Privacy Policy
ZUELLIG PHARMA PRIVACY POLICY
Last updated: 8 July 2022
This Privacy Policy sets out how the various entities within the Zuellig Pharma group (a non-exhaustive list of our entities is found at Part XIV (Contact Us) below) (hereinafter collectively referred to as “Zuellig Pharma”, “our”, “us” or “we”) processes personal data in accordance with the data protection laws that apply to us.
This Privacy Policy outlines our general practices in relation to the collection, use, disclosure (hereinafter referred to as “processing”) and protection of the personal data you provide through our websites, applications, platforms, forms, products, services, or social media pages or otherwise (hereinafter collectively referred to as the “Platform”), or when you communicate with us and/or our authorised agents through various media and communication channels. This Privacy Policy also explains your rights and the choices available to you regarding the use of, your access to, and how to update and correct your personal data. Where our Platforms deviate from this Privacy Policy or there are other specific matters, we will outline them in a specific addendum to this Privacy Policy. References to the term “Privacy Policy” herein shall include such addendum.
In this Privacy Policy, “personal data” generally refers to any information that can be used, directly or indirectly (e.g. in combination with other types of data that we may have access to), to identify an individual (i.e. the “data subject”). Local data protection laws may have differing definitions of this, and to the extent that our definition used here conflicts with the law, the stricter definition will apply.
I. Processing of Personal DataIn the course of your dealings with us, we may process personal data about you or any other person for the purposes stated in this Privacy Policy. This may occur when you voluntarily provide such personal data to us, or, where necessary, we receive such personal data from third parties or from the public domain.
In your interaction with us or by your usage of the Platform, we may process the following categories of personal data, including, but not limited to:
- personal contact information, which includes your name, mailing address, email address, social network details, or phone number;
- sensitive personal data such as information relating to your health;
- account login information, which includes your account login ID/email address, screen name, password in unrecoverable form, and/or security question and answer;
- business contact information, which includes your occupation, designation and employer information;
- information relating to your citizenship, nationality, identification card or passport details;
- demographic information and interest, which includes your date of birth, age, gender, geographic location, favourite products and services, shopping information, and household or lifestyle information;
- transaction and financial information, which includes bank account and payment card details, payments to and from you, and other details of products and services you have purchased or acquired from us;
- technical data, which includes internet protocol (IP) address, operating system type, web browser type and version, your device information, and information collected through the use of cookies;
- usage data, which includes information about how you use our websites, applications, products and services;
- marketing and communications data, which includes your preferences for receiving marketing materials from us and our third parties and your communication preferences;
- photographs, audio and visual recordings of you taken or recorded at our premises and/or during our events;
- geolocation data;
- your conversations with us (be it via chat or in person phone calls), when you interact with us via our communication channels; and
- other information permitted by applicable laws or as notified to you at the point of transacting with us.
Unless prohibited by applicable laws, we will notify you before collecting your personal data, and seek your express consent if we need to collect your sensitive personal data.
As the accuracy of your personal data depends largely on the information you provide to us, kindly inform us as soon as practicable if there are any errors in your personal data or if there have been changes to your personal data.
If you provide us personal data about other individuals for any particular purpose, you represent and warrant to us that they have appointed you to act on their behalf and have agreed that you can:
- give consent on their behalf to the processing of their personal data;
- receive on their behalf any data protection notices; and
- warrant that you have obtained their consent for us to store their personal data, or have the right to allow us to process their personal data.
Generally, as our Platform is not targeted at minors, we do not consent to receiving any personal data relating to minors. In the event that specific services provided by us require the collection and processing of minors’ personal data, this will be specifically stated in the appropriate addendum to this Privacy Policy. In such cases, we require the parent or legal guardian of such minor(s) to consent to our processing of their minor(s)’ personal data.
II. Source of Personal DataThe personal data processed by us are obtained from various legitimate and transparent sources, including, but not limited to the following:
- through your access or use of our Platform;
- when you participate in our requests for proposals or quotations, register as a vendor with us, and/or otherwise submit information to us in the course of participating in our procurement exercises;
- when you create an account with us;
- when you browse, order, purchase or subscribe to our products and/or services;
- when you apply to participate and/or participate in our patient support, healthcare support, patient engagement and prescription information programmes;
- any emails or correspondence that we receive from you;
- when you communicate to us and/or our authorised agents through various media and communication channels, and any direct and indirect interactions with us;
- when completing any applications or forms for transactional or other purposes;
- when you participate in any event, prize draws, or competitions organised by us or indirectly through a third party;
- when completing any surveys that we send to you for research purpose;
- video or recordings of events and/or activities at our premises;
- data from publicly available sources that we collect in accordance with applicable laws, i.e. data that is published by you, social media profiles, directories, signages;
- data that we obtain legally from authorised third parties, including, but not limited to, credit reporting agencies, regulatory and enforcement agencies, healthcare providers, and other government or government-linked entities;
- our related and/or associated companies, contractors, third-party service providers, and business partners;
- marketing services providers or partners; and
- mailing lists.
We must have a lawful basis to process personal data. We typically rely on at least one of these lawful bases to do so:
- where we have the data subject’s consent for the disclosed purposes;
- where the processing is necessary and related to the fulfilment of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract;
- where the processing is necessary for compliance with a legal obligation to which we are subject;
- where the processing is necessary to protect vitally important interests of the data subject, including life and health;
- where the processing is necessary in order to respond to a national emergency, or to comply with the requirements of public order and safety; or
- where the processing is necessary for the purposes of the legitimate interests pursued by us, a third party or parties to whom the data is disclosed, except where such interests are overridden by fundamental rights and freedoms of the data subject which require protection under local laws.
We generally rely on consent to process personal data. In addition, the table below summarises some of the common purposes for which we may process personal data and our legal basis for doing so:
Purpose |
Legal basis |
· To create and administer your account (where applicable) · To enable you to access or use the Platform · To provide you with our products and services, including to process your order · To provide patient support, healthcare support services, patient engagement and prescription information, including to provide, manage and administer patient support and homecare programmes · To provide you with discounts, bonuses, rebates and the like for your orders and purchases · To provide support for our products and services · To contact and communicate with you, including to respond to your requests, enquiries, and to provide you with status updates on your order · To communicate information, notices, and updates · To fulfil any other request(s) that you may have submitted to us |
Where necessary to perform our contract with you Where required to comply with a legal obligation Where it is in our legitimate interests to ensure that services requested of us are effectively and appropriately delivered |
· To deal with any product safety issue or product complaint, and to contact and communicate with you in relation to the same · To undertake remediation activities · To resolve disputes or to investigate any complaints you made or made against you |
Where required to comply with a legal obligation Where it is in our legitimate interests to ensure that complaints are investigated and appropriately resolved |
· To do adverse event and safety reporting in respect of any product or service · To improve patient care and safety in relation to the use of medicines and all medical and paramedical interventions · To improve public health and safety in relation to the use of medicines · To detect problems related to the use of medicines and communicate the findings in a timely manner · To encourage safe, rational and more effective use of medicines · To promote understanding, education and clinical training in pharmacovigilance and effective communication to the public |
Where required to comply with a legal obligation Where it is in our legitimate interests to: (a) ensure that pharmacovigilance is done; and/or (b) promote public health and safety |
· To process invoices and payment · To conduct due diligence on the third parties we transact with, such as vendors and business partners · For internal functions such as reporting, and audit and risk management · To maintain our operations or client relationship management systems · To maintain and upkeep customer or company records and development in the ordinary course of business · For our internal record keeping · For the preparation and execution of all necessary documents, agreements and/or contracts · For general operation and maintenance of the Platform |
Where required to comply with a legal obligation Where it is in our legitimate interests to: (a) ensure the smooth operation of our business; and/or (b) keep accurate records of our business |
· To develop and improve our product and service offerings by analysing and assessing the information we have access to, such as by conducting data analytics and market research · To develop, show, measure, and track advertising (including, but not limited to, content, survey, and promotions of the Platform or products and services of ours, our subsidiaries, related and/or associated companies, business partners, and other third parties) and to collect information about you and on how you interact with it while you use the Platform |
Where it is in our legitimate interests to: (a) develop new product or service offerings to meet the needs of our customers; and/or (b) improve user experience when using our products and service offerings, including the Platform |
· To implement and/or facilitate risk and fraud controls and payment processing · To prevent, detect, or investigate any potential breaches, illegal activities or prohibited content on the Platform · To enforce and exercise rights stated in this Privacy Policy or any contract · To comply with any legal or regulatory requirements relating to all the commercial transactions, our conduct of the business or activities or our provision of products and/or services, and to make disclosure under the requirements of any law, regulations, directives, court orders, by law, guidelines, circulars or codes applicable to us or any member of our group of companies from time to time · To cooperate with regulators and law enforcement bodies |
Where required to comply with a legal obligation Where it is in our legitimate interests to: (a) prevent and investigate legal disputes, potential breaches, illegal activities or prohibited content; (b) enforce contractual rights; and/or (c) cooperate with regulators and law enforcement bodies |
· To facilitate the conduct of due diligence exercises or the actual transfer of assets in the event of potential, proposed or actual business transfer, whether in whole or in part, sale of business, disposal, acquisition, merger, spin-off, joint venture, assignment, reorganisation of Zuellig Pharma’s business, assets or stock or similar transaction |
Where required to comply with a legal obligation Where it is in our legitimate interests to undertake any corporate restructuring for the growth or optimisation of our businesses |
· To send you information or invitations to events, seminars, conferences, initiatives and promotions and talks which may be of interest to you · To organise and manage professional events and congresses, including your participation in such events · To promote and communicate news and information about the Platform, products and services of ours, our subsidiaries, related and/or associated companies, business partners, and other third parties, and such communications may be initiated from us or through third parties · To deliver online behavioural advertising (i.e., to show you online advertisements for products and/or services which may be of interest to you based on your previous behaviour, and to show you advertisements and content on social media platforms) |
Where it is in our legitimate interests, and subject to obtaining your consent when required under applicable laws, to provide you with marketing information that may be of interest to you |
Unless stated otherwise, the personal data provided to us are wholly voluntary in nature and you are not under any obligation or duress to do so. However, in some circumstances if you do not provide us with your personal data described in this Privacy Policy, we shall not be held liable for any of the consequences arising therefrom. These include:
- the inability for us to provide you with the products and/or services you requested, either to the same standard, or at all;
- the inability to enrol you to the relevant patient programme(s);
- the inability for us to provide you with the information about the products and/or services that you may want, including information about discounts or special promotions, or our new products and/or services;
- the inability for us to tailor the content of the Platform to your preferences and your experience of using the Platform may not be as enjoyable or useful;
- the inability to complete the relevant transactions with you; and
- the inability to comply with any applicable law, regulation, direction, court order, by law, guideline and/or code applicable to us.
In order for us to fulfil the purposes listed above, we may disclose your personal data to the following parties, including, but not limited to:
- the various entities within our group of companies (including those incorporated in the future), licensees, or business partners, including (where applicable) authorised personnel from the sponsor for the patient programme that you are enrolled to;
- our employees, agents, representatives, partnerships, joint venture entities, contractors, third-party service providers, subcontractors, or other parties as may be deemed necessary by us to facilitate your dealings with us;
- our suppliers, manufacturers, and business alliance partners of our products and/or services;
- relevant holders of the marketing authorisation of our products and/or services;
- parties whom we have obligations to report safety issues or product complaints;
- our professional advisers, including but not limited to our lawyers, accountants, auditors, and other financial or professional advisors appointed in connection with our business;
- any person, government authority, statutory authority, industry regulator or other relevant third party whom we are compelled or required to do so pursuant to any law, or if we have good faith belief that such disclosure is necessary to protect and/or defend our rights and interests or in connection with an investigation of fraud, infringement, piracy, tax avoidance and evasion or other unlawful activity;
- potential acquirers and other stakeholders in the event of potential, proposed or actual business transfer, whether in whole or in part, sale of business, disposal, acquisition, merger, spin-off, joint venture, assignment, reorganisation of Zuellig Pharma’s business, assets or stock or similar transaction; and
- any other party requested or authorised by you for the above purpose or any other purpose for which your personal data was to be disclosed at the time of its collection or any other purposes directly related to any of the above purposes.
Third parties are legally tasked with processing the personal data in line with the principles specified by us. Third parties are also held legally responsible for securing the personal data at an appropriate level of security in relation to applicable data protection laws and widely accepted industry standards.
VI. Protection of Personal DataWe ensure that all appropriate confidentiality obligations and technical and organisational security measures are in place to protect the confidentiality and security of your personal data collected through the various methods described in this Privacy Policy to prevent any unauthorised access, unauthorised or unlawful alteration, disclosure or processing of such information and data, and the accidental loss or destruction of or damage to such information and data.
Some of the security measures we put in place include, but are not limited to:
- storing your personal data in systems that are protected by secured networks;
- putting in place role-based access controls to limit access to such personal data only to employees who have a need to know this information for the purpose of performing their official duties, and authorised third parties who are contractually bound to take reasonable measures to keep your personal data secure;
- regularly monitoring our systems for possible vulnerabilities and attacks, and regularly reviewing our information collection, storage and processing practices to update our physical, technical and organisational security measures; and
- verifying the identity of a requester before they can access or modify the personal data that they have legitimate access or modification rights to.
Compliance with these provisions will be required by all authorised third parties who may access the personal data as described above.
VII. Your RightsDepending on the data protection laws in the country where you reside, in respect of the personal data which you have submitted to us, you may have the right at any time to:
- request for access to your personal data in our records;
- request to make correction of your personal data in our records in the event the information is inaccurate, misleading, out-of-date or incomplete upon validation and verification of the new information provided;
- request to cease processing your personal data for the purposes of marketing;
- object to the processing of your personal data, request to restrict or limit processing of your personal data, or request portability of your personal data;
- withdraw your consent for us to continue processing your personal data; and
- lodge an inquiry or complaint to the relevant data protection authority about our collection and use of your personal data.
Should you wish to exercise any of the abovementioned rights and such right is recognised within your country, please write in to us using the contact information found at Part XIV (Contact Us) below. In respect of requests for access to or to make correction of your personal data in our records, such requests must be supported with submission of the relevant documents as may be required by us. Depending on the nature and sensitivity of the request, we may require you to submit these documents in person so as to verify your identity from time to time to the address found at Part XIV (Contact Us) below. We will only make appropriate corrections based on the verifiable/verification and updated information provided by you. Your request may also be subject to payment of a fee in accordance with applicable legal requirements.
With regard to the withdrawal of consent, you may withdraw, in full or in part, your consent given to us.
You may request for deletion of your personal data by us, and we will use commercially reasonable efforts to honour your request. However, please note that we may be required to keep such information and not delete it for such period of time required by law or in order to fulfil our legal obligations. When we delete any information, it will be deleted from the active database but may remain in our archives. We may also retain your information for fraud prevention and detection or similar purposes.
Your exercise of any of the rights or withdrawal of consent referred to above is, in each case, subject to any applicable legal restrictions, contractual conditions, and a reasonable time period. This may also be subject to whether it would affect the operation of our business and our ability to meet our legal obligations.
We may also, in accordance with the data protection laws applicable to us, refuse to comply with your request. If we refuse to comply with such request, we will inform you of our refusal and reason for our refusal.
VIII. Retention of Personal DataThe personal data you submit to us will only be retained for as long as is required for the purpose for which it was collected or as permitted by applicable laws.
Even though our systems are designed to carry out data deletion processes according to the above guidelines, we cannot promise that all data will be deleted within a specific timeframe due to technical constraints. When we no longer need to use your personal data, it is removed from our systems and records or anonymised so that you can no longer be identified from it.
IX. International Transfers of Personal DataTo provide our products and services, we may transfer your personal data to our affiliates and authorised employees, agents and third parties in the jurisdictions where we operate or where we deem it appropriate or desirable (unless applicable laws provide otherwise) for the purposes stated in this Privacy Policy. In particular, we may transfer your personal data to our overseas affiliate(s) where our information technology storage facilities and servers may be located. There may be a possibility that the data protection levels in other jurisdictions do not completely meet the requirements of the data protection laws in the country where you reside, but all such transfers are performed in accordance with the requirements of applicable laws.
X. Links to Other Websites or ApplicationsThe Platform may contain links to and from the websites and applications of our partner networks, advertisers, patient program sponsors and/or other third parties. If you click on a link to any of these websites or applications, you will leave the Platform and be redirected to the website or application you selected. As we cannot control the activities of third parties, we cannot accept responsibility for any use of your personal data by such third parties, and we cannot guarantee that they will adhere to the same data privacy practices as us. We encourage you to review the privacy policy of these websites or applications before providing any personal data.
We may also offer you the opportunity to use your social media login. If you do so, please be aware that you share your profile information with us depending on your social media platform settings. We encourage you to visit the relevant social media platform and review its privacy policy to understand how your personal data is shared and used in this context.
XI. Marketing and PromotionsWe may use your personal data to market products, services, events, seminars, conferences, initiatives, and promotions and talks of ours (i.e., those of our subsidiaries, related and/or associated companies), business partners, sponsors and/or advertisers. We may communicate such marketing to you by way of post, phone call, email, short message service (SMS), social media and/or any other appropriate communication channels, depending on what you have agreed to with us. If you wish to unsubscribe to the processing of your personal data for marketing and promotions, you may click on the “Unsubscribe” link in the relevant email or message you receive from us. Alternatively, you may contact us directly at the email address found at Part XIV (Contact Us) below. Please note that once we have received your request to unsubscribe, it may take up to fourteen (14) working days for us to process your request and to be reflected in our systems. Therefore, you may still receive marketing communications during this period of time. Please also note that, even if you opt-out from receiving marketing communications, you may still receive administrative communications from us, such as order or other transaction confirmations, and other important non-marketing related announcements.
XII. LanguageIn the event of any inconsistency between the English version and the local language version of this Privacy Policy, the English version shall prevail.
XIII. Amendments to Privacy PolicyZuellig Pharma reserves the right to modify, update and/or amend this Privacy Policy at any time. We will take reasonable steps to ensure amendments to this Privacy Policy are communicated by posting all amendments prominently on the Platform and other places we deem appropriate for a reasonable period of time. Amendments to this Privacy Policy will be effective immediately once published on any of the Platform unless otherwise noted. We invite you to check this Privacy Policy periodically to be informed of any relevant amendments to it, especially before providing any information to us. Your continued access or usage of the Platform and/or providing your personal data to us, following any amendments to this Privacy Policy, indicates your consent to the practices described in the revised Privacy Policy. If you do not agree, you should immediately discontinue your use of the Platform, cease providing to us any of your personal data and notify us in writing in the manner described in Parts VII (Your Rights) and XIV (Contact Us).
XIV. Contact UsFor your reference, the data controllers listed in the table below serve as our main data controllers in the countries/regions we are active in, although these may change based on the service you used. If you have any feedback or questions about this Privacy Policy and the way we handle your personal data, or you wish to exercise any of your rights above, you will be directed to the applicable data controller following our receipt of your query via the “Contact Us” page of our website.
Country/region |
Data Controller |
Hong Kong |
Zuellig Pharma Limited Suite 608, 6/F., Devon House, Taikoo Place, Quarry Bay, Hong Kong |