With this document, Bayer SA-NV, J.E. Mommaertslaan 14, 1831 Diegem (Machelen), Belgium (hereinafter “us”, “our” or “we”) wishes to provide you with information on how we handle your personal data and to obtain your consent for specific purposes as outlined below.
1. Handling of personal data
Unless otherwise indicated in the following sections, the legal basis for the handling of your personal data results from the fact that it is necessary to pursue our legitimate interest to promote our products and services (Art. 6(1)(f) General Data Protection Regulation):
a. Maintain customer relationship management
We maintain a customer relationship management system (Customer Database) where we combine data from several sources and store personal data about you:
· Contact Information: This category of personal data encompasses e.g. your name, (work)address, phone/fax/mobile-number, e-mail address, RIZIV-number or other online contact information. We receive Contact Information from our individual business contacts with you or from commercial data providers as well as from publicly available sources, e.g. websites. We use your Contact Information in order to promote our products and services or deliver urgent medical information regarding our products.
· Analyze customer relations: In case you purchase products from us or make use of our services, we store your customer history. We use this information in order to be able to better understand your interests and inform you about our products and services that might interest you. Furthermore, we document and analyze our individual contacts with you in order to continuously improve your experience with our products and services. This may include the topics discussed with you and your interest in them. In this context, we may also receive data about your interests from commercial data providers.
· Improve customer collaboration: In order to manage our collaboration with you in an effective way and to support successful market development of our products and services, we try to better understand which scientific/medical topics you are particularly interested or involved in. This category of personal data is based on our own data or experiences or provided by market research agencies or commercial data providers and encompasses e.g. information about your area of medical expertise, your scientific activities such as publication of scientific articles, participation in research projects and professional congresses.
b. Conduct market research studies
We work together with fully independent market research agencies, who, on our behalf, conduct market research studies globally, focused on our scientific interests and products. We may share your Contact Information with these market research agencies in order to conduct market research studies that are specific to our customers.
c. Deliver marketing/medical communications
We may use your Contact Information to communicate with you through phone calls, direct mail, e-mail or other electronic communication (e.g., fax, chats on websites, text messages, social media, messenger messages or remote detailing/incl. customer services on demand) in order to deliver marketing/medical communications. We might use marketing/medical communications to provide information about services, products or events related to your medical profession and/or interest or to collect feedback on our products and services. This may include displaying customized content to you on our or other websites and apps such as advertisements tailored to your interests. However, marketing/medical communications via e-mail or other electronic communications (“Electronic Marketing/Medical Communications”) as well as via phone calls are subject to you providing your consent (Art. 6(1)(a) General Data Protection Regulation).
d. Analyze your use of our Electronic Marketing/Medical Communications
In order to customize our Electronic Marketing/Medical Communications to meet your needs and preferences and subject to you providing your consent, we analyze your use of our Electronic Marketing/Medical Communications, for example whether you opened and how you used our Electronic Marketing/Medical Communication (e.g. which links you clicked and which actions you subsequently took).
e. Process your purchases
In case you place a purchase order with us, we process your Contact Infor-mation and your payment information in order to process your purchase order, including organizing shipment to you. The legal basis for the processing is the conclusion and fulfilment of the purchase contract for the ordered goods or ser-vices, Art. 6 (1)(b) General Data Protection Regulation. If you choose to pay on account, i.e. we provide our products or services before payment, we carry out a credit check to protect us against payment defaults, Art. 6 (1)(f) General Data Protection Regulation.
2. Transfer of personal data
2.1 Commissioned Processing
We use specialized service contractors that help us providing our services. Such service contractors are carefully selected and regularly monitored by us. Based on respective data processor agreements, they will only process personal data upon our instruction and strictly in accordance with our directives.
2.2 Third Parties
We transfer or give access to your personal data to third parties in the following circumstances:
a. We may share your Contact Information with fully independent market research agencies as described above in Section 1.b.
b. We may transfer your above-referenced personal data to other Bayer affiliates for the purposes specified above. However, other Bayer affiliates will only directly deliver corresponding marketing communications via e-mail or other electronic communications to you, if you provide your consent below.
c. We may also transfer your above-referenced personal data to other partners that need to be involved in managing a service or communication towards you, e.g. hotels or travel agencies.
d. Your data may in part also be transferred and processed in countries outside the European Economic Area (“EEA”), which may have a lower data protection level than European countries. Wherever required, we will ensure that a sufficient level of protection is provided for your data, e.g. by concluding specific agreements with the respective data importer. Such data transfers are only carried out in accordance with applicable data privacy laws.
3. Retention period for personal data
We only retain personal data for as long as is necessary for the purpose of a continuous customer relationship with you. As a rule, your personal data will be automatically archived for 3 years after 2 years of inactivity and then deleted. This does not apply, i.e. we retain your data for a different retention period, where otherwise provided by law (e.g. in connection with the performance of a contract concluded with you, a pending litigation or according to applicable tax laws).
4. Information regarding your rights
The following rights are in general available to you according to applicable data privacy laws:
a. Right of information about your personal data stored by us;
b. Right to request the correction, deletion or restricted processing of your personal data;
c. Right to object to a processing for reasons of our own legitimate interest, public interest, or profiling, unless we are able to prove that compelling, warranted reasons superseding your interests, rights and freedom exist, or that such processing is done for purposes of the assertion, exercise or defense of legal claims;
d. Right to data portability;
e. Right to file a complaint with a data protection authority;
f. You may at any time with future effect revoke your consent to the collection, processing and use of your personal data.
If you wish to exercise your rights, please address your request to Bayer SA-NV, Data Protection Officer, J.E. Mommaertslaan 14, 1831 Diegem (Machelen), Belgium or to firstname.lastname@example.org.