With this document, Bayer plc (hereinafter “us”, “our” or “we”) wishes to provide you with information on how we handle your personal data and to obtain your consent for specific purposes as outlined below.
1. How we handle your personal data
The different ways we handle your personal data are set out below. Unless otherwise indicated in the following sections, the legal basis for the handling of your personal data results from the fact that it is necessary to pursue our legitimate interest to promote our products and services, (Art. 6(1)(f) General Data Protection Regulation including as incorporated into UK law (“GDPR”)):
a. To maintain customer relationship management
We maintain a customer relationship management system where we store personal data about you for the reasons set out below:
- To contact you: We may store your name, address, phone/fax/mobile-number, e-mail or other contact information (“Contact Information”). We receive Contact Information from our individual business contacts with you or from commercial data providers as well as from publicly available sources, e.g. websites. We use your Contact Information in order to promote our products and services or deliver urgent medical information regarding our products.
- To analyse customer relations: In case you purchase products from us or make use of our services, we store your customer history. We use this information in order to be able to better understand your interests and inform you about our products and services that might interest you. Furthermore, we document and analyse our individual contacts with you in order to continuously improve your experience with our products and services. This may include the topics discussed with you and your interest in them. In this context, we may also receive data about your interests from commercial data providers.
- To improve customer collaboration: In order to manage our collaboration with you in an effective way and to support successful market development of our products and services, we try to better understand which scientific/medical topics you are particularly interested or involved in, how you prefer us to interact with you and your views on our products and services. This may be done in an automated way. This category of personal data is based on our own data or experiences, on information you provide to us, or on data provided by market research agencies or commercial data providers. It includes e.g. information about your area of medical expertise, your scientific activities such as publication of scientific articles, participation in research projects and professional congresses, your professional social media activity relating to your medical interests, and information about how you interact with content we provide to you.
- To ensure compliance: In order to ensure compliance with internal and regulatory requirements within the company we may analyse or audit data from our customer relationship management system, which may include your personal data. Processing of such data may also be necessary for the establishment, exercise or defence of legal claims.
b. To administer your attendance at events that you register for
We will use the personal data that you provide to us to administer your attendance at the meeting, e.g. by creating materials relating to the meeting (badges, attendance lists etc.), organizing any appropriate accommodation, meals and processing travel expenses (if offered as part of the meeting)- Article 6(1)(b) GDPR. We will also use your personal data to send you information about the meeting (by email, text and other messaging system) including reminders about the meeting, logistics for registration, and post meeting follow up, which may include feedback forms and presentation slides.
We will process the personal data that you provide to us to fulfil our regulatory reporting requirements under the ABPI Code of Practice to disclose any “transfers of value” (i.e. payments, including any travel expenses and fees for service and hotel accommodation) that are made to you. We may use the personal data that you provide to fulfil our financial reporting requirements.
c. To conduct market research studies
We work together with fully independent market research agencies, who, on our behalf, conduct market research studies globally. We may share your Contact Information with these market research agencies in order to conduct market research studies that are specific to our customers. Subject to your consent, we may conduct market research ourselves by contacting you directly.
d. To deliver marketing/medical communications
We may use your Contact Information to communicate with you through phone calls, direct mail, e-mail or other electronic communication (e.g., fax, chats on websites, text messages, messenger messages or remote detailing/incl. customer services on demand) in order to deliver marketing/medical communications. We might use marketing/medical communications to provide information about services, products or events related to your medical interest or to collect feedback on our products and services and to follow-up on this feedback. This may include displaying customized advertisements tailored to your interests to you on our own or on other websites and apps. Such communications may be from us, other Bayer affiliates or from our appointed agents, including marketing agents and event organisers acting on our behalf. Marketing/medical communications via e-mail or other electronic communications (“Electronic Marketing/Medical Communications”) to non-business email addresses are subject to you providing your consent, (Art. 6(1)(a) GDPR). Where you are an existing customer, we may use a soft-opt in, rather than your explicit consent, to send you information about similar products and or services.
e. To analyse your use of content provided to you
In order to customize our Electronic Marketing/Medical Communications to meet your needs and preferences and subject to you providing your consent (Art. 6(1)(a) GDPR), we analyze your use of our Electronic Marketing/ Medical Communications, for example whether you opened and how you used our Electronic Marketing/Medical Communication (e.g. which links you clicked). We may also collect and analyse your reaction to, comments on, and use of meeting aids, websites, webinars and other content.
f. To process your purchases
In case you place a purchase order with us, we process your Contact Information and your payment information in order to process your purchase order, including organizing shipment to you. The legal basis for the processing is the conclusion and fulfilment of the purchase contract for the ordered goods or services, Art. 6 (1)(b) GDPR. If you choose to pay on account, i.e. we provide our products or services before payment, we carry out a credit check to protect us against payment defaults, Art. 6 (1)(f) GDPR.
2. Transfer of personal data
2.1 Commissioned Processing
We use specialized service contractors that help us provide our services. Such service contractors are carefully selected and regularly monitored by us. Based on respective data processor agreements, they will only process personal data upon our instruction and strictly in accordance with our directives.
2.2 Third Parties
We transfer or give access to your personal data to third parties in the following circumstances:
a. We may share your Contact Information with fully independent market research agencies.
b. We may transfer your personal data to other Bayer affiliates or our appointed agents for the purposes specified above. However, other Bayer affiliates or third parties acting on our behalf will only send you marketing communications via e-mail or other electronic communications if you have consented to this.
c. We may also transfer your personal data to other partners that need to be involved in managing a service or communication provided to you, e.g. hotels or travel agencies.
2.3 Transfer to other countries
Your data may in part be transferred and processed the UK and in EEA countries which are recognised as having adequate levels of personal data protection. Your data may in part also be transferred and processed in countries outside the European Economic Area (“EEA”) and the UK, which may have a lower data protection level than European countries. Wherever required, we will ensure that a sufficient level of protection is provided for your data, e.g. by concluding specific agreements with the respective data importer. Such data transfers are only carried out in accordance with applicable data privacy laws.
3. Retention period for personal data
We retain your personal data as long as is necessary for the continuous customer relationship with you as well as for further 10 years after you actively ended the customer relationship or there has been no activity for 2 years, whichever happens first. Thereafter we anonymise the data so that they do no longer relate to you. We may retain your personal data for a different retention period, where otherwise provided by law.
4. Information regarding your rights
The following rights are in general available to you according to applicable data privacy laws:
a. Right of information about your personal data stored by us;
b. Right to request the correction, deletion or restricted processing of your personal data;
c. Right to object to a processing for reasons of our own legitimate interest, public interest, or profiling, unless we are able to prove that compelling, warranted reasons superseding your interests, rights and freedom exist, or that such processing is done for purposes of the assertion, exercise or defence of legal claims;
d. Right to data portability;
e. Right to file a complaint with a data protection authority;
f. Where we have gained your consent for Electronic Marketing/Medical Communications, you may at any time with future effect withdraw your consent to the collection, processing and use of your personal data. If you wish to withdraw your consent, you can do so via the website you have created your profile under within your profile settings, or by contacting us as described below. Furthermore, every Electronic Marketing/Medical Communication we send to you includes an option for you to easily withdraw your consent by clicking an unsubscribe link.
If you wish to exercise your rights, please address your request to the Data Protection Officer at Bayer plc on firstname.lastname@example.org clearly stating the nature of the enquiry and your identity.
5. Amendment of Privacy Statement
We may update our Privacy Statement from time to time. Updates of our Privacy Statement will be published on our Website. Any amendments become effective upon publication on our Website. We therefore recommend that you regularly visit the site to keep yourself informed on possible updates.