In connection with our business (such as scientific research, development, manufacturing, sales, etc.), we will collect the following personal data.
The categories of data subject
- Healthcare Professionals (HCP): Doctors, nurses, other health care professionals, etc.
- Business Partners: Vendors, Contractors, suppliers, other business partners along with their representatives or staff members, etc.
- Patients: Patients (former or current), potential patients, parents or guardians and caregivers, etc. and members and staff of patient advocacy groups
- Members of the Public: users of public-facing websites, mobile apps, other online platforms, etc or who attend our business or premises
The categories of personal data
- Personal details: name, address, phone number, e-mail address, gender, country of birth/residence, nationality, citizenship, employment status, and family status, etc.
- Financial details: bank account information, payment card details, payment details, income tax details, transaction data, billing information, tax numbers, tax administrative data, etc.
- Voice or Image Data: authorized photographs, videos, recordings, etc.
- Professional Data including occupation, place of work, professional registration number, professional background and interests, medical specialization, professional memberships and affiliations.
- Employment and business information: your position and employer, your work contact details and your interaction with us in your role, including information provided in the course of the contractual or client relationship between you or your organisation and Kyowa Kirin, or otherwise voluntarily provided by you or your organisation.
- Communications content: any other information you may provide in your communications with us.
The categories of sensitive data
- Health and medical records: family medical history, sexual history, sexual orientation, ethnicity, diseases and illnesses, disability, health statistics such as blood pressure, smoking status, alcohol intake, type of dialysis treatment, current therapies, prescriptions and medications, patient type, consumption and usage of equipment and medications, record of hospitalization, laboratory results and adverse reactions to treatment
- Medical Photographs and images: medical images including radiology scans and other such visual representations.
- Physiological and Physical Data: activity data gathered through self-report in dedicated apps, wearables, or other technology.
Please note that the definition and scope of categories of sensitive data may vary in different jurisdictions, and we will determine the scope of sensitive data based on the legal and regulatory requirements and industry practices in each jurisdiction and provide the corresponding protection accordingly. Where local law of a jurisdiction of which you are a resident defines certain types of personal data as sensitive data (or equivalent meaning), such definitions and the corresponding rights you are entitled to shall apply in relation to our processing of your sensitive data.
We will collect your personal data from you, companies or organizations to which you belong, or websites or other media to which you have registered to disclose information. We may also collect your data from the following sources:
- Your engagements with other Kyowa Kirin entities, or Kyowa Kirin websites or services. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on this site.
- Healthcare professionals or pharmacies, particularly in relation to safety/adverse event reports or engagements through clinical trials or early access programs or where there has been a complaint;
- Third parties we work with (including, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics, providers, search information providers, credit reference agencies, etc.) If you are a health care professional, we receive information about your professional life (such as medical specialisation and professional background) from third party sources, including Clinical Research Organisations.
- Other organizations you have provided permission to share with us.
- Publicly available sources (where possible) to keep your information up to date (Post Office’s National Change of Address Database or any professional registration database)
- Occasionally purchasing the contact information of people who might be interested in hearing from us. We only contact people who have actively expressed an interest in receiving information from third parties.
- We may receive information about you if you apply for a vacancy at Kyowa Kirin, particularly from any third party recruitment agency or website you have engaged with for this purpose.
We are required to have a lawful basis to process your data. We explain each of these legal bases below. We also set out the purposes for which we process your data. For each purpose, we explain the legal bases for that processing, the processing operations that we carry out and the categories of data that we process. Please note that the legal bases under data protection laws may vary from jurisdiction to jurisdiction. We will only process your data in accordance with the applicable legal bases required by the laws and regulations in your jurisdiction.
Legal bases relied on by Kyowa Kirin for processing described in this privacy notice
- Consent – sometimes we ask for your consent to use your data.
- Contract – if we have an agreement in place with you, we may process your data where it is necessary for us to meet our obligations or enforce our rights under the contract.
- Legitimate interest – we can process your data when this is necessary for us to achieve a legitimate business purpose, or where this is necessary for someone else to achieve their legitimate purpose. We explain below what interests we, or others, are trying to achieve when we process your data. Where we process personal data on the basis of a legitimate interest, then we consider what the impact of the processing will be on affected individuals to determine whether those individuals’ interests outweigh our interests in the processing taking place.
- Legal obligation – we have obligations to comply with legal and regulatory requirements under various applicable laws. In certain cases, we have to use your data to meet these obligations.
- Publicly-available data – where permitted by applicable laws, we may use your data already publicly disclosed either by you or otherwise legally publicized in a reasonable manner as prescribed by the applicable law.
We process your personal data for the following purposes described in the following chart, relating to your online and offline interactions with us regarding our services, products and wider business activities. Data that is mandatory is indicated on relevant forms that you complete or communicated by us separately. Where provision of data is mandatory, if relevant data is not provided, then we will not be able to fulfil your requests. All other provision of your information is optional.
You can see this table by scrolling horizontally.
|Main Purposes||Data subject||Items of personal data||Legal basis (EU and UK)|
|Carrying out clinical studies, sponsoring clinical trials and wider research studies and carrying out our own clinical research and engaging with necessary regulatory inspections, audits and reporting obligations connected with clinical research||HCPs, Patients, Business Partners||Personal details, Professional Data (of HCPs), Employment and Business details, Communications content, Health and medical records, Photographs and medical images, Physiological and Physical Data (of Patients).||This processing is based on the necessity for our legitimate interests for the purposes of improving health care products and services and conducting scientific research. Some of our processing in connection with clinical studies is also necessary when we have a respective legal obligation under medical laws. Under limited circumstances, where this is required by applicable law, we will rely on your (explicit) consent. More details about our processing and lawful basis are likely to be available in study specific documentation.|
|Medical affairs work, including organization of Advisory Boards, communicating scientific and clinical information to the medical community, maintaining external relationships with key leaders within the scientific community, patient groups, and other authorities and carrying out market research and other research studies||HCPs, Patients, Business Partners||Personal details, Professional Data (of HCPs), Employment and Business Details, Communications content, Health and medical records Photographs and medical images, Physiological and Physical Data (of Patients).||This processing is based on the necessity for our legitimate interests in maintaining and improving our relationships with the medical community. We may process data on the basis of consent if this is required to contact you about our medical affairs work. Where medical information is held about members of patient groups, this will be based on your (explicit) consent.|
|Pharmacovigilance work, including collecting information on adverse events, investigating the adverse event, complying with regulatory reporting requirements, corporate drug safety, quality assurance and pharmacovigilance obligations, managing complaints, and complying with any other connected pharmacovigilance, drug safety and other applicable regulations||HCPs, Patients, Business Partners||Personal details, Professional data (of HCPs), Employment and Business Details, Communications content (of patients): Health and medical records, Photographs and medical images, Physiological and physical data||This processing is primarily processed on the basis of our legal obligations, and processing of health data in the public interest in accordance with law. Where we have no direct legal obligations, we process the data in order to meet our legitimate interest in ensuring the safety of our products. Where required by law, we may rely on your explicit consent.|
|Entering into and performing a contract with you, including processing payments and transactions||HCPs, Patients, Business Partners||Personal details, Financial details, Communications content.||This processing is based on the necessity for the performance of a contract with you as an individual or is necessary to achieve our legitimate interests of conducting business with your employer. Sometimes, we rely on legal obligations under medical laws.|
|Managing our business, site and services, engaging with and understanding our customers and the medical community Organising events and conferences, including international events and webinars.
Marketing and advertising campaigns
Tracking statistics and trends on our website as well as through other digital and offline interactions
Investigating any complaints received from you or from others, about our website or our products or services
|Managing security concerns, both on our website and at our premises and in relation to our staff||HCPs, Business Partners, Members of the Public; Patients||Personal details; Technical and Usage Data, Employment and Business details||We have a legitimate interest in ensuring everyone that accesses our website or attends our premises or business events or is a member of our staff is kept safe and that we maintain security across our offerings and websites.|
|Processing your job or role application||HCPs, Members of the Public, Business Partners||Personal Details, Professional data, Employment and Business data, Communications Content||We collect and use your personal data in accordance with our legitimate interest in processing your application. We store, and where needed, update, your personal information to make informed decisions on recruitment and assess your suitability for the role, to communicate with you about your application, to respond to your inquiries and schedule interviews, and to reimburse you for any agreed expenses incurred in the application process.
We have a legitimate interest in carrying out appropriate checks to verify the information provided by candidates. We verify the details you have supplied and, where applicable, conduct pre-employment background checks. We will ask for your consent where this is required by law to carry out certain checks, or to provide certain adjustments for example for your disability.
|Protecting our business interests, and legal rights, including in connection with legal claims, compliance, regulatory, auditing, investigative and disciplinary purposes and ethics and compliance reporting requirements. We may also use your information where necessary to protect the security of our premises, assets, systems, and intellectual property and enforce company policies, including protecting ourselves from fraud and verifying the individuals with which we interact as appropriate.||All data subjects mentioned in this privacy notice||All personal data mentioned in this privacy notice||We process this personal data based on our legitimate interests in maintaining and protecting our business and legal rights. In exceptional circumstances, where required by local law, we may rely upon your consent.|
We will only disclose your personal data as necessary to achieve the purposes set out in this privacy notice, including to the following recipients:
- A member of our group where we have a legal basis for doing so.
- Companies who provide services to us or on our behalf, answering questions about products or services, sending mail and emails, patient analysis, assessment and profiling and when using auditors or other professional advisors.
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
- Analytics and search engine providers that assist us in the improvement and optimization of our site.
- IT service providers.
- Clinical Research Organizations.
- Healthcare Professionals.
- Other organizations, including universities, when we run an event in partnership with such other organizations. In such case, your personal data may need to be shared. We will be very clear about what will happen to your personal data when you register for such events.
- A new entity or purchaser, in the case we merge with another organization or form a new entity. In such case, your personal data may be transferred to that new entity and/or purchaser, including their professional advisors.
- Appropriate third parties where this is necessary to:
- Comply with any court order or other legal obligation or when data is requested by our regulators or by government agencies or law enforcement agencies or is required by any stock exchange rules where a member of the Kyowa Kirin Group is listed.
- Protect the rights, property, or safety of us, our employees or others. This may include exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
When your country of residence is EU/EEA or United Kingdom, depending on the way your personal data is processed, your personal data may also be transferred outside the EU/EEA or United Kingdom. In these cases, we ensure that an adequate level of data protection exists before transferring your personal data. This means that via EU or United Kingdom standard contractual clauses or an adequacy decision or other valid adequacy mechanism, a level of data protection is achieved that is comparable to the standards within the EU or United Kingdom. A copy of the relevant mechanism can be provided for your review on request by contacting us using the details set out below.
Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data indefinitely so that we can respect your request in the future.
As for control of your personal data, we will assign one or more person(s) in charge for the control and security of your personal data and keep all of your personal data under a strictly controlled and secured environment. We will take necessary and appropriate measures to prevent all your personal data from not only leakage, but also unauthorized outside access.
We would like to make sure you are fully aware of all your data protection rights. Depending on where you live, you may be entitled to the following:
- The right to access – You have the right to request that we provide copies of your personal data. We may charge you a small fee for this service.
- The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete any information you believe is incomplete.
- The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
- The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
- The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
- The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
- Right to lodge a complaint with a supervisory authority – You might have the right to lodge a complaint with a supervisory authority against the processing of your personal data if you believe that the processing of your personal data violates data protection regulations.
- Other rights under applicable data and privacy laws and regulations.
In addition, you have the right to object to the processing of your personal data at any time:
- if we process your personal data for direct marketing purposes; or
- insofar as we process your personal data for the pursuit of our legitimate interests and there are grounds based on your particular situation.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, where it would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in applicable national laws, and we will inform you or applicable exemptions in our response to your request.
Where consent is our legal basis for processing your personal data, you have the right to withdraw your consent at any time, and the withdrawal does not affect the lawfulness of processing or transferring based on consent before such withdrawal. If you wish to withdraw your consent, please contact us using the details below.
- Japan - Headquarter
Kyowa Kirin Co., Ltd.
Contact us by using the Inquiry Form below
Or write to us at: Data Protection Officer,
Otemachi Financial City Grand Cube, 1-9-2 Otemachi, Chiyoda-ku, Tokyo 100-0004, Japan
- Singapore - Asia Pacific
Kyowa Kirin Asia Pacific Pte. Ltd.
Contact us by using the Inquiry Form below
Or write to us at: Data Protection Officer,
80 Robinson Road #22-01/01A Singapore 068898
- UK - EMEA
Kyowa Kirin International PLC
Contact us by using the Inquiry Form below
Or write to us at: Data Protection Office
Galabank Business Park, Galashiels, TD1 1QH, United Kingdom
- USA - North America
Kyowa Kirin, Inc.,
Contact us by using the Inquiry Form below
Or write to us at: Privacy Office
510 Carnegie Center, Suite 600, Princeton, New Jersey 08540, USA