Privacy Notice for the processing of Personal Information of Healthcare Professionals
Last updated: 1 February 2022
Astellas Pharma Inc. and its affiliates globally (“Astellas”, “we”, “our”) respect your right to privacy and treat compliance concerning privacy obligations seriously; this is why we have developed this Privacy Notice (“Notice”), which explains why and how we collect, share and use personal information about healthcare professionals (“Personal Information”), and how you can exercise your privacy rights. A healthcare professional is any person in a position to prescribe, administer, purchase or dispense Astellas products, or otherwise influence the use of, or a purchasing decision for, an Astellas product. Examples of healthcare professionals include physicians, nurse practitioners, nurses, pharmacists, transplant coordinators, reimbursement specialists, and formulary decision makers, and the definition of a healthcare professional may depend on local legislation.
Please take the time to read this Notice carefully. If you have any questions or comments, please use the contact details provided under the “How to contact us” heading below.
Astellas Pharma Inc., together with the Astellas affiliate which has a relationship with you, are the data controllers of your personal information. You can find more information on the relevant Astellas affiliate in the following link: at https://www.astellas.com/en/worldwide.
What does Astellas do?
Astellas is a global pharmaceutical business, whose ultimate parent company is headquartered in Tokyo, Japan. Our mission is to improve the lives of patients. For more information about Astellas, including information about our focus therapeutic areas, please see the “About” and the “Therapy Areas” sections of our Website at https://www.astellas.com/dk/about.
What Personal Information does Astellas process?
We collect Personal Information about you from a variety of sources, including directly from you and from documents or forms that you provide to Astellas in order to participate in Astellas-sponsored or supported initiatives, such as Astellas-sponsored clinical research and development activities, market research, real world evidence studies, or in other contexts; from business partners (i.e. the legal entity for whom you work), third parties (e.g. vendors or medical agencies) or publicly available sources including professional registries, journals and scientific portals, PubMed, ClinicalTrials.gov, congress websites, university or hospital websites, national registries, social media platforms such as LinkedIn, Facebook, etc. and online search engines; CVs and resumes; and online and other databases (such as HCP databases managed by specialized data providers) and websites, which may be owned and managed by third parties.
Your Personal Information processed by Astellas broadly falls into the categories described below. The actual scope of Personal Information Astellas processed about you depends on the actual types and volumes of interactions with you and is limited to Personal Information that is necessary for Astellas to achieve the purposes of such interactions.
|Types of Personal Information
|Personal identifiers and biographical information
Name, incl. prefix; nationality; place and date of birth; personal photos or images/voice in recordings for business purposes (where applicable); identity details (passport No., medical registration number/authorization ID, Astellas unique business partner ID), profile name or handle on social media platform;
|Postal address (home and/or workplace); telephone numbers; e-mail addresses
|Job titles, place of practice, the medical field(s) in which you are active, your professional qualifications and scientific activities (such as years of clinical experience, number of publications of academic or scientific research and articles, participation in advisory boards and clinical trials and other research studies with Astellas and other companies, leadership positions, presentations, membership in professional associations, boards and committees (also for conflict of interest checks); CVs, preferred language
|Identifiers for payment administration
|Details about the underlying interaction of an agreement, and amount of the values transferred to you under an agreement, if you are the ultimate beneficiary; Social security/insurance numbers; national identification numbers; professional identification numbers; bank account details
|Business travel and meeting arrangements
|Travel/accommodation/subsistence information related to business travel and events, special conditions (dietary preferences/requirements, accessibility information)
|Electronic personal identifiers
Your electronic identification data where required for the purpose of providing services through websites or applications we operate (such as username, password, IP address, device type, unique device identification numbers, browser type, broad geographic location (e.g. country or city-level location) and other technical information, image recording or sound). We may also collect information about how your device has interacted with our website or application, including the pages accessed and documents, files or applications that you have downloaded (we use Google Analytics or Adobe Analytics for this purpose).
For the Astellas-Pro website, we may verify your identity using the OWA (on-line Web Authentication) service from IQVIA Inc. This verification requires you to confirm your username and password to enable access to this Gated site. Please note that we do not have access to your password.
|Details of interactions with Astellas
Details of interactions with us, such as what kind of meetings we have held, topics discussed, your knowledge of and questions you have had on our business and products, what kind of material we have provided to or shared with you and any feedback that you have provided (e.g. when you fill in forms to attend or during an Astellas event, or when you provide feedback in a survey), as well as your opinions and routines on prescribing, routines regarding your patients and diagnosis, and similar information which may also be collected as market research and/or real world evidence data through a third party agency or data broker; information regarding your utilization, responses and/or preferences including channels of communication and frequency.
Some services, websites or applications, such as Astellas-Pro, capture details of your visit to the site, pages visited etc. but only where the relevant cookie consent has been given as explained further under the heading “Cookies Declaration” in the relevant service, website or application etc. used to collect such data.
Why does Astellas process your Personal Information?
We process your Personal Information primarily for legitimate interests, contractual purposes and where required by the law, to manage our relationship with you, and in particular for the following main processing purposes:
|Develop and strengthen our professional relationship with you and enhance your knowledge about Astellas’ products; enhance our knowledge about relevant disease areas and trends in patient management to improve our ability to deliver treatments of value that improve the lives of patients; conduct general stakeholder segmentation within your geographical area and area of expertise; identify key external experts as well as identify relevant study sites for the conduct of clinical trials
|Manage our relationship with you in our customer databases (such as Veeva or Sales Force), including the planning of potential collaboration, contacts, visits and meetings (virtual and/or physical) with you and any subsequent execution of such activities. This will include planning, reporting and tracking of our activities with you and the materials provided to you, including measuring our interactions to help develop, distribute and evaluate the information we provide you about diseases and Astellas’ products and services and ensure that it is relevant given your expertise, interests and preferences based on our evaluation and ranking of your profile and your opinions, routines and practices; develop databases of thought leaders and key experts in different therapy areas; and understand your scientific, therapeutic approach and satisfaction with Astellas’ products and services
|Manage our interaction with you in relation to an agreement under which services will be provided by you, including to determine the appropriate level of remuneration based on your professional qualifications (fair market value), perform our obligations and exercise our rights under such agreement, or if services will be provided by Astellas to you or the organisation for which you work.
|Document our transactions with you and ensure transparency on transfers of value where you are the ultimate beneficiary (such as contribution to costs related to educational events managed by Astellas, including travel and accommodation expenses, fees for services for speaker and consultancy services)
|Manage consents provided by you to Astellas (such as electronic marketing consents) or consents for Astellas to disclose personal information relating to you and arising from our agreement(s) with you (including, without limitation, your name and the amount and/or value of the transfers made to you under such agreements) where such consent is required by code or by law
|Manage our IT resources, including infrastructure management and business continuity, and give you access to our information and services, including to ensure access restriction for services and information that are limited to only healthcare professionals; to better understand your use of our websites and/or applications and what content is of interest to you so that we can improve the quality and relevance of our website and/or applications, and for internal analytics. Some of this information may be collected using cookies and similar tracking technology, as explained further at the time of cookie collection
|Manage any requests you may submit to us for medicines (e.g. samples or for compassionate use) and for medical information, incl. information related to your patients or their carers, as relevant
|When required or allowed to do so by law, code of practices or as necessary, to enable Astellas to protect its interests, including to manage our corporate compliance program to comply with legal, regulatory, industry requirements or best practices and ethical obligations, for monitoring, audit or inspection purposes; to establish legal rights, pursue legal actions or litigation (for instance, when necessary to prevent or detect fraud or crime or respond to a regulatory investigation)
|Record, store, manage and follow up on adverse events or product quality issues that may be reported by you for Astellas medicinal products; to enable direct communications with you in relation to important and sometimes vitally urgent safety warnings and drug recalls and to facilitate and evaluate effectiveness of our communication to you related to risk management plans related to our marketed products
|Conduct surveys, market research and social media listening projects to understand your insights and views on position of Astellas in the life sciences sector and the opinion and the sentiment of the healthcare community on various related issues and topics
|Efficiently manage our relationship with you within the framework of collaboration agreements with our partners (including e.g. other pharmaceutical companies or companies with which we may co-promote a medicinal product) and to facilitate any corporate transactions and associated due diligence processes. This includes translations like transfer of Marketing Authorization to a new holder, mergers, acquisitions and other types of assignments and company restructuring).
|Efficiently manage activities related to your attendance in online and live meetings or events organized or supported by Astellas; send you direct marketing material, medical and scientific updates, corporate information and/or products or services we provide using post or electronic means
|If you visit our office or site, we will collect basic information for security reasons to manage access to the building, and we may also capture images on our CCTV cameras.
|Documentation and records containing official correspondence with authorities such as a Drug Agency, Ministry of Health, a Sick Fund and other relevant authorities and official bodies related to Astellas’ work as a pharmaceutical company.
In general, we will use the personal information we collect from you only for the purposes described in this Privacy Notice or for purposes that we explain to you at the time we collect your personal information. However, we may also use your personal information for other purposes that are not incompatible with the purposes we have disclosed to you (such as archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes) if and where this is permitted by applicable data protection laws.
Legal basis for processing Personal Information (for healthcare professionals based in European Economic Area countries)
We collect and process your Personal Information in order to:
- Comply with our legal obligations under applicable healthcare or other legislation (e.g. for tax and other financial or transparency regulation)
- Perform our contractual agreement with you or to take relevant steps at your request prior to entering into a contractual relationship with you
- Protect your vital interests or those of another person, e.g. to inform patients of possible adverse side effects related to medication they are taking
- Where we have your consent to do so (in such cases, you can withdraw your consent at any time)
- To pursue Public interest in the area of public health, where we are required to collect special categories of personal information related to such public interest (e.g., Covid-19 containment measures).
- Fulfil our legitimate interests as pharmaceutical company, as these are described in detail in the table “Processing Purposes” above and provided that they are not overridden by your data protection interests or fundamental rights and freedoms.
In cases where our processing of your Personal Information is not already covered by any of the above legal bases, we will either provide your with a separate privacy notice stating relevant legal basis, or, obtain your prior, explicit and specific consent to do so.
In cases where our processing of your personal information is required as part of our contractual relationship with you, failure to provide this data may obstruct conclusion of the contract or result in Astellas’ inability to perform contractual obligations.
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us using the contact details provided under the “How to contact us” heading below.
How does Astellas process my Personal Information?
We will process your Personal Information in accordance with this Notice and applying the following principles:
- Fairness: We will process your Personal Information fairly. This means that we are transparent about how we process Personal Information and that we will process it in accordance with applicable law.
- Purpose limitation: We will process Personal Information for the above-specified, lawful purposes, and will not process it in a manner that is incompatible with those purposes.
- Proportionality: We will process Personal Information in a way that is proportionate to the purposes which the processing is intended to achieve.
- Data accuracy: We take appropriate measures to ensure that the Personal Information that we hold is accurate, complete and, where necessary, kept up to date.
How does Astellas keep my Personal Information secure?
We implement appropriate physical, technical and organizational security measures to protect your Personal Information against unauthorized or unlawful processing or disclosure. The measures we use are designed to provide a level of security appropriate to the risk of processing of your Personal Information.
Who does Astellas share my Personal Information with?
We may engage third parties to process Personal Information for and on behalf of Astellas. We require such data processors to process Personal Information and act strictly on our instructions and to take steps to ensure that Personal Information remains protected. We may disclose your Personal Information to the following categories of recipients:
|Our affiliates and group companies
|Disclosure for purposes consistent with this Notice. A list of our current group companies is available at https://www.astellas.com/en/worldwide
|Third-party service providers and partners
Third parties who provide data processing services to us or who otherwise process personal data for purposes that are described in this Notice or notified to you when we collect your personal data. Such third parties may be processing your Personal Information in the context of the following categories of activities:
1. Creation and dissemination of disease education and product campaigns and materials, corporate communication and public relations activities in hardcopy and electronic form
2. Consulting services, such as advisory boards and faculty
3. Market research and social media listening
4. Planning, execution and evaluation of our visits, events and interactions including operating a Customer Relationship Management (CRM) system or tool and Profiling, Segmentation & Targeting
5. Clinical trials and publications including working with Clinical Research Organizations (CROs)
6. Monitoring & internal audits and relevant corrective/preventive actions
7. Co-promotion activities
8. Management of third party queries, data subject request, complaints, legal actions and whistleblowing/Speak Up
9. Processing and payment of renumeration and arrangement of travelling and reimbursement of expenses and disclosures of such based on applicable code requirements
10. Infrastructure and application services, IT platform management and IT support and internal and external communication services
11. Filing and management of requests for medical information and/or adverse event reporting or quality complaints
12. Dissemination of legally required communication
13. Ensuring safety and security of Astellas premises or at Astellas events
|Provision of advisory services by agencies, consultants, auditors, accountants, advisors, legal counsels and similar agents in connection with the advisory services they provide to us for legitimate business purposes and under contractual prohibition of using the Personal Information for any other purpose
|Any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, (iii) to respond to regulatory requests or investigations or investigate whistleblowing issues, or (iv) to protect your vital interests or those of any other person
|Potential buyers (and their agents and advisers)
|In connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your Personal Information only for the purposes disclosed in this Notice
|Any other person
|Such disclosure will only be based on your consent
Astellas does not, and will not without your consent, sell your information to third parties.
We also take precautions to allow access to Personal Information only to those employees who have a legitimate business need for access and with a contractual prohibition of using the Personal Information for any other purpose.
International data transfers
Your Personal Information may be transferred to, and processed in, countries other than the country in which you are resident, including China, India, Philippines, Singapore, and the United States. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective). Also, our group companies and third-party service providers and partners operate around the world. This means that when we collect your Personal Information, we may process it in any of these countries.
We have taken appropriate safeguards to require that your Personal Information will remain protected in accordance with this Notice. These include implementing the European Commission’s Standard Contractual Clauses for transfers of personal data between our group companies, which require all group companies to protect personal data they process in accordance with applicable data protection laws. You may also exercise any of your rights described under the “Your data protection rights” heading below in relation to Personal Information that we transfer to group companies outside the country where you reside. We implement similar appropriate contractual safeguards with our third-party service providers and partners.
Further details can be provided upon request by contacting our Data Protection Officer using the contact details provided under the “How to contact us” heading below.
We retain Personal Information we collect from you where we have an ongoing legitimate business need or legal obligation to do so. We will not keep your Personal Information for longer than is necessary for the purposes for which we process it or as required by law, contract, the Astellas Global Policy for Records and Information Management and the Astellas Records Retention Schedule.
Your data protection rights
We respond to requests we receive from individuals wishing to exercise their data protection rights in accordance with all applicable data protection laws.
- If you wish to access, correct or update your Personal Information, you can do so at any time by contacting us using the contact details provided under the “How to contact us” heading below.
- You may be entitled to ask us to delete your Personal Information in certain circumstances, subject to the law in your jurisdiction. If you wish to exercise your right to deletion, please contact us using the contact details provided under the “How to contact us” heading below.
- In addition, you may be entitled under certain circumstances to object to processing of your Personal Information, ask us to restrict processing of your Personal Information or request portability of your Personal Information. Again, you can exercise these rights by contacting us using the contact details provided under the “How to contact us” heading below.
- Similarly, if we have collected and processed your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on legal bases other than consent.
- You may have the right to object to information being used for the purposes of direct marketing. Where this right applies, please use “opt-out” or “unsubscribe” functionality in the relevant communication or contact us using the contact details provided under the “How to contact us” heading below.
- You have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area are available at https://edpb.europa.eu/about-edpb/about-edpb/members_en; the Danish Data Protection Agency’s contact details are available at https://www.datatilsynet.dk/english/contact-us).
- If we apply any automated decision-making, including profiling, we will provide to you promptly meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
Classification and Automated Decision-Making
We may use algorithms in our profiling and decision-making activities. For example, we may categorize you as a healthcare professional using an algorithm to assess your professional expertise, such as research activity and publications, clinical experience, academic qualifications and communication preferences. We use this categorization to support our planning of potential collaboration, contacts, visits and meetings with you. Decisions based on our use of algorithms will typically be done by individuals and will not have any significant effect for you. However, we will provide you with further information and, where required, ask for your prior consent if fully automated processes will be used that will produce legal or other significant effect for you.
Use of Astellas website or applications by minors
We do not intend for our websites, applications or online services to be used by anyone under the age of 18.
Updates to this Privacy Notice
We may update this Notice from time to time in response to changing legal, technical or business developments. When we update our Notice, we will post any revisions on relevant privacy sections of our corporate websites (list of our websites can be accessed using: https://www.astellas.com/eu/worldwide) and may take appropriate additional measures to inform you, consistently with the significance of the changes we make. You can see when this Notice was last updated by checking the “last updated” date displayed at the top of this Notice.
How to contact us
If you want to exercise any of your data protection rights, please submit your request at: http://www.astellas.com/eu/dsr.
If you have any questions or concerns about our use of your personal data, you can always contact Astellas Data Protection Officer using the following details: firstname.lastname@example.org.