Australia
Austria
Belgium
China
Czech Republic
Denmark
Estonia
Finland
France
Germany
Hungary
India
Ireland
Italy
Japan
Kazakhstan
Latvia
Lithuania
Malaysia
Netherlands
Norway
Poland
Singapore
Slovenia
Spain
Sweden
Switzerland
Thailand
UK
Ukraine
13.01.2025
Orion Corporation is committed to protecting your privacy in compliance with all applicable regulations and ensuring the security of your personal data. This privacy notice explains how we collect, use, and protect your personal information.
Contact Details
Data Controller: Orion Corporation
Data Protection Officer (DPO): privacy@orionpharma.com .
1. What data do we collect about you?
The data file contains data of practising healthcare professionals, nurses, students of medicine, pharmacists, other relevant decision makers and contact persons for making appointments for sales promotion events.
We collect and process the following types of personal data:
Contact data
- Contact details such as name, age, phone number, email address.
- Contact details related to working place such as organization, position, address details, work phone number.
Visit data
- Meeting history
- Products introduced
- Meeting notes
- Distribution of samples
- Distribution of RMP-material (Risk management plan)
- Distribution of possible other material
- Contact information of the persons making sales promotion meetings: name, work telephone numbers and e-mail addresses
Segmentation data
- Contact details related to profession such as specialty, education
- Target groups based on doctor’s therapy area and job description for purpose of correct allocation of sales promotion
- Accessibility for sales promotion meetings (times/year)
- Marketing consent status
Contact information that can be obtained from an external register that are not maintained or changed by the data controller:
- Contact details such as name, age, phone number, email address.
- Contact details related to working place such as organization, position, address details, work phone number.
- Contact details related to profession such as specialty, education.
2. How do we use your data?
We process your personal data for the following purposes:
- Customer relationship management: to enable the controller to develop, maintain, administer and monitor client relationships and to otherwise create and develop its business, including creating a customer profile and profiling (booking, performing and registering sales promotion events of medicines; circulating information regarding medical products).
- Sample distribution: registering the distribution of samples and RMP (Risk Management Plan) material) and process requests from clients (material deliveries; contact requests etc.).
3. Legal Basis
We process your data based on the following legal grounds:
| Consent of the data subject (EU General Data Protection Regulation Article 6.1.a) / 9.2.a) (special categories of data) |
N/A |
| Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract / (EU General Data Protection Regulation Article 6.1.b) |
N/A |
| Compliance with the controller’s legal obligations based on binding law / (EU General Data Protection Regulation Article 6.1.c) |
Contact data and visit data for sample distribution. |
| Legitimate interests of the controller or a third party (the legitimate interest to be identified, such as direct marketing) (EU General Data Protection Regulation Article 6.1.f). |
Contact data, visit data and segmentation data for customer relationship management. We only process personal data based on our legitimate interests, in case we have deemed, based on the balancing of interest test, that the rights and interests of the data subject will not override our legitimate interest. |
4. How do we share your data?
We may share your data with the following recipients:
- Service provider Veeva Systems Inc.
- Service provider Luxid Group
5. How long do we store your data?
We will retain your personal data for no longer than is necessary for the purposes defined in this
Statement.
Personal data processed for customer relationship management purposes will be retained for the
duration of the customer relationship but for no longer than seven (7) years from the last interaction
with our business partner.
6. What are your rights and options?
You have the right to:
- Access your data: You can request information and a copy of your personal data that we have collected and stored in connection with our services / this information notice.
- Rectify inaccurate data: In order to keep your data up-to-date and accurate, you can request us to modify your data by contacting us as descripted in chapter 10.
- Erase your data: You can contact us if you think the processing of your personal data is unlawful and your data should be erased. We shall erase or anonymize your personal data without undue delay in accordance with the retention periods detailed in chapter 5 if the data in question is erroneous, unnecessary, incomplete or obsolete as regards the purpose of the processing.
- Restrict processing: If you want to restrict our processing of your personal data, please contact us.
- Object to processing: If you want to object to the processing of your data for customer relationship management purposes, please contact us. When making the request, please specify the scope of your request.
- Withdraw consent: You can withdraw any consent that you may have given us for data processing activities. After withdrawing your consent, we will no longer process your personal data for purposes the consent was asked for. Please note that withdrawal of consent does not render the processing of personal data performed prior to such withdrawal unlawful.
7. Cookies and Tracking Technologies
We use cookies and similar technologies. For more information on how use cookies, please read our Cookie Policy.
8. Security Measures
We hold your personal data in a combination of secure computer storage facilities and paper-based
files.
We have implemented appropriate measures to ensure the level of security around your personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage to it.
We have put in place appropriate technical and organisational measures to ensure a level of security appropriate to the risk of harm that might result from unauthorised or unlawful processing, accidental or unlawful loss, destruction or alteration, unauthorised (or disclosure of) access or damage to your personal data including:
- locks and security systems;
- encryption;
- usernames and passwords;
- virus checking;
- auditing procedures and regular data integrity checks; and
- recording of file movements.
We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They must only process your personal data on our instructions and subject to the access controls listed above. They are also subject to a duty of confidentiality.
We have agreed on security-related measures with the third parties we share your personal data with to ensure that it is treated by those third parties in a way that is consistent with how we safeguard your personal data.
We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable supervisory authority where we are legally required to do so.
9. Changes to this Notice
We reserve the right to change this notice from time to time. We will review this notice periodically and update it accordingly if we change our processes materially. We may make changes to this notice when we believe it is reasonable to do so e.g. to comply with legal or regulatory requirements.
10. Contact Us
If you wish to use your rights as a data subject described in chapter 6, or if you have any questions
or concerns, please contact us at privacy@orionpharma.com .
Please note that we will contact you to verify your identity in order to proceed with your request if you wish to use your data subject rights.