Privacy Policy

25 January 2019




Pledge on privacy


Lupin Ltd. (Lupin) endeavors to ensure and maintain the privacy and security of all Personal Data of users collected or retrieved through the use of this website. This Privacy Policy outlines the different types of Personal Data that may be collected by the use of this website, how the Personal Data may be collected, used or shared, steps taken by Lupin to protect Personal Data and the choices users have in terms of the use of their Personal Data collected through the use of this website.


In this Privacy Policy, “Personal Data” refers to any information which can lead to the identification of an individual (such as a user or patient, whether directly or indirectly, and includes, but is not limited to, name, date of birth, telephone number or address (physical, mailing and/or email)). LUPIN operates this website in accordance with online privacy practices that are consistent with the European Union (“EU”) General Data Protection Regulation 2016/679 (“GDPR”), which may differ from privacy laws outside the EU. By using this website, and by submitting Personal Data directly or indirectly through using this website, users acknowledge that Lupin may transfer any collected Personal Data to any affiliate or processor in a country within or outside the European Economic Area (“EEA”), as well as the use of Personal Data in accordance with GDPR. LUPIN operates this website with online privacy practices that are consistent with the European Union (“EU”) General Data Protection Regulation 2016/679 (“GDPR”), which may differ from privacy laws outside the EU. By using Lupin websites, and by submitting Personal Data directly or indirectly through using the Lupin websites, users acknowledge that Lupin may transfer any collected Personal Data to any affiliate or processor in a country within or outside the European Economic Area (“EEA”), as well as the use of Personal Data in accordance with GDPR.


This Privacy Policy applies to this website. Lupin neither endorses nor is responsible for the content and use of Personal Data collected by third-party websites which may be accessed via links from this website. Users who access third-party websites via a link from this website are advised to review the privacy policies of such sites before using or providing Personal Data to such sites.


This Privacy Policy may change, and users are responsible to check this page regularly with repeated use of this website as continued use following published updates or changes indicates user acceptance of updated or changed terms.



How and why Personal Information are collected and processed


The main purpose of this website is to provide users with information and documents offered and to allow users to report adverse events or possible adverse events. Personal Information that may directly identify users may be collected by means of requests for users to provide data like name, contact information or any other information that may enable Lupin to identify users directly. Personal Data may be collected that may identify users indirectly by identifying the specific device used to access this website, regardless of the device used.


Personal Data collected are processed for various reasons. These processing activities, the respective category of Personal Data processed and the legal basis of processing for each activity are outlined below:


Respond to user requests or inquiries:


  1. Personal Data are collected when users submit requests for Medical Information, to receive information about a specific product, or to order delivery of Patient Alert cards. The information volunteered by the user in these instances may be used to respond to solicited requests, inquiries or orders. Depending on the activity, Lupin may collect contact information like name, address (both mailing and email), telephone number, specialty, preferences (when requesting product or Medical Information) and any additional information users may provide voluntarily. The lawful bases for collecting and processing such Personal Data include user consent and Lupin’s legitimate interests (such as to improve its products and materials).
  2. Track and monitor various activities related to pharmacovigilance, including adverse events:
    Personal Data that are related to adverse events and pharmacovigilance are collected in accordance with Lupin’s legal obligations, and will be used to detect, assess, understand and prevent adverse events or other problems related to Lupin medicines. This information may also be used for reporting to regulatory authorities and to improve Lupin’s products and materials.
  3. Personalize user experience:
    Lupin may collect Personal Data that may include your preferences and a history of past interaction with this website to personalize current and future user experiences. This may include information about user contact and product preferences, language and demographic data and marketing preferences. Information may either be collected automatically and as a result of using this website, in which case Personal Data is collected and processed for legitimate business interests, or voluntarily following unsolicited requests by LUPIN website users, in which case the volunteering of information confirms user consent.
  4. Maintain this LUPIN website:
    Some information, like user IP Addresses, geographical location or resources accessed, may be collected automatically for legitimate business interest like securing this website, network systems and other assets.
  5. Perform website analytics and to measure website performance:
    Within the legal framework, Lupin may combine Personal Data provided by users directly with other information that may have been collected directly or indirectly through the use of this website or by any other means, including offline records and information received from third parties. See section on Cookies and other Web Trackers in this Privacy Policy.


Some pages on this website require that users share Personal Data to continue using the relevant pages, including ordering of educational material and Patient Alert cards, requests to be contacted, surveys and sharing of content electronically. Lupin collects Personal Data only when users volunteer this information, and therefore relevant pages are only available to users who voluntarily provide this information. Any Personal Data shared voluntarily are governed by this Privacy Policy.



Cookies and other web trackers


This website may collect user information that does not directly identify users, but may match a specific user identity, or link a user to a specific device. This information provides insights into how this website is used to improve and manage the administration of the sites. This information may also be used to personalize user experiences, based information on interests and preferences collected through the use of this website. The collection of this information is mostly automated, though some jurisdictions require user consent before collecting or using this type of information. Please refer to individual section below for more information on Cookies and other Web Trackers.


  • Cookies:
    As described above, this website may use “cookies”, which are small data files placed on user computer hard drives by websites. These Cookies allow the tracking of repeat visits to this website by individual users, and to automatically recall information previously shared by a specific user. Cookies are either placed on your computer by Lupin, or by Lupin third party vendors like those providing web analytic or advertising services.
  • Web Beacons:
    Web beacons are being used on certain Lupin web pages or in emails to track whether emails sent by Lupin are opened and acted upon. This technology may also be used to measure the number of visitors using this website, or how many users use certain key functionalities on this website. This information is useful to analyze the effectiveness of this website.
  • Social Plugins:
    This website may use social plugins, for instance like the Facebook “Like” button. These plugins allow users to share information with others directly from this website. These third-party vendors operating these social plugins may place a cookie on users using these plugin’s computers to enable to recognize users who previously visited this website. If users previously logged onto the relevant social media platform or website (like Facebook in this example) prior to browsing this website, the plugin used on this website may, regardless of user interaction with plugins on this website (i.e. clicking “Like” button) allow the specific social media website to receive the described information about these users. The information collected by these social media plugins allows the particular social media websites to share collected information about user activities on this website with other users of the same social media website. Please refer to specific social media website’s privacy policies for further information about the information shared via specific social media plugins.


In some cases, other websites, browsers or programs may share user preferences about the collection and use of Personal Data and user online activities. Lupin does not currently respond to these signals.



Using information collected for marketing


Lupin endeavors not to sell or transfer Personal Data to any non-affiliated entity for their marketing activities, unless you were clearly informed and provided user’s explicit consent to share your Personal Data. Lupin may use third-party advertising agencies and companies to place advertisements on other websites. These third-party agencies or companies may use user information collected through the use of Lupin or other websites to measure the effectiveness of advertising campaigns, and to personalize advertising based on user preferences and interests. Please see information on Cookies that enables personalized user experiences described in this Privacy Policy.



Sharing of Personal Data


Recipients of Personal Data:


User Personal Data may be shared with Lupin Affiliates globally. These affiliates will use Personal Data shared by Lupin for the same purposes described in this Privacy Policy. Lupin Affiliates are listed in the current annual report on


User Personal Data may also be shared with external third parties, including contracted data processors, to:


  • Help fulfill Lupin’s business transactions;
  • Maintain this website;
  • Facilitate any activities related to transfer of control (i.e. a merger or consolidation) or other corporate reorganization undertaken by Lupin or Lupin Affiliates;
  • Fulfill legal or regulatory requirements, like responding to requests from governmental authorities or court orders or reporting adverse events;
  • Fulfill corporate audit requirements or investigate and respond to complaints or security threats.



International transfers of collected Personal Data


Personal Data of users of this website, collected either directly or indirectly, may be transferred or stored in a country other than the user’s country of origin. Lupin however endeavors to only transfer or store information to countries within the European Economic Area. Where Lupin does transfer Personal Data to persons outside the European Economic Area, any such transfer will be conducted in compliance with applicable law. The country to which the data is transferred may impose different (less restrictive) privacy obligations than under GDPR.


Where Lupin transfers Personal Data to third parties outside the European Economic Area, it ensures that the recipients sign contracts containing the EU Standard Contractual Clauses according to the EU Commission decisions of 27 December 2004 (2004/915/EC) and 05 February 2010 (C(2010)593) designed to constitute appropriate and suitable safeguards to ensure compliance with GDPR.



Retention / storage period of Personal Data


The period of time that Personal Data will be stored following a user’s last interaction with this website depends on the purpose of collecting and processing specific information, for instance pharmacovigilance related information shared are kept for a minimum of ten years after the withdrawal of the product in the last country where the product is marketed.



User rights regarding Personal Data


User rights regarding Personal Data collected either directly or indirectly from the use of this website is covered by GDPR, which means users may have additional rights to the use and processing of Personal Data, including the right to:


  • Request access to Personal Data regarding the user collected, processed and stored by Lupin;
  • Request an explanation of the processing that LUPIN undertakes of the Personal Data regarding the user Lupin holds;
  • Request the rectification or correction of Personal Data regarding the user;
  • Request copies of Personal Data regarding the user in electronic format to transfer to third parties, or to request that Lupin to directly transfer information to third parties;
  • Refuse the processing and use of Personal Data regarding the user for marketing and other purposes;
  • Request the deletion of Personal Data when it is no longer required for the purposes for which information was shared or limit the processing of Personal Data where deletion is not possible. Users therefore have the right to withdraw consent at any time if processing of information is based on consent, provided that the withdrawal of consent does not affect the lawful processing based on consent prior to withdrawal. A copy of a user’s Personal Data may be retained following a request to delete information for record-keeping purposes and to prevent entering of deleted Personal Data in Lupin systems following a request to delete information.


Lupin may ask the person seeking to exercise any of these rights to verify their identity.


Please contact Lupin using the contact information provided in this Privacy Policy to exercise any of these rights.


Users are entitled to lodge a complaint with the relevant GDPR supervisory authority if a user feels that Lupin’s data processing does not comply with GDPR.



Data security


Lupin and its business partners take steps to protect Personal Data accessed or collected through the use of this website from loss, misuse and unauthorized access, disclosure, alteration or destruction. Regardless, Lupin cannot guarantee the security of Personal Data and denies all liability and damages legally permissible that could arise from loss, misuse and unauthorized access, disclosure, alteration or destruction. Lupin recommends that all users take all available precautions to protect Personal Data submitted to this website.





This website, and the information provided on this website, are not designed or intended for use by children 16 years and younger. Lupin also do not knowingly collect, process or store any Personal Data from any users under the age of 16 without the verifiable consent of a parent or guardian prior to collecting, processing or storing information collected either directly or indirectly through the use of this websites. Parents or guardians of minors may have the right to request to view or delete Personal Data provided by the child either directly or indirectly through the use of this website. Lupin recommends that all minors seek permission from parent/s or guardians prior to using or providing any Personal Data on any Lupin website.


Identity and contact details of the data controller


The data controller and EU representative of Lupin is Lupin Europe GmbH, Hanauer Landstraße 139 – 143, 60314 Frankfurt am Main, Germany.


You may contact the data controller by mail at Hanauer Landstraße 139 – 143, 60314 Frankfurt am Main, Germany or email at






Data controller


The following companies operating as part of Lupin Europe are deemed to be data controllers (hereinafter termed: the Company):


Hormosan Pharma GmbH

Hanauer Landstraße 139-141

60314 Frankfurt


+49 (0) 69 – 47 87 30


Lupin Atlantis Holdings SA

Landis + Gyr Str. 1

6300 Zug


+41 (0)52 633 70 00


Lupin Europe GmbH

Hanauer Landstraße 139-141

60314 Frankfurt


+49 (0) 69 – 47 87 30


Lupin Healthcare (UK) Ltd

The Urban Building

3-9 Albert Street



United Kingdom

+44 (0) 1565 751 378 | Option 7 or ext:210


Nanomi BV

Zutphenstraat 51

NL-7575 EJ Oldenzaal

The Netherlands

+31 8 800 40 800





As representatives of our customers, we will process your personal data as described in this Privacy Notice. We respect you and are committed to honouring and protecting your privacy. This Privacy Notice describes our privacy practices regarding collection and use of your personal data when we process it in the context of providing services to our customer whom you represent and sets out your privacy rights in relation to it.



Data Protection requirements


The Company will comply with data protection law.  This means that the personal information we process about you must be:

  1. Used lawfully, fairly and in a transparent way;
  2. Collected only for valid purposes that we have explained to you clearly and not used in any way that is incompatible with these purposes;
  3. Relevant to the purposes we have told you about and limited to those purposes only;
  4. Accurate and kept up to date;
  5. Kept only for such time as is necessary for the purposes we have told you about; and
  6. Kept securely



What information does the Company collect?


The Company collects and processes a range of personal information (personal data) about you. Personal data means any information about an individual from which the person can be identified. The categories of personal data that could be processed are:


a) personal identification and contact details

e.g. first and last name, address, e-mail address, telephone number

b) Information about your job and your qualifications

e.g. name, title, company you represent, designation/job role, industry

c) Information about your interests that you share with us

e.g. using our Subscription Center or within the scope of discussions



To which purposes we process your personal data and on what legal basis


We, at Lupin, use your personal data in order to establish a connection with our customer (whom you work for or represent), provide you and the customer whom you represent with a better customer experience and ensure that the marketing material we send to you reflects your personal preferences.

In the following, we will inform you about the legal basis and the purpose for which we process your data:


a)      Based on your consent


(Art. 6 sec. 1 lit. a GDPR)

If you have given us your consent to process your data, the respective consent shall be the legal basis for the mentioned processes.


b)      Legitimate interests


(Art. 6 sec. 1 lit. f GDPR)

We may also use your data for the purposes of legitimate interests. This is so that we can communicate with you about the following:


  • To contact you in order to inform you of new products, services or promotions we may offer including to keep you appraised of our thought leadership and marketing collateral and to better assist your needs, in pursuit of our legitimate business interests and on occasion with your consent.
  • To invite you to Lupin hosted or sponsored events in your geographical region that may be of interest to you based on your role within the company and/or industry, in pursuit of our legitimate business interests.
  • To conduct market research and to carry out marketing campaigns, in pursuit of our legitimate business interests.
  • To contact you for customer care related purposes including regular communication regarding project status, notifying issues/concerns, sharing project deliverables and carrying out day-to-day project activities, in order to comply with our contractual obligations towards the customer you represent.
  • We may also use your personal data to communicate with you about our product and service offering, for example to inform you that our products/ services have changed or to send you critical alerts and other such notices relating to our products and/or services, in pursuit of our legitimate business interests.
  • We engage carefully selected third party vendors to conduct surveys to receive feedback from you on the services currently provided by Lupin to the company you represent. This will help us serve the company you represent better and improve our overall service offerings and business strategies, in pursuit of our legitimate business interests.
  • To develop new and improved products and services to help us serve the company you represent better and to improve our overall service offerings in pursuit of our legitimate business interests.



Change of purpose


The Company will only use your personal information for the purpose for which it was collected unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.  If we need to use your personal information for an unrelated purpose, we will advise you of this and explain the legal basis which allows us to do so.

You should be aware that we may process your personal information without your knowledge or consent where this is required or permitted by law.



Automated decision-making


An automated decision-making process does not take place.



For how long do you keep data?


We will only keep your personal data for as long as is reasonably necessary taking into consideration our need to answer queries or resolve problems, any other purpose outlined above or to comply with legal requirements under applicable law(s). Your data will be completely deleted as soon as the processing purpose for its storage ceased to apply.



Who has access to data? (recipients or categories of recipients of the personal data)


Your data is only disclosed if disclosure is permitted by a legal basis and only with due regard for the duty of confidentiality.


We may use carefully selected third parties to carry out certain activities to help us to run our business (such as cloud service providers, IT support vendors, information security support vendors, third party auditors, etc.) also outside of the EU and actual or prospective purchasers. Any such third parties would be required to contractually agree with applicable laws and regulations and treat your personal data in accordance with this Privacy Notice.


We have offices and operations in a number of international locations, and we share information between our group companies for marketing and administrative purposes. Your information may be shared with our internal staff for marketing and administrative purposes, located in India, as outlined above. Please visit to see a list of the locations within our corporate group.



Am I obliged to provide data?


Within the scope of the mentioned processing activities, you are not obliged to provide your personal data.

If you do not provide the relevant information, we may not be able to answer your inquiries or provide product information.



How does the company protect data?


The Company takes the security of our data seriously. The Company has internal policies and controls in place to prevent your data being lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.

When the Company engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organizational measures to ensure the security of data.



Your rights


As a data subject, you have a number of rights. You can:


  1. access and obtain a copy of your data on request (known as a “data subject access request”);
  2. require the Company to change incorrect or incomplete data;
  3. request erasure of your personal information. This enables you to ask the Company to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
  4. object to the processing of your data where the Company is relying on its legitimate interests as the legal ground for processing; and
  5. ask the Company to suspend the processing of your personal data for a period of time if data is inaccurate or there is a dispute about its accuracy or the reason for processing it.


If you believe the processing of your personal data infringes data protection law, you have the right to lodge a complaint to a data protection supervisory authority.


If you would like to exercise any of these rights, or you have any questions about the privacy notice, please contact the relevant Data Protection Officer.





If you believe that the Company has not complied with your data protection rights, you have the right to make a complaint to:


a) For Hormosan Pharma GmbH, Lupin Europe GmbH, Lupin Atlantis Holdings SA, Nanomi BV, Lupin Healthcare (UK) Ltd:


The Data Protection Officer

Dr. Karsten Kinast

KINAST Rechtsanwaltsgesellschaft mbH


Phone: +49 211 – 222 183 10