Sorry, you need to enable JavaScript to visit this website.

PRIVACY POLICY

Introduction
At CSL (‘we’, ’us’, ’CSL’) we are committed to protecting your privacy. When you use our websites, we will collect certain personal information that may be used to identify you, sometimes referred to as ‘Personal Data’, ‘personal information’ or ‘personally identifiable information’ (collectively ‘Personal Data’).

A list of CSL entities is available at https://investors.csl.com/site/investors/financial-results-and-information/csl-group-legal-entities.

CSL is the ‘data controller’ of the Personal Data we collect. This means that we are responsible for decisions about the collection and use of Personal Data. It also means we are responsible for responding to your questions and requests in relation to the Personal Data we hold about you.

This privacy notice explains how we use the Personal Data we collect when you use our website. It also explains the rights you have in relation to your Personal Data.

On this page you will find the website privacy notice that applies to CSL's operations globally, including additional information for website visitors from the jurisdictions listed below.

  • European Union Privacy Notice
  • United Kingdom Privacy Notice
  • Switzerland Privacy Notice
  • Brazil Privacy Notice
  • Singapore Privacy Notice
  • Japan Privacy Notice
  • Republic of Korea Privacy Notice
  • Quebec Privacy Notice 
  • United States disclosures
  • California Privacy Notice

Categories of Personal Data We Collect and Process
We may collect and process the following types of Personal Data from you when you use our website:

  • Contact details: this is information that allows us to contact you, such as your name, address, telephone numbers, email addresses and social media handles/usernames.
  • Demographic information: this is information about your background, which can help us identify you more precisely such as gender, citizenship, date of birth.
  • Payment information, purchase and account history: if you are a healthcare professional/ provider or a distributor of products we may collect and process information about your account and business with us. This may include information such as credit/debit card details, bank account details, billing addresses and customer numbers, as well as records relating to the products and services which you have purchased from us.
  • Information about your professional activities: this is information on your professional registration number, the dates and types of our interactions with you and the results of those interactions, your approach to our products and to treatments more generally, responses to surveys in which you agreed to participate, information you requested of us and any samples or  information we provided, the services you provided to us, and the compensation or financial support for research and education we may have provided. We also collect information about your medical practice and your areas of professional interest. This includes, for example: information concerning seminars, meetings and events which you attend, your professional activities, expertise and interests, and your concerns about the use of medicinal products, therapeutic affinity, product awareness and preferences.
  • Personal Data in reports and notifications you submit to us: if you submit information to us about our products and services through our website, for example, through a suspected adverse event reporting form, we will collect and process any Personal Data you include within your report.
  • Health data: if you submit health data to us in relation to our products or services, we will collect and process any Personal Data and Sensitive Personal Data you include.
  • Employment information: if you apply for a job vacancy with us, we will collect and process information such as your employment history, references and anything else you may include in the job application form or in any attachments such as CVs.
  • Records of your discussions with us: when you contact us using the contact options on the website (whether by email, phone, an online form or through social media (such as through Twitter or on Facebook), we may keep a record of the information you provide when doing this.
  • How you use our website: we collect and process information about the pages you look at and how you use them.
  • Location information: We collect and store access data that is automatically transmitted to us by your browser when you visit our website. Data recorded for communication between your browser and our web server during a connection may include information concerning your IP address, geographic location, browser used, language and version of the browser software, resources you have accessed and similar information. We use this data to run, maintain and secure our websites and network systems.

From Where We Collect Your Personal Data
We will collect Personal Data from a number of sources. These include:

  • Directly from you: for example, we will collect Personal Data directly from you when you set up an account with us, purchase products or services from us, complete forms we provide to you, make a report or notification about our products or services or contact us by phone, email, or communicate with us directly in some other way (such as through social media).
  • Our website: we will collect information we observe about the way you use our website.
  • Third parties: we may collect Personal Data about you from third parties. This typically includes: credit reference agencies (if we believe this is necessary to facilitate your purchase of products or services from us) or references (if you are applying for a job vacancy with us) or healthcare professional/providers (in relation to your use of our products).

The Purposes for Which We Process Your Personal Data
We collect and use your Personal Data for the purposes described in the below table.

Purpose(s) of processing

Categories of data typically processed for the specified purpose(s)

Legal Basis

Contact and communicate with you in relation to our business, products and services

All the categories of Personal Data listed above

Performance of contract

If you are a healthcare professional/provider or distributor of our products, we will use your Personal Data to manage your account with us, perform credit checks where this is necessary, take payment for our products and services and arrange delivery

Contact details

Payment information, purchase and account history

Records of your discussions with us

Legitimate interest, reasonably handling personal information already disclosed by you

If you contact us with any queries or complaints, we will use your Personal Data to help us respond to you

All the categories of Personal Data listed above

Legitimate interest, compliance with a legal obligation

In the course of investigating misuse of your account, fraud and debt collection

All the categories of Personal Data listed above

Legitimate interest, compliance with a legal obligation

To review our products and services, assess their safety and performance and to develop new products and services

All the categories of Personal Data listed above

Consent or as otherwise specified in the Informed Consent Form

For enrolment and participation in clinical trials

Contact details

Demographic information

Personal Data in reports and notifications you submit to us

Health data

Records of your discussions with us

Legitimate interest, except where consent is required – including for electronic direct marketing

To perform direct marketing (where local law permits)

Contact details and communication preferences

Demographic information

Information about your professional activities

 

Purchase and account history

How you use our website

Any Personal Data you submit to us about products or services you are interested in

Consent

To conduct market research

Contact details

Demographic information

Other Personal Data relevant to the market research being conducted

Consent, Legal obligation, Public interest

If you take part in blood plasma donations and provide information to us in relation to the donation through our website, we will use your Personal Data to facilitate your donation.

Contact details

Health data

(Further information about our collection and use of Personal Data for this purpose will be provided by us in a specific Plasma Donation Privacy Notice where required by law.)

Legal obligation, Public interest

For individuals to report Suspected Adverse events

Contact details

Health data

(Further information about our collection and use of Personal Data for this purpose will be provided by us in a specific Suspected Adverse Event Privacy Notice where required by law.)

Contractual obligation, legal obligation, legitimate interest, human resources management and consent where required

For recruitment and employment

Contact details

Demographic information

Employment information

Performance of contract


Personal Data Consent
Where the legal basis for using your Personal Data is that you have provided your consent, you may withdraw your consent at any time.
You can withdraw your consent by contacting us using the contact details listed below.

How We Will Keep Your Personal Data Secure
We have put in place security measures to protect your Personal Data from being accidentally lost or used, accessed, altered or disclosed in an unauthorized way.

In addition, we limit access to your Personal Data by our employees and service providers, to individuals who need access to perform their job or provide a service to us. They will only use your Personal Data on our instructions and are required to keep your Personal Data confidential.

We have put in place procedures to deal with suspected data security breaches and will notify you and any applicable regulators of breaches in accordance with relevant legal requirements.

How Long We Will Keep Your Personal Data For?
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or reporting requirements.

In some circumstances we may anonymize your Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Who Has Access to Your Personal Data?
We may share your Personal Data with the following:

  • Our staff – your Personal Data will be accessed by our staff but only where this is needed for their job role.
  • Companies in the same group of companies as us - for any of the purposes specified above.
  • Delivery companies - to deliver products that you have ordered from us.
  • Credit reference agencies - so that we can verify your identity, and to provide information on missed or late payments or other activity which may affect your credit score.
  • Other service providers and advisors - such as companies that support our IT, help us analyse the data we hold, process payments, send communications to our customers, provide us with legal or financial advice and help us deliver our services to you.
  • The government or regulatory agencies - where we are required to do so by law or to assist with their investigations or initiatives, including relevant data protection and healthcare regulators. Such parties use the Personal Data for their own purpose and their own privacy notice will apply to the use of the Personal Data they hold.
  • Distributors, license partners or other companies with which we collaborate - for the purposes specified above.

We could disclose your Personal Data to third parties in connection with the sale or transfer of all or part of our business, in which case we would require the third parties to treat those data in accordance with this privacy notice.

We do not disclose Personal Data except as set out above or where we have a legal obligation to do so, or we need to share information to assist with the investigation and prevention of crime. We may provide other third parties with statistical information and analytics but we will make sure that the information is aggregated and no one can be identified from this information before we disclose it.

Do We Export Your Personal Data?
In order to process your Personal Data for the purposes set out in this notice, CSL may be required to transfer your Personal Data to other companies in the same group of companies as us or third parties, as mentioned above, which may be located in jurisdictions that do not offer equivalent levels of data protection. In such cases, your Personal Data will always be processed on behalf of CSL, in accordance with this privacy notice, appropriate standards of security and confidentiality, and will ensure the ability to exercise your rights as a Data Subject under applicable laws. In case of inquiries or requests regarding the processing of your Personal Data and to exercise your rights as a result of this data transfer, please contact privacy@cslbehring.com.

What Rights Do You Have?
Under certain circumstances you may have the right to:

  • Request access to your Personal Data (commonly known as a ‘data subject access request’). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
  • Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate Personal Data we hold about you corrected.
  • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
  • Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You can also object to receiving direct marketing.
  • Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you under certain circumstances, for example if you want us to restrict processing while the accuracy of the Personal Data is being established.
  • Request that we transfer Personal Data that you have provided to us to you or another party.
  • Request not to be subjected to automated decision-making. We will only use automated decision making and profiling for our online operations in limited circumstances.

You can exercise your rights by using the ‘CSL rights portal’ by following this link Data Privacy Request.

Alternatively, you can contact us using the contact details at the end of this notice. We will always aim to help you when you wish to exercise your rights but, in some instances, we may have lawful grounds to reject your request, in which case we will let you know the reasons for the rejection.

We will investigate any request you make immediately and will respond to you within the required local legal timeframe (usually between 10 and 30 days). That period may be extended by us for an amount of time permitted under local law (may be up to two months) where this is needed to help us respond properly (for example, if the request is complicated for us to deal with and we need more time) but we will let you know the reasons for the delay. Please note that we may require you to provide us with additional information and details for us to verify identify and/or assist you in your requests.

If you do not agree with a decision we make in relation to a rights request or believe that we are in breach of data protection laws in your jurisdiction, then you can lodge a complaint with the data protection regulator in your jurisdiction.

Direct Marketing
We will only send you electronic marketing materials if you have provided your consent. If you are a healthcare professional or provider and, depending on the marketing preferences that you indicate to us at the time we collect your Personal Data, we may contact you via post, telephone or electronic methods with information about our products and services. You can opt-out or unsubscribe using the options provided to you within our communications or by contacting us using the contact details at the end of this notice.

Cookies
When you visit our site, CSL may automatically collect information about your device or internet activity through the means of cookies and other technologies, identified in our Cookie Policy. Cookies and similar technologies are small pieces of data (text files) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

  • Essential Cookies: These cookies are necessary for our website to operate properly and enable you to use its features.
  • Strictly Necessary Cookies: These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but this may cause some parts of the website not to work. These cookies do not store any personally identifiable information.
  • Performance Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our website. They help us to know which pages are the most and least popular and see how visitors move around the website. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our website and will not be able to monitor its performance.
  • Functional Cookies: These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these services may not function properly.
  • Targeting Cookies: These cookies may be set through our website by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other websites. If you do not allow these cookies, you will experience less targeted advertising.
  • Social Media Cookies: These cookies are set by a range of social media services that we have added to the website to enable you to share our content with your friends and networks. They are capable of tracking your browser across other websites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies, you may not be able to use or see these sharing tools.

Further, some of our websites and online resources may enable you to download an application, widget, or other tool that you can use on your mobile or other computing device. Some of these tools may store information on your mobile or other device. These tools may transmit Personal Data to CSL to enable you to access your user account and to enable CSL to track use of these tools. Some of these tools may enable you to e-mail reports and other information from the tool. CSL may use Personal or non-identifiable Data transmitted to CSL to enhance these tools, to develop new tools, for quality improvement and as otherwise described in this notice.

Please visit our Cookie Policy page below to manage your cookie preferences.

Google Services
CSL may use Google services such as Google Analytics to improve the experience of our websites and apps. When these services are integrated into our websites and apps, they may share Personal Data and aggregated information with Google. CSL may also set Google-specific cookies on your browser or read cookies that are already there.

Further information about Google Analytics can be found here, and you may opt-out of Google Analytics at any time, here.

Children’s Online Privacy
CSL recognizes the privacy concerns of parents and guardians and the importance of protecting the privacy of Personal Data collected from or about children or minors. This website is operated primarily for the use of healthcare providers, adult consumers and caregivers and is not designed or intended for children or minors.

From time to time, we may offer an online program or activity that allows children or minors to participate. In such instances, we provide additional privacy protections and will only process the Personal Data of children or minors with the express consent of the parent or guardian of the child or minor concerned.

Linked Websites
For your convenience, hyperlinks may be posted on this website that link to other websites (‘Linked Sites’). We are not responsible for, and this Notice does not apply to, the privacy practices of any Linked Sites or of any companies that CSL does not own or control. Linked Sites may collect information in addition to that which we collect on this website. CSL does not endorse any of these Linked Sites, the services or products described or offered on such Linked Sites, or any of the content contained on the Linked Sites. We encourage you to seek out and read each Linked Site’s privacy notice to understand how the Personal Data about you is used and protected.

Contact Us
If you have any questions about how we process your Personal Data or want to exercise any of your rights, you can contact us at: privacy@cslbehring.com

Or, via the CSL rights portal: Data Privacy Request

Updates to this Notice
We may update this notice from time to time to reflect changes in the way we process Personal Data (e.g., if we implement new systems or processes that involve new uses of Personal Data) or to clarify information we have provided in the notice. Our changes will be in accordance with applicable data protection laws.
We recommend that you check for updates to this notice from time to time but we will notify you directly about changes to this notice or the way we use your Personal Data when we are legally required to do so.

Effective as of March 2023

-------------------------------------------------------------------------------------------------------

European Union Privacy Notice

CSL is providing this additional privacy notice to give residents of the European Union additional information required under the European Union General Data Protection Regulation (EU GDPR). in the European Union, this additional privacy notice applies with regard to the protection of Personal Data in addition to the website privacy notice. If this additional privacy notice and the website privacy notice conflict each other, this additional privacy notice will prevail with regard to residents of the European Union.

Do We Transfer Your Personal Data Outside Of The European Union or European Economic Area?
In order to process your Personal Data for the purposes set out in this notice, we may transfer your Personal Data to third parties and other companies in our group which are based outside of the EU and EEA (‘EU/EEA’). Some of these countries, like the United States for example, may not be deemed by the European Commission to provide adequate protection for Personal Data.

To protect your Personal Data and your privacy rights, we will only transfer your information to countries outside of the EU/EEA in accordance with the EU’s General Data Protection Regulation (‘EU GDPR’). This requires that one of the following conditions applies:

  • the European Commission has decided that the country provides an adequate level of protection for your Personal Data (in accordance with Article 45 of the EU GDPR);
  • the transfer is subject to a legally binding and enforceable commitment on the recipient to protect the Personal Data (in accordance with Article 46 of the EU GDPR), such as the EU Standard Contractual Clauses; or
  • the transfer is based on a derogation from the EU GDPR restrictions on transferring Personal Data outside of the EU (in accordance with Article 49 of the EU GDPR).

How You Can Contact CSL In The European Union
If you have data protection related questions specific to CSL in the European Union, or if you wish to obtain a copy of the legal safeguards used when exporting Personal Data, you can reach us via the country and local language specific CSL websites, via email at privacy@cslbehring.com or by writing to the EU/EEA Data Controller at:

Attention: Data Protection Officer CSL Behring GmbH
Philipp-Reis-Str. 2
65795 Hattersheim
Germany

How You Can Contact The Appropriate Authority
Should you wish to report a complaint or you feel that CSL has not addressed your concern in a satisfactory manner, you may find the appropriate European Supervisory Authority for your specific European Union Member State here: https://edpb.europa.eu/about-edpb/about-edpb/members_en

-------------------------------------------------------------------------------------------------------

Privacy Notice for the United Kingdom

This United Kingdom Privacy Notice supplements CSL’s Privacy Notice for its global operations and is intended to provide additional information about how CSL processes your Personal Data in connection with visiting CSL's websites.

Do We Transfer Your Personal Data Outside Of The United Kingdom?

Special Notification for United Kingdom Residents
CSL is providing this additional privacy notice to give residents of the United Kingdom additional information required under the United Kingdom Addendum. In the United Kingdom, this additional privacy notice applies with regard to the protection of Personal Data in addition to the website privacy notice. If this additional privacy notice and the website privacy notice conflict each other, this additional privacy notice will prevail with regard to residents of the United Kingdom.

In order to process your Personal Data for the purposes set out in this notice we may transfer your Personal Data to third parties and other companies in our group which are based outside of the United Kingdom (‘UK’). Some of these countries, like the United States for example, may not be deemed by the competent authority to provide adequate protection for Personal Data. In such cases we ensure that appropriate safeguards are in place to protect your Personal Data such as the EU Standard Contractual Clauses with the UK Addendum issued by the UK Information Commissioner’s Office.

How You Can Contact CSL In The UK:
If you have data protection related questions specific to CSL in the UK, or if you wish to obtain a copy of the legal safeguards used when exporting Personal Data, you can reach us via the UK website at https://www.cslbehring.co.uk/, via email at privacy@cslbehring.com or by writing to UK Data Controller at:

Attention: Data Protection Officer
CSL Behring UK Ltd.
4 Milton Road
Haywards Heath
West Sussex
RH16 1AH, United Kingdom

-------------------------------------------------------------------------------------------------------

Privacy Notice for Switzerland

This Privacy Notice for Switzerland supplements CSL’s Privacy Notice for its global operations and is intended to provide additional information about how CSL processes your Personal Data in connection with visiting CSL´s websites.

Do We Transfer Your Personal Data Outside Switzerland?
In order to process your Personal Data for the purposes set out in this notice we may transfer your Personal Data to third parties and other companies in our group. Some of these parties may be located outside Switzerland, including in the United States and other countries not regarded by the competent authority as providing an adequate level of protection for Personal Data. In such cases we ensure that appropriate safeguards are in place to protect your Personal Data such as the EU Standard Contractual Clauses adapted for Switzerland.

How You Can Contact CSL in Switzerland:
If you have data protection related questions specific to CSL in Switzerland, or if you wish to obtain a copy of the legal safeguards used when exporting Personal Data, you can reach us via email at privacy@cslbehring.com or by writing to the Data Controller for Switzerland at:

Attention: Data Protection Officer
Vifor Pharma Management Ltd.
Flughofstrasse 61
P.O. Box
CH-8152 Glattbrugg
Switzerland

-------------------------------------------------------------------------------------------------------

California

Special Notification for California Residents
CSL is providing this additional privacy notice to give California residents information required by the California Consumer Privacy Act and the California Privacy Rights Act (collectively, the ‘CPRA’). We use your Personal Data and at times, your Sensitive Personal Data, for the purposes listed above and for our everyday business purposes as permitted by CPRA. We do not use or disclose Sensitive Personal Data other than as necessary to perform or provide services as reasonably expected and for other purposes authorized by the CPRA.

Sale and Sharing of Personal Information:
CSL does not sell your Personal Data. CPRA defines a ‘sale’ as disclosing or making available to a third party Personal Data in exchange for monetary or other valuable consideration. Although we do not sell Personal Data to other entities, we do make your Personal Data available in the following circumstances, which could be deemed to be a sale under CPRA: online advertising and analytics from third parties. Our website does allow third party advertising partners to utilize cookies or other technologies to deliver ads to you on other websites. These third parties may collect information about your online activities on our websites, and they may use persistent identifiers to track you across different websites and other online services. If you do not want these third parties to track you on our website, you can delete and/or block specific cookies. Our Cookie Notice allows you to opt-out of all sharing for third party advertising purposes.

California Privacy Rights:
The CPRA provides California residents with the following privacy rights:

  • The right to know what Personal Data and Sensitive Personal Data we collect
  • The right to access your Personal Data
  • The right to correct inaccurate Personal Data
  • The right to request that we delete your Personal Data
  • The right to know what categories of Personal Data are sold to third parties and to opt-out of that sale
  • The right to know what categories of Personal Data are shared with third parties for cross-contextual behavioral targeting and to opt-out that sharing
  • The right to limit the use and disclosure of Sensitive Personal Data, and
  • The right not to be retaliated against for exercising your privacy rights

How You Can Contact CSL in California:
If you are a California resident, and you would like to exercise any of your rights, please:
Email us at Privacy@cslbehring.com
Call us at (833) 704-0018
Visiting our Data Subject Rights Portal at Data Privacy Request

-------------------------------------------------------------------------------------------------------

Brazil

Special Notification for Residents of Brazil
CSL is providing this additional privacy notice to give residents of Brazil information required under Article 9 of the General Data Protection Law (‘LGPD’).
Under the LGPD, you have the following rights:

  • Confirmation that Personal Data is being processed;
  • Access to Personal Data;
  • Correction of incomplete, inaccurate or out-of-date Personal Data;
  • Anonymization, blocking or deletion of Personal Data deemed unnecessary, excessive or treated in breach of the provisions of law;
  • Portability of Personal Data to a third party where appropriately permitted and does not disrupt the use of our intellectual property or trade secrets;
  • Deletion of your Personal Data processed on the basis of consent, to the extent permitted by law;
  • Information about entities with which your Personal Data has been shared;
  • Information about what giving your express consent means as well as the consequences of denying or revoking consent to the processing of your Personal Data; and
  • Withdrawal of consent.

How You Can Contact CSL in Brazil:
If you are a resident of Brazil and you would like to speak with our Data Protection Officer (‘DPO’) or exercise any of your rights, please:
Email us at Privacy@cslbehring.com
Visit our Data Subject Rights Portal at Data Privacy Request

-------------------------------------------------------------------------------------------------------

Republic of Korea

Special Notification for Residents of the Republic of Korea
CSL is providing this additional privacy notice to give residents of the Republic of Korea additional information required under the Personal Information Protection Act. in the Republic of Korea, this additional privacy notice applies with regard to the protection of Personal Data in addition to the website privacy notice. If this additional privacy notice and the website privacy notice conflict each other, this additional privacy notice will prevail with regard to residents of the Republic of Korea.

Collection and Use of Personal Information
CSL has collected Personal Data as follows for the purpose of providing services to website visitors, and the purpose of such collection and use is as below:

Personal Data Collected

Purpose of Data Collection

HCPs: Name, date of birth, name of medical institution of employment, phone number, mobile phone number, fax number, e-mail address, doctor's license number, educational background and career information, resident registration number (limited to cases specifically requested or permitted by law), passport number, bank account number,financial institution account information
  • Appropriateand timely response to customer healthcare issues or inquiries, customer inquiries, and response and handling of complaints, delivery of notifications
  • Medical and scientific research supported by the company
  • Delivery of marketing, medical and pharmaceutical information:marketing or delivery and acquisition of medical information targeting HCPs, such as market research, product seminar, educational activities for other stakeholders and co-marketing partners
  • Signing and implementation contracts: identification of the other party,decision of entering into contract,product supply and payment, fulfillment of contracts for payment of service fees such as lecture fees, advisory fees, and other service fees,business contact within necessary scope for the implementation of the contract,response to defaults on monetary obligations, handling disputes and complaints related to contracts, evidence of contract conclusion and performance,management of contract party, contract details, and payment details
  • Fulfillment of the company's legal and administrative obligations: reporting of adverse events, reporting of re-examination result, reporting and payment of various taxes such as corporate tax and value added tax, and issuance of receipts and tax invoices
  • Internal audit, new product development, improvement of company's products and services
  • Recruitment administration, recruitment related work, and responding to recruitment inquiries

Patient:Name(orPatientID),date of birth,sex,height,weight, medical history, health status, other clinical research, post marketing surveillance,Health related information (sensitive information) regarding tests and research results performed in other research processes

Job Applicants: name, photo, contact information, academic background, career background, and personal information included in resume

Other Professionals:

Name, date of birth, phone number, mobile phone number, fax number, e-mail address, educational background and career information, resident registration number (limited to cases where specific processing is required or permitted by law), passport number, account number, financial institution account information of professionals entering into agreements/contracts

When we collect any of the above Personal Data, we notify users in advance and seek consent from them where possible. However, certain information may be automatically created and collected in the course of using the services. For information that is automatically created and collected you can opt-out or unsubscribe by the options provided to you within our communications or by contacting us using the contact details at the end of this notice.


Provision of Personal Data to Third Parties

Data Recipient

Personal Data Collected

Purpose of Data Collection

CSL Affiliate Companies (see https://investors.csl.com/site/investors/financial-results-and-information/csl-group-legal-entitiesfor a full list of CSL Affiliates and locations worldwide)

HCPs: Name,date of birth, place of employment,contact information, email address, educational background, career information, financial institution account information including bank account information

Patient: Sex, height, weight, medical history, health status, other clinical research, post-marketingsurveillance, health related information (sensitive information) regarding tests and research results performed in other research processes


Other Professionals: Name, date of birth, place of employment,contact information, email address, educational background, career information , bank account number, financial institution account information including bank account information

 

Information shared among affiliates, product quality management and analysis at headquarter level, contracts and academic activities related to clinical trials, training, and related supporting documents etc.

Ministry of Food and Drug Safety(1577-1255)

HCPs: name, position, phone number, name and address of medical institution of employment


Patient: sex, height, weight, medical history, health status, other clinical research, post-marketing surveillance, health related information (sensitive information) regarding tests and research results performed in other research processes

 

However, the information of participants in clinical activities is only verified with a unique code number and is processed so that the identity is not verified.

 

Review of post-marketing surveillance results, and adverse drug reactions according to relevant laws and the Pharmaceutical Affairs Law

Outsourcing of Personal Data to Third Parties

Personal Data Recipient (Third Party Service Providers)

Purpose of Data (Service Provided)

Macoll

Website Maintenance

Veeva

CRMSoftware:Record HCP engagement

IHN Communication Korea

Operation of events (e.g. product seminar)

Contract Research Organization (Covance, Medihelpline)

Clinical Trial (to act on behalf of some or all of requestors to carry out duties or roles regarding clinical activities related to pharmaceutical diseases)

※ Information of participants in clinical activities is only verified with a unique code number, and is processed to prevent identification.

Ramco Systems Corporation

Payroll Processing

Capgemini America Inc

Information technology support services

Personal Data Retention Period

CSL will retain and use your Personal Data for the period necessary to fulfill the purposes of its processing of your Personal Data (or during the period notified by us when obtaining your consent). CSL will securely de-identify or destroy your Personal Data once its retention period has expired or the purposes of its processing have been achieved.

  1. HCPs/other professionals: 10 years from the expiration of the contract, transaction or research
  2. Patients: 15 years from the expiration of the clinical research etc.
  3. Job applicants: Within 1 month from the date when hiring decision was made, provided that personal information of job applicants who passed the application phase will be retained for 3 years from the date when hiring decision was made (for the purposes of selecting and contacting the candidates during a non-hiring period)

We may also retain your Personal Data for a period as required or permitted by law, including in the following cases:

  1. Website access log: 3 months (the Protection of Communications Secrets Act)
  2. Business records (e.g., account book, balance sheet) and any other material documents related to the business, including contracts: 10 years (Commercial Act)
  3. Books and supporting documents for transactions, tax invoices, receipts: 5 years (Framework Act on National Taxes, Corporate Tax Act and Value-Added Tax Act)

Destruction of Personal Data
CSL will destroy Personal Data stored in the electric form by using a technical method that makes it impossible to be regenerated or re-identifiable and the Personal Data printed on paper will be destroyed by a paper shredder.

Rights of User and Legal Representative
Users may exercise rights to request the following from CSL:

  1. Access of Personal Data
  2. Correction of Personal Data
  3. Deletion of Personal Data
  4. Restriction of Personal Data processing

The above rights can be exercised by contacting the person or department in charge of privacy at one of the methods described below.

How You Can Contact CSL in Korea:
If you are a resident of Korea and you would like to speak with our Data Protection Officer (‘DPO’) or exercise any of your rights, please:

Email us at Privacy@cslbehring.com
Visiting our Data Subject Rights Portal at Data Privacy Request
Attention: Data Protection Officer, Legal Department
CSL Behring Korea Ltd.
Level 21, Seoul Finance Center
136 Sejong-daero, Jung-gu
Seoul, South Korea, 04520

-------------------------------------------------------------------------------------------------------

Japan

Special Notification for Residents of Japan
CSL is providing this additional privacy notice to give residents of Japan information required under the Act on the Protection of Personal Information (‘APPI’). In Japan, the website privacy notice and this additional privacy notice apply with regard to the protection of personal information, including Personal Data and retained Personal Data, as defined in the APPI (collectively, referred to as ‘Personal Data’). If this additional privacy notice and the website privacy notice conflict each other, this additional privacy notice will prevail with regard to residents of Japan.

Personal Data
CSL will jointly use Personal Data as follows.

  1. CSL will jointly use Personal Data in the medical database (MDB) managed and operated by Nihon Ultmarc Co., Ltd. with specific companies. The items of Personal Data to be used jointly, the scope of joint users, the purpose of use of the users, and the person responsible for the management of Personal Data can be found on the website of Nihon Ultmark Co., Ltd. (https:/ /www.ultmarc.co.jp/privacy/shared_use/index.html).
  2. CSL will jointly use Personal Data with our group companies located inside and outside Japan. The items of Personal Data that are jointly used, the scope of joint users, the purpose of use of the users, and the person responsible for the management of Personal Data are as follows.

    Items of Personal Data to be used jointly
  • Personal Data of medical personnel
    Name, affiliated institution name, affiliated department name, job title, contact information (address, telephone number, e-mail address, means of contact), matters related to affiliated academic society (title, participation status, etc.), university attended, year of graduation , work history, specialized field/region, prescription intention/number of patients, participation in conferences/product-related lectures, etc., responses to surveys conducted by the Company, and other items necessary to achieve the purpose of use
  • Personal Data on employees (including former employees) and their families
    Name, gender, date of birth, date of employment, telephone number, contact information such as e-mail address, attendance, salary, personnel evaluation, qualifications/skills, personnel management, successor training, and other items necessary to achieve the purpose of use
     

Scope of joint users

Our group companies and affiliated companies https://investors.csl.com/site/investors/financial-results-and-information/csl-group-legal-entitiesPurpose of use

The purpose of use described in the website privacy notice in the section titled ‘The Purposes for Which We Process Your Personal Data’

Person responsible for management of Personal Data

General Manager, CSL Behring, K.K..

 

Transfer of Personal Data to third parties outside Japan
In order to process your Personal Data for the purposes set out in this notice, we may transfer your Personal Data to third parties and other companies in our group which are based outside of Japan.

To ensure that your Personal Data is secure, we will only transfer your information to countries outside of Japan where we do so in accordance with the requirements of the APPI. This requires that one of the following conditions applies:

  • the transfer is based on your specific consent (in which case we will provide further information by way of separate privacy notice);
  • the third party is located in a ‘white listed country’ meaning that the Japanese data protection authority has designated the country of the recipient as providing an appropriate level of protection (for example, European Union member states or the United Kingdom); or
  • the transfer is subject to a legally binding and enforceable commitment on the recipient to protect the Personal Data and implement adequate precautionary measures equivalent to those required under the APPI.

Security
If you would like further information in relation to our security measures and procedures, you can contact us at the details provided at the bottom of this notice

How You Can Contact CSL In Japan:
If you have Personal Data related questions, requests or complaints specific to CSL in Japan, please

Email us at Privacy@cslbehring.com
Visiting our Data Subject Rights Portal at Data Privacy Request
Attention: Data Protection Officer, Legal Department
Aoyama Building
1-2-3 Kita-Aoyama Minato-ku
Tokyo 107-0061
Japan

-------------------------------------------------------------------------------------------------------

Quebec

Special Notification for Québec Residents
CSL is providing this additional privacy notice to give Québec residents information required by Bill 64, An Act to modernize legislative provisions as regards the protection of Personal Data. You have a right to meaningful notice, which includes notifying you on matters such as the specific purposes of processing your Personal Data and the time period of processing, the nature and purpose of any data shared with third parties, and information regarding your consumer rights. We use your Personal Data for the purposes listed above and for our everyday business purposes as permitted by Bill 64.

Québec Privacy Rights:
Under Bill 64 residents with the following privacy rights:

  • Rights of access,
  • Right to rectification,
  • Right to be forgotten,
  • Right to data portability,
  • Right to be informed of, and submit observations regarding automated decision-making; and/orRight to request information about data processing.

How You Can Contact CSL In Québec:

If you have Personal Data related questions, requests or complaints specific to CSL in Québec, please

Email us at Privacy@cslbehring.com
Visiting our Data Subject Rights Portal at Data Privacy Request
Attention: Data Protection Officer, Legal Department
CSL Behring, LLC.
1020 1st Ave
King of Prussia
Pennsylvania, 19406

-------------------------------------------------------------------------------------------------------

Singapore

Special Notification for residents of Singapore
This Singapore Addendum supplements the website privacy notice and shall apply to all Singapore incorporated CSL entities and all processing of Personal Data in Singapore.
This Singapore Addendum shall prevail in the event of inconsistency between the principles stated herein and those as described under the Privacy Notice.

Categories of Personal Data
We will collect your Personal Data in accordance with the Personal Data Protection Act 2012 (‘PDPA’) but such Personal Data shall not include business contact information such as an individual’s name, position name or title, business telephone number, business address, business electronic mail address or business fax number and any other similar information about the individual, not provided by the individual solely for his personal purposes.

The PDPA does not have a special category of ‘sensitive Personal Data’ therefore, all Personal Data and sensitive Personal Data processed by CSL are subject to the same obligations under the PDPA but will be processed in accordance with the terms set out above.

Transfer of Personal Data Outside Singapore
Where Personal Data is transferred by us to any CSL affiliates or third parties outside of Singapore, we will ensure that such transfers are compliant with the requirements under the PDPA. In this regard, we will take such necessary measures to ensure that such overseas recipients are bound by legally enforceable obligations to ensure that these overseas recipients provide a standard of protection to the Personal Data so transferred that is comparable to the protection under the PDPA.

We encourage all requests for access and correction to be submitted to us by letter or email and may require you to provide us with sufficient information and reasonable details for us to assist you in your requests.

How You Can Contact CSL In Singapore:
If you have Personal Data related questions, requests or complaints specific to CSL in Singapore, please

Email us at Privacy@cslbehring.com
Visiting our Data Subject Rights Portal at Data Privacy Request
Attention: DATA PRIVACY OFFICER
Legal Department
CSL Behring Pte. Ltd.
Level 14 Unit 03/03A
300 Beach Road
The Concourse
Singapore 199555

-------------------------------------------------------------------------------------------------------

Additional US Disclosures

Children’s Online Privacy
Parents of children in the United States, who participate in online activities that are open to children under 13 through this website can be confident that any personal information that is provided to this website will be collected and maintained in accordance with the Children's Online Privacy Protection Act (‘COPPA’). We encourage parents to supervise their children's activities online and to participate with their children's online activities whenever possible. If you have questions or concerns about the Internet and privacy for children, we encourage you to visit ftc.gov/legal-library/browse/rules/childrens-online-privacy-protection-rule-coppa. At the present time, CSL is not conducting any activities that are subject to the requirements of COPPA.

US Commercial Unsubscribe
Only when you specifically request it will the information that we collect be used to respond to your questions, or to fulfill e-mail messaging programs, and notify visitors about new content or services on our websites. You will have the ability to opt-out from receiving marketing communications from CSL Entities at any time. If you wish to unsubscribe from any CSL marketing materials, you can manage your preferences via https://cslbehringpreferences.com/ or write to us at CSL Behring c/o Patient Services P.O. Box 1587 Jeffersonville, IN 47130 or by calling 833-436-0021, to tell us that you no longer wish to receive postal mail and/or e-mail. Please provide us with your exact name, postal address, and/or e-mail address. We will be sure your name is removed from our mailing list.