This Privacy Notice describes how and for which purposes
Boehringer Ingelheim International GmbH (hereafter “Boehringer Ingelheim”, “we”, “our”, “us”) processes the personal data we collect about you through this website and social media.
Content
1. PURPOSES OF DATA PROCESSING
1.1 Registration, communication (website and social media channels)
1.3 Use of cookies and related data processing (website optimization, analysis, advertising)
1.4 Analysis of the use of our social media offerings
2. TRANSFER OF PERSONAL DATA
2.1 Reporting obligations to regulatory authorities and enforcement of rights
2.2 Service provider (Processor)
2.3 Boehringer Ingelheim companies
2.5 Other Pharmaceutical Companies
2.6 Social plugins and third-party content
2.7 Data transfer to recipients outside the EU
3. RETENTION PERIODS
4. YOUR RIGHTS
5. CONTACT AND QUESTIONS
6. CHANGES TO THIS PRIVACY NOTICE
1. PURPOSES OF DATA PROCESSING
1.1 Registration, communication (website and social media channels)
We process your data in order to provide you with the services on our websites, for example when you register, log in, participate in training courses and events or send us messages.
We also process your data when you participate in campaigns on our social media channels (Instagram, LinkedIn etc.) or send us inquiries or comments.
The legal basis is Art. 6 (1) b) GDPR.
1.2 Log data
When you visit the website, we receive log data sent by your browser (e.g., IP address, previous website visited, time and date, displayed contents, information regarding the browser and operating system). Collecting log data is technically required to enable you to use our website (the legal basis is Art. 6 (1) b) GDPR). The log files will be stored for as long as necessary for the respective purpose, in principle no longer than 14 days.
1.3 Use of cookies and related data processing (website optimization, analysis, advertising)
We use cookies (small text files placed on your browser) and similar Technologies such as pixel tags (hereinafter referred to as “Cookies”).
1.3.1 Essential Cookies
Essential Cookies are necessary for the website to function properly by providing basic features such as page navigation, access to secure areas of the website or language settings. Legal basis is Art. 6 (1) b) GDPR We store these essential Cookies for up to one year.
1.3.2 Website optimization and analysis
Based on your consent, we set Cookies and analyze how you're using our websites. This way, we collect information about how well certain services are received and we can adjust and improve them as well our websites.
You may withdraw your consent at any time. To do so, please click on the existing button (wheel icon) on the bottom left hand.
With your consent, we use the following services:
Cookies from Adobe Analytics allow us to analyze all traffic and usage patterns of individual users (without further identification) or groups (e.g., which services are used how often, how frequently do users return, how long do they stay, which websites and which region are users coming from). This cookie is stored for up to three years.
Adobe Analytics is a service of Adobe Systems Software Ireland Limited. Adobe acts as our processor. In exceptional cases, data may be transferred to the U.S. Therefore, we concluded the EU Standard Contractual Clauses with Adobe in the U.S.
To protect your identity, the IP address collected by the Cookies is shortened and replaced with a generic IP address.
1.3.3 Marketing Cookies
If you consent, we use Cookies that allow us and our partners to follow users to other websites in order to show ads that are more relevant to the individual user.
You may withdraw your consent at any time. To do so, please click on the existing button (wheel icon) on the bottom left hand.
We use the following services of third-party providers:
If you consent, we activate a pixel from Meta Platforms Ireland when you visit our website. (Meta Platforms Ltd., 4 Grand Canal Square, Dublin 2, Ireland).
The pixel reports to Meta Platforms Ireland which actions you have performed on our website as well as data by which you may be identified by Meta Platforms Ireland (including information regarding app/browser, language setting, time, IP address, advertising ID).
This data allows Meta Platforms Ireland to see that you visited our website, your clicks on our website or if you clicked on a link on Facebook or Instagram that connects you to our website. This allows Meta to show you interest-based ads on Facebook, Instagram or other websites. Meta may link this data to your user account and use it for its own purposes. For information how Meta Platforms Ireland processes your data please check https://www.facebook.com/about/privacy.
We do not receive any data about you or other users of Meta Platforms Ireland, but only statistics that show us, aggregated for all users and only for a certain time period, how they interacted with our offers and ads on other platforms of Meta Platforms Ireland (Facebook, Instagram). This helps us to determine which of our ads were successful and which ones were not.
For the transfer of data collected from the pixel, we and Meta act as so called "Joint Controller" according to Art. 26 GDPR. We have therefore concluded a separate agreement that you can find here: https://www.facebook.com/legal/controller_addendum. For any further processing of your data, Meta is the sole controller. If you wish to exercise your rights to information, deletion, etc. (see section "Your Rights"), Meta Platforms Ireland is responsible for their fulfillment as part of our Joint Controllership.
If you consent, we activate a Twitter tag when you visit our website (Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland).
The tag reports to Twitter what actions you have taken on our website as well as data by which you may be identified.
This data allows Twitter to see that you have visited our website, what you have clicked on and if you clicked on a link on Twitter that connects you to our website. This allows Twitter to show you interest-based content. Twitter can link this data to your user account and use it for its own purposes. For information how Twitter processes your data please check https://twitter.com/de/privacy.
We do not receive any data about you or other Twitter users, but only statistics that show us, aggregated for all users for a certain time period, how they interacted with our offers and ads on other platforms of Twitter. This helps us to determine which of our ads were successful and which ones were not.
If you consent, we activate a LinkedIn Cookie when you visit our website (LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland).
The tag reports to LinkedIn what actions you have taken on our site as well as data by which you may be identified.
With the data LinkedIn can see that you have visited our website, what you have clicked on and if you clicked on a link on LinkedIn that connects you to our website. This allows LinkedIn to show you interest-based content. LinkedIn can link this data to your user account and use it for its own purposes. For information how LinkedIn processes your data please check https://www.linkedin.com/legal/privacy-policy.
We do not receive any data about you or other LinkedIn users, but only statistics that show us, aggregated for all users for a certain time period, how they used our offers and ads on other platforms of LinkedIn. This helps us to determine which of our ads were successful and which ones were not.
1.4 Analysis of the use of our social media offerings
Our social media partners (Meta, LinkedIn etc.) provide us with statistics and analyses on the use of our social media offerings. These statistics do not contain any names or other information about individual users. With the help of these services we can analyze and improve our social media activities. The legal basis is Art. 6 (1) f) GDPR.
1.4.1 Meta
When processing data on our online presences on Facebook and Instagram, we and Meta Platforms Ireland act as so called "Joint Controller" according to Art. 26 GDPR. We have therefore concluded a separate agreement that can be found here: https://www.facebook.com/legal/controller_addendum. For any further processing of your data, Meta is the sole controller. If you wish to exercise your rights to information, deletion, etc. (see section "Your Rights"), Meta Platforms Ireland is responsible for the fulfillment of your rights as part of our Joint Controllership.
1.4.2 LinkedIn
When processing data on our online presences on LinkedIn, we and LinkedIn act as so called "Joint Controller" according to Art. 26 GDPR. We have therefore concluded a separate agreement that can be found here https://legal.linkedin.com/pages-joint-controller-addendum. For any further processing of your data, LinkedIn is the sole controller. If you wish to exercise your rights to information, deletion, etc. (see section "Your Rights"), LinkedIn is responsible for the fulfillment of your rights as part of our Joint Controllership.
1.5 Social Media Listening
We search and follow news, trends, and developments on the internet, especially on social media, that are important to us. This can be news and statements about our or other companies, persons, products, or general business relevant topics. For example, we may collect data on how users on Twitter and LinkedIn comment on Boehringer Ingelheim as a company or on specific campaigns, such as inclusion.
We us this information to:
- identify and contact key players, such as bloggers and influencers.
- understand which topics are relevant, which are positively received, which are negatively received and by which groups; with this information we can adapt our communication and identify new topics.
We collect such data in particular by keyword searches on the internet, especially on social media platforms or by following publicly available expressions of opinion, statements or other interactions (tweets etc.). Such data may also be personal data if they are publicly available. We also use processors and other partners for collecting and analyzing this data. The legal basis is Art. 6 (1) f) GDPR.
1.6 Pharmacovigilance
As a pharmaceutical company Boehringer Ingelheim is required to carry out certain activities related to the detection, assessment, understanding and prevention of adverse effects or any other medicine related problem, also known as pharmacovigilance obligations. The pharmacovigilance obligations require us to process certain information, which may allow us to directly or indirectly identify a person, i.e. the patient and/or the reporter of the adverse event (personal data).
We may need to process following personal data:
About the reporter:
- Full name, initials, and contact details (which may include your address, e-mail address and phone number), profession (e.g., physician, pharmacist).
About the patient (subject of the report):
- Initials (as provided) never the patient’s name; gender; age / date of birth / age group;
- Details related to the Boehringer Ingelheim product suspected to cause the reaction, such as administration information, batch number;
- Further details related to the adverse event: What did exactly happen?; course and outcome of the adverse event, start and end date, first-time user?, information on concomitant medications and/or diseases; seriousness of the event; view of patient and/or reporter on possible causal relationship between Boehringer Ingelheim product and adverse event;
The contact information is requested to enable us to follow-up with the reporter to gain high quality and complete information on adverse events. If the reporter does not wish to provide his contact details to Boehringer Ingelheim or authorities, the reporter can enter “Privacy” in reporter's names field.
We may process your personal data to: (i) analyze the reported adverse event; (ii) contact the reporter for further information; (iii) collate and analyze the information about the adverse event with information about other adverse events received by Boehringer Ingelheim worldwide through our global pharmacovigilance database which is operated by Boehringer Ingelheim International GmbH; and (iv) report pharmacovigilance relevant information to health authorities worldwide.
Reported personal data will be used solely for these purposes. Legal basis for processing pharmacovigilance relevant personal data, including special categories of personal data, is Art. 9 (2)(i) GDPR in connection with Section 22 (1)(c) German Federal Data Protection Act, and furthermore in connection with Art. 49 (1) (e) GDPR for transfers outside the EU.
We are legally obliged to archive pharmacovigilance related information which may include your personal data for the time period of the market authorization plus at least further ten (10) years after the marketing authorization has expired in any country where the relevant Boehringer Ingelheim product was placed on the market.
1.7 Further purposes
If necessary, we process your personal data for additional purposes:
- satisfying our legitimate interests (Art. 6 (1) f) GDPR), including the following:
(i) to complete a corporate transaction (e.g., corporate restructuring, sale or assignment of assets, merger);
(ii) to protect, enforce and defend our rights, property and interests; - ensuring compliance with legal obligations, court orders or other binding decisions of public authorities (Art. 6 (1) c) GDPR).
- as a contractual/statutory requirement according to Art. 13(2) e) GDPR.
2. TRANSFER OF PERSONAL DATA
We may share and/or disclose personal data with third parties:
2.1 Reporting obligations to regulatory authorities and enforcement of rights
In order to comply with legal reporting obligations, to protect our rights and/or the rights of third-parties, we may share and disclose personal data to rights holders, consultants, courts and competent authorities in accordance with legal provisions (e.g., mandatory reports in respect of a suspected adverse event).
2.2 Service provider (Processor)
We engage service providers to process your personal data for the purposes described in this privacy policy. These service providers process the data only on our behalf, according to our instructions, under our control and in accordance with this privacy policy.
2.3 Boehringer Ingelheim companies
As part of a global group of companies, we involve other Boehringer Ingelheim companies that support us with data processing (e.g., as part of our pharmacovigilance obligations to analyze and process a reported adverse event). These group companies process the data exclusively for the purposes stated in this privacy policy as Joint Controller according to Art. 26 GDPR.
2.4 Transfer to third parties
We transfer data to contractual partners who process data under their own responsibility and for their own purposes (e.g., LinkedIn or Twitter, if you have given your consent). The data is transferred solely for the purposes described in this Privacy policy.
2.5 Other Pharmaceutical Companies
We may share pharmacovigilance related information which may include personal data with other pharmaceutical companies who are co-marketing, co-distribution, or other license partners of a Boehringer Ingelheim group of companies, where pharmacovigilance obligations for a Boehringer Ingelheim product require such exchange of safety information; these companies process the data only on our behalf, according to our instructions, under our control and in accordance with this Privacy Policy.
2.6 Social plugins and third-party content
We have not implemented any tools, by which information is automatically transferred to the provider of social media services when you visit our website (Social Plugins).
Any forwarding to social media providers such as YouTube, Meta, etc. takes place exclusively via link, so that data about your visit to our services (e.g., IP address, time, URL) or data available on your end device (e.g. Cookie information) is only transmitted to the respective providers when the link is consciously used.
2.7 Data transfer to recipients outside the EU
Authorities, service providers, business partners and Boehringer Ingelheim companies may process personal data outside the EU. In these cases, we ensure an adequate level of data protection to comply with European law (usually through EU standard contractual clauses published by the European Commission or, if necessary, other appropriate safeguards). You can request a copy of the contract that implements the appropriate protection of personal data by contacting our Data Privacy Officer using the contact details set out below.
3. RETENTION PERIODS
Boehringer Ingelheim will store your personal data as long as it is necessary for the respective purposes, which is usually to provide the services you have requested. This means for example, that we store your user account data (login, profession, name etc.) until you delete it. In some cases, we are obliged to store your data for longer in order to comply with statutory retention periods.
We have specified retention periods for certain processing purposes.
4. YOUR RIGHTS
You have the right to:
- request information about your personal data processed by Boehringer Ingelheim;
- in justified cases, request deletion, rectification or restriction of the processing of your personal data;
- in certain circumstances, request transfer of your Personal Data to you or another person in a commonly utilizable format;
- file a complaint with a data protection authority;
- request the deletion of your Personal Data if they are no longer necessary for the purposes of processing or there is no legal ground for their further processing.
- object to processing of your Personal Data at any time as far as such processing is only based on Boehringer Ingelheim’s legitimate interest (Art. 6 (1) f) GDPR). In this case, we will not process such personal data any longer, unless the interests of Boehringer Ingelheim prevail. You can object to the use of data for direct marketing purposes at any time without a weighing of interests.
Should you have given your consent to the processing of your personal data, you can withdraw it at any time with effect for the future; such withdrawal will not affect the lawfulness of the processing until such withdrawal.
5. CONTACT AND QUESTIONS
If you have any questions about this Privacy Notice or about how we use your personal data, please contact us at the following address:
Boehringer Ingelheim International GmbH
– Data Protection Officer –
Binger Strasse 173, D-55216 Ingelheim am Rhein, Germany
E-Mail: datenschutz@boehringer-ingelheim.com
If you still have questions or concerns regarding data processing, you can also contact any supervisory authority. The responsible authority for Boehringer Ingelheim is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz
Hintere Bleiche 34, 55116 Mainz, Germany
E-mail: poststelle@datenschutz.rlp.de
6. CHANGES TO THIS PRIVACY NOTICE
We may update this Privacy Notice from time to time. Updates of our Privacy Statement will be published on this website. Any amendments become effective upon publication on our Website.
Last updated: September 2022