GO Main Menu Go Main Contents Go Bottom Menu
Privacy Policy
Last updated 26 July 2024

This Privacy Policy applies to your use of this website maintained by Celltrion Healthcare Australia Pty Ltd (“Celltrion” or "We") and should be read in conjunction with the Terms of Use. By accessing and using this website, you accept, without limitation, the terms of this Privacy Policy and our Terms of Use. Your use of this website is subject to our then-current Privacy Policy and Terms of Use.

This Privacy Policy provides information regarding the collection, use and disclosure by Celltrion of any information that you may provide while accessing and using this website. Information provided may or may not qualify as ‘personal information’ under the Privacy Act 1988 (Cth) depending on whether it is information about an identified individual or an individual who is reasonably identifiable. An example of personal information is your email address. This Privacy Policy applies to the extent that you provide personal information while accessing and using this website. This Privacy Policy does not apply to the extent that you provide information while accessing and using this website that cannot reasonably be associated with you. An example of such information is the IP address of your computer. We refer to such information as ‘anonymous information’.

While accessing and using this website, you may be invited to provide personal information. Please be sure to read this Privacy Policy before providing any personal information using the website. Whenever you provide personal information using the website, you consent to its collection, use, and disclosure in accordance with this Privacy Policy.

The personal information that you and other website users provide may be aggregated. Upon aggregation, such information becomes anonymous information in that it does not personally identify you or any other individual. Celltrion is the owner of all aggregate personal information/anonymous information collected through this website and may use and disclose it for any purpose.

Due to the requirements of local regulatory agencies and/or Medicines Australia, only healthcare professionals may access certain sections of this website. To ensure compliance with those requirements, healthcare professionals are required to provide their AHPRA number and other personal information to visit such sections of the website. This is the only personal information we collect from you during your use of the website, and you provide it voluntarily and at your discretion.

Celltrion may use personal information collected from you during your use of the website to:
understand how our products and services affect those in your care;
develop, enhance, or modify our products and services;
validate your ability to access or utilise our products and services;
expand our business network and scale of operations;
respond to your enquiries, fulfill appropriate requests and otherwise provide you with customer service;
send administrative information to users, such as changes to our terms and policies, as well as market information that we believe may be of interest to you;
ensure that our business operations comply with any relevant legal obligations or match our legitimate interests;
monitor cyber security, including detecting, preventing, or investigating fraud in the use of our website; or
identify usage trends for our website, for data analysis or internal data audits.

Celltrion may disclose personal information collected from you during your use of the website to:
our subsidiaries and affiliates worldwide for the purposes described in this Privacy Policy;
service providers in order to provide services including, but not limited to, website hosting, data analysis, information technology, infrastructure provision, customer service, email delivery, and auditing;
other companies with whom we collaborate regarding particular products or services, including our co-promoting partners for products that we develop and market jointly;
comply with applicable laws, as well as our regulatory monitoring and reporting obligations (including laws outside Australia);
respond to requests from public and government authorities (including authorities outside Australia); or
cooperate with law enforcement, or for any other purposes required by law.

Celltrion will store and protect personal information collected from you during your use of the website as follows. Celltrion seeks to use reasonable organisational, technical and administrative measures to protect any personal information collected. The organisational measures include the establishment and implementation of internal management plans and regular employee training in relation to the protection of personal information. The technical measures include installation of security programs, encryption of personal information, installation of access control systems, and careful management of access authority. The physical measures include access controls for our data processing and data storage rooms.

Celltrion will retain your personal information for as long as needed or permitted in light of the purpose(s) for which it was collected and as outlined in this Privacy Policy. When we have no ongoing legitimate business need to retain your personal information, we will either delete it or anonymise it, or, if this is not possible (for example, if your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further use until it can be safely deleted.

You have the right to request access to the personal information that Celltrion has collected from you through your use of the website. To request access to your personal information that Celltrion has retained, please contact us at info-anz@celltrionhc.com. You also have the right to have your personal information retained by Celltrion corrected if it is wrong. Again, please contact us at info-anz@celltrionhc.com for that purpose.

As you access and use the website, anonymous information may be collected, such as cookies, internet tags or web beacons, as well as navigational data (log files, server logs, clickstream) and the URL of the last website that you visited. This anonymous information may be used to provide better service on our website, compile statistics and otherwise improve the website experience. You can set your web browser to accept all cookies, to reject all cookies, or to notify you whenever a cookie is offered so that you can decide each time whether to accept it.

Celltrion Healthcare does not knowingly collect personal information from anyone under the age of 18 without the consent of their parent or guardian. You must be 18 years of age or older to submit personal information using this website. Should you believe that a minor of whom you are a parent or guardian has submitted any such information, please contact us at info-anz@celltrionhc.com and we will make reasonable efforts to remove all personal information relating to the minor.

This site may contain links to other websites to which this Privacy Policy does not apply. We encourage you to read the privacy policies of every website you visit.
Privacy Notice for Customers and Business Partners
Last Updated: July 26, 2024


INTRODUCTION
This Privacy Notice is for healthcare professionals, customer/prospective customers, suppliers, and service providers, including representatives or contact persons of legal entities. This Privacy Notice is provided by Celltrion Healthcare Australia Pty Ltd (hereinafter "Celltrion" or "we") and its subsidiaries/branches to explain who we are, how we collect, share and use personal data about you, as well as how you can exercise your privacy rights. If you have any questions or concerns about our use of your personal data, or would like to exercise any of your rights — including, but not limited to, objecting to the processing of your personal data in the methods that we describe here — then please contact us using the details provided at the end of this Privacy Notice. Celltrion does its best to protect your privacy rights.


WHO WE ARE
Celltrion is a global pharmaceutical company, whose ultimate parent company is headquartered in Incheon, Republic of Korea (South). For more information about us, please visit our website at https://www.celltrion.com/en-us


PERSONAL DATA
"Personal Data" may refer to any data that identifies one as an individual or relates to an identifiable individual.
If you are a Healthcare Professional ("HCP"), we may request additional Personal Data.
* HCP refers to any member of the medical, dental, pharmacy or nursing professions or any other person who, in the course of his or her professional activities, may prescribe, purchase, supply, or administer a medicinal product.

Personal Data that we may request includes:
• General information (such as name, gender, date of birth, nationality)
• Identification information (such as ID card, SSN, passport numbers)
• Contact details (such as postal address, telephone numbers, email addresses)
• Function (such as title, position, company name)
• Financial information

If you are an HCP, we may also request additional data related to our professional interaction with you such as:
• Professional biography/credentials;
• Data related to licenses, specialties, professional affiliations, publications, credentials, and other occupational achievements; or
• Data related to your use of our products, your interactions with us, and services for those you care for

If we ask you to provide any other personal information not described above, then the specific information requested and the reasons why we require them will be made clear to you at the point we collect your personal information.

We may also collect Personal Data from other sources, including data brokers, publicly accessible databases, joint marketing partners, and other third parties. In this case, such collections will be conducted under the consent of data subjects.

Providing us with, or giving us permission to collect, any Personal Data relating to individuals other than yourself requires you to have valid authority to do so pursuant to relevant legislation.

In general, we will use the personal information we collect from you only for the purposes described in this Privacy Notice; for any other purpose not mentioned, we will explain to you at the time your personal information is collected. However, we may also use your personal information for other purposes not incompatible with the purposes we have disclosed to you (such as archiving purposes, scientific or historical research purposes, or statistical purposes) if and where this is permitted by applicable data protection laws.


HOW WE USE PERSONAL DATA
We use Personal Data in order to:
• Perform the noticed purpose when we obtained your prior consent;
• Perform contractual obligations;
• Comply with legal/regulatory obligations.

We also use Personal Data as necessary for our legitimate interests and do not override your data protection or fundamental rights and freedoms.
Our purpose of processing includes:
• Developing and managing our (contractual) relationship with you, such as:
• providing our services and responding to your inquiries.
• sending administrative information to you, such as changes to our terms, conditions, and policies, as well as market information that we believe may be of interest to you.
• improving the quality of our interactions and services.
• developing transactional transparency such as "know your customers" (KYC) data required by financial institutions, banking records, invoices, remittances, and receipts related to our suppliers or service providers.
• ensuring transparency on transfer of value.
• Engaging with you, an HCP; as follows:
• verifying your eligibility to access specific products, services and data that may be provided only to certain licensed HCPs.
• interacting with you based on your professional expertise and opinion through digital and/or other means.
• involving you in programs/panels of healthcare professionals.
• reaching out to you for your professional expertise, in the context of surveys relating to products or services of our entities or business partners.
• collaborating with you on medical events, publications, or advisory meetings.
• seeking your views on products and services promoted by us, or an affiliate or business partner for development and improvement purposes.
• Complying with legal/regulatory obligations or for our legitimate interests as follows:
• analyzing or predicting your preferences in order to improve our interactions with you, (i.e., to deliver to you the content, products and offers via our Site, emails or digital tools that we believe will be relevant to your professional interests).
• conducting data analysis and audits.
• identifying usage trends in the use of our Sites and analyzing the effectiveness of our communications.
• detecting, preventing, and investigating fraud including (cyber) security monitoring and prevention.
• developing, enhancing, or modifying our products and services.
• validating your ability to access or use certain products or services.
• understanding how our products and services impact you and those in your care.
• operating and expanding our business activities.

The Personal Data that you and other individuals provide may be aggregated. We may use and disclose such aggregated data for any purpose. Aggregated data does not personally identify you or any other individual.


HOW WE DISCLOSE PERSONAL DATA
We disclose Personal Data to third parties as follows:
• Our subsidiaries and affiliates worldwide for the purposes described in this Privacy Notice.
• Service providers to provide services including, but not limited to: website hosting, data analysis, information technology, infrastructural provision, customer service, email delivery, and auditing
• Other companies with whom we collaborate regarding particular products or services. These may include our co-promoting partners for products that we develop and market jointly
• To any other person with your consent to the disclosure.

We also disclose your Personal Data as we believe to be necessary or appropriate:
• (i) To comply with applicable law, as well as our regulatory monitoring and reporting obligations (which may also include laws outside your country of residence), (ii) to respond to requests from both public and government authorities (which may also include authorities outside your country of residence), (iii) to cooperate with law enforcement, or (iv) for other legal purposes.


LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION (EEA residents only)
If you are a resident of the European Economic Area, our legal basis for collecting and using the personal information as described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will generally collect personal information from you only where we have your consent to do so, where it is required to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may need to collect personal information from you to satisfy legal obligations or in order to protect your vital interests or those of another person (e.g. to inform patients of possible adverse side effects related to medication they are taking).
If we ask you to provide personal information to comply with a legal requirement or for contacting purposes, we will make this clear at the relevant time and advise you whether or not the provision of your personal information is mandatory (as well as of the possible consequences of not providing your personal information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will alert you and clarify what those legitimate interests are at the relevant time.
If you have any questions or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the "CONTACT US" heading below.


INDIVIDUAL RIGHTS
If you would like to request to review, correct, update, suppress, restrict, or delete Personal Data that you have provided to us, or if you would like to request to receive an electronic copy of your Personal Data for the purpose of transmitting it to another company, you may contact us as indicated in the "CONTACT US" section. We will respond to your request in compliance with applicable law.
In your request, please let us know what Personal Data you would like to have changed, whether you would like to have it suppressed from our database, or set certain limitation on our use of your data. We may need to verify your identity before implementing your request. We will try our best to respond to your request as soon as reasonably practicable.
When asked to provide Personal Data, you may decline. However, choosing not to provide necessary information may limit our ability to supply you with requested services.
Please note that we may need to retain certain type of Personal Data for record keeping purposes.


DATA SECURITY
We seek to use reasonable organizational, technical and administrative measures in order to protect your Personal Data. This includes encrypting your personal information in transit and at rest.


DATA RETENTION PERIOD
We will retain your Personal Data for as long as needed or permitted in light of the purpose(s) for which it was obtained and as outlined in this Privacy Notice. The criteria used to determine our retention periods include: (i) the length of time you maintain an ongoing relationship with us (if the personal data is not related to a specific contract, the personal data will be stored for 24 months after our last interaction with you); (ii) whether or not there is a legal obligation to which we are subject; (iii) whether or not retention is advisable in light of our legal position (such as in regard to the enforcement of the Terms of Use, applicable statutes of limitations, litigation, or regulatory investigations).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, if your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until it can be safely deleted.


INTERNATIONAL DATA TRANSFERS
Your personal information may be transferred to, and processed in countries other than the one in which you are resident. These countries may have data protection laws that are different from the laws in your country.
Celltrion is headquartered in the Republic of Korea (South). We may transfer your personal information with legitimate purpose to our subsidiaries/affiliates, third party service providers, and business partners located around the world.
However, we have taken appropriate safeguards to ensure that your personal information will remain protected in accordance with this Privacy Notice. This includes implementing the European Commission's Standard Contractual Clauses for transfers of personal information between our group companies, which requires all group companies to protect personal information they process from the EEA in accordance with European Union data protection laws.
Appropriate safeguards have also been implemented with our third party service providers and partners. Further details, along with our Standard Contractual Clauses, can be provided upon request.


UPDATES
We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you of the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws. This Privacy Notice was last updated as of the "Last Updated" date shown above.


CONTACT US
If you have any questions or concerns about our use of your personal information, please contact our data protection officer using the following details: DPO.CTHC@celltrionhc.com
Privacy Notice for Employees
Last Updated: July 26, 2024


INTRODUCTION
This Privacy Notice is provided by Celltrion Healthcare Australia Pty Ltd (hereinafter "Celltrion" or "we") and its subsidiaries/branches to explain who we are, how we collect, share and use Personal Data about you, the employee, as well as how you can exercise your privacy rights. If you have any questions or concerns about our use of your Personal Data, or would like to exercise any of your rights — including, but not limited to, objecting to the processing of your Personal Data in the ways that we describe here — then please contact us using the details provided at the end of this Privacy Notice. Celltrion does its best to protect your privacy rights.


WHO WE ARE
Celltrion is a global pharmaceutical company whose ultimate parent company is headquartered in Incheon, Republic of Korea (South). For more information about us, please visit our website at https://www.celltrion.com/en-us


PERSONAL DATA
"Personal Data" is any data that identifies you as an individual or relates to an identifiable individual. There are also "special categories" of more sensitive Personal Data which require a higher level of protection.

Personal Data that we may collect and use includes:
• Your name, address, contact details such as email addresses and telephone numbers, date of birth, and gender;
• The terms and conditions of your employment;
• Details of your qualifications, skills, experience, education, and employment history (including duty services like military service), including start and end dates, previous employers and organizations;
• Information about your remuneration, including entitlement to benefits such as pensions or insurance coverage;
• Details regarding your bank account and social security number;
• Information about your marital status, next of kin, dependents and emergency contacts;
• Information about your nationality and entitlement to work in the employed country;
• Details regarding your schedule (work days and working hours) and attendance at work;
• Details regarding periods of leave taken by you, including holidays, sickness absences, family matters, and other absences, as well as the reason for the absence;
• Details regarding any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and/or the related correspondence; or
• Assessments of your performance, including appraisals, performance reviews, performance improvement plans and related correspondence.

We may also collect, store and use "personally identifiable information" (such as your driver license number, passport number, and social security number) and the following "special categories" of sensitive personal information including:
• Information about medical or health conditions, including whether or not you have a disability for which the organization needs to make reasonable adjustments;
• monitoring information in order to maintain fair and equal opportunity, including information about your ethnic origin, sexual orientation, health, and religion or belief; or
• Biometric data, including fingerprints, hand geometry, and samples.

Your Personal Data may be collected through application forms or CVs, your passport or other personal identity, documents completed by you at the start of or during employment, any correspondence with you, or through interviews, meetings or other assessments.
In addition, we may collect personal data about you from third parties, such as references supplied by former employers and information from employment background check providers.
Providing us with, or giving us permission to collect, any Personal Data relating to individuals other than yourself requires you to have valid authority to do so pursuant to relevant legislation
In general, we will use the personal information we collect from you only for the purposes described in this Privacy Notice; for any other purpose not mentioned, we will explain to you at the time your personal information is collected. However, we may also use your personal information for other purposes not incompatible with the purposes we have disclosed to you if and where this is permitted by applicable data protection laws.


HOW WE USE PERSONAL DATA
We use Personal Data in order to:
• Manage the employment relationship;
• Perform contractual obligations under your employment contract; or
• Comply with legal/regulatory obligations.

We also use Personal Data as necessary for our legitimate interests and do not override your data protection or fundamental rights and freedoms at any time before, during and after the end of the employment relationship.
Our contractual obligations include:
• Payment in accordance with the employment contract; or
• Administration and operation (such as benefit, tax, pension, and insurance).

Our legal/regulatory obligations include, but are not limited to:
• Checking an employee's entitlement to work in the employed country; or
• Complying with labor laws and other applicable laws related with employment.

Our legitimate interests include:
• Running recruitment and promotion processes;
• Maintaining accurate and up-to-date employment records, contact details (including details regarding who to contact in the event of an emergency), and records of employee contractual and statutory rights;
• Operating and keeping a record of disciplinary and grievance processes in order to ensure acceptable conduct within the workplace;
• Operating and keeping a record of employee performance and related processes in order to plan for career development, and for succession planning and workforce management purposes;
• Operating and keeping a record of absence and absence management procedures in order to allow effective workforce management and ensure that employees are receiving the appropriate pay or other benefits to which they are entitled;
• Obtaining occupational health advice, to ensure that it complies with duties in relation to individuals with disabilities, meeting its obligations under applicable laws, and making sure that employees are receiving the appropriate pay or other benefits to which they are entitled;
• Operating and keeping a record of other types of leave (including maternity, paternity, parental and shared parental leave), in order to maintain effective workforce management, to ensure that the organization complies with its duties in relation to leave entitlement, and to make sure that employees are receiving the appropriate pay or other benefits to which they are entitled;
• Managing effective general HR and business administration;
• Providing references on request for current or former employees;
• Responding to and defending against legal claims; or
• Maintaining and promoting equality in the workplace.

Some special categories of Personal Data, such as information about health or medical conditions, are processed in order to carry out obligations related to employment law (such as those in relation to employees with disabilities).
The organization processes other special categories of Personal Data, such as information about ethnic origin, sexual orientation, health or religion or belief; this is done for the purposes of monitoring equal opportunity. Data that the organization uses for such purposes is anonymized. Employees are entirely free to decide whether or not to provide such data and there are no negative consequences of refusing to do so.
Personal Data is stored in the company's HR management and IT systems.


HOW WE DISCLOSE PERSONAL DATA
We disclose your Personal Data only when strictly necessary as follows:
• To selected employees (including your managers and those at the HR/GA/Finance/Account/IT Departments, all of whom have signed a confidentiality agreement) and our subsidiaries/affiliates for the purposes described in this Privacy Notice; or
• Service providers acting on behalf of us and our subsidiaries/affiliates, such as payroll service providers, travel agencies, and IT system and data hosting providers. We may also share your data with third parties in order to obtain pre-employment references from other employers as well as employment background checks from third party providers. These third parties are contractually and legally required to protect the confidentiality and security of your personal data, in compliance with applicable law.

We also use and disclose your Personal Data as we believe to be necessary or appropriate:
• (i) To comply with applicable law and our regulatory monitoring and reporting obligations (which may include laws outside your country of residence), (ii) to respond to requests from public and government authorities (which may include authorities outside your country of residence), (iii) to cooperate with law enforcement, or (iv) for other legal reasons.


LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION (EEA employees only)
If you are a visitor from the European Economic Area, our legal basis for collecting and using the personal information as described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will generally collect personal information from you only when we need the personal information in order to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information.
If we ask you to provide personal information to comply with a legal requirement, we will make this clear at the relevant time and advise you whether or not the provision of your personal information is mandatory (as well as of any possible consequences of not providing your personal information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will alert you and clarify what those legitimate interests are at the relevant time.
If you have any questions or need further information concerning the legal basis on which we collect and use your personal information, please let us know using the contact details provided under the "CONTACT US" heading below.


INDIVIDUAL RIGHTS
If you would like to request to review, correct, update, suppress, restrict or delete Personal Data that you have provided to us through an HR manager, or if you would like to request to receive an electronic copy of your Personal Data for the purpose of transmitting it to another company, you may contact us as indicated in the "CONTACT US" section. We will respond to your request in compliance with applicable law.
In your request, please tell us what Personal Data you would like to have changed, whether you would like to have it suppressed from our database, or set certain limitation on our use. We may need to verify your identity before implementing your request. We will try our best to respond to your request as soon as reasonably practicable.
When asked to provide Personal Data, you may decline. However, choosing not to provide necessary information may limit our ability to supply you with requested services.
Please note that we may need to retain certain types of Personal Data for record keeping regarding your requests and resolutions responded.


DATA SECURITY
We seek to use reasonable organizational, technical and administrative measures in order to protect your Personal Data. This includes encrypting your personal information in transit and at rest.


DATA RETENTION PERIOD
We will retain your Personal Data for as long as needed or permitted in light of the purpose(s) for which it was obtained and as outlined in this Privacy Notice. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing employment relationship with you; (ii) whether or not there is a legal obligation to which we are subject (such as keeping records of employment and payroll); (iii) whether or not retention is advisable in light of our legal position (such as in regard to the enforcement of the employment contract, applicable statutes of limitations, litigation or regulatory investigations).
When we have no ongoing legitimate purpose to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, if your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until it can be safely deleted.


INTERNATIONAL DATA TRANSFER
Your personal information may be transferred to, and processed in countries other than the one in which you are resident. These countries may have data protection laws that are different from the laws in your country.
Celltrion is headquartered in the Republic of Korea (South). We may transfer your personal information with legitimate purpose to our subsidiaries/affiliates and third-party service providers located around the world.
However, we have taken appropriate safeguards to ensure that your personal information will remain protected in accordance with this Privacy Notice. This includes implementing the European Commission's Standard Contractual Clauses for transfers of personal information between our group companies, which requires all group companies to protect personal information they process from the EEA in accordance with European Union data protection laws.
Appropriate safeguards have also been implemented with our third-party service providers and partners. Further details, along with our Standard Contractual Clauses, can be provided upon request.


UPDATES
We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you in consistence with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws. This Privacy Notice was last updated as of the "Last Updated" date shown above.


CONTACT US
If you have any questions or concerns about our use of your personal information, please contact your HR manager or our data protection officer using the following details: DPO.CTHC@celltrionhc.com
Privacy Notice for Adverse Events Report, Complaints and Queries
Last Updated: July 26, 2024


INTRODUCTION
This Privacy Notice is for individuals who report adverse events, submit complaints or request medical information, or are the subject of such reports/submits/requests.
This Privacy Notice is provided by Celltrion Healthcare Australia Pty Ltd (hereinafter "Celltrion" or "we") and its subsidiaries/branches to explain who we are, how we collect, share and use personal data about you, as well as how you can exercise your privacy rights. If you have any questions or concerns about our use of your personal data, or would like to exercise any of your rights — including, but not limited to, objecting to the processing of your personal data in the methods that we describe here — then please contact us using the details provided at the end of this Privacy Notice. Celltrion does its best to protect your privacy rights.


WHO WE ARE
Celltrion is a global pharmaceutical company, whose ultimate parent company is headquartered in Incheon, Republic of Korea (South). For more information about us, please visit our website at https://www.celltrion.com/en-us


PERSONAL DATA
"Personal Data" may refer to any data that identifies one as an individual or relates to an identifiable individual.

Personal Data that we may collect and use includes:
• Information regarding individuals that report adverse events or make medical information queries or product quality complaints, such as healthcare professionals and caregivers. It includes your name, phone number, email and/or postal address, and place of work (for healthcare professionals);
• Information about the patient, including name, hospital record numbers, age, date of birth, sex, weight, height, race, whether pregnant and/or breastfeeding, and strictly necessary occupational data for the evaluation of the adverse event; or
• Strictly necessary or relevant data, for the purposes described in this Privacy Notice, refers to patient health or lifestyle data including, but not limited to, the nature of adverse effects, examination results, personal or family medical history, diseases or associated events, risk factors, information about the use of medicines and therapy management, physical exercise, diet, eating behavior, sexual life/contraception, and consumption of tobacco, alcohol, and drugs.

We may ask for additional information as needed. If we ask you to provide any other personal information not described above, then the specific information requested and the reasons why we require them will be made clear to you at the point we collect your personal information.
Providing us with, or giving us permission to collect, any Personal Data relating to individuals other than yourself requires you to have valid authority to do so pursuant to relevant legislation.
In general, we will use the personal information we collect from you only for the purposes described in this Privacy Notice; for any other purpose not mentioned, we will explain to you at the time your personal information is collected. However, we may also use your personal information for other purposes that are not incompatible with the purposes we have disclosed to you (such as archiving purposes, scientific or historical research purposes, or statistical purposes) if and where this is permitted by applicable data protection laws.


HOW WE USE PERSONAL DATA
We will only process your personal data as required by contractual or legal/regulatory obligations; or for our legitimate interest

We use Personal Data in order to:
• Monitor the safety of medicinal products and medical devices, which includes detecting, assessing, following up on and preventing adverse events, and reporting adverse events to health authorities;
• Respond to queries regarding medical information including, but not limited to, relation to availability of products, clinical data, dosing and administration, formulation and stability, and interactions with other drugs, foods, and conditions;
• Respond to quality complaints regarding our products, such as any fault of quality and/or effectiveness, stability, reliability, safety, performance, or usage;
• Answer other questions or requests and improve our products and services;
• Comply with our policies and local legal, regulatory, and compliance requirements; or
• Conduct audits and defend litigation.

The Personal Data that you and other individuals provide may be aggregated. We may use and disclose such aggregated data for any purpose. Aggregated data does not personally identify you or any other individual.


HOW WE DISCLOSE PERSONAL DATA
We do not share or transfer personal data to third parties other than those indicated in this Privacy Notice.

Personal data may be accessed by or transferred to:
• Our employees (including those at Medical, Quality, Legal and Compliance Departments) and other Celltrion Group companies (especially Celltrion Inc., the manufacturer of our products)
• Other pharmaceutical and medical device companies if the adverse event, request for information, or complaint relates to one of their products
• Service providers acting on behalf of us and our subsidiaries/affiliates, such as IT system and data hosting providers, and adverse event processing service providers. These third parties are contractually and legally obliged to protect the confidentiality and security of personal data, in compliance with applicable law

Personal data may be shared with:
• Healthcare professionals involved in an adverse event, request for information, or complaint
• A national and/or international regulatory, enforcement, public body or court where we are required to do so by applicable law or regulation or at their request; Including The European Medicines Agency (EMA) which controls the EudraVigilance database (for more information visit https://www.ema.europa.eu), the U.S. Food and Drug Administration (FDA) which controls the Adverse Event Reporting System (for more information visit https://open.fda.gov/data/faers/) and the Korea Institute of Drug Safety & Risk Management (KIDS) which controls the Korea Adverse Event Reporting System (for more information visit https://kaers.drugsafe.or.kr/)

We also disclose your Personal Data as we believe to be necessary or appropriate:
• (i) To comply with applicable law, as well as our regulatory monitoring and reporting obligations (which may also include laws outside your country of residence), (ii) to respond to requests from both public and government authorities (which may also include authorities outside your country of residence), (iii) to cooperate with law enforcement, or (iv) for other legal purposes.


LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION (EEA personal only)
If you are a visitor from the European Economic Area, our legal basis for collecting and using the personal information as described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will generally collect personal information from you only where we have your consent to do so, where it is required to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some case, we may need to collect personal information from you to satisfy legal obligations or in order to protect your vital interests or those of another person (e.g. to inform patients of possible adverse side effects related to medication they are taking).
If we ask you to provide personal information to comply with a legal requirement or for contacting purposes, we will make this clear at the relevant time and advise you whether or not the provision of your personal information is mandatory (as well as of the possible consequences of not providing your personal information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will alert you and clarify what those legitimate interests are at the relevant time
If you have any questions or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the details provided under the "CONTACT US" heading below.


INDIVIDUAL RIGHTS
If you would like to request to review, correct, update, suppress, restrict or delete Personal Data that you have provided to us, or if you would like to request to receive an electronic copy of such Personal Data for the purpose of transmitting it to another company, you may contact us as indicated in the "CONTACT US" section. We will respond to your request in compliance with applicable law.
In your request, please tell us what Personal Data you would like to have changed, whether you would like to have it suppressed from our database, or set certain limitation on our use of your data. We may need to verify your identity before implementing your request. We will try our best to respond to your request as soon as reasonably practicable.
When asked to provide Personal Data, you may decline. However, choosing not to provide necessary information may limit our ability to supply you with requested services.
Please note that we may need to retain certain type of Personal Data for record keeping purposes.


DATA SECURITY
We seek to use reasonable organizational, technical and administrative measures in order to protect your Personal Data. This includes encrypting your personal information in transit and at rest.


DATA RETENTION PERIOD
We will retain your Personal Data for as long as needed or permitted in light of the purpose(s) for which it was obtained and as outlined in this Privacy Notice. The criteria used to determine our retention periods include: (i) the length of time you maintain an ongoing relationship with us; (ii) whether or not there is a legal obligation to which we are subject; or (iii) whether or not retention is advisable in light of our legal position (such as in regard to the applicable statutes of limitations, litigation or regulatory investigations).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, if your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until it can be safely deleted.


INTERNATIONAL DATA TRANSFER
Your personal information may be transferred to, and processed in, countries other than the one in which you are resident. These countries may have data protection laws that are different from the laws in your country.
However, we have taken appropriate safeguards to ensure that your personal information will remain protected in accordance with this Privacy Notice. This includes implementing the European Commission's Standard Contractual Clauses for transfers of personal information between our group companies, which requires all group companies to protect personal information they process from the EEA in accordance with European Union data protection laws.
Appropriate safeguards have also been implemented with our third-party service providers and partners. Further details, along with our Standard Contractual Clauses, can be provided upon request.


UPDATES
We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you of the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws. This Privacy Notice was last updated as of the "Last Updated" date shown above.


CONTACT US
If you have any questions or concerns about our use of your personal information, please contact our data protection officer using the following details: DPO.CTHC@celltrionhc.com