Website Privacy Notice
Last updated: August 2024
Introduction
Lupin Neurosciences, a Specialty Pharma Division of Lupin Atlantis Holdings SA (”Lupin”, “we” or “us”) is pleased that you are visiting our website. We are committed to improving the lives of patients affected by underserved neurological disorders. Data protection and data security are very important to us.
This Privacy Notice (or “Notice“) communicates to you how Lupin will make use of information that identifies or can be reasonably used to identify you (“personal data”) when you visit this website, and describes your data protection rights, including the right to object to some of the processing which Lupin carries out. More information about your rights, and how to exercise them, is set out in the “Your choices and rights” section.
Data Controller
The body that determines how and why your personal data is processed is defined as the “Controller”. The Controller of your personal data is:
Lupin Atlantis Holdings SA
Landis + Gyr Str. 1,
CH – 6300 Zug, Switzerland
Phone +41 (0)52 633 70 00
E-Mail: customerserviceLEG@lupin.com
You can contact us at the details above if you have questions about this notice or wish to contact us for any reason in relation to personal data processing.
Compliance with applicable laws
When using your Personal Data, Lupin as Controller will always comply with the relevant data privacy and data protection laws, which includes regulatory and national law requirements that may apply to such use and processing and, where applicable, giving you the specific rights that apply in the country where you reside (altogether “Applicable Data Protection Law”)
Data Protection requirements
Lupin will comply with data protection law. This means that the Personal Data we hold about you must be:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes that we have explained to you clearly and not used in any way that is incompatible with these purposes;
- Relevant to the purposes we have told you about and limited to those purposes only;
- Accurate and kept up to date;
- Kept only for such time as is necessary for the purposes we have told you about; and
- Kept securely
Data Processing
Device Information
When you access and use our website, we collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a log file.
The following personal data is processed to the extent necessary for the provision of a functional website and our contents and services (“Device Information“):
- IP address
- Main language of browser
- Date and time of access in local time zone
- Country, region, city
- Main language of browser
- Title of the page(s) being viewed
- Page generation time
- URL of the page that was viewed prior to the current page – i.e. the website from which access was made (the “referrer URL“)
- Files that were clicked and downloaded
- Screen resolution
- Type of browser, browser version, device type, and operating system
- Network type (e.g. WiFi, broadband, or mobile)
- The name of your internet access provider
Personal data we collect from you
We collect your personal data, including Device Information, from you and process it for the following purposes and based on the following legal bases under GDPR (where applicable):
Category of personal data
|
Purpose for processing | Legal basis |
Device Information (IP address) and your language preference (if selected using the dropdown on the Site) | To tailor the language of the Site to suit your location/preference. | Our legitimate interest in ensuring your user experience is optimized to your needs. |
Device Information | We may be required by applicable law to disclose the Device Information in our server logs to law enforcement bodies or regulators. | Legal obligation |
Device Information | To the extent necessary for the provision of a secure and functional website. | Necessary for our performance of a contract with you (our terms of use for provision of the website). |
· Contact information (such as your name and e-mail address)
· Such information, which you provide to us in an email or via telephone conversation (for example Information about your (medical) inquiry and, if applicable, your health data)
|
On our website we offer you the opportunity to get in contact with us via telephone call or email:
· for general enquiries and customer services; · for medical information; or · to order patient alert cards.
|
Our legitimate interest in being able to respond to your query, necessity for our performance of a contract with you as well as our legal obligations. |
Pharmacovigilance / Reporting of adverse effects
Please note that the Lupin group has designated Hormosan Pharma GmbH / Lupin Europe GmbH as representative for pharmacovigilance activities in the European Union. This means that these entities are responsible for the processing of data in connection with such activities (including but not limited to the reporting of adverse effects). For further information, please see HORMOSAN Pharma – Privacy Statement
Retention
We retain your personal data for no longer than is necessary for the purposes for which it is processed. More particularly:
- In general, we apply a retention period of no more than 6 months.
- Where we collect your personal data to tailor the language of the Site to suit your location/preference, this is retained for no longer than your browser session.
- Further storage may take place in individual cases if this is required by applicable law.
Data sharing
We share your personal data with the following categories of recipient:
- Our hosting provider – our website is hosted by a third-party provider on servers located in the UK.
In some scenarios we may be required to share your personal data with law enforcement agencies or regulators in accordance with applicable law.
In the event that our business is sold or integrated with another business your details will be passed to the new owners of the business in order to continue to operate the Site.
International Transfers
The Site is hosted on secure servers in the UK.
Your Choices & Rights as a Data Subject
If you are based in Switzerland, the UK or the EU, you have at least the following rights:
Right | Summary
|
The right of access
|
Enables you to receive a copy of your personal data |
The right to rectification | Enables you to correct any inaccurate or incomplete personal data we hold about you |
The right to erasure
|
Enables you to ask us to delete your personal data in certain circumstances |
The right to restrict processing | Enables you to ask us to halt the processing of your personal data in certain circumstances |
The right to object
|
Enables you to object to us processing your personal data on the basis of our legitimate interests (or those of a third party). Your objection will be upheld, and we will cease processing your personal data, unless the processing is based on compelling legitimate grounds or is needed for the exercise or defence of legal claims that may be brought by or against us |
The right to data portability | Enables you to request us to transmit personal data that you have provided to us, to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible |
These rights may be limited if, for example, fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to retain or have compelling legitimate interests to keep.
If you wish to exercise any of these rights, please email us at customerserviceLEG@lupin.com so we can assist you. Please note in some cases we may request additional information from you to verify your identity before we can respond to your request.
Data Security and Security Measures
We are committed to protecting your privacy and treating your personal information confidentially. In order to avoid any manipulation, loss or misuse of your data stored by us, we take extensive technical and organizational security measures that are regularly reviewed and adapted to technological progress. Our security measures are continuously revised in line with technological developments. Our employees are obliged to maintain confidentiality. This includes, among other things, the use of recognized encryption methods (SSL or TLS).
However, we would like to point out that due to the structure of the internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions for which we are not responsible.
In particular, unencrypted data – e.g., if this is done by e-mail – can be read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data provided by him against misuse by encryption or in any other way.
Minors
This website, and the information provided on this website, are not designed or intended for use by children 16 years and younger. Lupin also do not knowingly collect, process or store any Personal Data from any users under the age of 16 without the verifiable consent of a parent or guardian prior to collecting, processing or storing information collected either directly or indirectly through the use of this websites. Parents or guardians of minors may have the right to request to view or delete Personal Data provided by the child either directly or indirectly through the use of this website.
Contact Information
You can get in touch with us with any questions about this notice, our data processing in connection with the Site using the contact details here .
If you have questions or concerns about this Privacy Notice or the processing of your personal data, you may also contact our external Data Protection Officer at:
Bird & Bird DPO Services SRL
Avenue Louise 235 b 1
1050 Brussels, Belgium
Email: dpo@lupin.com
If you have any concerns, you have the right to complain to a data protection authority in the country that you reside in or the country of your place of work or the country where the alleged infringement took place.
Update to this privacy notice
As changes to the law or changes to our corporate processes may require an adaptation of this Privacy Notice and we refer to this page to review and read this website Privacy Notice regularly. The most current version of this statement can be accessed on this website any time under “Privacy Notice”, saved and printed out. This Privacy Notice was last updated as of the “Last Updated” date shown above.
Healthcare Professionals Privacy Notice
Last updated: March 2024
Introduction
Lupin Neurosciences, a Specialty Pharma Division of Lupin Atlantis Holdings SA (”Lupin” or “we”) are committed to improving the lives of patients affected by underserved neurological disorders and interacts with different third parties such as healthcare professionals, medical professional, personnel and staff at healthcare institutions, government authorities, non-profit organizations, key opinion leaders (altogether “HCPs”), healthcare organizations, (“HCOs”), patients and patient organizations (“POs)” (altogether “Healthcare Community”)in many ways. Therefore, data protection and data security are very important to us.
This Privacy Notice (“Notice”) communicates to you how Lupin collects, processes, uses and discloses information about you (“Personal Data”) when we interact with you and how we protect it.
For the purpose of the scope of this Privacy Notice, third parties are as follows:
Qualified Professionals, Healthcare Community, Third Party Vendor Representatives (Government/Regulatory Agencies, Marketing/Access/Commercial/Medical Agencies and Clinical Research Organizations (“CROs”)); Consultant, Suppliers, external service providers, Health Authorities, Commercial Partner (for commercialization in certain jurisdictions)
As further outline below, we collect Personal Data during our engagements and interactions (both solicited and unsolicited) with you, both in-person and online. We also collect Personal Data from third parties in the healthcare sector, publicly accessible sources of professional information, and joint marketing partners.
It also describes your data protection rights, including a right to object to some of the processing which Lupin carries out. More information about your rights, and how to exercise them, is set out in the “Your choices and rights” section.
We may provide you with additional information when we collect personal data, where we feel it would be helpful to provide relevant and timely information.
Please note that the Lupin group has designated Hormosan Pharma GmbH / Lupin Europe GmbH as representative for pharmacovigilance activities in the European Union. This means that these entities are responsible for the processing of data in connection with such activities (including but not limited to the reporting of adverse effects). For further information, please see HORMOSAN Pharma – Privacy Statement
Data Controller
The body that determines how and why your personal data is processed is defined as the “Controller”. The Controller of your personal data is:
Lupin Atlantis Holdings SA,
Landis + Gyr Str. 1,
CH – 6300 Zug, Switzerland
Phone +41 (0)52 633 70 00
E-Mail: customerserviceLEG@lupin.com
Website: https://www.lupin-neurosciences.com
Compliance with applicable laws
When using your Personal Data, Lupin as Controller will always comply with the relevant data privacy and data protection laws, which includes regulatory and national law requirements that may apply to such use and processing and, where applicable, giving you the specific rights that apply in the country where you reside (altogether “Applicable Data Protection Law”)
Data Protection requirements
Lupin will comply with data protection law. This means that the Personal Data we hold about you must be:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes that we have explained to you clearly and not used in any way that is incompatible with these purposes;
- Relevant to the purposes we have told you about and limited to those purposes only;
- Accurate and kept up to date;
- Kept only for such time as is necessary for the purposes we have told you about; and
- Kept securely
What personal data does Lupin process and for which purposes?
Lupin may process the following categories of data about you where permissible:
- Personal Basic Information: your name, title, date of birth, Identity proof
- Contact Information: postal address, phone number, email address
- Nationality ID Information, travel-related and other identification information: including your national ID number, passport number, tax identification number; where necessary and permissible
- Professional qualification information: CV including data related to your education, professional registration number, professional affiliations (e.g., memberships in medical societies or HCP networks), publications, other professional achievements, professional photo
- Financial data: Bank Account Details
- Your interests: such as in healthcare topics about which you request information from us
- Patient Health Data: images and videos
Purpose for processing personal data | Data Category | |
Marketing authorization | Premarket Authorization |
|
Post market authorization |
|
|
Transfers of value | As member of the European Federation of Pharmaceutical Industries and Associations (EFPIA), Lupin complies with the codes enacted by EFPIA, including the EFPIA Code on Disclosure of Transfers of Value |
|
Contractual relationship management |
|
|
Product complaints and adverse events |
|
|
Operate our business to comply with our legal obligations or to maintain operating when interacting our legitimate interests |
|
|
How do we collect your personal data?
Directly from you:
- Lupin collects information about HCPs directly from the HCPs themselves, third parties (such as patients, patient organizations, caregivers or other medical professionals, as well as publicly available sources)
- Engage with one of our sales representatives, medical science liaisons, or other employee engaging with HCPs, HCOs, POs;
- Attend an online event such as a webinar;
- Respond to any surveys that you may choose to participate in;
- Attend face-to-face meetings, such as advisory boards or conferences.
We collect information about you (such as name, contact details, research interests, professional qualifications) from other sources (:
- Data companies providing information services in the healthcare sector
- Publicly accessible sources
- Joint marketing partners;
- Marketing vendors;
- Healthcare provider directories;
- Your patients (where they have told us that you are their healthcare provider);
- Patient organizations;
How we use Sensitive Personal Data
We generally do not process sensitive personal data (such as information related to racial or ethnic origin, political opinions, religion or philosophical beliefs, health, sex life or sexual orientation, criminal background, or trade union membership, or genetic data) about you. If you provide us with such information, you do this of your own free will (unless specifically requested by us).
If we process your data as a patient (for example, if you are a participant in a clinical study), we will provide a separate privacy notice to you, either directly or via our partners.
In any case, we will take particular care and implement appropriate measures if we are processing sensitive personal data.
Where is your data access from / transferred to?
Your data may be transferred to other European affiliates or other Lupin entities, or trusted third party service providers outside Switzerland to the European Economic Area (EEA), UK, South Africa, USA, Canada, Australia, Japan, Brazil, Colombia, Argentina)
- In the event of cross-border data transfer, the relevant national requirements for disclosing personal data abroad must be met. Data is transferred outside Switzerland on the basis of data processing agreements incorporating the applicable standard contractual clauses according to the respective data protection requirements and other safeguards, such as Standard Contractual Clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council and/or
- the UK International Data Transfer Addendum
Third parties that process personal data on our behalf are deemed Data Processors under the applicable data protection regulations. Lupin is expressly obliged under the applicable data protection law to enter into a contract or Data Processing Agreement (“DPA”) with its Data Processors. This DPA ensures access by Data Processors to Lupin data remains compliant with the applicable law. Lupin therefore guarantees to enter into a DPA with any and all Data Processors that exist and that may exist in the future. Data Processors are further prohibited from using the personal data for any purpose other than to perform the services as instructed by Lupin.
Depending on the purposes we will also share your Personal Data with other specialized service providers who work with us, for example:
- Authorized staff from Lupin or it’s representatives acting on Lupin’s behalf, subject to applicable data privacy laws
- Regulatory authorities (Government/Regulatory Agencies) and ethics committees pursuant to applicable laws;
- Third parties with which Lupin collaborates and which are processing Personal Data as a data processor under Lupin’s instruction, but only after taking reasonable steps to ensure that we can share such information in compliance with applicable privacy laws
- Commercial Partner (for commercialization in certain jurisdictions)
- Disclosure of Transfer of Value
Disclosures of Transfer of Value
As a member of Medicines for Europe Lupin Atlantis Holdings SA (“Lupin”) is committed to adhering to and supporting the Medicines for Europe Code of Conduct (the “Code”). The Medicines for Europe Code of Conduct, of which Lupin is a member, has established a number of rules which Lupin complies with. As a result, Lupin began gathering, documenting, publishing, and sharing data about any value transfers (whether directly or indirectly funded such as payment of professional fees, travel, accommodations and out of pocket expenses) made to the Healthcare Community.
In particular, Lupin is required to record the precise amount of direct and indirect payments, whether in cash, in kind, or another form, made to an HCP or for the benefit of an HCP, as well as the various types of non-monetary benefits received from Lupin (directly or indirectly), such as services provided by a third-party vendor hired by Lupin, the relevant reporting period and the purpose of the transfer of value.
Lupin discloses this personal data on an individual named basis (unless Lupin has not received the HCP’s consent). If the HCP does not consent to named disclosure, Lupin must publish that individual’s disclosure data in an aggregated form without identifying them.
The reporting period is the relevant calendar year. Disclosures shall be made once a year, generally no later than 30 June for the preceding calendar year. Information disclosed shall remain on our website (Transparency Reporting – Lupin Neurosciences (lupin-neurosciences.com)) for a minimum of 3 years after the time such information is first disclosed.
Change of purpose
Lupin will only use your Personal Data for the purpose for which it was collected unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will advise you of this and explain the legal basis which allows us to do so.
You should be aware that we may process your Personal Data without your knowledge or consent where this is required or permitted by law.
For how long do we keep data?
In some jurisdictions, we are legally required to keep your Personal Data for certain periods. How long depends on the specific legal requirements of the jurisdiction you are in when you share your information with us.
We will retain your Personal Data for as long as needed or permitted in light of the purpose(s) for which it was obtained and as outlined in this Privacy Notice.
The criteria used to determine our retention periods include:
- the length of time we have an ongoing relationship with you
- whether there is a legal obligation to which we are subject; or
- whether retention is advisable in light of our legal position (such as in regard to the enforcement of applicable contract terms, applicable statutes of limitations, litigation or regulatory investigations).
How does Lupin protect your data?
Lupin takes the security of our data seriously. Lupin has internal policies and controls in place to prevent your data being lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
When Lupin engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organizational measures to ensure the security of data.
Data of Minors
If you are providing us with Personal Data of individuals under the age of eighteen (16), you represent that you have the appropriate authority to do so, and that you can demonstrate such authority to Lupin upon request.
Your Choices and Rights
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request (known as a “data subject access request”);
- require Lupin to change incorrect or incomplete data (known as “right of rectification”);
- request erasure of your personal information. This enables you to ask Lupin to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing (known as “right of erasure”);
- object to the processing of your data where Lupin is relying on its legitimate interests as the legal ground for processing (known as “right of objection”);
- ask Lupin to suspend the processing of your personal data for a period of time if data is inaccurate or there is a dispute about its accuracy or the reason for processing it (known as “right to restriction of processing”);
- receive your provided personal data from Lupin in a structured, commonly used and machine-readable format (“known as “Right to data portability”) and
- Lodge a complaint with the competent a supervisory authority
Contact information
If you are an HCP and would like to exercise above mentioned rights, you can contact the Controller (see first section of this privacy notice). If you have questions or concerns about this Privacy Notice or the processing of your personal data, you may also contact our external Data Protection Officer for all EU-Lupin entities at:
Bird & Bird DPO Services SRL
Avenue Louise 235 b 1
1050 Brussels, Belgium
Email: dpo@lupin.com
Updates to this privacy notice
As changes to the law or changes to our corporate processes may require an adaptation of this Privacy Notice and we refer to this page to review and read this website Privacy Notice regularly. The most current version of this statement can be accessed on this website any time under “Privacy Notice”, saved and printed out. This Privacy Notice was last updated as of the “Last Updated” date shown above.