GDPR Health Care Professional Privacy Notice

Effective Date: May 25, 2018

 

The new General Data Protection Regulation (GDPR) came into effect on May 25th 2018. It builds on existing EU data privacy rules, strengthening in many key areas and non-compliance potentially results in severe financial penalties.

GC Aesthetics is highly committed to maintaining high standards of information security, privacy and transparency, whether as a data controller or data processor.

We take our responsibilities in relation to the protection and security of our data and that of our employees, customers, vendors and partners incredibly seriously and the changes being introduced to ensure GDPR compliance are part of a continuous, ongoing process that has always been central to what we do.

Going forwards, GC Aesthetics will comply with applicable GDPR regulations when they take effect on 25th May 2018, while also working closely with our clients and vendors to meet contractual obligations for our products and services.

 

Application of this Privacy Notice?

This EU General Data Protection Regulation (GDPR) Privacy Notice explains how GC Aesthetics, including our affiliated including affiliated companies (Nagor and Eurosilicone – referred to collectively as “GC Aesthetics,” “we,” “our,” or “us”) handles your Personal Data and can include Personal Data about others where you share their Personal Data with us. It details how we collect your Personal Data, why we collect it, and to whom we may share it. This Privacy Notice also discloses your Personal Data rights. It applies to all your Personal Data, including Personal Data stored electronically or in hard copy.

 

What Personal Data may we collect about you?

GC Aesthetics collects and processes your Personal Data, which can come directly from you, publicly available sources (for example, academic journals you may have published an article in), or third-parties with whom we contract (for example IMS/IQVIA). Personal Data includes all information that identifies you or can be used to identify you.

The types of your Personal Data we collect depends on the nature of your relationship with GC Aesthetics and applicable laws. The Personal Data we process about you, includes the data we collect directly from you either as part of your business relationship with us or through other interactions you may have with us. In addition, we may obtain Personal Data about you from publicly available sources and third parties, which may include the following categories of Personal Data:

  • Name;
  • Age and date of birth;
  • Data collected from Cookies;
  • Business contact information (address, telephone, email address);
  • Personal contact information (address, telephone, email address);
  • Training and qualifications;
  • Organizational or institutional affiliations;
  • Information about your professional accomplishments and activities (such as papers you may have published or research you may have conducted);
  • Programs and activities in which you participated;
  • Opinions about us or our product and services;
  • Payment related information;
  • Communication and other personal preferences;
  • Product request information;
  • Photographs and video;
  • Training acknowledgements; and/or
  • Financial information (such as tax identification numbers, bank account routing numbers, corporate card numbers)

 

How will we use your Personal Data?

Processing of your Personal Data includes where we may record, organize, structure, store, adapt or alter, retrieve, consult, use, disclose by transmission, dissemination, or otherwise make available, align or combine, restrict, erase, or destroy your Personal Data

We may process your Personal Data for the following purposes:

  • Processing and reporting of adverse events;
  • To communicate product safety information to you;
  • Responding to your requests for information, products, or services;
  • Our company compliance and facility and network security purposes;
  • Authorizing, granting, administering, monitoring, and terminating access to or use of GC Aesthetics systems, facilities, records, property, and infrastructure;
  • Internal investigations of possible misconduct or failure to comply with our policies and procedures;
  • Auditing our programs and services for compliance purposes;
  • Legal proceedings and government investigations (such as pursuant to warrants, subpoenas, and court legal orders);
  • Where we have Legal obligations to process the personal data;
  • Communications regarding our studies;
  • Communications about market research and product developments;
  • Communications about product information;
  • Communications about publications, speaking engagement, seminars, and other educational events, focus groups, or other HCP engagement functions;
  • Communications about general health information (such as information on certain health conditions);
  • To administer promotional programs (such as sweepstakes, rewards, and rebate programs);
  • To determine your eligibility for certain products, services, or programs;
  • Study management, including monitoring of study activities;
  • Conflict of interest reporting;
  • Recruitment;
  • Business travel and expense management;
  • Determining training requirements;
  • Organizational planning and development (such as internal communications, budgets, administration, and project management);
  • Training or scientific and educational programs;
  • Engaging scientific experts and leaders;
  • Business and marketing research;
  • Product orders or requests for samples;
  • Providing you access to our resources;
  • Tracking your interactions (online and offline) with us;
  • Creating details of your business practices, activities, and interactions to understand your needs and preferences related to our products and services;
  • Financial disclosure reporting (such as tracking and reporting of payments and other transfers of value to you);
  • Contract management;
  • Payment processing; and/or
  • Website administration

For any additional purposes where we are required to notify you and get your consent, including those purposes required by local law, we will obtain your consent before we process your Personal Data for those purposes.

 

What is our legal basis for processing your Personal Data?

The applicable legal basis for which we process your Personal Data for the specific purposes listed above, include the following:

Based on your consent: In some cases, we may ask you for your consent to collect and process your Personal Data. If you choose to provide us with your consent, you may later withdraw your consent (or opt-out) by contacting us as described in the “how do you contact us” section below. Please note that if you withdraw your consent it will not affect any processing of your Personal Data that has already occurred. Where we process your Personal Data based on consent, we will provide more detailed information to you at the time when we obtain your consent.

Compliance with applicable laws or performance of a contract: In specific circumstances, we may need to process your Personal Data to comply with a relevant law/regulation or to fulfil our obligations under a contract to which you are subject. Where we process your Personal Data to meet our legal obligations, you will likely not be permitted to object to this processing activity, but you will usually have the right to access or review this information unless it would impede our legal obligations. Where we are processing to fulfil our contract obligations under a contract where you are a party, you might not be able to object to this processing, or if you do choose to opt-out or object to our processing, it may impact our ability to perform a contractual obligation that you are owed.

Our legitimate interest: We may process your Personal Data based on our legitimate interests in communicating with you and managing our interactions with you regarding our products and services, scientific research, and education opportunities. In addition to the other rights you may have described below, you have the right to object to such processing of your Personal Data. You can register your objection by contacting us as described in the “how do you contact us” section below.

 

To whom and when will we disclose or share your Personal Data?

We will share or disclose your Personal Data with the following entities:

  • Our global affiliates.
  • Third parties with whom we contract to carry out services on our behalf to perform activities or functions related to the processing purposes regarding your Personal Data that are described above. If we do, we will require that these third parties acting on our behalf protect the confidentiality and security of your Personal Data that we share with them. These third parties must contractually agree that they will not use or disclose your Personal Data for any other purposes than necessary to provide us services, perform services on our behalf, or to comply with applicable laws or regulations.
  • Government agencies, auditors, and authorities. If we pay you for services you provide, we may disclose your Personal Data, including your financial relationship with us and any amounts you have been paid by us, to government authorities, auditors, and agencies, relating to our regulatory activities, in response to authorized information requests, or as otherwise required by laws, regulations, or industry codes.
  • Potential or actual third party purchasers. If we decide to reorganize or divest our business through a sale, merger, or acquisition, we may share your Personal Data with actual or prospective purchasers. We will require that any such purchasers treat your Personal Data consistently with this Privacy Notice.

 

How do we transfer your Personal Data internationally?

We may transmit your Personal Data to our other global affiliates. Additionally, these affiliates may further transmit your Personal Data to our other global affiliates. Some of our affiliates and their database locations may be in countries that do not ensure an adequate level of data protection similar to the laws in the country in which you reside. Regardless, all our affiliates are required to treat your Personal Data in accordance with this Privacy Notice and our privacy and data protection policies and procedures.

For more information about our cross-border transfers of your Personal Data, please contact us using the information as described in the “how do you contact us” section below.

 

How do we protect your Personal Data?

We use industry-standard administrative, technical, and physical safeguards to protect your Personal Data against loss, theft, misuse, unauthorized access, modification, disclosure, and destruction. We restrict access to your Personal Data to only those employees and third parties acting on our behalf who have a legitimate business need for such access. We will only transfer your Personal Data to third parties acting on our behalf where we have received written assurances that your Personal Data will be protected in a manner consistent with this Privacy Notice and our privacy policies and procedures.

 

How long do we retain your Personal Data?

Your Personal Data will be maintained for the duration of your relationship with us. We will store and retain the Personal Data we collect about you in accordance with our Corporate Record Retention Policy, after which it will be archived or deleted. Please note that certain information could be retained for longer periods of time if we have continuing obligations to you or if required due to a legal obligation.

 

What are your rights?

You have the right to see and get a copy of your Personal Data, including an electronic copy, that we have as well as to ask us to make any corrections to inaccurate or incomplete Personal Data we have about you. You can also request that we erase your Personal Data when it is no longer needed for the purposes for which you provided it, restrict how we process your Personal Data to certain limited purposes where erasure is not possible, or object to our processing of your Personal Data. In certain circumstances you may be able to request that we send a copy of your Personal Data to a third party of your choosing.

To exercise any of these rights, please contact us as set out in the “how do you contact us” section

below. You also have the right to lodge a complaint with the supervisory authority (see details under “remedies” below) where you believe that your rights have been violated.

 

What if we revise this Privacy Notice?

From time to time we may make changes to this Privacy Notice to reflect changes in our legal obligations or the ways in which we process your Personal Data. We will communicate to you any material edits to this Privacy Notice and it will become effective when it is communicated.

How do you contact us if you have any questions or concerns?

Please contact GC Aesthetics’s Data Protection team using the below information to:

  • Ask questions;
  • File a concern or complaint;
  • Opt-out of a program or service; and/or
  • To exercise any of your rights listed above, including access, correction, portability, objection, restriction, and erasure.

GC Aesthetics’s GDPR Compliance team
Mailing Address:
Suite 601, Q House,
Furze Road,
Sandyford, Dublin 18,
Ireland

Email Address: [email protected]

 

What remedies do you have available?

For more information about your privacy and data protection rights, or if you are not able to resolve a problem directly with us and wish to make a complaint, please contact your country-specific data protection authority or GC Aesthetics’s lead data protection supervisory authority:

Irish Data Protection Commissioner
Mailing Address:
Canal House, Station Road, Portarlington, R32 AP23 Co. Laois
Phone Numbers:
+353 57 8684800
+353 (0)761 104 800
Email Address: [email protected]

GDPR Health Care Professional Privacy Notice

Effective Date: May 25, 2018

 

The new General Data Protection Regulation (GDPR) came into effect on May 25th 2018. It builds on existing EU data privacy rules, strengthening in many key areas and non-compliance potentially results in severe financial penalties.

GC Aesthetics is highly committed to maintaining high standards of information security, privacy and transparency, whether as a data controller or data processor.

We take our responsibilities in relation to the protection and security of our data and that of our employees, customers, vendors and partners incredibly seriously and the changes being introduced to ensure GDPR compliance are part of a continuous, ongoing process that has always been central to what we do.

Going forwards, GC Aesthetics will comply with applicable GDPR regulations when they take effect on 25th May 2018, while also working closely with our clients and vendors to meet contractual obligations for our products and services.

 

Application of this Privacy Notice?

This EU General Data Protection Regulation (GDPR) Privacy Notice explains how GC Aesthetics, including our affiliated including affiliated companies (Nagor and Eurosilicone – referred to collectively as “GC Aesthetics,” “we,” “our,” or “us”) handles your Personal Data and can include Personal Data about others where you share their Personal Data with us. It details how we collect your Personal Data, why we collect it, and to whom we may share it. This Privacy Notice also discloses your Personal Data rights. It applies to all your Personal Data, including Personal Data stored electronically or in hard copy.

 

What Personal Data may we collect about you?

GC Aesthetics collects and processes your Personal Data, which can come directly from you, publicly available sources (for example, academic journals you may have published an article in), or third-parties with whom we contract (for example IMS/IQVIA). Personal Data includes all information that identifies you or can be used to identify you.

The types of your Personal Data we collect depends on the nature of your relationship with GC Aesthetics and applicable laws. The Personal Data we process about you, includes the data we collect directly from you either as part of your business relationship with us or through other interactions you may have with us. In addition, we may obtain Personal Data about you from publicly available sources and third parties, which may include the following categories of Personal Data:

  • Name;
  • Age and date of birth;
  • Data collected from Cookies;
  • Business contact information (address, telephone, email address);
  • Personal contact information (address, telephone, email address);
  • Training and qualifications;
  • Organizational or institutional affiliations;
  • Information about your professional accomplishments and activities (such as papers you may have published or research you may have conducted);
  • Programs and activities in which you participated;
  • Opinions about us or our product and services;
  • Payment related information;
  • Communication and other personal preferences;
  • Product request information;
  • Photographs and video;
  • Training acknowledgements; and/or
  • Financial information (such as tax identification numbers, bank account routing numbers, corporate card numbers)

 

How will we use your Personal Data?

Processing of your Personal Data includes where we may record, organize, structure, store, adapt or alter, retrieve, consult, use, disclose by transmission, dissemination, or otherwise make available, align or combine, restrict, erase, or destroy your Personal Data

We may process your Personal Data for the following purposes:

  • Processing and reporting of adverse events;
  • To communicate product safety information to you;
  • Responding to your requests for information, products, or services;
  • Our company compliance and facility and network security purposes;
  • Authorizing, granting, administering, monitoring, and terminating access to or use of GC Aesthetics systems, facilities, records, property, and infrastructure;
  • Internal investigations of possible misconduct or failure to comply with our policies and procedures;
  • Auditing our programs and services for compliance purposes;
  • Legal proceedings and government investigations (such as pursuant to warrants, subpoenas, and court legal orders);
  • Where we have Legal obligations to process the personal data;
  • Communications regarding our studies;
  • Communications about market research and product developments;
  • Communications about product information;
  • Communications about publications, speaking engagement, seminars, and other educational events, focus groups, or other HCP engagement functions;
  • Communications about general health information (such as information on certain health conditions);
  • To administer promotional programs (such as sweepstakes, rewards, and rebate programs);
  • To determine your eligibility for certain products, services, or programs;
  • Study management, including monitoring of study activities;
  • Conflict of interest reporting;
  • Recruitment;
  • Business travel and expense management;
  • Determining training requirements;
  • Organizational planning and development (such as internal communications, budgets, administration, and project management);
  • Training or scientific and educational programs;
  • Engaging scientific experts and leaders;
  • Business and marketing research;
  • Product orders or requests for samples;
  • Providing you access to our resources;
  • Tracking your interactions (online and offline) with us;
  • Creating details of your business practices, activities, and interactions to understand your needs and preferences related to our products and services;
  • Financial disclosure reporting (such as tracking and reporting of payments and other transfers of value to you);
  • Contract management;
  • Payment processing; and/or
  • Website administration

For any additional purposes where we are required to notify you and get your consent, including those purposes required by local law, we will obtain your consent before we process your Personal Data for those purposes.

 

What is our legal basis for processing your Personal Data?

The applicable legal basis for which we process your Personal Data for the specific purposes listed above, include the following:

Based on your consent: In some cases, we may ask you for your consent to collect and process your Personal Data. If you choose to provide us with your consent, you may later withdraw your consent (or opt-out) by contacting us as described in the “how do you contact us” section below. Please note that if you withdraw your consent it will not affect any processing of your Personal Data that has already occurred. Where we process your Personal Data based on consent, we will provide more detailed information to you at the time when we obtain your consent.

Compliance with applicable laws or performance of a contract: In specific circumstances, we may need to process your Personal Data to comply with a relevant law/regulation or to fulfil our obligations under a contract to which you are subject. Where we process your Personal Data to meet our legal obligations, you will likely not be permitted to object to this processing activity, but you will usually have the right to access or review this information unless it would impede our legal obligations. Where we are processing to fulfil our contract obligations under a contract where you are a party, you might not be able to object to this processing, or if you do choose to opt-out or object to our processing, it may impact our ability to perform a contractual obligation that you are owed.

Our legitimate interest: We may process your Personal Data based on our legitimate interests in communicating with you and managing our interactions with you regarding our products and services, scientific research, and education opportunities. In addition to the other rights you may have described below, you have the right to object to such processing of your Personal Data. You can register your objection by contacting us as described in the “how do you contact us” section below.

 

To whom and when will we disclose or share your Personal Data?

We will share or disclose your Personal Data with the following entities:

  • Our global affiliates.
  • Third parties with whom we contract to carry out services on our behalf to perform activities or functions related to the processing purposes regarding your Personal Data that are described above. If we do, we will require that these third parties acting on our behalf protect the confidentiality and security of your Personal Data that we share with them. These third parties must contractually agree that they will not use or disclose your Personal Data for any other purposes than necessary to provide us services, perform services on our behalf, or to comply with applicable laws or regulations.
  • Government agencies, auditors, and authorities. If we pay you for services you provide, we may disclose your Personal Data, including your financial relationship with us and any amounts you have been paid by us, to government authorities, auditors, and agencies, relating to our regulatory activities, in response to authorized information requests, or as otherwise required by laws, regulations, or industry codes.
  • Potential or actual third party purchasers. If we decide to reorganize or divest our business through a sale, merger, or acquisition, we may share your Personal Data with actual or prospective purchasers. We will require that any such purchasers treat your Personal Data consistently with this Privacy Notice.

 

How do we transfer your Personal Data internationally?

We may transmit your Personal Data to our other global affiliates. Additionally, these affiliates may further transmit your Personal Data to our other global affiliates. Some of our affiliates and their database locations may be in countries that do not ensure an adequate level of data protection similar to the laws in the country in which you reside. Regardless, all our affiliates are required to treat your Personal Data in accordance with this Privacy Notice and our privacy and data protection policies and procedures.

For more information about our cross-border transfers of your Personal Data, please contact us using the information as described in the “how do you contact us” section below.

 

How do we protect your Personal Data?

We use industry-standard administrative, technical, and physical safeguards to protect your Personal Data against loss, theft, misuse, unauthorized access, modification, disclosure, and destruction. We restrict access to your Personal Data to only those employees and third parties acting on our behalf who have a legitimate business need for such access. We will only transfer your Personal Data to third parties acting on our behalf where we have received written assurances that your Personal Data will be protected in a manner consistent with this Privacy Notice and our privacy policies and procedures.

 

How long do we retain your Personal Data?

Your Personal Data will be maintained for the duration of your relationship with us. We will store and retain the Personal Data we collect about you in accordance with our Corporate Record Retention Policy, after which it will be archived or deleted. Please note that certain information could be retained for longer periods of time if we have continuing obligations to you or if required due to a legal obligation.

 

What are your rights?

You have the right to see and get a copy of your Personal Data, including an electronic copy, that we have as well as to ask us to make any corrections to inaccurate or incomplete Personal Data we have about you. You can also request that we erase your Personal Data when it is no longer needed for the purposes for which you provided it, restrict how we process your Personal Data to certain limited purposes where erasure is not possible, or object to our processing of your Personal Data. In certain circumstances you may be able to request that we send a copy of your Personal Data to a third party of your choosing.

To exercise any of these rights, please contact us as set out in the “how do you contact us” section

below. You also have the right to lodge a complaint with the supervisory authority (see details under “remedies” below) where you believe that your rights have been violated.

 

What if we revise this Privacy Notice?

From time to time we may make changes to this Privacy Notice to reflect changes in our legal obligations or the ways in which we process your Personal Data. We will communicate to you any material edits to this Privacy Notice and it will become effective when it is communicated.

How do you contact us if you have any questions or concerns?

Please contact GC Aesthetics’s Data Protection team using the below information to:

  • Ask questions;
  • File a concern or complaint;
  • Opt-out of a program or service; and/or
  • To exercise any of your rights listed above, including access, correction, portability, objection, restriction, and erasure.

GC Aesthetics’s GDPR Compliance team
Mailing Address:
Suite 601, Q House,
Furze Road,
Sandyford, Dublin 18,
Ireland

Email Address: [email protected]

 

What remedies do you have available?

For more information about your privacy and data protection rights, or if you are not able to resolve a problem directly with us and wish to make a complaint, please contact your country-specific data protection authority or GC Aesthetics’s lead data protection supervisory authority:

Irish Data Protection Commissioner
Mailing Address:
Canal House, Station Road, Portarlington, R32 AP23 Co. Laois
Phone Numbers:
+353 57 8684800
+353 (0)761 104 800
Email Address: [email protected]