HCP Privacy Notice of Sumitomo Pharma Switzerland GMBH

What is this HCP Privacy Notice about?

This Privacy Notice (this “Notice”) is made available by Sumitomo Pharma Switzerland GmbH (referred to as “Sumitomo”, “we”, “us” or “our”), and is intended to assist you in understanding how we collect, process, secure, and transfer personal data. We also describe how you can contact us to learn more information about our privacy practices. This Notice is intended to assist (i) HCPs and (ii) HCPs acting as a representative or contact person for a healthcare organisation (HCOs) in understanding how we collect, process, secure, and transfer your personal data. We also describe how you can contact us to learn more information about our privacy practices.

Link with other Privacy Notices

Other individuals interacting with Sumitomo (job applicants/ candidates, vendors and business partners) are provided with separate information about how we handle their personal information.

It is important that you read this Notice together with any other privacy notice that we may provide you with so that you are fully aware of how and why we are using your data. This Notice supplements any other privacy notices and privacy policies that we may provide to you and is not intended to supersede them.

Who we are

Sumitomo Pharma Switzerland GmbH, with registered address at Aeschengraben 27, 4051 Basel, Switzerland is the Data Controller and is responsible for the processing of your personal data.

The data we collect about you

Sumitomo will collect and may utilize your personal data for the purposes described below:

Category of Data

Purpose for Data Processing

Contact details (Example, your name, nationality, postal address, telephone number, e-mail address)
  • To respond to your queries
  • To allow and document the distribution of product samples to you.
  • To invite you to academic, scientific and promotional meetings, events and seminars linked to your medical expertise.
  • To enable us to send direct marketing to you regarding medical and scientific updates, corporate information and/or our products and services.
  • To ask you to participate in brief surveys

Compensation Data, Such as bank account details,
  • Payment of salary and invoices
  • Facilitating compliance with applicable laws, regulations, or other requirements.

Employment history (including job titles, location of employment/workplace, work history, working hours, research interests and output, training records, qualifications and professional memberships)
  • To maintain a database of professionals working in areas of interest related to our research.
  • To contact relevant professionals with a view to future collaboration.
  • To ask relevant professionals and institutions if they wish to participate in clinical trials.
  • To obtain your feedback and professional insights (including through advisory boards, market research and survey tools) on (i) what is important to you and/or your patients, (ii) important trends in patient management in your area of expertise; (iii) how Sumitomo and our products are perceived by you; and (iv) how we can further evolve and customise our services and products,

Relationship Data e.g. your connection/relationship with Sumitomo and your mode of interaction with Sumitomo.
  • Maintaining records of your relationship with Sumitomo, including  carrying out your instructions to us.
  • Assessing, analysing and improving our service and training our staff.
  • Managing our relationship with you - including (if you agree or unless you tell us otherwise) telling you about our pipeline products, or carrying out market research

We may receive information about you from other sources including business partners, third parties, affiliates, and publicly available information.

Legal basis for processing your personal data

We process your personal data using the follow lawful bases:

  • Processing necessary for the purpose of the legitimate interests pursued by Sumitomo to conduct its business (including for research and development of new medicines creating value for people living with diseases in Sumitomo’s therapeutic areas of interest), to manage our human and financial resources efficiently and to maintain a professional relationship with you.
  • To comply with legal and regulatory obligations.
  • To establish, exercise or defend our legal rights and/or for the purpose of (or in connection with) legal proceedings (including for the prevention of fraud); and
  • With your consent. Where we do rely on your consent, you have the right to withdraw it at any time in the manner indicated when your consent was provided.
  • Processing necessary for performance of a contract with you or in order to take steps at your request prior to entering into a contract.

Right to lodge a complaint with a supervisory authority

You have the right of appeal to a data protection supervisory authority if you believe that the processing of your personal data violates applicable data protection law.

For Switzerland this is Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern, Tel.: +41 (0)58 462 43 95  (https://www.edoeb.admin.ch/edoeb/en/home.html).

Disclosures of your personal data

Where necessary to fulfil the purposes described in this Notice, Sumitomo may disclose your personal data to certain third-parties, vendors and service providers or affiliated employees, contractors and entities as described below.

Whenever Sumitomo shares your personal data with companies acting as our authorized agents and service providers, these companies agree to use your personal data only for specified purposes. Furthermore, the recipient will implement and maintain reasonable security procedures and practices appropriate to the nature of your information to protect your personal data from unauthorized access, destruction, use, modification or disclosure.
We will transfer and disclose your personal data to the following categories of recipients where it is lawful to do so, and subject to the implementation of appropriate protections:

Category of Third-Party

Purpose for Disclosure

Subsidiaries, sister-companies and affiliated entities
  • Internal business requirements
  • To perform our obligations to you

Service Providers who work for, or provide services to us (including their employees, sub-contractors, officers or any professional service provider, such as accountants, auditors, lawyers, IT systems providers and IT contractors, payroll and HR system providers, employee expense management providers, pension administration / providers, benefits providers).
  • To support Sumitomo’s commercial/business objectives.
  • IT performance-related monitoring, maintenance, or security.
  • Where we use third party services providers who process personal information on our behalf or provide services to us.

Cloud storage solutions
  • To store Sumitomo data.
  • To ensure the safety and security of our data.

Law enforcement, government, courts or regulators, or fraud prevention agencies governmental or quasi- governmental organisations, courts, tribunals and arbitrators.
  • To comply with our regulatory and legal obligations
  • Sumitomo’s legal duty to assist with detecting fraud and tax evasion, financial crime prevention, regulatory reporting, litigation or defending legal rights
  • Where required to do so by law. For example, Sumitomo is required to provide tax-related information to HMRC, immigration information to the Home Office and any information for the purposes of preventing and detecting fraud or crime (if necessary) to the police.

Professional Consultants
  • To provide professional/expert advice in connection with Sumitomo's business objectives.

Other financial institutions, fraud prevention agencies, tax authorities, trade associations, credit reference agencies and debt recovery agents.
  • To meet our legal, regulatory and compliance obligations.

Any prospective or new Sumitomo companies (e.g. if we restructure, or acquire or merge with other companies) or any businesses that buy part of or all of a Sumitomo company.
  • In relation to compliance / due diligence
    If this occurs the new owners of the business will only be permitted to use your information in the same or similar way as set out in this privacy notice.

Potential or future employers
  • where you have requested that we provide a reference for you

Data retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

Your rights

You have the following rights in relation to our data processing, depending on the applicable data protection law:

  • The right to request information from us as to whether and what data we process from you;
  • The right to have us correct data if it is inaccurate;
  • The right to request erasure of data;
  • The right to request that we provide certain personal data in a commonly used electronic format or transfer it to another controller;
  • The right to withdraw consent, where our processing is based on your consent;
  • The right to receive, upon request, further information that is helpful for the exercise of these rights;

If you would like to exercise this right, please contact us at: privacy@ch.sumitomo-pharma.com.

Security

Data security is of great importance to us. We have put in place appropriate technical and organisational measures to prevent your Personal Data from being accidently lost, used, or accessed in an unauthorised way, altered, or disclosed.

We take security measures to protect your information including:

  • Limiting access to our buildings and resources
  • Managing a data security breach reporting and notification system which allows us to monitor and communicate information on data breaches with you or with the applicable regulator when required to do so by law;
  • Implementing access controls to our information technology; and,
  • Deploying appropriate procedures and technical security measures (including strict encryption, anonymization and archiving techniques) to safeguard your information across all our computer systems, networks, websites, mobile apps, offices, and stores.

International transfers

We will need to transfer and use your Personal Data outside of the country where we collect it from you. Your data will be processed in the US as all our core business systems are held within the US.

Where we transfer Personal Data to our Affiliates or other third parties outside of Switzerland, we will ensure that those transfers take place in accordance with the applicable data protection laws designed to ensure the privacy of your Personal Data, including by entering into data transfer agreements with recipients.

We rely on the applicable EU standard contract clauses of the EU Commission as approved by the Swiss Federal Information and Data Protection Commissioner available here, or legally accepted set of rules to ensure data protection). Standard Contractual Clauses (SCCs) means the modules of the European Commission's Standard Contractual Clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 as set out in the Annex to Commission Implementing Decision (EU) 2021/914 and the same as amended to cover data subjects from Switzerland.

If you would like more information about how your Personal Data may be transferred, please contact us at privacy@ch.sumitomo-pharma.com.

What happens if our business changes hands?

We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Notice, be permitted to use that data only for the purposes for which it was originally collected by us.

Contact us

If you would like to exercise one of your rights as set out in this Privacy Notice, or you have a question or a complaint about this Privacy Notice or the way your Personal Data is processed, please contact our Data Protection Officer (DPO) by one of the following means:

Our EU Representative is DP-Dock, who can be contacted by:

  • Post: DP-Dock GmbH
    C/O: Arno Schlösser
    Attn: Sumitomo Pharma America, Ballindamm 39, 20095
    Hamburg, Germany
  • Email: smpa@gdpr-rep.comsmpa@gdpr-rep.com

Changes to our Privacy Notice

We may change this Privacy Notice from time to time (for example, if the law changes). We recommend that you check this Privacy Notice regularly to keep up to date.