compliance with applicable laws or performance of a contract: In specific circumstances, we may need to process your Personal Data to comply with a relevant law/regulation or to fulfil our obligations under a contract to which you are subject. Where we process your Personal Data to meet our legal obligations, you will likely not be permitted to object to this processing activity, but you will usually have the right to access or review this information unless it would impede our legal obligations. Where we are processing to fulfil our contract obligations under a contract where you are a party, you might not be able to object to this processing, or if you do choose to opt-out or object to our processing, it may impact our ability to perform a contractual obligation that you are owed.
Our legitimate interest: We may process your Personal Data based on our legitimate interests in communicating with you and managing our interactions with you regarding our products and services, scientific research, and education opportunities. In addition to the other rights you may have described below, you have the right to object to such processing of your Personal Data. You can register your objection by contacting us as described in the “how do you contact us” section below.
We will share or disclose your Personal Data with the following entities:
We may transmit your Personal Data to our other global affiliates. Additionally, these affiliates may further transmit your Personal Data to our other global affiliates. Some of our affiliates and their database locations may be in countries that do not ensure an adequate level of data protection similar to the laws in the country in which you reside. Regardless, all our affiliates are required to treat your Personal Data in accordance with this Privacy Notice and our privacy and data protection policies and procedures.
For more information about our cross-border transfers of your Personal Data, please contact us using the information as described in the “how do you contact us” section below.
We use industry-standard administrative, technical, and physical safeguards to protect your Personal Data against loss, theft, misuse, unauthorized access, modification, disclosure, and destruction. We restrict access to your Personal Data to only those employees and third parties acting on our behalf who have a legitimate business need for such access. We will only transfer your Personal Data to third parties acting on our behalf where we have received written assurances that your Personal Data will be protected in a manner consistent with this Privacy Notice and our privacy policies and procedures.
Your Personal Data will be maintained for the duration of your relationship with us. We will store and retain the Personal Data we collect about you in accordance with our Corporate Record Retention Policy, after which it will be archived or deleted. Please note that certain information could be retained for longer periods of time if we have continuing obligations to you or if required due to a legal obligation.
You have the right to see and get a copy of your Personal Data, including an electronic copy, that we have as well as to ask us to make any corrections to inaccurate or incomplete Personal Data we have about you. You can also request that we erase your Personal Data when it is no longer needed for the purposes for which you provided it, restrict how we process your Personal Data to certain limited purposes where erasure is not possible, or object to our processing of your Personal Data. In certain circumstances you may be able to request that we send a copy of your Personal Data to a third party of your choosing.
To exercise any of these rights, please contact us as set out in the “how do you contact us” section
below. You also have the right to lodge a complaint with the supervisory authority (see details under “remedies” below) where you believe that your rights have been violated.
From time to time we may make changes to this Privacy Notice to reflect changes in our legal obligations or the ways in which we process your Personal Data. We will communicate to you any material edits to this Privacy Notice and it will become effective when it is communicated.
How do you contact us if you have any questions or concerns?
Please contact GC Aesthetics’s Data Protection team using the below information to:
GC Aesthetics’s GDPR Compliance team
Suite 601, Q House,
Sandyford, Dublin 18,
Email Address: firstname.lastname@example.org
For more information about your privacy and data protection rights, or if you are not able to resolve a problem directly with us and wish to make a complaint, please contact your country-specific data protection authority or GC Aesthetics’s lead data protection supervisory authority:
Irish Data Protection Commissioner
Canal House, Station Road, Portarlington, R32 AP23 Co. Laois
+353 57 8684800
+353 (0)761 104 800
Email Address: email@example.com