Data Privacy App

Privacy Notice

This Privacy Notice describes how Boehringer Ingelheim International GmbH (hereafter“Boehringer Ingelheim”, “we”, “our”, “us”) uses, stores and discloses (together “process”) thepersonal data we collect about you through this app. In any event, we will only process yourpersonal data in accordance with applicable data protection and privacy laws (i.e. the GeneralData Protection Regulation - GDPR).

Content

1. USE OF DATA AND LEGAL BASIS

1.1 Registration, Account Data and Communication

1.2 Log data

1.3 Data processing with the help of Technologies

1.4 Analysis of the use of our social media offerings

1.5 Newsletters, Marketing information

1.6 Health data

1.7 Pharmacovigilance

1.8 Further purposes which we process your personal data for

2. DATA TRANSFER

2.1 Reporting obligations to regulatory authorities and enforcement of rights

2.2 Service provider (Processor)

2.3 Boehringer Ingelheim companies

2.4 Transfer to third parties (Controllers)

2.5 Social plugins and third-party content

2.6 Data transfer to recipients outside the EU

3. RETENTION PERIODS

4. YOUR RIGHTS

4.1 Your Rights.

4.2 Contact (Boehringer Ingelheim, supervisory authority)

1. USE OF DATA AND LEGAL BASIS

1.1 Registration, Account Data and Communication

We process your data in order to provide you with the agreed or requested services on this app:

  • if you register and log in;
  • if you take part in training courses or events;
  • if you send us inquiries about products, services or information on possible adverse events.

 

The legal basis is Article 6 (1) b) GDPR . If you send information about possible adverseevents the legal basis is Article 6 (1) c) GDPR (see section 3 for specific information aboutadverse events).

Where necessary, you can modify the data by editing your account/profile via the settings ofthe app (in case of a password-protected area) or by sending an e-mail to info@boehringer-ingelheim.com asking to have your account data modified.

1.2 Log data

When you are using the app, we collect technical data, including data sent by your device(e.g. unique device or card identifiers, IP address, time and date, content viewed). We use thisdata to enable you to use our app and, if necessary, to review and assert our and third-party'srights in the event of damage or violations of legal regulations, our terms of use and the rightsof third-parties. The legal basis is Article 6 (1) b) GDPR. The log files will be stored for as longas necessary for the respective purpose, in principle no longer than 2 years.

1.3 Data processing with the help of Technologies

We use certain Technologies for technical reasons that are necessary for the properfunctioning of the app, such as resuming a user's session when the app is reopened. SuchTechnologies may be stored on your device or process data stored on your device.

1.3.1 Essential Technologies

Due to their importance for the app’s functioning, you cannot opt-out from this kind ofTechnologies. We base the related processing of personal data on Art. 6 (1) b) GDPR.

Essential Technologies we use to provide this app include Technologies, which

  • memorize language settings
  • allow for app navigation
  • implement security tools
  • provide access to restricted parts of the app

 

The lifetime of data stored by essential Technologies extends from the respective session upto one year.

1.3.2 Technologies for App Optimization

For the purpose of making apps work more efficiently, as well as recognizing devices onsubsequent visits this app uses certain Technologies provided by third-party providers on thebasis of your consent (Art. 6 (1) a) GDPR). After downloading the app mobile device users willbe asked to accept or decline such Technologies and share their Unique Device Identifierswith us or our analytics service providers. This consent may be withdrawn at any time withoutdetriment and through configuration of the in-app settings.

We use the following services:

SpotMe - a company specialized in providing mobile event and engagement applicationsolutions.

Each of these applications provide End-Users with a mobile and digital solution to interactand communicate during events, meetings or community engagements. Once the End-Userhas joined the event environment, they can start using the engagement features of theSpotMe app, including but not limited to, posting questions, receiving learning or trainingmaterial, communicating in real time with other End-Users, taking notes, casting votes etc.,the exact functionalities depending on the feature set made available on the application.

1.4 Newsletters, Marketing information

If you want to get marketing information from us, we will ask for your consent (Art. 6 (1) a)GDPR), which you may withdraw at any time without detriment.

1.5 Pharmacovigilance

If you Report adverse events, information about side effects or other medical aspects("pharmacovigilance") concerning a Boehringer Ingelheim product, we will review and analyzethis data.

All reports will be shared with Boehringer Ingelheim International GmbH who is operating theglobal pharmacovigilance database.

Boehringer Ingelheim is obliged to report pharmacovigilance relevant information to healthauthorities worldwide (including to countries that may have a lower level of data protectioncompared to the EU). Legal basis is Art. 6 (1) c), and for transfers outside the EU Art. 6 (1) f)and Art. 49 (1) e) GDPR. The reports will contain details about the incident but only limitedpersonal data:

  • For patients, the report will only contain, age, gender and initials (as provided), but never thepatient's name.· For the reporting individuals, the report will include the name, profession(e.g. physician, pharmacist), initials or address, e-mail and phone number (as provided). The contact information is required to be able to follow-up with the reporter to gain high qualityand complete information on adverse events. The reporter can select that his or her contactdetails are not provided to Boehringer Ingelheim or authorities.As reports about adverseevents are important for public health reasons, they are kept for a minimum of 10 years afterwithdrawal of the product in the last country where the product was distributed.

1.6 Further purposes which we process your personal data for

If necessary, we process your personal data for additional purposes:

  • satisfying our legitimate interests (Art. 6 (1) f) GDPR), including the following:(i) to completea corporate transaction (e.g., corporate restructuring, sale or assignment of assets, merger);

(ii) to protect, enforce and defend our rights, property and interests;

  • ensuring compliance with legal obligations, court orders or other binding decisions of publicauthorities (Art. 6 (1) c) GDPR);

2. Data Transfer

We may share personal information with third-parties.

2.1 Reporting obligations to regulatory authorities and enforcement of rights

We may share personal information in pharmacovigilance cases as described in Section 1.5.

In order to protect our rights or the rights of third-parties, we may disclose data to rights holders, consultants, courts and authorities in accordance with legal provisions.

2.2 Service provider (Processor)

We engage service providers to process your personal data for the purposes described in this privacy policy. These service providers process the data only on our behalf, according to our instructions, under our control and in accordance with this privacy policy.

2.3 Boehringer Ingelheim companies

As part of a global group of companies, we involve other Boehringer Ingelheim companies that support us with data processing. These group companies process the data exclusively for the purposes stated in this privacy policy as Joint Controller according to Art. 26 GDPR.

2.4 Data transfer to recipients outside the EU

Authorities, Service providers and Boehringer Ingelheim companies may process personal data outside the EU. In these cases, we ensure an adequate level of data protection to comply with European law (usually through EU standard contractual clauses published by theEuropean Commission or, if necessary, other appropriate safeguards).

3. Retention Periods

Boehringer Ingelheim will store your personal data as long as it is necessary for the respectivepurposes, which is usually to provide the services you have requested. This means forexample, that we store your user account data (login, profession, name etc.) until you deleteit. In some cases, we are obliged to store your data for longer in order to comply withstatutory retention periods.

We have specified retention periods for certain processing purposes.

4. Your Rights

4.1 Your Rights

You can request information about your stored personal data. If you have provided personaldata based on a contract or consent, you have the right to receive this data in a commonlyused and machine-readable format.

In addition, you can also request the deletion, rectification or restriction of the processing ofyour data in certain cases.

You can withdraw your consent at any time.

Right to object:

To the extent we base the processing of your personal data on our legitimate interests (Art. 6(1) f) GDPR), you may object to such processing at any time. In this case, we will not processsuch personal data any longer, unless our interests prevail. You can object to the use of datafor direct marketing purposes at any time without a weighing of interests.

If your personal data is transferred to a country outside the EU that does not provide anadequate level of data protection, you can request a copy of the contract that ensures theadequate level of protection.

4.2 Contact (Boehringer Ingelheim, supervisory authority)

Please address your questions or concerns in regard to the processing of your personal datato:

Boehringer Ingelheim International GmbH

  • Data Protection Officer –

Binger Strasse 173, D-55216 Ingelheim am Rhein, Germany

E-Mail: datenschutz@boehringer-ingelheim.com

If you still have questions or concerns regarding data processing, you can also contact anysupervisory authority. The authority responsable for Boehringer Ingelheim is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz, Hintere Bleiche 34, 55116 Mainz, Germany

E-mail: poststelle@datenschutz.rlp.de