Privacy Notice

22 August 2022

Website Privacy Notice

Lupin Neurosciences (hereinafter “Lupin”) is pleased that you are visiting our website. Lupin Neurosciences is a Specialty Pharma Division of Lupin Atlantis Holdings SA and is committed to improving the lives of patients affected by underserved neurological disorders. Data protection and data security are very important to us. Therefore, we would like to inform you about the personal data we collect during your visit to our website and about the intended purposes.

As changes to the law or changes to our corporate processes may require an adaptation of this Privacy Notice and we refer to this page to review and read this website Privacy Notice regularly. The most current version of this statement can be accessed on this website any time under “Privacy Notice”, saved and printed out.

 

§ 1   Data Controller and Scope

The controller according to the EU General Data Protection Regulation (hereinafter: GDPR) and other national data protection acts of the Member States, as well as other data protection regulations, is:

Lupin Atlantis Holdings SA
Landis + Gyr Str. 1
6300 Zug, Switzerland
Phone +41 (0)52 633 70 00
E-Mail: customerserviceLEG@lupin.com
Website: https://www.lupin-neurosciences.com

 

§ 2   Data Protection Officer

The (external) Data Protection Officer of Lupin can be contacted at:

Bird & Bird DPO Services SRL
Avenue Louise 235 b 1
1050 Brussels, Belgium
E-Mail: dpo@lupin.com

 

§ 3   Principles of Processing Personal Data

Personal data are all information relating to an identified or identifiable natural person. This includes information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior. Information that cannot (or only with a disproportionate effort) be referred to your person, e.g., by anonymizing the information, is not personal data. The processing of your personal data is based either on:

  • legitimate interest (Art.6 (1) (f) GDPR) in creating, developing and improving our website and services or in responding to your requests
  • your consent (Art. 6 (1) (a) GDPR) in providing Patient Alert cards
  • the necessity to perform a legal obligation (Art. 6 (1) (c) GDPR), when we are required to do so by law.

Processed personal data will be deleted as soon as the purpose of the processing has been fulfilled and no legally prescribed retention obligations are to be observed.

In case we process your personal data for the provision of certain offers, please find below information about the specific processes, the scope and purpose of data processing, the legal basis for processing and the respective storage period.

 

§ 4   Data Processing

 

1.      Website
a.      Data processing on the website, purpose and legal basis

 

When you access and use our website, we only collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a log file.

The following personal data is processed to the extent necessary for the provi­sion of a functional website and our contents and services:

  • IP address of the requesting computer
  • Date and time of access in local time zone
  • Country, region, city
  • Main language of browser
  • Title of the page(s) being viewed
  • Pages generation time
  • URL of the page that was viewed prior to the current page – i.e., the website from which access is made (referrer URL)
  • Files that were clicked and downloaded
  • Screen resolution
  • The used browser and, if applicable, the operating system and type of device of your computer, the name of your access provider

 

Legal Basis

 

Art. 6 (1) (f) GDPR serves as the legal basis for the data processing. The processing of the mentioned data is necessary for the provision of our services and thus serves the protection of a legitimate interest of our company. Processing your data is helping identify what is working and what is not on our website. Your data will be used only to improve the user experience on our website and help you find the information you are looking for.

 

b.      Web-analytics

 

This website uses Matomo to collect, measure, analyse and report visitors’ data for purposes of understanding the surfing behaviour of our users and optimising our website. No cookies are placed for this purpose, but only server-log data is facilitated.

The following personal data is processed to the extent necessary for our web-analytics purposes:

  • Anonymized IP address of the requesting computer
  • Date and time of access in local time zone
  • Country, region, city
  • Main language of browser
  • Title of the page(s) being viewed
  • Pages generation time
  • URL of the page that was viewed prior to the current page – i.e., the website from which access is made (referrer URL)
  • Files that were clicked and downloaded
  • Screen resolution
  • The used browser and, if applicable, the operating system and type of device of your computer, the name of your access provider

Data collected enables us to analyse the behaviour of the website visitors to identify potential pitfalls, i.e., not found pages, search engine indexing issues, which content are most appropriate, etc.

 

Legal Basis

 

Art. 6 (1) (f) GDPR serves as the legal basis for the data processing. The processing of the mentioned data is based on our legitimate interests in the provision of our services and thus serves the protection of a legitimate interest of our company. Processing your data is helping identify what is working and what is not on our website. Your data will be used only to improve the user experience on our website and help you find the information you are looking for.

 

c.      Data Deletion and Storage Time

 

The data subject’s personal data are deleted or anonymised as soon as the purpose of the storage is fulfilled. In general, we are applying a retention period of no more than 6 months. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Further storage may take place in individual cases if this is required by law.

 

2.      Contact / Customer Service / Ordering service materials for patients

 

a.      Scope and Purpose of Processing

 

On our website we offer you the opportunity to get in contact with us via telephone call or email:

  • for general enquiries and customer services;
  • for medical information or to report adverse events; or
  • to order patient alert cards.

Therefore, no personal information will be processed via the Lupin Neurosciences website, however, the following personal data will be processed based on information you share via an email or telephone conversation for the different purposes listed above:

  • e-mail address
  • such information, which you provide to us in an email or via telephone conversation (for example Information about your (medical) inquiry and, if applicable, your health data)

We collect and use the personal information that you voluntarily provide to us through contacting us via the email address or telephone numbers provided on the Lupin Neurosciences website. The purpose of processing personal information shared by you via email or telephone communication is to be able to respond to your query. Your personal data will not be forwarded to third parties.

 

b.      Legal Basis

 

The data processing described above for the purpose of establishing contact is carried out voluntarily in accordance with:

  • legitimate interest (Art.6 (1) (f) GDPR) in creating, developing and improving our website and services or in responding to your requests
  • the necessity to perform a legal obligation (Art. 6 (1) (c) GDPR), when we are required to do so by law

 

c.      Storage Time

 

Once your request has been processed and all relevant details have been clarified, your personal data will be deleted. It may be retained in individual cases if this is required by law. Pharmacovigilance related information shared are kept for a minimum of ten years after the withdrawal of the product in the last country where the product is marketed.

 

§ 5   Recipient of personal data and Third-Party Transfers

We only share your personal information with third parties if:

  • you have given your express consent pursuant to Art. 6 (1) (a) GDPR,
  • it is legally permissible and necessary for the fulfilment of a contractual relationship with you pursuant to Art. 6 (1) (b) GDPR,
  • there is a legal obligation to pass on the data in accordance with Art. 6 (1) (c) GDPR,
  • the disclosure pursuant to Art. 6 (1) (f) GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.

For example, we share your data with Matomo Analytics Cloud (provider: InnoCraft Ltd, 7 Waterloo Quay, PO Box 625, 6140 Wellington, New Zealand). Your data will only be processed by Matomo in the EEA for the purpose stated in section 1. The adequate level of protection in New Zealand has been approved by the European Commission (Art. 45(3) GDPR). Please contact us under the contact information in §1 in order to obtain a copy of such safeguards.

 

§ 6 Plugins

Our website contains social plug-ins of the social network “YouTube” (YouTube LLC., 901 Cherry Ave., San Bruno, CA 94066, USA). It is possible that personal data about visitors to the website may also be collected via these plug-ins, transmitted to the respective service and linked to the respective service of the visitor.

Lupin does not collect any personal data via the social plug-ins. In order to prevent data from being transferred to service providers in the USA without the user’s knowledge, we have used the so-called Shariff solution on our website. This has the effect that the respective social plug-ins are initially only integrated as graphics on the website. These graphics contain a link to the website of the corresponding provider of the plug-in. Only when you click on one of the graphics, you will be forwarded to the service of the respective provider. This solution ensures that personal data are not automatically forwarded to the providers of the respective social plug-ins when you visit our website. If you click on one of the graphics of the social plug-ins, data can be transferred to the respective service provider and stored there. If you do not click on any of the graphics, no data transfer takes place between you and the respective provider of the social plug-in.

After clicking on a social plug-in, the respective service provider receives information that you have visited the corresponding page of our website. Please note that you do not need to have a user account with the service in question, nor are you already logged in there. However, if you already have a user account with the relevant service provider and are already logged in to this account while visiting our website, the data collected by the social plug-in will be assigned directly to your account. If you do not wish to be assigned to your profile with the service provider, you must log out of your user account before clicking on one of the social plug-ins.

Please note that Lupin has no influence on whether and to what extent the respective service providers collect personal data. We are not aware of the scope, purpose and storage periods of the respective data collection. However, we would like to point out that it must be assumed that at least the IP address and device-related information is used and recorded via social plug-ins. It is also possible that the respective service providers use cookies.

The scope and purpose of the data collection by the respective service as well as the further processing and use of your data there can be found in the data protection information directly from the website of the respective service. There you will also receive further information about your corresponding data protection rights and setting options for the protection of your privacy:

YouTube LLC., 901 Cherry Ave., San Bruno, CA 94066, USA

https://policies.google.com/privacy?hl=en&gl=de

 

§ 7 Hyperlinks

Our website contains hyperlinks to websites of other providers. When you activate these hyperlinks, you will be directed directly to the other providers’ website. You will recognize this when the URL is changed. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.

 

§ 8 Your Rights as a Data Subject

If your personal data are processed, you are a data subject within the meaning of the General Data Protection Regulation (GDPR) and the following rights apply to you:

  • Pursuant to Art. 15 GDPR you can request information about your personal data processed by us.

In particular, you may obtain information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the right to lodge a complaint with a supervisory authority, the origin of your data, if not collected from us, about transfer to third countries or international organizations, and the existence of automated decision-making, including profiling and, where applicable, meaningful information about the logic involved.

  • Pursuant to Art. 16 GDPR you can immediately demand the correction of incorrect data or the completion of your personal data stored with us.
  • Pursuant to Art. 17 GDPR, you may request the deletion of your personal data stored by us, provided that the processing is not necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
  • Pursuant to Art. 18 GDPR, you can request the restriction of the processing of your personal data if you contest the accuracy of the data, if the processing is unlawful, if we no longer need the data and if you refuse their deletion because you need to establish, exercise or defend legal claims. You are also entitled to the right under Art. 18 GDPR if you have objected to the processing in accordance with Art. 21 GDPR.
  • Pursuant to Art. 20 GDPR, you may request that the personal data you have provided us with be received in a structured, current and machine-readable format or you may request that it be transmitted to another person responsible.
  • Pursuant to Art. 7 (3) GDPR you can withdraw your consent at any time. As a consequence, we are no longer allowed to continue the data processing based on this consent for the future.
  • Pursuant to Art. 77 GDPR, you have the right to complain to a supervisory authority. You can contact the supervisory authority of your habitual residence, place of work or our company headquarters.
§ 9 Right to Object

In case the processing of your personal data is based on legitimate interest in accordance with Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR insofar as there are reasons which arise from your particular situation or if the objection refers to direct marketing. In the case of direct marketing, you have a general right of objection which will be considered without mentioning any particular situation.

 

§ 10 Data Security and Security Measures

We are committed to protecting your privacy and treating your personal information confidentially. In order to avoid any manipulation, loss or misuse of your data stored by us, we take extensive technical and organizational security measures that are regularly reviewed and adapted to technological progress. Our security measures are continuously revised in line with technological developments. Our employees are obliged to maintain confidentiality. This includes, among other things, the use of recognized encryption methods (SSL or TLS).

However, we would like to point out that due to the structure of the internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions for which we are not responsible.

In particular, unencrypted data – e.g., if this is done by e-mail – can be read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data provided by him against misuse by encryption or in any other way.

 

§ 11 Minors

This website, and the information provided on this website, are not designed or intended for use by children 16 years and younger. Lupin also do not knowingly collect, process or store any Personal Data from any users under the age of 16 without the verifiable consent of a parent or guardian prior to collecting, processing or storing information collected either directly or indirectly through the use of this websites. Parents or guardians of minors may have the right to request to view or delete Personal Data provided by the child either directly or indirectly through the use of this website.