Privacy and Cookies Policy
Last updated on December 7, 2021
Thank you for visiting the Helsinn Group website (the “Website”) which is operated by Helsinn Healthcare S.A. (“Helsinn”, “we”, “us”, and “our”). We recognise the importance of and are committed to respecting and protecting your privacy.
From time to time, we evaluate our privacy policies and procedures to implement improvements and refinements. If we make material changes to this Privacy and Cookies Policy, we will notify you by means of a prominent notice on this Website.
PERSONAL DATA WE MAY COLLECT ABOUT YOU
We may collect and process your personal data through the Website when you: (i) contact us using the Contact Us form; (ii) email us using the available links; (iii) submit any personal data submitted through the About Us Section; (iv) submit a grant request; (v) submit an Early Access program request; (vi) fill in the form in the “Send a Report Online” section or by following the instructions in the “Send a Report by Telephone” section of the Ethicspoint platform; or (vii) apply for a job.
We collect and process personal data that you provide to us, such as when you fill out forms on the Website, only if needed and appropriate. The information may include, for example, your name and contact details (e-mail address, telephone number, mailing address etc.); business information, employment history, education history, qualifications, occupation and areas of specialization.
We can also collect personal data in the management of reports on violations of the Code of Conduct and Ethics, contractual obligations, company’s policies and procedures, specifically, the Speak Up Policy and the compliance policies adopted by Helsinn on the matter of conflict of interest, anti-corruption and non-retaliation. The personal data processed will be those of the reporting subject, including personal data relating to third parties, where applicable.
In addition, we automatically collect basic technical information from all visitors to the Website through our automatic data collection tools, which may include cookies and other commonly used technologies (e.g. web beacons). Please see the Section on COOKIES below for further information.
HOW WE USE YOUR PERSONAL DATA
We may need to collect personal data for the performance of any current or prospective contractual relationship with you and where necessary for us to provide you with the requested services/information for the following purposes: (i) to contact you and respond to your requests and enquiries, encompassing collecting and responding to adverse events and product complaint reports; (ii) to process your requests including when you apply for a job or provide information regarding upcoming events and press releases or for collaboration and research purposes; (iii) for business administration, including statistical analysis; (iii) to personalise your visit to the Website and to assist you while you use the Website; (iv) to improve the Website by helping us understand who uses the Website; (v) to provide important notices and updates, such as changes to our terms and policies, security alerts and administrative messages; and (vi) for fraud prevention and detection and investigations against illegal activities; (vii) to manage the reporting of actions or situations of misconduct (“Speak up”), anti-corruption and non-retaliation in the working context; and (viii) to comply with applicable laws, regulations or codes of practice or demands or requests made by regulators, governments, courts and law enforcement authorities.
We will only collect personal data about you that is necessary for one or more of our legitimate business purposes or is required by law. Please note that, if you do not provide personal data, we may not be able to provide services or information to you or enter commercial engagements with you.
SHARING YOUR PERSONAL DATA
We may at times share your personal information with others and transfer it internationally. For example, we may share your personal data with trusted third parties, including, but not limited to: companies that provide us with technical support, data analytics, and hosting of the Website; our professional advisors, auditors and business partners; companies engaged to market and distribute Helsinn products; companies that assist with our personnel recruitment; and other third parties providing data processing services in support of our business operations.
Our affiliates (located in Ireland, Peoples Republic of China and United States of America) may also have access to personal data that you provide us, including through or in connection with this Website for the purposes set out in this Privacy and Cookies Policy.
Additionally, we may share your personal data as required or permitted by law to comply with a subpoena or similar legal process or government request.
We may also transfer your personal data to a third party that acquires all or part of our assets or shares, or that succeeds us in carrying on all or a part of our business, whether by merger, acquisition, reorganisation or otherwise.
Please note that the servers used in the operation of the Website automatically identify a computer by its IP address. If we, in good faith, believe that disclosure is legally required or otherwise necessary to protect our rights and property, or the rights, property or safety of others, or determine that you have or are attempting to misuse or harm the Website, we may investigate and cooperate with appropriate law enforcement agencies to protect our rights or property.
Personal data collected from you, including via this Website, may be transferred to countries located outside the European Economic Area (“EEA”), United Kingdom (“UK”) and Switzerland which do not provide a similar or as protective a level of protection to that provided by countries in the EEA, UK and Switzerland. We will implement appropriate measures, in accordance with applicable data protection and privacy laws, to ensure that your personal data remains protected and secure when transferred outside of your home country.
For example, Helsinn has entered into EU standard contractual clauses (“Model Contracts”) for intra-group transfers of personal data.
If you are from the People’s Republic of China, when you provide your personal data by way of using the Website, you acknowledge that you knowingly transfer your own personal data across the border, where the data protection under relevant Chinese laws will not apply, but instead we will give you protection in accordance with this Privacy and Cookies Policy.
Individuals in EEA, UK and Switzerland have certain data subject rights which may be subject to limitations and/or restrictions. These rights may include the right to: (i) request access to and rectification or erasure of their personal data; (ii) obtain restriction of processing or to object to processing of their personal data; and (iii) the right to data portability. If you wish to exercise one of the above-mentioned rights, please send us your request via email to: email@example.com. Where provided or allowed by law, individuals may also have the right to lodge a complaint about the processing of their personal data with their local data protection authority.
The security of your personal data is important to us. We take appropriate steps, consistent with generally accepted industry standards, including technical, administrative and physical safeguards to protect the personal data submitted to us from loss, misuse and unauthorised access, disclosure, alteration and destruction. Regardless of the security measures in place, however, no transmission over the Internet is entirely secure. Accordingly, you should always use caution when transmitting personal data over the Internet. Please note that any transmission is at your own risk.
We will keep your personal data for the period required by law and where necessary for a legal or regulatory action involving Helsinn. Otherwise, we will store your personal data for as long as required for the purposes for which they were collected and in accordance with our internal data retention and storage procedures, which may change from time to time.
“Cookies” are a technology that allow websites to recognize and respond to you as an individual. They are used to help users navigate websites efficiently as well as to provide information to the owner of the website. To find out more about cookies generally, including how to manage, block and delete them, please visit www.allaboutcookies.org.
When you visit our Website, we may use a “cookie” or other similar tracking technology to improve your experience. The cookies we place may also collect information about your Internet Protocol (“IP”) address, or click stream data within our Website (i.e. the actions taken in connection with the Website). This information helps us improve the functionality of the Website.
If you do not want to participate in this feature, you can opt-out of this website analysis tool by clicking: https://tools.google.com/dlpage/gaoptout.
You can set your web browser to manage cookies and accept or reject them. If you elect to block cookies, please note that you may not be able to take full advantage of the features and functions of the Website.
We recognize the importance of protecting the privacy of children. Our Website is neither intended for children nor is it designed to attract child users. Our Website, its content and our services are intended for users over the age of sixteen (16). We do not knowingly collect any personal data from children under age sixteen (16). When a user discloses personal data on the Website, the user is declaring to us that he or she is at least sixteen (16) years of age.
LINKS TO OTHER WEBSITES
The Website may, from time to time, contain links to websites operated by third parties that may provide useful information to you. If you follow the link to any of these websites, please note that those sites may have their own privacy policies. Helsinn is not responsible for the privacy practices or the contents of such other websites. We suggest that you exercise caution and look at the privacy statement for each website you visit.
IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
For the purposes of EU and Swiss data protection laws, the Data Controller (i.e. the company that is responsible for, and controls the processing of, your personal data) is Helsinn Healthcare SA, with legal address at Via Pian Scairolo, 9, 6912 Pazzallo- Lugano, Switzerland. To contact us please email: firstname.lastname@example.org.
The Representative of the Data Controller established in the European Union is Helsinn Birex Pharmaceuticals LTD, with legal address in Damastown Mulhuddart – Dublin 15, Ireland
You may contact the DPO sending an email to the following address: Helsinn-DPO@helsinn.com
If you have questions about this Privacy and Cookies Policy, or would like more information about Helsinn’s privacy practices, please contact us at email@example.com.
California residents have certain rights under the California Consumer Privacy Act of 2018 (“CCPA”), including the right to request access to and deletion of personal data held by businesses covered by the CCPA. The purpose of this section of the Policy is to provide California residents a description of our practices regarding the collection, use, and disclosure of personal information and instructions for submitting CCPA data privacy requests. Some of the personal information that we collect, use, and disclose may be exempt from the CCPA because it is regulated by other federal and state laws that apply to us.
If you are a California resident, to exercise your CCPA rights and submit your request, please complete the CCPA Request Form and either: mail it to Helsinn Therapeutics (U.S.), Inc., at 170 Wood Avenue South, 5th Floor, Iselin, NJ 08830, attention Vice President, Legal, or send it via email to firstname.lastname@example.org. You can also contact us by telephone at 1-844-357-4664.
The CCPA provides you, as a California resident, specific rights subject to certain exceptions.
- The Right to Know. You have the right under the CCPA to request that we disclose what personal information we collect, use, disclose, and sell. The process for exercising this right is described below under “How to Submit a Data Privacy Request.”
- The Right to Delete. You have the right under the CCPA to request deletion of any personal information about you that we have collected from you. The process for exercising this right is described below under “How to Submit a Data Privacy Request.”
- The Right to Opt-Out. You have the right under the CCPA to opt-out of the sale of your personal information. Note, Helsinn does not sell personal information.
- The Right to Non-Discrimination. You have the right under the CCPA not to be discriminated against for exercising your rights.
Right to Know
Individuals whose personal data is covered by the CCPA have a right to request that Helsinn provide the following information:
- The categories of personal data that Helsinn has collected about you.
- The categories of sources from which Helsinn collected the personal data.
- The business or commercial purposes for which Helsinn collected and/or sold the personal data.
- The categories of any third parties with which Helsinn shared the personal data.
- The specific pieces of personal data Helsinn collected.
Individuals whose personal data is covered by the CCPA may also submit a request that Helsinn provide the following additional information:
- The categories of personal data, if any, Helsinn has sold about you, categories of third parties to which Helsinn sold that personal data and the categories of personal data sold to each type of third party.
- The categories of personal data that Helsinn has disclosed for a business purpose.
Our responses to any of these requests will cover the 12-month period preceding our receipt of the request.
Right to Delete
Individuals whose personal data is covered by the CCPA may also request deletion of information covered by the CCPA. Upon receiving and verifying such request, Helsinn will delete the personal data that we have collected about you, unless that information is necessary for Helsinn to:
- Complete the transaction for which we collected the information;
- Provide you with a good or service you requested;
- Perform a contract Helsinn entered into with you;
- Detect security incidents;
- Maintain the functionality or security of Helsinn’s systems;
- Comply with or exercise rights provided by the law; or
- Use the information internally in ways that are comparable with the context in which you provided the information to Helsinn or that are reasonably aligned with expectations based on your relationship with Helsinn, among other things.
We may also retain information where another exception to the deletion requirements in Cal. Civ. Code § 1798.105(d) applies.
Sales of Personal Data – Opt-Out
We do not sell personal data.
Right to Non-Discrimination
Helsinn will not discriminate against you because you exercise your rights under the CCPA. We will not deny you goods or services or charge you a different price or rate for goods or services if you exercise the privacy rights conferred by the CCPA.
How to Submit a Data Privacy Request
For requests for access or deletion, we will respond to your (or your authorized agent’s) request in writing, or verbally if requested, as soon as practicable and in any event generally not more than within 45 days after receipt of the request. We may extend this period to 90 days and, in the event that we do extend the period, we will explain to you or your authorized agent why we did so.
If you are legally entitled to such rights, you may designate an agent to submit a request on your behalf. The agent can be a natural person or a business entity that is registered with the California Secretary of State. If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our agent verification process.
You will be required to verify your identity by providing us with certain personal data, depending on the nature of the information you require, which we will endeavor to match with information we maintain about you. For further information about our agent verification process, please contact us at mail it to Helsinn Therapeutics (U.S.), Inc., at 170 Wood Avenue South, 5th Floor, Iselin, NJ 08830, attention Vice President, Legal, or send it via email to email@example.com. You can also contact us by telephone at 1-844-357-4664.
Requests for specific pieces of personal data
To respond to requests for specific pieces of personal data, for verification purposes, we may ask you for at least three pieces of personal data and endeavor to match those pieces to information we maintain about you. Additionally, we require that you provide a declaration attesting to your identity, signed under penalty of perjury.
Requests for household information
There may be some types of personal data that can be associated with a household, which means a group of people living together in a single home. Each member of the household must make a request for access or deletion of household personal data. We will verify each member of the household using the verification criteria explained below. If we are unable to verify the identity of each household member with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of our denial.
Requests for categories of personal data
To respond to requests for categories of personal data, for verification purposes, we may ask you for at least two pieces of personal data and endeavor to match those pieces to information we maintain about you.
Requests for deletion of personal data
To respond to requests for deletion of personal data, for verification purposes, we may ask you for at least two pieces of personal data and endeavor to match those pieces to information we maintain about you.
If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. Additionally, in some cases, we may determine that a legal exemption applies and we are not able to comply with the request. In that case, or if we are denying your request for another reason, we will notify you.
Helsinn is committed to making our communications, such as the Website, accessible to individuals with disabilities. If you need a copy of this Policy in an alternative accessible format, please contact us at the contact information below.
Shine the Light law
California’s “Shine the Light” law permits California residents to annually request and obtain information free of charge about what personal data is disclosed to third parties for direct marketing purposes in the preceding calendar year. We do not share personal data with third parties for their own marketing purposes.