Global Privacy Policy: Imcheck Therapeutics

Ipsen takes protecting personal data very seriously. We are committed to protecting the personal data we hold about HCPs, customers, employees, patients, members of the public, suppliers, partners, and other stakeholders.

We ensure that we protect the personal data we process in line with applicable privacy and data protection laws, including the European Union General Data Protection Regulation (GDPR), and any other applicable local laws that regulate the storage, processing, access and transfer of personal data.

Individual Privacy Notices

To find out about how we use your personal data, please see the suite of Privacy Notices by clicking on the below pages. For some of our activities we will also provide you with a Privacy Notice specifically for that particular activity.

Ipsen is an international group of companies. As our headquarters is based in France, these notices are based on GDPR. For information related to Ipsen activity in your country and adherence to local privacy laws, please refer to the Privacy Notices on your country’s Ipsen website.

Healthcare Professionals - Privacy Notice

This privacy notice relates to Healthcare professionals (HCPs) who interact with us, or who are participants in Ipsen activities or projects or events, or who are customers or potential customers of Ipsen products or services.

Who is the controller of your personal information?

For the purposes of this Global Privacy Notice, Ipsen Pharma SAS, headquartered at 70 Rue Balard, 75015, Paris, France, and its affiliates, are data controllers for the personal data processing described (referred to as Ipsen, we or us in this notice).

Ipsen is an international group of companies. As our headquarters are based in France, this notice is based on GDPR. For information related to Ipsen activity in your country and adherence to local privacy laws, please refer to the Privacy Notices on your country’s Ipsen website, which can be accessed via www.ipsen.com

What personal information do we collect about you?

Ipsen processes information about HCPs for a range of purposes. We will only process information about you that is relevant to our work and that we have a lawful basis to process. Depending on our interaction with you, we process the following information:

Contact information	Basic contact details including your first, last name, title, email address, postal address, telephone/mobile numbers
Professional information	Information about your place of work and job title, medical field, specialities, professional qualifications and your CV. Information about your scientific experience and expertise, such as participation in past or current studies and trials, events, congresses, publication of academic or scientific research and articles, and medical insights. Your membership in associations and boards, links to universities, education, awards, editorial boards and other related activity. Publicly available social media posts and media mentions.
Information to arrange events or visiting us	Information relating to arranging attendance at professional events, including, as needed, your passport, visa information, residency, nationality, travel, special diet and accommodation requirements. Professional information you share for an event, and any presentations or papers that contain personal information about you. Photographs or film footage of you at events. At some meetings, where we use online tools, we may ask to record meeting contents. If you visit one of our sites, we will collect basic information to manage access to the building and we may also capture images on our CCTV cameras.
Contracting, payments and transfers of value	Information we need to contract with you and to pay you, including bank account details and VAT or other tax details. Details of our interactions with you in relation to any grants, donations or sponsorship activities. Details of all direct or indirect transfers of value, whether in cash, in kind or otherwise, provided to you.
Information about our interactions with you and your views and opinions	Information relating to your interactions with members of the Ipsen group, such as meetings we have had with you and topics of interest. Information about the promotional, scientific and medical activities/interactions you have with us. Information about your views and opinions collected during an event, through surveys, polls or Q&A sessions.
Medical enquiries, reporting Adverse Events or product quality issues	Information about you or others when you submit medical enquiries, Adverse Event or product quality issues to us. For more information about this, please see the privacy notice for this on this site.
Accessing products or services	Identification information used to deliver products or services, such as access to particular websites for example, login details, passwords, or online identifiers.
Consent records	Records of consents you have given us for different activities.

Why are we allowed to collect and use your personal information?

Ipsen processes data about HCPs for a range of purposes and related to those purposes we rely on a number of different legal bases for that processing, as detailed in the table below.

Legal bases	Purposes
Article 6 1 (f) Legitimate interests	We collect and use personal data for the purposes of the legitimate interests of Ipsen to manage our relationship with you in terms of professional and scientific activities and promoting and providing information and support about our products and services. This includes: Our field teams keeping in touch with you, recording their interactions and sharing information about our products and therapy areas. Responding to your requests or enquiries. Providing you with important information, safety issues, administrative information, or required notices. Providing you with promotional materials and access to support tools and services. Gathering your views and opinions on our products, our activities, or therapy areas through discussion, meetings, events or surveys, market research or other activities. Inviting you to be part of advisory boards or to undertake other activities related to your specialism. Gathering information about you to understand your professional expertise in order to target our interaction with you, and to develop databases of thought leaders and specialists in different therapy areas. This includes gathering information from public sources, such as media activity and professional participation in events, studies, collaborations etc. Setting fair payment rates for particular activities. Managing arrangements for events. Including inviting you to speak or participate and sharing data with event organisers. Taking film or photographs at events. If you do not wish to be filmed or photographed as part of the audience, please inform your contact person at Ipsen before the event. Where appropriate, we will ask for your consent to use videos or photos that focus on you as an individual. Working with you when you participate in Ipsen activities, such as clinical studies, grants and donations or sponsorship activities. Verifying your credentials including via passwords, password hints, security information and questions, government-issued ID or passport or appropriate evidence of healthcare professional status, where required. Sharing data as appropriate related to audit and compliance activities, or for mergers or acquisitions.
Article 6 1 (b) Contract	We collect and use personal data for the purposes of contracting with you for your professional inputs, including engaging you to provide services to Ipsen, such as speaking, or taking part in expert groups, or inputting into projects or initiatives. Paying you for services and or expenses.
Article 6 1 (a) Consent Or where appropriate, Article 6 1 (f) Legitimate interests Or Article 6 1 (c) Legal Obligation	We collect and use personal data for the purposes of meeting our obligations to evidence transactions and ensure transparency on Transfers of Value under the European Federation of Pharmaceutical Industries and Associations (EFPIA) Code of Practice for the Pharmaceutical Industry, and/or local requirements in your country. This involves disclosing details about payments made to you, to the relevant disclosure body. Depending on the rules in relevant code in your country, we will disclose transfers of value under the relevant legal basis, which can be legal obligation, or consent or legitimate interests. The legal basis for the disclosure will be provided to you in your agreement with Ipsen. We also disclose certain information about you, where required to auditors, or government agencies, or in response to authorized information requests, or as otherwise required by laws, regulations, or industry codes. We do this for legitimate interests or because there is a legal obligation to do so.
Article 6 1 (a) Consent	We ask for your consent for processing your personal data in some circumstances and where appropriate, which may include: Sending you promotional materials by email (unless you have specifically asked us to send materials to you). In some cases, where we provide Apps or Services that operate based on your consent. Collecting information about special dietary requirements if this includes information about your health or religion. Using individual photographs or film or testimonials about you.
Article 6 1 (c) Legal obligation	Perform administrative formalities, registration, or declarations that are required by law. We process personal information in order to meet our legal obligations to manage quality and safety issues, such as adverse events or product quality investigations. A separate detailed privacy notice is available for these activities.

Where do we get your personal data from?

We collect basic information about you from a range of sources, including directly from you, or from your employer. We also collect some data from publicly available sources, websites or publication databases, journals, or from third party providers of HCP data services such as IQVIA’s OneKey Service and Veeva Link.

We may need to collect data in order to confirm contacts or financial information or to verify your licensure as a healthcare professional.

We may also receive some data about you from our third-party event organisers, or from other third parties working with us to fulfil other services.

With whom do we share your personal information?

Information related to you will only be accessed by authorised employees at Ipsen, with a relevant and tangible need to access your information.

Information related to you may also be made available to employees of other entities within the Ipsen group of companies, for the purpose of better managing our interaction with HCPs from a global perspective, to help harmonise Ipsen’s key business processes, hereby facilitating a more consistent approach across all markets.

Ipsen engages service providers to process your personal data on behalf of Ipsen, to undertake various activities (as noted above) on our behalf. Such service providers may only process your personal data in accordance with the Ipsen's express instructions and may not use your data for their own purposes. These service providers include Veeva Systems Inc (the provider of our HCP CRM system), HCP database providers, fulfilment and communications providers, suppliers supporting payments, accounting services and event suppliers, like event organisers, hotel and transport companies that support us.

Information relevant to Transfers of Value will be shared with the relevant national association on an individual named or aggregate basis, in compliance with the European Federation of Pharmaceutical Industries and Associations (EFPIA) Code of Practice which requires Ipsen to document and publicly disclose direct or indirect Transfers of Value whether in cash, in kind or otherwise provided to you under agreements or services between you and Ipsen.

We also disclose certain information about you, where required to auditors, or government agencies, or in response to authorized information requests, or as otherwise required by laws, regulations, or industry codes.

How long do we keep your personal information?

We will only retain your information in order to meet our operational needs and to comply with legislative requirements for retention in line with Ipsen’s retention policies.

How do we protect your personal information?

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Ipsen and its third-party service providers have put in place appropriate physical, electronic, and organizational procedures to safeguard and secure the information we collect.

Transfer of personal data outside of your home country?

We work all over the world. Therefore, personal data may be processed, accessed, or stored in a country outside the country where you are located, which may not offer the same level of protection of personal data as your home country.

When we transfer personal data to external companies in other countries, or across our International Ipsen entities, we will protect personal data by putting in place appropriate contractual agreements. When we transfer personal data from Ipsen companies in the European Economic Area (“EEA”) to a third country without an adequacy decision from the EU Commission, we will do so on the basis of standard contractual clauses approved by the European Commission. Similarly, we will protect personal data transfers from other countries including the UK and Switzerland using appropriate contractual clauses approved by the relevant authorities in those countries.

What are your rights regarding your information?

You may have the following rights regarding your information depending on the circumstances and applicable legislation:

Right	What does this mean?
1. The right of access	You have the right to obtain access to the information processed by Ipsen.
2. The right to rectification	You are entitled to have your information corrected if it is inaccurate or incomplete.
3. The right to erasure	This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for Ipsen to keep using it. This is not a general right to erasure; there are exceptions.
4. The right to restrict processing	You have rights to ‘block’ or suppress further use of your information in certain circumstances. When processing is restricted, Ipsen can still store your information, but may not use it further.
5. The right to data portability	You have rights to obtain and reuse your personal data in a structured, commonly used, and machine-readable format in certain circumstances.
6. The right to object	You have the right to object to certain types of processing, in certain circumstances.
7. The right to withdraw consent	If we are using your personal data on the basis of your consent, you have the right to withdraw that consent at any time.

If you would like to exercise any of these rights, please use this form.

If you would like to ask us about how we handle your personal data, you can contact our Global Privacy team by contacting dataprivacy(at)ipsen(dot)com

If you are not satisfied with how Ipsen is handling your personal data, or you think that our processing is not compliant with data protection laws you have the right to complain to the relevant data protection supervisory authority.

Ipsen’s lead authority in the EU is the Commission Nationale de l’Informatique et des Libertés (CNIL), 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, FRANCE.

Contact details for data protection authorities in other European countries can be found here:

Our Members | European Data Protection Board (europa.eu)

For other countries, please refer to the local Ipsen website for details.

Patient organizations and industry stakeholders – Privacy Notice

This privacy notice explains how we use personal data related to the people we work with in Patient Organizations and that of other key industry stakeholders (referred to as ‘you’ or ‘your’ in this notice).

Who is the controller of your personal information?

For the purposes of this Global Privacy Notice, Ipsen Pharma SAS, headquartered at 70 Rue Balard, 75015, Paris, France, and its affiliates, are data controllers for the personal data processing described (referred to as Ipsen, we or us in these notices).

Ipsen is an international group of companies. As our headquarters are based in France, this notice is based on GDPR. For information related to Ipsen activity in your country and adherence to local privacy laws, please refer to the Privacy Notices on your country’s Ipsen website, which can be accessed via www.ipsen.com

What personal information do we collect about you?

We hold the following types of information about you, depending on the work we are doing:

Name, email address, telephone numbers
Organisation, role, business contact details
Information about your activities with Ipsen
Interests and professional activities (such as, your professional position and background, event activities, publications, media and social media activities, links to other organisations)
Filming, photographs or recordings

Why are we allowed to collect and use your personal information?

Legal bases

Purposes

Article 6 1 (f) Legitimate interests

We will only use your personal data for specific purposes as needed to support our activities and in our legitimate interests related to stakeholder engagement including:

Identifying key stakeholders
Understanding your interests and where these relate to Ipsen’s work
Managing our activities with you

For our work with Patient Organisations, we will keep your information on a central database to ensure long term and consistent ways of working between Ipsen and Patient Organisations. Keeping track of our data will facilitate any handover changes and continuity within our projects and collaborations, as well as providing transparency in ongoing projects and activities.

Article 6 1 (a) Consent

Where appropriate, when you take part in activity that involves individual filming or testimonials, we will ask for your consent.

Where do we get your personal data from?

Some information is collected directly from you, but we also collect data from public sources such as websites or social media, and from third parties such as consultancy companies.

With whom do we share your personal information?

Information related to you will only be accessed by employees at Ipsen with a relevant and tangible need to see your information. Information related to you may also be made available to other entities within the Ipsen group of companies where this is relevant to our work. We will also potentially, as necessary share data with third parties who work with Ipsen to support our activities, for example, Public Affairs or Healthcare PR consultancies, or other partners with whom we are working on specific projects. These third parties are obliged to protect the security and confidentiality of any personal data and comply with data protection legislation.

How long do we keep your personal information?

We will only retain your information in order to meet our operational needs and to comply with legislative requirements for retention in line with Ipsen’s retention policies.

How do we protect your personal information?

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Ipsen and its third-party service providers have put in place appropriate physical, electronic, and organizational procedures to safeguard and secure the information we collect.

Transfer of personal data outside of your home country?

We work all over the world. Therefore, personal data may be processed, accessed, or stored in a country outside the country where you are located, which may not offer the same level of protection of personal data as your home country.

When we transfer personal data to external companies in other countries, or across our International Ipsen entities, we will protect personal data by putting in place appropriate contractual agreements. When we transfer personal data from Ipsen companies in the European Economic Area (“EEA”) to a third country without an adequacy decision from the EU Commission, we will do so on the basis of standard contractual clauses approved by the European Commission. Similarly, we will protect personal data transfers from other countries including the UK and Switzerland using appropriate contractual clauses approved by the relevant authorities in those countries.

What are your rights regarding your information?

You may have the following rights regarding your information depending on the circumstances and applicable legislation:

Right	What does this mean?
1. The right of access	You have the right to obtain access to the information processed by Ipsen.
2. The right to rectification	You are entitled to have your information corrected if it is inaccurate or incomplete.
3. The right to erasure	This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for Ipsen to keep using it. This is not a general right to erasure; there are exceptions.
4. The right to restrict processing	You have rights to ‘block’ or suppress further use of your information in certain circumstances. When processing is restricted, Ipsen can still store your information, but may not use it further.
5. The right to data portability	You have rights to obtain and reuse your personal data in a structured, commonly used, and machine-readable format in certain circumstances.
6. The right to object	You have the right to object to certain types of processing, in certain circumstances.
7. The right to withdraw consent	If we are using your personal data on the basis of your consent, you have the right to withdraw that consent at any time.

If you would like to exercise any of these rights, please use this form.

If you would like to ask us about how we handle your personal data, you can contact our Global Privacy team by contacting dataprivacy(at)ipsen(dot)com

If you are not satisfied with how Ipsen is handling your personal data, or you think that our processing is not compliant with data protection laws you have the right to complain to the relevant data protection supervisory authority.

Ipsen’s lead authority in the EU is the Commission Nationale de l’Informatique et des Libertés (CNIL), 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, FRANCE.

Contact details for data protection authorities in other European countries can be found here:

Our Members | European Data Protection Board (europa.eu)

For other countries, please refer to the local Ipsen website for details.

Adverse Events, Product Quality Complaints or Medical information enquiries

This privacy notice applies to processing personal data in relation to medical information requests, safety information and product quality complaints. This notice is for individuals requesting or reporting information on their own behalf or on behalf of others.

We understand that privacy is important to you. We are committed to treating your personal information with care and integrity.

Our privacy notice tells you what personal information we collect and how we collect it. It explains what we use your personal information for, how we process it and how we protect your personal information and keep it safe. This privacy notice explains our general practices. However, where local laws or regulations require that we process information differently, or refrain from such processing, we will always comply with the applicable local law.

Ipsen value your privacy. When we say ‘we,’ ‘us’ or ‘our,’ we are referring to Ipsen.

Personal information means any information or piece of information which could identify you either directly (e.g., your name) or indirectly (e.g., a unique identification number).

Who is the controller of your personal information?

For the purposes of this Global Privacy Notice, Ipsen Pharma SAS, headquartered at 70 Rue Balard, 75015, Paris, France, and its affiliates, are data controllers for the personal data processing described (referred to as Ipsen, we or us in this notice).

Ipsen is an international group of companies. As our headquarters are based in France, this notice is based on GDPR. For information related to Ipsen activity in your country and adherence to local privacy laws, please refer to the Privacy Notices on your country’s Ipsen website, which can be accessed via www.ipsen.com

What personal information do we collect about you?

Where the requestor or reporter is a Healthcare Professional (HCP), we will collect and process (as relevant):

Basic information- your name, last name (including prefix or title).
Contact information – information that enables us to contact you e.g., your personal or business email, mailing address, telephone number.
Professional information and experience- information related to your qualifications, areas of expertise, place of practice.

Where the requestor or reporter is a patient or a member of the public, we will process (as relevant)

Basic information- your name, last name (including prefix or title).
Contact information – information that enables us to contact you e.g., your personal or business email, mailing address, telephone number.
Contact details of any HCP who can provide further information.
Patient’s identification data (e.g., initials, age, date/year of birth, gender, weight, height).
Patient’s health data: treatments administered, test results, nature of any side effect(s), personal or family history, associated diseases or events, risk factors, information on the method of prescribing and use of the medicines and on the therapeutic conduct of the prescriber or health professionals involved in the management of the disease or side effect (s).
Patient’s family situation (e.g., information relating to family history and descent, conception, progress, and outcome of pregnancy).
Patient’s habits and behaviours (e.g., addiction, assistance, physical exercise, diet and exercise, dietary behaviour).

Why are we allowed to collect and use your personal information?

The personal data we collect in relation to this privacy notice will be used only for the specific purposes:

Enable the prevention, monitoring, evaluation and management of adverse events or safety issues related to our medicines.
Meet our legal obligation to report adverse events/safety issues to health authorities.
Respond to medical information requests about our medicines.
Monitor product quality complaints, product quality and potential of a market recall.

In the context of medical information:

The legal basis for processing the personal data collected in the context of medical information is Ipsen legitimate interest to respond to your requests or inquiries. The processing of special categories of data, corresponding to your health data, is necessary for reasons of important public interest.

If you provide us with special category data of patient (e.g., about health) when you submit a medical information inquiry, you undertake to inform the patient or, where required, to obtain from the individual the consent to process that data.

The condition for processing special category data in the context of medical information is to meet our legal obligations in relation to public health, or, where required, based on the patient’s consent.

In the context of pharmacovigilance:

The legal basis for processing the personal data collected in the context of pharmacovigilance is to meet relevant legal obligations and applicable health legislation. The processing of special categories of data, corresponding to your health data, is necessary for reasons of important public interest.

In the context of product quality complaints:

The legal basis for processing the personal data collected in the context of product quality complaints is to meet relevant legal obligations and applicable health legislation.

If you provide us personal data of a patient when you make a medical information request, report a side effect/safety issue or product complaint/ quality issue you undertake to provide the link to this Privacy Notice to the individual.

How do we protect your personal information?

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Ipsen and its third-party service providers have put in place appropriate physical, electronic, and organizational procedures to safeguard and secure the information we collect.

With whom do we share your personal information?

We share your personal information on a need-to-know basis and to the extent necessary to follow laws and regulations. We only share your personal information with teams in Ipsen companies who need to see it to do their jobs and fulfil the request made (e.g., to answer a question you have asked the company). This will include service providers who carry out certain activities on our behalf. We will also have to share your personal information with other Ipsen companies to manage our obligations. We will do this only where necessary, and these may include for example:

Any entity who may acquire us or part of our business or brands.
Suppliers managing side effects reports.
Local or Global regulators, courts, governments, and law enforcement authorities.
Professional advisors such as auditors.

Transfer of personal data outside of your home country?

We work all over the world. Therefore, personal data may be processed, accessed, or stored in a country outside the country where you are located, which may not offer the same level of protection of personal data as your home country.

When we transfer personal data to external companies in other countries, or across our International Ipsen entities, we will protect personal data by putting in place appropriate contractual agreements. When we transfer personal data from Ipsen companies in the European Economic Area (“EEA”) to a third country without an adequacy decision from the EU Commission, we will do so on the basis of standard contractual clauses approved by the European Commission. Similarly, we will protect personal data transfers from other countries including the UK and Switzerland using appropriate contractual clauses approved by the relevant authorities in those countries.

How long do we keep your personal information?

We will only retain the personal data, in relation to this privacy notice, for as long as we reasonably need to achieve the purposes described above and as required under applicable laws.

In the context of medical information:

In no instance will your data be retained for longer than 25 years unless there is any legal or regulatory provision requiring otherwise.

In the context of pharmacovigilance:

70 years after the product is withdrawn in the last country where the product is marketed.

In the context of product quality complaints:

Personal data in relation to product quality complaints is kept for a minimum of 5 years.

What are your rights regarding your information?

You may have the following rights regarding your information depending on the circumstances and applicable legislation:

Right	What does this mean?
1. The right of access	You have the right to obtain access to the information processed by Ipsen.
2. The right to rectification	You are entitled to have your information corrected if it is inaccurate or incomplete.
3. The right to erasure	This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for Ipsen to keep using it. This is not a general right to erasure; there are exceptions.
4. The right to restrict processing	You have rights to ‘block’ or suppress further use of your information in certain circumstances. When processing is restricted, Ipsen can still store your information, but may not use it further.
5. The right to data portability	You have rights to obtain and reuse your personal data in a structured, commonly used, and machine-readable format in certain circumstances.
6. The right to object	You have the right to object to certain types of processing, in certain circumstances.
7. The right to withdraw consent	If we are using your personal data on the basis of your consent, you have the right to withdraw that consent at any time.

Contact information.

If you would like to exercise any of these rights, have any questions about this privacy notice, need more information or would like to raise a concern you can contact us as follows:

If you are not a patient, please send us a Data Subject rights request by completing this form.
If you are a patient, please contact Ipsen Global Data Privacy Team at dataprivacy(at)ipsen(dot)com, you should be aware that your identity will be revealed to the Data Protection Team.

If you are not satisfied with how Ipsen is handling your personal data, or you think that our processing is not compliant with data protection laws you have the right to complain to the relevant data protection supervisory authority.

Ipsen’s lead authority in the EU is the Commission Nationale de l’Informatique et des Libertés (CNIL), 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, FRANCE.

Contact details for data protection authorities in other European countries can be found here:

Our Members | European Data Protection Board (europa.eu)

For other countries, please refer to the local Ipsen website for details.

Visitors to our sites – Privacy Notice

This notice provides general information about how personal data is used when you visit one of our sites. Please also refer to any privacy notices provided by the site you are visiting.

Who is the controller of your personal information?

For the purposes of this Global Privacy Notice, Ipsen Pharma SAS, headquartered at 70 Rue Balard, 75015, Paris, France, and its affiliates, are data controllers for the personal data processing described (referred to as Ipsen, we or us in these notices).

Ipsen is an international group of companies. As our headquarters are based in France, this notice is based on GDPR. For information related to Ipsen activity in your country and adherence to local privacy laws, please refer to the Privacy Notices on your country’s Ipsen website, which can be accessed via www.ipsen.com

What personal information do we collect about you?

We will collect the following information about visitors to our sites:

Your name, and email address
Organisation that you work for
Purpose of your visit
Your vehicle registration
Badge number and validity date
Date and times of your visit, exit and entry times and records of which areas of the building you have accessed
Photograph
CCTV images
Records of Health and Safety training, where required
Where necessary, fingerprint data may be required (see below)

We may ask you for ID when you visit one of our sites. We will look at this ID, but we will not record or copy it.

We provide a "Guest Wifi" network for visitors. An IP address is dynamically allocated to your device. The hardware identifier and traffic information (sites visited, duration and dates) are logged for security reasons.

Why are we allowed to collect and use your personal information?

Legal bases	Purposes
Article 6 1 (f) Legitimate interests	The information we collect from you is used to ensure the security of access to our premises, and to protect health and safety on our sites. The CCTV surveillance system is used to assist in providing secure and safe site management. We may also use CCTV images in relation to preventing, investigating and detecting possible non-compliance with company regulations and procedures or to contribute to investigations of potential criminal activity and anti-social activity.
Article 6 1 (c) Legal obligations	Certain areas at some of our sites require additional security measures to ensure your safety and to protect the activities in our facilities. For these areas, we may also require use fingerprints as part of access control systems for highly secure areas, where we have a legal obligation to maintain this level of security**. We may also be required to disclose certain personal data, such as CCTV images, for legal purposes in some situations.
Article 6 1 (a) Consent	**If we use fingerprint data to access certain site areas or systems where we are not under a legal obligation to do so, but have a legitimate and necessary reason to use this approach, we will ask for your consent for this, where it is appropriate to do so.

Where do we get your personal data from?

We will usually collect your personal data directly from you when you visit our site, but we may sometimes obtain your personal data from your employer.

With whom do we share your personal information?

Information related to you will only be accessed by employees at Ipsen with a relevant and tangible need to see your information, such as our reception team and site management and security staff.

We will also, as necessary, use third party systems to support visitor, building access processes or security services. These third parties are obliged to protect the security and confidentiality of any personal data and comply with data protection legislation.

CCTV recordings may be disclosed to authorised agencies to support investigations. The recorded data may be disclosed to site management and Ipsen’s global security team to support investigations relating to health, safety or security issues on the site. In some circumstances we may be required to disclosure CCTV images to the police.

How long do we keep your personal information?

We will only retain your information in order to meet our operational needs and to comply with legislative requirements for retention, in line with Ipsen’s retention policies.

CCTV images are retained for 30 days. However, in the event of an incident related to the safety of people and property, CCTV images may be extracted and then kept on another medium for the time it takes to settle and keep appropriate records of the incident.

How do we protect your personal information?

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Ipsen and its third-party service providers have put in place appropriate physical, electronic, and organizational procedures to safeguard and secure the information we collect.

Transfer of personal data outside of your home country?

We work all over the world. Therefore, personal data may be processed, accessed, or stored in a country outside the country where you are located, which may not offer the same level of protection of personal data as your home country.

When we transfer personal data to external companies in other countries, or across our International Ipsen entities, we will protect personal data by putting in place appropriate contractual agreements. When we transfer personal data from Ipsen companies in the European Economic Area (“EEA”) to a third country without an adequacy decision from the EU Commission, we will do so on the basis of standard contractual clauses approved by the European Commission. Similarly, we will protect personal data transfers from other countries including the UK and Switzerland using appropriate contractual clauses approved by the relevant authorities in those countries.

What are your rights regarding your information?

You may have the following rights regarding your information depending on the circumstances and applicable legislation:

Right	What does this mean?
1. The right of access	You have the right to obtain access to the information processed by Ipsen.
2. The right to rectification	You are entitled to have your information corrected if it is inaccurate or incomplete.
3. The right to erasure	This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for Ipsen to keep using it. This is not a general right to erasure; there are exceptions.
4. The right to restrict processing	You have rights to ‘block’ or suppress further use of your information in certain circumstances. When processing is restricted, Ipsen can still store your information, but may not use it further.
5. The right to data portability	You have rights to obtain and reuse your personal data in a structured, commonly used, and machine-readable format in certain circumstances.
6. The right to object	You have the right to object to certain types of processing, in certain circumstances.
7. The right to withdraw consent	If we are using your personal data on the basis of your consent, you have the right to withdraw that consent at any time.

If you would like to exercise any of these rights, please use this form.

If you would like to ask us about how we handle your personal data, you can contact our Global Privacy team by contacting dataprivacy(at)ipsen(dot)com

If you are not satisfied with how Ipsen is handling your personal data, or you think that our processing is not compliant with data protection laws you have the right to complain to the relevant data protection supervisory authority.

Ipsen’s lead authority in the EU is the Commission Nationale de l’Informatique et des Libertés (CNIL), 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, FRANCE.

Contact details for data protection authorities in other European countries can be found here:

Our Members | European Data Protection Board (europa.eu)

For other countries, please refer to the local Ipsen website for details.

Websites and apps’ users – Privacy Notice

This privacy notice describes how personal data is used when visiting this website.

Who is the controller of your personal information?

For the purposes of this Global Privacy Notice, Ipsen Pharma SAS, headquartered at 70 Rue Balard, 75015, Paris, France, and its affiliates, are data controllers for the personal data processing described (referred to as Ipsen, we or us in this notice).

Ipsen is an international group of companies. As our headquarters are based in France, this notice is based on GDPR. For information related to Ipsen activity in your country and adherence to local privacy laws, please refer to the Privacy Notices on your country’s Ipsen website, which can be accessed via www.ipsen.com

What personal information do we collect about you?

We only collect the minimum amount of personal data we need to run this website, manage security, track usage and manage users.

If you submit a contact us form, or sign up for further contacts or a newsletter, we will collect basic information to manage your request, such as:

Name
Email address
Role or job title
Country
Your query

This website also collects data using cookies or other tracking technology. Through this we collect technical data, such as IP address, type of browser used, operating system, domain name and where visitors have come to the website from. We also collect information about the pages visited by users on the web, access time and time spent on each page, analysis of the internal path and other parameters relating to the user's operating system and IT environment. Such technical data are collected and used in an aggregated form to help us to manage and improve the website.

When you interact with us on social media, you might provide us with some information from your social media profiles such as your name, email address or social media identifiers. See the Cookie Policy for the website you are visiting for more information.

Why are we allowed to collect and use your personal information?

Legal bases	Purposes
Article 6 1 (f) Legitimate interests	We will process personal data in Ipsen’s legitimate interests to: maintain and monitor this website ensure the website are functions properly maintain the security and integrity of the website respond to your requests or enquiries perform website analytics and measure website performance for audits or monitoring Where necessary, personal data may be used in Ipsen’s legitimate interest to determine liability in the event of alleged IT or electronic crimes that cause damage to the website.
Article 6 1 (c) Legal obligation	We have a legal obligation to keep informed of any side effects, or adverse events or quality issues with our products. So, if you provide us with information about this via a website form, we will process this information on the basis of that legal obligation. There is a full privacy notice related to this on our privacy page.
Article 6 1 (a) Consent	Before we can use certain types of ‘optional’ cookies or similar tracking technology, we will ask for your consent.

Where do we get your personal data from?

We collect any personal data entered when you submit a web from on this website directly from you.

We will collect some personal data indirectly, through the use of cookies and similar technologies. Please see the Cookie Policy for this website for more information.

With whom do we share your personal information?

Ipsen may need to share your personal data with the following authorised third parties:

Ipsen and its affiliates
Selected suppliers, service providers or vendors acting upon Ipsen’s instructions for website hosting, data analysis, order fulfilment, information technology and related infrastructure provision, customer service, email delivery, auditing, etc.
Legal or administrative authorities: as required by applicable laws including laws outside your country of residence
Potential acquirers and other stakeholders in the event of a merger, legal restructuring operation such as, acquisition, joint venture, assignment, spin-off or divestitures

Your personal data will not be sold, shared or otherwise distributed to third parties without an appropriate legal basis, or where we are required to do so because of an applicable law, court order or governmental regulation, or if such disclosure is otherwise necessary in support of any criminal or other legal investigation or proceeding here or abroad.

How long do we keep your personal information?

We will only retain your personal information in order to meet our operational needs and to comply with legislative requirements for retention in line with Ipsen’s retention policies. Any personal data collected from cookies or similar technologies will only be retained for 13 months.

Links to other websites

When visiting this website, you may also be able to use links to go to other websites, or you may be directed to other websites hosted by third parties. Ipsen is not responsible for how any third-party websites use your personal data, please review the privacy policies of those websites before providing any of your information.

Social media links

To make it possible to incorporate Social Network functions directly within our website (e.g. the “Like” function on Facebook, the “Follow” function on Twitter), some special tools named social plug-ins might be present on our website. All the social plug-ins are marked by the respective social network logo. When you interact with a social plug-in presents on our website (e.g. by clicking the "Like" button) or leaving a comment, the corresponding information is sent by the browser directly to the social network platform (in this example, Facebook) and recorded by it. Please consult the privacy policy of the social network if you would like to have more information about how that platform processes your personal data as well as for details of how to exercise your rights.

Cookies and similar technologies

This website use cookies and similar technologies (“cookies”). Cookies are small data files which are placed on your computer, smartphone or other device. When you enter the website, you can:

Accept the use of cookies; or
Refuse the use of cookies; or
Set your cookies preference.

Please consult our Cookies Policy on the website, for more information.

How do we protect your personal information?

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Ipsen and its third-party service providers have put in place appropriate physical, electronic, and organizational procedures to safeguard and secure the information we collect.

Transfer of personal data outside of your home country?

We work all over the world. Therefore, personal data may be processed, accessed, or stored in a country outside the country where you are located, which may not offer the same level of protection of personal data as your home country.

When we transfer personal data to external companies in other countries, or across our International Ipsen entities, we will protect personal data by putting in place appropriate contractual agreements. When we transfer personal data from Ipsen companies in the European Economic Area (“EEA”) to a third country without an adequacy decision from the EU Commission, we will do so on the basis of standard contractual clauses approved by the European Commission. Similarly, we will protect personal data transfers from other countries including the UK and Switzerland using appropriate contractual clauses approved by the relevant authorities in those countries.

What are your rights regarding your information?

You may have the following rights regarding your information depending on the circumstances and applicable legislation:

Right	What does this mean?
1. The right of access	You have the right to obtain access to the information processed by Ipsen.
2. The right to rectification	You are entitled to have your information corrected if it is inaccurate or incomplete.
3. The right to erasure	This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for Ipsen to keep using it. This is not a general right to erasure; there are exceptions.
4. The right to restrict processing	You have rights to ‘block’ or suppress further use of your information in certain circumstances. When processing is restricted, Ipsen can still store your information, but may not use it further.
5. The right to data portability	You have rights to obtain and reuse your personal data in a structured, commonly used, and machine-readable format in certain circumstances.
6. The right to object	You have the right to object to certain types of processing, in certain circumstances.
7. The right to withdraw consent	If we are using your personal data on the basis of your consent, you have the right to withdraw that consent at any time.

If you would like to exercise any of these rights, please use this form.

If you would like to ask us about how we handle your personal data, you can contact our Global Privacy team by contacting dataprivacy(at)ipsen(dot)com

If you are not satisfied with how Ipsen is handling your personal data, or you think that our processing is not compliant with data protection laws you have the right to complain to the relevant data protection supervisory authority.

Ipsen’s lead authority in the EU is the Commission Nationale de l’Informatique et des Libertés (CNIL), 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, FRANCE.

Contact details for data protection authorities in other European countries can be found here:

Our Members | European Data Protection Board (europa.eu)

For other countries, please refer to the local Ipsen website for details.

Contractors, suppliers and customers – Privacy Notice

This Privacy Notice applies to suppliers, customers and service providers, and their representatives.

Who is the controller of your personal information?

For the purposes of this Global Privacy Notice, Ipsen Pharma SAS, headquartered at 70 Rue Balard, 75015, Paris, France, and its affiliates, are data controllers for the personal data processing described (referred to as Ipsen, we or us in these notices).

Ipsen is an international group of companies. As our headquarters are based in France, this notice is based on GDPR. For information related to Ipsen activity in your country and adherence to local privacy laws, please refer to the Privacy Notices on your country’s Ipsen website, which can be accessed via www.ipsen.com

What personal information do we collect about you?

Depending on our relationship with you, we collect, use and store the following types of personal data about you:

Contact information, name, email address, telephone numbers, postal address
Job function, title, job title and company details and relevant business activity records
Professional qualification or certifications or status information, as relevant
Payment details, bank account details
Records and results of any Health and Safety or Security training undertaken (if visiting our sites)
Car registration, picture and badge number and CCTV footage (if visiting our sites)
System login information (if working on our systems)

Why are we allowed to collect and use your personal information?

Legal bases	Purposes
Article 6 1 (f) Legitimate interests	We will process your personal data, where relevant to the activity, for Ipsen’s legitimate interests in undertaking the following: Sharing data as needed as part of a tendering or contracting process. Evaluating third-party suppliers to Ipsen in order to identify and mitigate any potential risks, such as using contact information to issue and evaluate risk assessment questionnaires and/or look-up supplier entity information on third-party industry databases. Managing health and safety and security at our sites, including giving access to, and recording information about training we require and CCTV recordings. Giving access to relevant IT resources, tools, and systems. Providing customer service support and dealing with enquiries. Managing audit and declaration requirements. Giving you access to our systems as needed for your interaction with us. Checking qualifications or certifications where relevant. Dealing with possible misconduct or fraud cases.
Article 6 1 (b) Contract	We will use your personal data to manage any contracts we have with you directly, to facilitate the contract and manage payments.
Article 6 1 (c) Legal obligations	Your personal data may be used where necessary, to comply with legal obligations in relation to Health and Safety requirements, such as keeping records of training or incidents.

Where do we get your personal data from?

We collect data about suppliers, customers and service providers either directly from individuals or from their employers. We also collect personal data through our building access systems, training records and through CCTV on sites. We may also collect information from third party industry databases as part of our due diligence activities.

With whom do we share your personal information?

Information related to you will only be accessed by employees at Ipsen with a relevant and tangible need to see your information. Information related to you may also be made available to other entities within the Ipsen group of companies for the purpose of managing our activities with you.

We will also, as necessary, share data with third parties who work with Ipsen to support our activities, for example, audit providers, distributers, payment processors, external lawyers, IT service and system providers. Your personal data may be made available to third parties who work with Ipsen to help provide industry-wide business and/or sustainability ratings, including on Environmental, Social & Governance (ESG) factors. For example, EcoVadis SAS or EcoVadis Inc. These third parties are obliged to protect the security and confidentiality of any personal data and comply with data protection legislation.

How long do we keep your personal information?

We will only retain your information in order to meet our operational needs and to comply with legislative requirements for retention in line with Ipsen’s retention policies.

How do we protect your personal information?

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Ipsen and its third-party service providers have put in place appropriate physical, electronic, and organizational procedures to safeguard and secure the information we collect.

Transfer of personal data outside of your home country?

We work all over the world. Therefore, personal data may be processed, accessed, or stored in a country outside the country where you are located, which may not offer the same level of protection of personal data as your home country.

When we transfer personal data to external companies in other countries, or across our International Ipsen entities, we will protect personal data by putting in place appropriate contractual agreements. When we transfer personal data from Ipsen companies in the European Economic Area (“EEA”) to a third country without an adequacy decision from the EU Commission, we will do so on the basis of standard contractual clauses approved by the European Commission. Similarly, we will protect personal data transfers from other countries including the UK and Switzerland using appropriate contractual clauses approved by the relevant authorities in those countries.

What are your rights regarding your information?

You may have the following rights regarding your information depending on the circumstances and applicable legislation:

Right	What does this mean?
1. The right of access	You have the right to obtain access to the information processed by Ipsen.
2. The right to rectification	You are entitled to have your information corrected if it is inaccurate or incomplete.
3. The right to erasure	This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for Ipsen to keep using it. This is not a general right to erasure; there are exceptions.
4. The right to restrict processing	You have rights to ‘block’ or suppress further use of your information in certain circumstances. When processing is restricted, Ipsen can still store your information, but may not use it further.
5. The right to data portability	You have rights to obtain and reuse your personal data in a structured, commonly used, and machine-readable format in certain circumstances.
6. The right to object	You have the right to object to certain types of processing, in certain circumstances.
7. The right to withdraw consent	If we are using your personal data on the basis of your consent, you have the right to withdraw that consent at any time.

If you would like to exercise any of these rights, please use this form.

If you would like to ask us about how we handle your personal data, you can contact our Global Privacy team by contacting dataprivacy(at)ipsen(dot)com

If you are not satisfied with how Ipsen is handling your personal data, or you think that our processing is not compliant with data protection laws you have the right to complain to the relevant data protection supervisory authority.

Ipsen’s lead authority in the EU is the Commission Nationale de l’Informatique et des Libertés (CNIL), 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, FRANCE.

Contact details for data protection authorities in other European countries can be found here:

Our Members | European Data Protection Board (europa.eu)

For other countries, please refer to the local Ipsen website for details.

Job Applicants – Privacy Notice

This privacy notice explains how we use personal data during recruitment processes.

Who is the controller of your personal information?

For the purposes of this Global Privacy Notice, Ipsen Pharma SAS, headquartered at 70 Rue Balard, 75015, Paris, France, and its affiliates, are data controllers for the personal data processing described (referred to as Ipsen, we or us in this notice).

Ipsen is an international group of companies. As our headquarters are based in France, this notice is based on GDPR. For information related to Ipsen activity in your country and adherence to local privacy laws, please refer to the Privacy Notices on your country’s Ipsen website, which can be accessed via www.ipsen.com

What personal information do we collect about you?

When you apply for a job at Ipsen, we will collect the following types of personal data:

Name and contact details, including email, phone number, home address
Academic and professional qualifications
Information about your skills and expertise
Information about your work history
Application letter, remuneration levels, and availability
Your right to work in the country that in which the job will be located
Details about your most recent employer and / or referees

We will record information about you on our careers systems and we will keep records of our interactions with you and notes about any interviews we carry out with you. We may also hold information about any assessments or tasks we ask you to complete during the application process. If you are successful, we will record details of your offer.

If you accept a role with Ipsen, we will then load your data onto our HR system. Before you start at Ipsen, we may complete background checks as relevant to the role. To carry out these checks we will request documents and information from you as relevant to the checking process, such as:

identity documents e.g. identity card, passport
evidence of academic and professional qualifications documents
and other information relevant to the role and position in the company.

Why are we allowed to collect and use your personal information?

Legal bases	Purposes
Article 6 1 (f) Legitimate interests	We collect and use your personal data for our legitimate interests to process your application, to make decisions about shortlisting and to contact you during the application process. We will also share data with any third parties that may be assisting us with the recruitment process. We may ask you to complete assessments or tasks during the application process and we will keep personal data about that to help us to make a decision.
Article 6 1 (b) Contract	If you are offered a post, we will process your personal data to take steps to prepare for a contract with you, including: to send you messages, information or meeting invitations before you start to prepare and agree your contract to make organisational arrangements for you to start at Ipsen, such as setting you up on our IT systems to share your personal data with any third parties that work with us to provide any benefits.
Article 6 1(c) Legal obligations	We may be required to make checks on your right to work in the relevant country, by collecting documents or information from or about you. Where this is required by law, we will process this data on the basis of our legal obligations.

Where we process special category personal data about you, we do so in line with the relevant conditions for processing this type of data, as follows:

Condition for processing	Purposes
Article 9 2 (b) Employment rights	Where necessary we may need to process certain special category data, such as health, or ethnicity information during the recruitment process for a range of purposes, such as: to check your right to work in the country to carry out background checks on your health as relevant to your role to make special arrangements for your interview in some countries (where permitted) we may collect ethnicity data, which we only use in aggregated form to monitor equality

Condition for processing

Purposes

Article 9 2 (b) Employment rights

Where necessary we may need to process certain special category data, such as health, or ethnicity information during the recruitment process for a range of purposes, such as:

to check your right to work in the country
to carry out background checks on your health as relevant to your role
to make special arrangements for your interview
in some countries (where permitted) we may collect ethnicity data, which we only use in aggregated form to monitor equality

Where do we get your personal data from?

We collect personal information about you when you enter your details or upload your CV and other information about yourself when applying for a job. Ipsen also collects data about applicants from recruitment agencies and from recruitment platforms such as “LinkedIn” or other online job boards we decide to use.

With whom do we share your personal information?

Personal data related to you will only be accessed by HR, the hiring manager or other relevant managers, IT and only others who have a legitimate need to access your personal data.

Your personal information is shared with relevant staff in other entities in the Ipsen group where necessary and with third parties who process personal data on behalf of Ipsen within the scope of the purposes mentioned in this Notice.

We will ensure that the third parties we use adequately protect the information entrusted to them and these third parties will be bound by data protection contract clauses, as appropriate to our respective roles. Ipsen will only provide those companies the personal data they need to deliver the service.

We work with third parties in relation to recruitment and starting up relationships with new starters, for the following types of activity:

recruitment agencies assisting with aspects of the recruitment process
technology providers processing recruitment data
background check providers

How long do we keep your personal information?

We will keep your personal data for no longer than necessary to fulfil the purpose for which it was collected and to meet any legal or regulatory provision requiring otherwise.

If you are not successful in your application, your personal data will be stored on our Careers system for two years in order to recontact you for other relevant opportunities. If you do not want us to keep your personal data in this way, please see our careers website portal for how to do this, or you can use this form.

How do we protect your personal information?

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Ipsen and its third-party service providers have put in place appropriate physical, electronic, and organizational procedures to safeguard and secure the information we collect.

Transfer of personal data outside of your home country?

We work all over the world. Therefore, personal data may be processed, accessed, or stored in a country outside the country where you are located, which may not offer the same level of protection of personal data as your home country.

When we transfer personal data to external companies in other countries, or across our International Ipsen entities, we will protect personal data by putting in place appropriate contractual agreements. When we transfer personal data from Ipsen companies in the European Economic Area (“EEA”) to a third country without an adequacy decision from the EU Commission, we will do so on the basis of standard contractual clauses approved by the European Commission. Similarly, we will protect personal data transfers from other countries including the UK and Switzerland using appropriate contractual clauses approved by the relevant authorities in those countries.

What are your rights regarding your information?

You may have the following rights regarding your information depending on the circumstances and applicable legislation:

Right	What does this mean?
1. The right of access	You have the right to obtain access to the information processed by Ipsen.
2. The right to rectification	You are entitled to have your information corrected if it is inaccurate or incomplete.
3. The right to erasure	This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for Ipsen to keep using it. This is not a general right to erasure; there are exceptions.
4. The right to restrict processing	You have rights to ‘block’ or suppress further use of your information in certain circumstances. When processing is restricted, Ipsen can still store your information, but may not use it further.
5. The right to data portability	You have rights to obtain and reuse your personal data in a structured, commonly used, and machine-readable format in certain circumstances.
6. The right to object	You have the right to object to certain types of processing, in certain circumstances.
7. The right to withdraw consent	If we are using your personal data on the basis of your consent, you have the right to withdraw that consent at any time.

If you would like to exercise any of these rights, please use this form.

If you would like to ask us about how we handle your personal data, you can contact our Global Privacy team by contacting dataprivacy(at)ipsen(dot)com

If you are not satisfied with how Ipsen is handling your personal data, or you think that our processing is not compliant with data protection laws you have the right to complain to the relevant data protection supervisory authority.

Ipsen’s lead authority in the EU is the Commission Nationale de l’Informatique et des Libertés (CNIL), 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, FRANCE.

Contact details for data protection authorities in other European countries can be found here:

Our Members | European Data Protection Board (europa.eu)

For other countries, please refer to the local Ipsen website for details.

PRIVACY NOTICE – Media Monitoring

This privacy notice sets out how Ipsen uses media monitoring tools to identify and analyse trends and gather information related to our business. We use this to help us to:

Identify news, trends and developments in our areas of interest and executive leaders;
Understand the effectiveness of our media communications, websites and campaigns so we can adapt and improve our approach;
Track how we are doing as a company in terms of reputation and brand against competitive brands; and
Identify potential crisis related to the Ipsen brand and it’s products as well as communications opportunities in our areas of interest

Who is the controller of your personal information?

For the purposes of this Global Privacy Notice, Ipsen Pharma SAS, headquartered at 70 Rue Balard, 75015, Paris, France, and its affiliates, are data controllers for the personal data processing described (referred to as Ipsen, we or us in this notice).

Ipsen is an international group of companies. As our headquarters are based in France, this notice is based on GDPR. For information related to Ipsen activity in your country and adherence to local privacy laws, please refer to the Privacy Notices on your country’s Ipsen website, which can be accessed via www.ipsen.com

What personal information do we collect about you?

When we run our media monitoring activities, we use keywords and other search parameters to collect information from our own websites and other publicly available sources, such as Wikipedia and social media sites like LinkedIn. Our primary aim is to create aggregated analysis, however through the process of searching content and results we will collect certain personal data incidentally. This includes:

Identification: your name, username, pseudonym, handle, or other identifier;
Professional: your job title or profession (including category of profession, for example “CEO”);

We may also analyse the personal data in individual posts to infer other information about you, in order to group the analyses by different stakeholder groups.

In some cases, we may monitor the performance of the posts of key stakeholders, but we will not use that information to target or contact that person, but rather to meet our aims of understanding volume of relevant content.

Why are we allowed to collect and use your personal information?

We process personal data in media monitoring activity for the following legal bases.

Article 6 1 (f) Legitimate interests

Personal data obtained through media monitoring activities is processed under Ipsen’s legitimate business interests in

Understanding how effective our media strategies are
Gathering information about our reputation in relation to our areas of interest
Compare and benchmark performance of communications related to our leaders vs the leaders of competitive companies
Understanding what our key stakeholders are concerned with; and Tracking trends, news and developments in our areas of interest.

Article 6 1 (c) Legal Obligation

Our media monitoring tools may pick up reports of adverse events, or side effects related to our medicines. If this happens, we will process that data on the basis of our legal obligations to manage such cases.

Where we collect special categories of personal data about you, we need an additional legal basis. If the personal data is related to adverse events or side effects, we will rely on GDPR (EU and UK) Article 9 2 (i), which is about managing the quality and safety of medicines.

If we come across other special category data during monitoring activity (though this is not our aim or intention), then we will rely on the fact that such data has been manifestly made public, which is Article 9 2 (e).

We will not use any of this data to target and profile you on the basis of sensitive categories of personal data (e.g. health status, sexual orientation, political beliefs, etc.).

Where do we get your personal data from?

In our media monitoring activity, we collect data indirectly by running keyword and targeted searches on a range of publicly available sources. This includes Online News Sites, Websites, Forums, Wikipedia, LinkedIn, X, Instagram, YouTube and Facebook. For example, we may collect information on how users on X or LinkedIn comment on Ipsen as a company or on specific campaigns, such as one of our disease areas.

We will only obtain data, based on the privacy settings you have set on any social media sites you use. You can control these settings on the social media sites themselves and you can also refer to their privacy notices or policies to check how your personal data is used by each platform.

We analyze media using a range of tools including Brandwatch, Google Trends and Keywordtool.io. We also access content through the developers API provided from one each social media sites LinkedIn, X, Instagram, YouTube and Facebook. We analyze key areas of interest, topics and themes which may include personal data, as described above.

We also track activities on our own websites using analytics software Piwik PRO (see the website user privacy notice for more information on this, and the pop-ups that appear on our websites when you visit them).

With whom do we share your personal information?

The main focus of our media monitoring activity is to create aggregated analyses that does not contain personal data. However, personal data is included, during the process to create those reports and we may also track some very key stakeholders’ activity. When we do have access to personal data, we ensure that it is only accessed by authorised employees at Ipsen, with a relevant and tangible need to access the information.

We also work with suppliers who, when relevant may have access to personal data. When we do this, we ensure that these suppliers have appropriate technical and organisational measures in place and that they only process the personal data on Ipsen’s instructions. For media monitoring, we will work with Burson and they will sub-contract with Brandwatch to carry out our media searches. To find out how Brandwatch processes personal data, please see their author privacy statement on their website (Brandwatch).

How long do we keep your personal information?

We will only retain your information for the duration of up to 6 months, in order to meet our operational needs and to comply with legislative requirements for retention in line with Ipsen’s retention policies.

How do we protect your personal information?

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Ipsen and its third-party service providers have put in place appropriate physical, electronic, and organizational procedures to safeguard and secure the information we collect.

Transfer of personal data outside of your home country?

We work all over the world. Therefore, personal data may be processed, accessed, or stored in a country outside the country where you are located, which may not offer the same level of protection of personal data as your home country.

When we transfer personal data to external companies in other countries, or across our International Ipsen entities, we will protect personal data by putting in place appropriate contractual agreements. When we transfer personal data from Ipsen companies in the European Economic Area (“EEA”) to a third country without an adequacy decision from the EU Commission, we will do so on the basis of standard contractual clauses approved by the European Commission. Similarly, we will protect personal data transfers from other countries including the UK and Switzerland using appropriate contractual clauses approved by the relevant authorities in those countries.

What are your rights regarding your information?

You may have the following rights regarding your information depending on the circumstances and applicable legislation:

What are your rights regarding your information?

You may have the following rights regarding your information depending on the circumstances and applicable legislation:

Right	What does this mean?
1. The right of access	You have the right to obtain access to the information processed by Ipsen.
2. The right to rectification	You are entitled to have your information corrected if it is inaccurate or incomplete.
3. The right to erasure	This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for Ipsen to keep using it. This is not a general right to erasure; there are exceptions.
4. The right to restrict processing	You have rights to ‘block’ or suppress further use of your information in certain circumstances. When processing is restricted, Ipsen can still store your information, but may not use it further.
5. The right to data portability	You have rights to obtain and reuse your personal data in a structured, commonly used, and machine-readable format in certain circumstances.
6. The right to object	You have the right to object to certain types of processing, in certain circumstances.
7. The right to withdraw consent	If we are using your personal data on the basis of your consent, you have the right to withdraw that consent at any time.

Contact information

If you would like to exercise any of these rights by contacting us at Ipsen, please use this form.

However, please be aware that we may not be able to identify you through the information that has been processed for us, and so we may need to ask for further information from you to be able to deal with your request.

Where your personal data has come from posts on social media, you have control over what you want to post on those sites and how you make that available via the site’s privacy settings. You can also exercise your rights directly with those social media sites and also with Brandwatch directly, by referring to the relevant information on their websites.

If you would like to ask us about how Ipsen handles your personal data, or have any concerns or questions, you can contact our Global Privacy team at dataprivacy(at)ipsen(dot)com

If you are not satisfied with how Ipsen is handling your personal data, or you think that our processing is not compliant with data protection laws you have the right to complain to the relevant data protection supervisory authority.

Our lead data protection supervisory authority is:

The Commission Nationale de l’Informatique et des Libertés (CNIL), 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, FRANCE.

Global Privacy Policy

Individual Privacy Notices

Healthcare Professionals - Privacy Notice

Patient organizations and industry stakeholders – Privacy Notice

Visitors to our sites – Privacy Notice

Websites and apps’ users – Privacy Notice

Contractors, suppliers and customers – Privacy Notice

Job Applicants – Privacy Notice

Privacy Notice – Media Monitoring

Who is the controller of your personal information?

What personal information do we collect about you?

Why are we allowed to collect and use your personal information?

Legal bases

Purposes

Where do we get your personal data from?

With whom do we share your personal information?

How long do we keep your personal information?

How do we protect your personal information?

Transfer of personal data outside of your home country?

What are your rights regarding your information?

Who is the controller of your personal information?

What personal information do we collect about you?

Why are we allowed to collect and use your personal information?

Where do we get your personal data from?

With whom do we share your personal information?

How long do we keep your personal information?

How do we protect your personal information?

Transfer of personal data outside of your home country?

What are your rights regarding your information?

Adverse Events, Product Quality Complaints or Medical information enquiries

Who is the controller of your personal information?

What personal information do we collect about you?

Why are we allowed to collect and use your personal information?

How do we protect your personal information?

With whom do we share your personal information?

Transfer of personal data outside of your home country?

How long do we keep your personal information?

What are your rights regarding your information?

Contact information.

Who is the controller of your personal information?

What personal information do we collect about you?

Why are we allowed to collect and use your personal information?

Where do we get your personal data from?

With whom do we share your personal information?

How long do we keep your personal information?

How do we protect your personal information?

Transfer of personal data outside of your home country?

What are your rights regarding your information?

Who is the controller of your personal information?

What personal information do we collect about you?

Why are we allowed to collect and use your personal information?

Where do we get your personal data from?

With whom do we share your personal information?

How long do we keep your personal information?

Links to other websites

Social media links

Cookies and similar technologies

How do we protect your personal information?

Transfer of personal data outside of your home country?

What are your rights regarding your information?

Who is the controller of your personal information?

What personal information do we collect about you?

Why are we allowed to collect and use your personal information?

Where do we get your personal data from?

With whom do we share your personal information?

How long do we keep your personal information?

How do we protect your personal information?

Transfer of personal data outside of your home country?

What are your rights regarding your information?

Who is the controller of your personal information?

What personal information do we collect about you?

Why are we allowed to collect and use your personal information?

Where do we get your personal data from?

With whom do we share your personal information?

How long do we keep your personal information?

How do we protect your personal information?

Transfer of personal data outside of your home country?

What are your rights regarding your information?

Who is the controller of your personal information?

What personal information do we collect about you?