With this document, Bayer plc (hereinafter “us”, “our” or “we”) wishes to provide you with information on how we handle your personal data and to obtain your consent for specific purposes as outlined below.
1. Handling of personal data
Unless otherwise indicated in the following sections, the legal basis for the handling of your personal data results from the fact that it is necessary to pursue our legitimate interest to promote our products and services, (Art. 6(1)(f) General Data Protection Regulation):
a. Maintain customer relationship management
We maintain a customer relationship management system where we store personal data about you:
- Contact Information: This category of personal data encompasses e.g. your name, address, phone/fax/mobile-number, e-mail or other online contact information. We receive Contact Information from our individual business contacts with you or from commercial data providers as well as from publicly available sources, e.g. websites. We use your Contact Information in order to promote our products and services or deliver urgent medical information regarding our products.
- Analyse customer relations: In case you purchase products from us or make use of our services, we store your customer history. We use this information in order to be able to better understand your interests and inform you about our products and services that might interest you. Furthermore, we document and analyse our individual contacts with you in order to continuously improve your experience with our products and services. This may include the topics discussed with you and your interest in them. In this context, we may also receive data about your interests from commercial data providers.
- Improve customer collaboration: In order to manage our collaboration with you in an effective way and to support successful market development of our products and services, we try to better understand which scientific/medical topics you are particularly interested or involved in. This category of personal data is based on our own data or experiences or provided by market research agencies or commercial data providers and encompasses e.g. information about your area of medical expertise, your scientific activities such as publication of scientific articles, participation in research projects and professional congresses.
- Ensure compliance: In order to ensure compliance with internal and regulatory requirements within the company we may analyse or audit data from our customer relationship management system, which may include your personal data. Processing of such data may also be necessary for the establishment, exercise or defence of legal claims.
b. Conduct market research studies
We work together with fully independent market research agencies, who, on our behalf, conduct market research studies globally, focused on our scientific interests and products. We may share your Contact Information with these market research agencies in order to conduct market research studies that are specific to our customers.
c. Deliver marketing/medical communications
We may use your Contact Information to communicate with you through phone calls, direct mail, e-mail or other electronic communication (e.g., fax, chats on websites, text messages, messenger messages or remote detailing/incl. customer services on demand) in order to deliver marketing/medical communications. We might use marketing/medical communications to provide information about services, products or events related to your medical interest or to collect feedback on our products and services. This may include displaying customized advertisements tailored to your interests to you on our or other websites and apps. Such communications may be from us, other Bayer affiliates or from our appointed agents, including marketing agents and event organisers acting on our behalf. Marketing/medical communications via e-mail or other electronic communications (“Electronic Marketing/Medical Communications”) to non-business email addresses are subject to you providing your consent, (Art. 6(1)(a) General Data Protection Regulation). Where you are an existing customer, we may use a soft-opt in, rather than your explicit consent, to send you information about similar products and or services.
d. Analyse your use of our Electronic Marketing/Medical Communications
In order to customize our Electronic Marketing/Medical Communications to meet your needs and preferences and subject to you providing your consent (Art. 6(1)(a) General Data Protection Regulation), we analyze your use of our Electronic Marketing/Medical Communications, for example whether you opened and how you used our Electronic Marketing/Medical Communication (e.g. which links you clicked).
e. Process your purchases
In case you place a purchase order with us, we process your Contact Information and your payment information in order to process your purchase order, including organizing shipment to you. The legal basis for the processing is the conclusion and fulfilment of the purchase contract for the ordered goods or services, Art. 6 (1)(b) General Data Protection Regulation. If you choose to pay on account, i.e. we provide our products or services before payment, we carry out a credit check to protect us against payment defaults, Art. 6 (1)(f) General Data Protection Regulation.
2. Transfer of personal data
2.1 Commissioned Processing
We use specialized service contractors that help us providing our services. Such service contractors are carefully selected and regularly monitored by us. Based on respective data processor agreements, they will only process personal data upon our instruction and strictly in accordance with our directives.
2.2 Third Parties
We transfer or give access to your personal data to third parties in the following circumstances:
a. We may share your Contact Information with fully independent market research agencies.
b. We may transfer your above-referenced personal data to other Bayer affiliates or our appointed agents for the purposes specified above. However, other Bayer affiliates or marketing agents and event organisers acting on our behalf will only directly deliver corresponding marketing communications via e-mail or other electronic communications to you, if you provide your consent below.
c. We may also transfer your above-referenced personal data to other partners that need to be involved in managing a service or communication towards you, e.g. hotels or travel agencies.
2.3 Transfer to other countries
Your data may in part be transferred and processed in EEA countries which are recognised as having adequate levels of personal data protection. Your data may in part also be transferred and processed in countries outside the European Economic Area (“EEA”), which may have a lower data protection level than European countries. Wherever required, we will ensure that a sufficient level of protection is provided for your data, e.g. by concluding specific agreements with the respective data importer. Such data transfers are only carried out in accordance with applicable data privacy laws.
3. Retention period for personal data
We retain your personal data as long as is necessary for the continuous customer relationship with you as well as for further 10 years after you actively ended the customer relationship or there has been no activity for 2 years, whichever happens first. Thereafter we anonymise the data so that they do no longer relate to you. We may retain your personal data for a different retention period, where otherwise provided by law.
4. Information regarding your rights
The following rights are in general available to you according to applicable data privacy laws:
a. Right of information about your personal data stored by us;
b. Right to request the correction, deletion or restricted processing of your personal data;
c. Right to object to a processing for reasons of our own legitimate interest, public interest, or profiling, unless we are able to prove that compelling, warranted reasons superseding your interests, rights and freedom exist, or that such processing is done for purposes of the assertion, exercise or defense of legal claims;
d. Right to data portability;
e. Right to file a complaint with a data protection authority;
f. Where we have gained your consent for Electronic Marketing/Medical Communications, you may at any time with future effect withdraw your consent to the collection, processing and use of your personal data. If you wish to withdraw your consent, you can do so via the website you have created your profile under within your profile settings, or by contacting us as described below. Furthermore, every Electronic Marketing/Medical Communication we send to you includes an option for you to easily withdraw your consent by clicking an unsubscribe link.
If you wish to exercise your rights, please address your request to the Data Protection Officer at Bayer plc on email@example.com clearly stating the nature of the enquiry and your identity.
5. Amendment of Privacy Statement
We may update our Privacy Statement from time to time. Updates of our Privacy Statement will be published on our Website. Any amendments become effective upon publication on our Website. We therefore recommend that you regularly visit the site to keep yourself informed on possible updates.