In this document, Bayer plc (hereinafter “us”, “our” or “we”) wishes to provide you with information on how we handle your personal data, and to set out the legal basis for such handling, for the specific purposes as outlined below.
1. What data do we collect and from where
We collect information in the following ways:
a. When you provide it to us directly, such as registering for an event, creating an account, and communicating with us electronically or in person;
b. Information that we purchase from third parties. We get access to personal data about you from business partners including:
- H1 INSIGHTS, INC. (hereinafter referred to as H1) 386 Park Ave S Floor 5, 10016 New York, US. If you want to know more about how H1 collects this data in their own responsibility, please feel free to read H1’s Data Privacy Statement; and
- Wilmington Healthcare.
c. Information about how you interact with our content (including hard copy, email, website, webinars); and
d. Searching publicly available information.
The information we collect includes the following: Business-related personal data such as full name, academic title, contact details (telephone, email, national doctor’s ID number), specialty, professional affiliations (place of work, location, Twitter account, LinkedIn picture and account, further social media accounts), scientific publications and congress presentations, clinical history, clinical trial involvement, research and treatment areas, areas of expertise, academic credentials, payment and referral information, disclosures, interaction with content and our representatives, event attendance and feedback, customer history.
2. Legal Basis
Unless otherwise indicated in the following sections, the legal basis for the handling of your personal data results from the fact that it is necessary to pursue our legitimate interest to promote our products and services, (Art. 6(1)(f) General Data Protection Regulation including as incorporated into UK law (“GDPR”)):
3. How we handle your personal data
The different ways we handle your personal data are set out below.
3.1 For customer relationship management
We maintain a customer relationship management system where we store personal data about you for the reasons set out below:
- To contact you: We may use your name, address, phone/fax/mobile-number, e-mail or other contact information (“Contact Information”) in order to promote our products and services to you or deliver medical information regarding our products.
- To analyse customer relations: We use this information in order to be able to better understand your interests and inform you about our products and services that might interest you. Furthermore, we document and analyse our individual contacts with you in order to continuously improve your experience with our products and services. This may include the topics discussed with you and your interest in them.
- To improve customer collaboration: In order to manage our collaboration with you in an effective way and to support successful market development of our products and services, we try to better understand which scientific/medical topics you are particularly interested or involved in, how you prefer us to interact with you and your views on our products and services. This may be done in an automated way. For this purpose we use our own data or experiences, on information you provide to us, or on data provided by market research agencies or commercial data providers.
- To ensure compliance: In order to ensure compliance with internal and regulatory requirements within the company we may analyse or audit data from our customer relationship management system, which may include your personal data. Processing of such data may also be necessary for the establishment, exercise or defence of legal claims.
3.2 To administer your attendance at events that you register for
We will use the personal data that you provide to us to administer your attendance at the event or meeting, e.g. by creating materials relating to the event or meeting (badges, attendance lists etc.), organising any appropriate accommodation, subsistence and processing travel expenses (if applicable). We will also use your personal data to send you information about the event or meeting (by email, text and other messaging system) including reminders about the event or meeting, logistics for registration, and post event/meeting follow up, which may include feedback forms and presentation slides. For these purposes we rely on Article 6(1)(b) GDPR (performance of a contract) as the legal basis for the handling of your personal data.
We will process the personal data that you provide to us to fulfil our regulatory reporting requirements under the ABPI Code of Practice to disclose any “transfers of value” (i.e. payments, including any travel expenses and fees for service and hotel accommodation) that are made to you. We may use the personal data that you provide to fulfil our financial reporting requirements.
3.3 To conduct market research
We work together with independent market research agencies, who, on our behalf, conduct market research locally globally. We may share your Contact Information with these market research agencies in order to conduct market research studies that are specific to our customers. Subject to your consent, we may conduct market research ourselves by contacting you directly.
3.4 To deliver marketing/medical communications
We may use your Contact Information to communicate with you through phone calls, direct mail, e-mail or other electronic communication methods (e.g., fax, chats on websites, text messages, messenger messages or remote detailing/incl. customer services on demand) in order to deliver marketing/medical communications. We might use marketing/medical communications to provide information about our services, products or events related to your medical interest or to collect feedback on our products and services and to follow-up on this feedback. This may include displaying customized advertisements tailored to your interests to you on our own or on other websites and apps. Such communications may be from us, other Bayer affiliates or from our appointed agents, including marketing agents and event organisers acting on our behalf. We may, subject to your consent, send you marketing/medical communications via e-mail or other electronic communication methods (“Electronic Marketing/Medical Communications”) to your non-business email address (Art. 6(1)(a) GDPR). Where you are an existing customer, we may use a soft-opt in, rather than your explicit consent, to send you information about similar products and or services.
3.5 To analyse your use of content provided to you
We may, in order to customise our future communications to meet your needs and preferences, analyze your use of any Electronic Marketing/ Medical Communications, for example whether you opened and how you used our Electronic Marketing/Medical Communication (e.g. which links you clicked). We may also collect and analyse your reaction to, comments on, and use of meeting aids, websites, webinars and other content.
3.6 To process your purchases
In case you place a purchase order with us, we process your Contact Information and your payment information in order to process your purchase order, including organizing shipment to you. The legal basis for the processing is the conclusion and fulfilment of the purchase contract for the ordered goods or services, Art. 6 (1)(b) GDPR. If you choose to pay on account, i.e. we provide our products or services before payment, we may carry out a credit check to protect us against payment defaults, Art. 6 (1)(f) GDPR.
4. Transfer of personal data
4.1 Commissioned Processing
We use specialised service contractors that help us provide our services. Such service contractors are carefully selected and regularly monitored by us. Based on their respective data processor agreements, they will only process personal data strictly in accordance with our instructions.
4.2 Third Parties
We transfer or give access to your personal data to third parties in the following circumstances:
a. We may share your Contact Information with fully independent market research agencies.
b. We may transfer your personal data to other Bayer affiliates or our appointed agents for the purposes specified above. However, other Bayer affiliates or third parties acting on our behalf will only send you marketing communications via e-mail or other electronic communications if you have consented to this.
c. We may also transfer your personal data to other partners that need to be involved in managing a service or communication provided to you, e.g. hotels or travel agencies.
We might also disclose or share your personal data to third parties in the following exceptional cases:
a. with a prospective buyer in case of an acquisition, merger, or any other type of corporate or asset transition involving a change of ownership or control concerning us, our brands, products, or our services.
b. when we believe in good faith that disclosure is necessary to establish or exercise our legal rights or defend against legal claims, protect your safety or the safety of others, investigate fraud, or respond to a government request.
c. when required by law we may disclose your personal data to public authorities such as health authorities, tax authorities, and law enforcement authorities.
d. to support legal decisions and to pursue or defend against legal claims, we may share your personal data with external lawyers.
4.3 Transfer to other countries
Your data may be transferred and processed the UK and in EEA countries which are recognised as having adequate levels of personal data protection. Your data may also be transferred and processed in countries which may have a lower data protection level. Wherever required, we will ensure that a sufficient level of protection is provided for your data, e.g. by concluding specific agreements with the respective data importer. Such data transfers are only carried out in accordance with applicable data privacy laws.
Transfers inside the Bayer Group are based on a Master Data Sharing Agreement, which includes the Standard Contractual Clauses published by the European Commission as a safeguard for the international transfers. You can access the clauses on this site: https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en
5. Retention period for personal data
We retain your personal data as long as is necessary for the continuous customer relationship with you as well as for further 10 years after you actively ended the customer relationship or there has been no activity for 2 years, whichever happens first. Thereafter we anonymise the data so that they are no longer attributable to you. We may retain your personal data for a different retention period where otherwise provided for or required by law.
6. Information regarding your data privacy rights
The following rights are in general available to you according to applicable data privacy laws:
a. Right of access to information about your personal data stored by us;
b. Right to request the correction, deletion or restriction of the processing of your personal data;
c. Right to object to a processing for reasons of our own legitimate interest, public interest, or profiling, unless we are able to prove that compelling, warranted reasons superseding your interests, rights and freedom exist, or that such processing is done for purposes of the assertion, exercise or defence of legal claims;
d. Right to data portability;
e. Right to file a complaint with a data protection authority;
f. Where we have gained your consent for Electronic Marketing/Medical Communications, you may at any time with future effect withdraw your consent to the collection, processing and use of your personal data. If you wish to withdraw your consent, you can do so via the website you have created your profile under within your profile settings, or by contacting us as described below. Furthermore, every Electronic Marketing/Medical Communication we send to you includes an option for you to easily withdraw your consent by clicking an unsubscribe link.
If you wish to exercise your rights, please address your request to the Data Protection Officer at Bayer plc on email@example.com clearly stating the nature of the enquiry and your identity. You also have the right to make a complain to the UK regulator, the Information Commissioner’s Office (https://ico.org.uk/global/contact-us/).
7. Amendment of Privacy Statement
We may update our Privacy Statement from time to time. Updates of our Privacy Statement will be published on our Website. Any amendments become effective upon publication on our Website. We therefore recommend that you regularly visit the site to keep yourself informed on possible updates.
Last updated July 2023