Privacy Notice
This Privacy Notice describes how Boehringer Ingelheim International GmbH (hereafter “Boehringer Ingelheim”, “we”, “our”, “us”) uses, stores and discloses (together “process”) the personal data we collect about you through this app. In any event, we will only process your personal data in accordance with applicable data protection and privacy laws (i.e. the General Data Protection Regulation - GDPR).
Content
1. USE OF DATA AND LEGAL BASIS
1.1 Registration, Account Data and Communication
1.2 Log data
1.3 Data processing with the help of Technologies
1.4 Analysis of the use of our social media offerings
1.5 Newsletters, Marketing information
1.6 Health data
1.7 Pharmacovigilance
1.8 Further purposes which we process your personal data for
2. DATA TRANSFER
2.1 Reporting obligations to regulatory authorities and enforcement of rights
2.2 Service provider (Processor)
2.3 Boehringer Ingelheim companies
2.4 Transfer to third parties (Controllers)
2.5 Social plugins and third-party content
2.6 Data transfer to recipients outside the EU
3. RETENTION PERIODS
4. YOUR RIGHTS
4.1 Your Rights.
4.2 Contact (Boehringer Ingelheim, supervisory authority)
1. USE OF DATA AND LEGAL BASIS
1.1 Registration, Account Data and Communication
We process your data in order to provide you with the agreed or requested services on this app:
- if you register and log in;
- if you take part in training courses or events;
- if you send us inquiries about products, services or information on possible adverse events.
The legal basis is Article 6 (1) b) GDPR. If you send information about possible adverse events the legal basis is Article 6 (1) c) GDPR (see section 3 for specific information about adverse events).
Where necessary, you can modify the data by editing your account/profile via the settings of the app (in case of a password-protected area) or by sending an e-mail to info@boehringer-ingelheim.com asking to have your account data modified.
1.2 Log data
When you are using the app, we collect technical data, including data sent by your device (e.g. unique device or card identifiers, IP address, time and date, content viewed). We use this data to enable you to use our app and, if necessary, to review and assert our and third-party's rights in the event of damage or violations of legal regulations, our terms of use and the rights of third-parties. The legal basis is Article 6 (1) b) GDPR. The log files will be stored for as long as necessary for the respective purpose, in principle no longer than 2 years.
1.3 Data processing with the help of Technologies
We use certain Technologies for technical reasons that are necessary for the proper functioning of the app, such as resuming a user's session when the app is reopened. Such Technologies may be stored on your device or process data stored on your device.
1.3.1 Essential Technologies
Due to their importance for the app’s functioning, you cannot opt-out from this kind of Technologies. We base the related processing of personal data on Art. 6 (1) b) GDPR.
Essential Technologies we use to provide this app include Technologies, which
- memorize language settings
- allow for app navigation
- implement security tools
- provide access to restricted parts of the app
The lifetime of data stored by essential Technologies extends from the respective session upto one year.
1.3.2 Technologies for App Optimization
For the purpose of making apps work more efficiently, as well as recognizing devices on subsequent visits this app uses certain Technologies provided by third-party providers on the basis of your consent (Art. 6 (1) a) GDPR). After downloading the app mobile device users will be asked to accept or decline such Technologies and share their Unique Device Identifiers with us or our analytics service providers. This consent may be withdrawn at any time without detriment and through configuration of the in-app settings.
We use the following services:
SpotMe - a company specialized in providing mobile event and engagement application solutions.
Each of these applications provide End-Users with a mobile and digital solution to interact and communicate during events, meetings or community engagements. Once the End-User has joined the event environment, they can start using the engagement features of the SpotMe app, including but not limited to, posting questions, receiving learning or training material, communicating in real time with other End-Users, taking notes, casting votes etc., the exact functionalities depending on the feature set made available on the application.
1.4 Newsletters, Marketing information
If you want to get marketing information from us, we will ask for your consent (Art. 6 (1) a) GDPR), which you may withdraw at any time without detriment.
1.5 Pharmacovigilance
If you Report adverse events, information about side effects or other medical aspects("pharmacovigilance") concerning a Boehringer Ingelheim product, we will review and analyze this data.
All reports will be shared with Boehringer Ingelheim International GmbH who is operating the global pharmacovigilance database.
Boehringer Ingelheim is obliged to report pharmacovigilance relevant information to health authorities worldwide (including to countries that may have a lower level of data protection compared to the EU). Legal basis is Art. 6 (1) c), and for transfers outside the EU Art. 6 (1) f) and Art. 49 (1) e) GDPR. The reports will contain details about the incident but only limited personal data:
- For patients, the report will only contain, age, gender and initials (as provided), but never the patient's name.· For the reporting individuals, the report will include the name, profession (e.g. physician, pharmacist), initials or address, e-mail and phone number (as provided). The contact information is required to be able to follow-up with the reporter to gain high quality and complete information on adverse events. The reporter can select that his or her contact details are not provided to Boehringer Ingelheim or authorities. As reports about adverse events are important for public health reasons, they are kept for a minimum of 10 years after withdrawal of the product in the last country where the product was distributed.
1.6 Further purposes which we process your personal data for
If necessary, we process your personal data for additional purposes:
- satisfying our legitimate interests (Art. 6 (1) f) GDPR), including the following: (i) to complete a corporate transaction (e.g., corporate restructuring, sale or assignment of assets, merger);
(ii) to protect, enforce and defend our rights, property and interests;
- ensuring compliance with legal obligations, court orders or other binding decisions of public authorities (Art. 6 (1) c) GDPR);
2. Data Transfer
We may share personal information with third-parties.
2.1 Reporting obligations to regulatory authorities and enforcement of rights
We may share personal information in pharmacovigilance cases as described in Section 1.5.
In order to protect our rights or the rights of third-parties, we may disclose data to rights holders, consultants, courts and authorities in accordance with legal provisions.
2.2 Service provider (Processor)
We engage service providers to process your personal data for the purposes described in this privacy policy. These service providers process the data only on our behalf, according to our instructions, under our control and in accordance with this privacy policy.
2.3 Boehringer Ingelheim companies
As part of a global group of companies, we involve other Boehringer Ingelheim companies that support us with data processing. These group companies process the data exclusively for the purposes stated in this privacy policy as Joint Controller according to Art. 26 GDPR.
2.4 Data transfer to recipients outside the EU
Authorities, Service providers and Boehringer Ingelheim companies may process personal data outside the EU. In these cases, we ensure an adequate level of data protection to comply with European law (usually through EU standard contractual clauses published by the European Commission or, if necessary, other appropriate safeguards).
3. Retention Periods
Boehringer Ingelheim will store your personal data as long as it is necessary for the respective purposes, which is usually to provide the services you have requested. This means for example, that we store your user account data (login, profession, name etc.) until you delete it. In some cases, we are obliged to store your data for longer in order to comply with statutory retention periods.
We have specified retention periods for certain processing purposes.
4. Your Rights
4.1 Your Rights
You can request information about your stored personal data. If you have provided personal data based on a contract or consent, you have the right to receive this data in a commonly used and machine-readable format.
In addition, you can also request the deletion, rectification or restriction of the processing of your data in certain cases.
You can withdraw your consent at any time.
Right to object:
To the extent we base the processing of your personal data on our legitimate interests (Art. 6(1) f) GDPR), you may object to such processing at any time. In this case, we will not process such personal data any longer, unless our interests prevail. You can object to the use of data for direct marketing purposes at any time without a weighing of interests.
If your personal data is transferred to a country outside the EU that does not provide an adequate level of data protection, you can request a copy of the contract that ensures the adequate level of protection.
4.2 Contact (Boehringer Ingelheim, supervisory authority)
Please address your questions or concerns in regard to the processing of your personal data to:
Boehringer Ingelheim International GmbH
- Data Protection Officer –
Binger Strasse 173, D-55216 Ingelheim am Rhein, Germany
E-Mail: datenschutz@boehringer-ingelheim.com
If you still have questions or concerns regarding data processing, you can also contact any supervisory authority. The authority responsible for Boehringer Ingelheim is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz, Hintere Bleiche 34, 55116 Mainz, Germany
E-mail: poststelle@datenschutz.rlp.de