Data Protection Statement for Business Contacts
Data Protection Information for Commercial Prospects, Clients, Vendors and interested Business Contacts
As a valued commercial prospect, client, vendor, interested business contact or otherwise representative of an organization we interact with (business contact), Calea UK Limited (“us/we”) (part of the Fresenius Kabi group of companies) will collect and use certain personal data from you.
This data protection statement informs you about the processing of personal data in connection with your relationship with us as a business contact.
Please be aware that we also may process your personal data in other contexts, e.g. when you visit our website or when you interact with us in your capacity as a healthcare professional. Please see the specific information on the processing of your personal data in such situations.
Why We Collect and Use Your Data
Depending on the business relationship we have with you and/or the company or organisation you are working for, we collect and use your data for the following purposes:
- Assess a potential business relationship and/or maintaining our business relationship with you or the company/organisation you are working for, (including customer relationship management, supplier management, investor relations management);
- Vendor assessment and qualification (e.g. whether you and your organisation meet certain quality and certification requirements);
- Procurement of products and services from you or the company/organisation you are working for;
- Exchange of information related to existing contracts or possible contracts with you or the company/organisation you are working for;
- Fulfil our contract with the company you are working for, including the enforcement of any rights we may have under such contract;
- Fulfilment of compliance requirements related to a business transaction (including but not limited to conflict checks, business partner due diligence, sanction list screening, anti-money launderinglaws, secure supply chain requirements, customs and export law requirements, tracing requirements for products);
- Manufacture, sell, provide and deliver products and services;
- Marketing (e.g. informing you about products and services or related information) as well as carrying out surveys to understand customer requirements in more detail;
- Assess and categorise which specific business needs match best with your abilities (e.g. when we look for a key opinion leader in a certain field or for specific products, the extent you belong to the group of scientific input providers, based on scientific or professional experience) or if you can, in your professional capacity, influence the use, purchase, ordering, prescribing or recommendation of Calea products, or affect tender decisions, formulary placement, award status or other preferential or qualifying status of Calea products in accordance with applicable law;
- Collection of payments due to us including the refinancing of debts;
- Assess your company/organisation’s financial solvency and credit risk;
- Assess potential investments in Calea shares, a potential acquisition, divestiture or joint venture transaction with us or any Calea affiliate;
- Improve our, products and services;
- Organize, secure and improve internal processes including communication, administration, research and IT.
What Data We Collect and How We Do That
We may collect and use your personal data in the following situations:
Information you provide to us
We collect your personal data when you contact us, order our products and services or enter into a contract with us for the supply of goods and services. Such personal data includes:
- First and last name
- Gender
- Contact and address information, including address, e-mail address, phone number, fax number
- Country of residence
- Role and function in your organisation
- Your areas of expertise
- Your profession and qualifications
- Information on the kind of a relationship you have with Calea
- Employer name and employer address
Information we collect from other organisations
Furthermore, we process data that is provided to us by contracted service providers, by competent authorities or obtained from publicly accessible trade registers or trade associations, including rating agencies, financial solvency and risk information and financial service agencies and institutions, government or supranational agencies, in particular tender authorities or procurement agencies, websites, blogs and printed media.
Such personal data includes:
- First and last name
- Contact and address information (including address, e-mail address, phone number, fax number)
- Your company’s bank accounts
- Your profession and qualifications
- Professional identifiers
- Organizational details, affiliation details of your company
- Certifications and quality statements issued by your company’s officers, representatives or auditors
- Percentage of shares held
- Details related to public filings, trade registers and professional boards
- Details related to published transactions of your company including tenders and financial arrangements
- Previous interactions with Calea and any of our subsidiaries
Legal Basis for Processing Your Data
We process your personal data on one of the following legal bases:
- The processing of your personal data is necessary for the performance of a contract (to be) concluded between you and us (Art. 6.1 b GDPR).
- The processing of your personal data is necessary for us to comply with a legal obligation we are subject to (Art. 6.1 c GDPR).
More specifically we are obliged to comply with laws on anti-money laundering, customs and export, secure supply chain requirements, product tracing requirements, statutory disclosure and notification requirements or similar compliance requirements that might require us to process certain aspects of your personal data. The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (Art. 6.1 f GDPR). These legitimate interests are:
- Fulfilling our contract with the company/organisation you are working for, including the enforcement of any rights we may have under such contract;
- Gather information on knowledge management related to internal processes, products and services;
- Development, optimization and improvement of our products and services;
- Optimization of internal communication;
- Optimization of administration;
- Carrying out research work;
- Organizational management;
- Risk Management: safeguarding against e.g. financial / reputational risks;
- Maintenance of the IT infrastructure, IT security, guarantee of IT support and the detection and correction of errors; and
- Complying with legal requirements outside the EEA.
- Establishment, exercise or defence of legal claims
- You have given us your consent for the intended processing of your personal data (Art. 6.1 a GDPR).
You can always withdraw your consent. You can withdraw your consent to all processing or for individual purposes of your choice. The withdrawal of consent will not affect the lawfulness of processing based on your consent before the withdrawal. You can withdraw your consent by sending an email to data.protection-UK@fresenius-kabi.com or completing the Data Protection Contact Form.
We Share Your Data
We collaborate with other organistions to achieve our purposes. Therefore, we may send your personal data in part or as a whole to other entities.
Recipients are:
- Other Fresenius Group companies if such a transfer of personal data is required for the specific purpose (Please refer to the overview of the locations in which Fresenius Kabi Group companies are active.);
- Service providers who process personal data on our behalf (such as IT-service providers who host the data or provide maintenance services) and have to follow our instructions on such processing. These service providers will not be allowed to use your personal data other than for our purposes;
- Authorities, courts, parties to litigation, or their delegated bodies, in case we are required to do so to meet any applicable law, regulation, legal process or enforceable governmental request, such as tax and customs authorities, and financial market authorities;
- Professional advisors or auditors such as tax advisors, financial auditors, lawyers, insurers, banks and other external professional advisors in the countries we operate in;
- Another entity in the event of a change in ownership, a merger with, acquisition by, or sale of assets.
International Data Transfers
We may send your personal data in parts or as a whole to Fresenius Group recipients in countries which are not member states of the European Union or to international organisations, for the purposes listed above. Please refer to the overview of the locations in which Fresenius Kabi is active.
We may send data to the following countries for which the European Commission has determined an adequate level of data protection to be in place that matches the level of data protection within the European Union for the following countries / international organizations in which Fresenius entities are located: Argentina, Canada, Japan, New Zealand, Switzerland or Uruguay.
With regards to such international data transfers to third countries, for which the European Commission has not decided that an adequate level of data protection exists, we have provided appropriate safeguards in order to secure your personal data to a degree that equals the level of data protection in the European Union.
These safeguards are:
- Standard Contractual Clauses that have been issued by the European Commission.
You can obtain a copy of these Standard Contractual Clauses online, or upon request.
How Long Do We Retain Your Data
Generally, we store your personal data for one of the following periods of time:
- As long as we have a duty to retain the data in line with applicable laws (e.g. because we are obliged to store the data for tax purposes);
- If there is no legal retention applicable, at least for the term of the contractual relationship with you or the company you are working for;
- If we have a legitimate interest to process your personal data outside of such a contractual relationship, we process it for as long as we still have a legitimate interest in processing this data. The exact period depends on the company/organisation you are working for and your position in the company/organisation.
If the legal retention period is longer than for the other above-mentioned ones, we aim to block the data until the end of the respective retention period and then erase it.
Requests, Enquiries and Complaints
Depending on the situation, you have certain rights regarding your personal data. You have the right to:
- Request access to your personal data
- Request rectification of your personal data
- Request erasure of your personal data
- Request the restriction of processing of your personal data
- Data portability
- Object on grounds specific to your situation
You can exercise these rights online by using the Data Protection Contact Form or contacting our Local Data Protection Adviser on data.protection-UK@fresenius-kabi.com.
Controller and Contact
The controller and responsible entity for processing your personal data is
Calea UK Limited
Cestrian Court, Eastgate Way
Runcorn, WA7 1NT
United Kingdom
Email: data.protection-UK@fresenius-kabi.com
You also have the right to lodge a complaint with our Data Protection Officer or the supervisory authority.
Data Protection Officer:
Fresenius Kabi AG
Data Protection Officer
Else-Kröner-Straße 1
61352 Bad Homburg
Germany
E-mail: dataprotectionofficer@fresenius-kabi.com
Data Protection Authority:
Information Commissioner’s Office
https://ico.org.uk/global/contact-us/
Tel: 0303 123 1113
Further Information for Specific Situations
Requirements to Provide Personal Data
You may need to provide your personal data to us for the purpose of fulfilling a contract with you or the company you are working for, e.g. we might require your contact details if you are our business contact at a supplier. If you fail to provide your personal data, we might not be able to enter into the respective contractual relationship.
Automated Decision Making
Automated decision making (Art. 22.1, 2 GDPR) occurs according to our obligation to conduct a sanction-control-procedure. This is also necessary for entering into, or performance of, a contract between you and us. The consequence of this can be the refusal to enter into a contractual relationship with you.
Changes to this data protection statement
As our collection and use of your data may change over time, we may also modify this data protection statement to always correctly reflect our data processing practices. We encourage you to review it from time to time.