Privacy Policy

1. Scope of the Privacy Policy

We are committed to protecting your privacy. It is important that you understand how we look after your personal data and how we make sure that we meet our legal obligations to you under the applicable data protection legislation (the “Data Protection Laws“), including, but not limited to, the General Data Protection Regulation 2016/679 (“GDPR”). This privacy policy outlines how Intas Third Party Sales 2005, SLU (“Intas B2B“) will use, store and share your personal data, and supplements any other fair processing or privacy notices provided to you.
If you have any questions in relation to this policy or generally how your personal data is processed by us please contact our Data Protection Responsible Person by email at EU_compliance@intaspharma.com; or by letter addressed to: The Data Protection Responsible Person, Intas Third Party Sales 2005, SLU, Moll de Barcelona, s/n, World Trade Center, Edifici Est, 6a planta, 08039, Barcelona, Spain.

This policy applies to any personal data that we collect about you when:

  • you visit our websites or apps, including, but not limited to: intasportfolio.com and www.intasb2b.com;
  • you voluntarily provide such personal data when registering with us;
  • you voluntarily submit personal data to us using the forms on our websites or apps;
  • you submit personal data to us when you otherwise make contact with us, including in person, by email, by phone or through social media; or
  • third parties legally provide us with such personal data, as described in section 5.C below.

2. Who are we?

In this privacy policy, the terms “we“, “our“, and “us” are used to refer to Intas Third Party Sales 2005, SLU, company number B-66992744, whose registered office is Moll de Barcelona, s/n, World Trade Center, Edifici Est, 6a planta, 08039, Barcelona, Spain.

We are a controller of your information which means that we are responsible for looking after it.  We will use your personal data fairly, lawfully and in a transparent manner, and in accordance with the applicable Data Protection Laws.

3. How will we use your personal data?

We only process your personal data as described in this Privacy Policy or in other fair processing or privacy notices provided to you. We reserve the right to conduct additional processing to the extent permitted or required by law and inform you accordingly.

4. What personal data do we collect about you?

The types of personal data we collect depends on the interactions you have with us, but mainly these may include:

  • name and contact data (including your name, postal address, telephone number, e-mail address and other similar contact data);
  • data in order to satisfy identification requirements when exercising any of your rights under Data Protection Laws (including your passport, photo driving licence or national identity card);
  • financial data when receiving payments from us, making payments to us, or making or requesting donations/sponsorships;
 
  • demographic data (including data such as your age, gender and country of residence) when informing us of an adverse event, making a quality complaint or submitting a medical query to us, or when sending your CV or submitting a job application to us;
  • health related data, when informing us on an adverse event;
  • your academic and professional background data when sending your CV or submitting a job application to us or when your CV is provided to us for quality assurance purposes;
  • information about your visits to our premises, including your image taken when accessing our premises and /or in CCTV footage;
  • information about you obtained at a meeting with you, or at an event such as a conference, exhibition or congress, including events hosted by third parties or managed by third parties on our behalf, including the capture of your image in a photograph or video footage taken at our stand or elsewhere within the event for promotional purposes;
  • information about you in the context of any merger or acquisition (“M&A”) transaction concerning our business; and/or
  • website or app usage data (including how you and your device interacts with our websites or apps).
 

Each time you visit our websites or apps we may also automatically collect information and personal data about your computer for system administration including, where available, your IP address, operating system and browser type. We do this to help us identify returning visitors, enable visitors to move more easily around our websites or apps, and to assist in building up an anonymous profile based on visitor’s browsing patterns across the sites. Please see our cookies policies for further information about what information may be automatically collected when you visit our websites or apps. The cookies policies can be found in the relevant websites and apps.

Special Categories of Personal Data

Data Protection Laws define certain personal data as ‘special categories of personal data’ such as personal data regarding your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying a person, data concerning your health (including mental and physical health), or data concerning your sex life or sexual orientation.

Exceptionally, we may sometimes ask you for some special category personal data or you may voluntarily give such personal data, such as health-related and racial data, when informing us of an adverse event, making a quality complaint or submitting a medical query to us, using our patient support apps, sending your CV or submitting your job application to us or otherwise participating in any of our recruitment processes for the purposes described in section 6 below, and only when this processing activity is expressly authorized by a law of the European Union or its Member States.

Suitability for employment will be evaluated on the skills and experience demonstrated during the recruitment process. Please note that you are not required to provide special category data when submitting a job application to us. If you do so voluntarily and the processing of such data is expressly authorized by a law of the European Union or its Member States, we will use it for: (a) statistical reporting requirements; and/or (b) in case of disability, for any required work place adjustments and/or to comply with applicable laws.

5. Where do we get this information from?

We collect some of your information directly from you, either through information that you give to us or information that we collect during your visits to our websites or apps or through your communications with us. We also obtain some information from other third parties, including the ones described in sub-section C below.

Please note that we may combine personal data we receive from other sources with personal data you give to us and personal data we collect about you.

A. When do you give us information about you?

You may share personal data about yourself and your circumstances by:

  • filling in forms on our websites, registering to use our websites, and continuing to use our websites;
  • filling in forms on our apps, registering to use our apps, and continuing to use our apps;
  • exercising one of your rights under Data Protection Laws;
  • reporting an adverse event, making a quality complaint or submitting a medical query to us;
  • providing your business card to us;
  • providing services to us;
  • signing in at reception on one of our premises;
  • submitting a job application or sending your CV to us;
  • making payments to us or receiving payments from us;
  • giving us information about yourself in any communications with us either by telephone, e-mail, post, through our websites/apps or otherwise; and/or
  • negotiating, entering into and maintaining a commercial agreement with us.
 

You are not obliged to provide your personal data to us.  However, if you do not provide your personal data to us, we may not be able to provide services to you, respond to your queries, allow you onto our premises, process your job application or otherwise contact you.

B. When do we collect information about you?

We may collect personal data about you:

  • when you visit our websites or apps, including details of your visits, such as Internet Protocol (IP) address used to connect your computer to the internet, MAC addresses, traffic data, location data, your login information, time-zone setting browser type and version, browser plug-in types and versions, operating system and platform, weblogs, cookies and other communication data, and the resources that you access. Please see our cookies policies for further information about what information may be automatically collected when you visit our websites or apps. The cookies policies can be found in the relevant websites and apps;
  • when you visit our premises, including your image in CCTV footage;
  • when attending an event such as a conference, exhibition or congress, including events hosted by third parties or managed by third parties on our behalf.

C. From which third parties do we receive information about you?

We may receive personal data about you from other third parties, including from:

  • your work colleagues, when giving to us your contact details for business purposes;
  • a third party when reporting an adverse event, making a quality complaint or submitting a medical query to us on your behalf;
  • your authorised representative (such as your proxy, parent or legal guardian);
  • providers of contact information, which provide legal contacts databases;
  • government agencies, which provide publicly accessible information;
  • recruitment agencies/organisations;
  • third party due diligence providers;
  • CCTV systems providers;
  • your current company, within the context of a M&A transaction or when providing a service to us; and/or
  • your previous employer, or similar, where we request references if you are applying for a job with us and we have your freely given consent to do so.

6. Why do we need your personal data?

We may use the personal data we collect for the following purposes:

  • to communicate with you regarding any requests or queries you may submit;
  • to monitor, track and respond to medical/health queries, quality complaints and adverse events;
  • to negotiate, enter into and manage commercial agreements with you or the organisation that you represent, including ordinary business transactions and M&A transactions;
  • to meet contractual, legal, regulatory and compliance requirements;
  • to inform you or your organisation of any news on our products and/or business that we reasonably believe could be of interest to you (as appropriate in accordance with the Data Protection Laws). If you would like to stop receiving such information from us at any time, please unsubscribe by following the instructions provided in any such emails that we send to you, or use the contact details at the beginning of this policy. You may also wish to sign up to one or more of the preference services (also known as “Robinson Lists”) operating in Spain, such as the Lista Robinson managed by the Asociación Española de Economía Digital. These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving;
  • to ensure that you, your organisation, our employees or us comply with applicable laws, our ethic code and our related internal policies;
  • to ensure that you are the authorised representative (such as a proxy, parent or legal guardian) of a third party when you are interacting with us on his/her behalf;
  • to administer our websites and apps;
  • to handle complaints;
  • to enable you to visit our premises, including for the purposes of site security, the protection of product and business confidentiality, environmental and health and safety;
  • to establish, exercise or defend legal claims;
  • to process your job application;
  • to promote Intas B2B’s presence or participation in an event;
  • to make a payment to you and/or receive a payment from you;
  • to analyse the use of our websites or apps, and/or
  • other purposes that we have communicated to you.

Special Categories of Personal Data

We will only use your special category personal data described in section 4 above for the purposes of advising or otherwise communicating with you regarding any queries or reports you may submit and/or monitoring, tracking and responding to medical/health queries, quality complaints, adverse event reports, to comply with our legal, regulatory or compliance obligations and /or managing your job application. The legal basis of this processing is described in section 7 below.

7. Which is the legal basis for using your data?

A. Necessary for the entry into or performance of a contract

(Article 6.1.b of GDPR)

When you enter into a transaction with us, a contract between you and us will have been formed. In order for us to negotiate, enter into and fulfil our obligations under such contract (e.g. to allow you to place an order for goods or services), we may need to collect, process and share (as further detailed below) your personal information. Please contact EU_compliance@intaspharma.com for further information.

B. Legitimate business interests

(Article 6.1.f of GDPR)

We may use your personal data (excluding special categories of personal data) as set out in this privacy policy where necessary for the legitimate interests of our business to enable us to:

  • provide your organisation with products and services as requested by your organisation;
  • respond to your claims or queries;
  • carry out research to understand our customers and how they use our products and services;
  • develop and improve our products and services provided to you or your organisation and to our other customers;
  • assess potential transactions with your organisation;
  • enforce or apply the rights of your organisation or our rights under any contract between your organisation and us;
  • monitor staff performance, train staff and improve our processes;
  • ensure health and safety at our premises and that any related processes are effective;
  • ensure that you, your organisation, our employees or us comply with applicable laws, our ethic code and our related internal policies;
  • ensure the security of our premises and that any related processes are effective;
  • ensure high standards of quality and safety of our products;
  • support processes and procedures to assist with the prevention and detection of crime or other unlawful activity;
  • establish, exercise or defend legal claims; and/or
  • showcase our participation in certain events to pharma industry third parties via other events, social media or our websites.
As indicated below, we may also pass your personal data to members of our company group (to see a full list of such group companies, please click here) and other third parties where necessary for our legitimate business interests. We are required to carry out a balancing test of our legitimate business interests in using your personal data outlined above against your interests and rights under the Data Protection Laws.  As a result of our balancing test, which is detailed below, we have determined, acting reasonably and considering the circumstances, that we are able to process your personal data in accordance with the Data Protection Laws on the basis that this is necessary for our legitimate business interests.

Legitimate interest: We have a legitimate interest in processing your information as:

  • your organisation benefits from the provision of our products and services;
  • we need to assess potential transactions with your organisation;
  • your organisation and us will both benefit from the ability to enforce or apply rights under any contract between us;
  • we are required to ensure health and safety at our premises and have a legitimate interest in ensuring any processes are effective;
  • we need to ensure that you, your organisation, our employees or us comply with applicable laws, our ethic code and our related internal policies;
  • we need to ensure the security of our premises and have a legitimate interest in ensuring any processes are effective;
  • we are required to ensure high standards of quality and safety of our products,
  • we have in place procedures to assist with the prevention and detection of crime or other unlawful activity;
  • we would be unable to provide our goods and/or services to your organisation without processing your information;
  • it is not otherwise possible for us to establish, exercise or defend legal claims;
  • to be able to showcase our participation in certain events to pharma industry third parties via other events, social media or our websites; and/or
  • it is not otherwise possible for us to respond to your claims or queries.
 

Necessity: We consider that it is reasonable for us to process your personal data for the purposes of our legitimate interests outlined above as we process your personal data only so far as is necessary to achieve the purposes outlined in this privacy policy.

Impact of processing: We consider that it is reasonable for us to process your personal data for the purposes of our legitimate interests outlined above as such processing of your personal data does not unreasonably intrude on your privacy.

C. Consent

(Article 6.1.a of GDPR)

We may use your personal data as set out in this privacy policy where you have given your consent to us.

Notwithstanding the foregoing, please note that in accordance with Data Protection Laws and other applicable laws we may, on occasion, send you marketing messages by email and post about us, our products and services and our events and offers without your consent where you or your organisation have purchased similar goods or services from us and you have not unsubscribed.

You have the right to withdraw your consent to processing of this nature at any time, using the details at the beginning of this privacy policy.

D. Compliance with a legal obligation

(Article 6.1.c of GDPR)

We may also use your personal data as set out in this privacy policy when such processing is necessary for complying with a legal obligation to which we are subject, such as our pharmacovigilance and tax obligations, and responding to subject access requests or notifying personal data breaches to the supervisory authorities. Please contact EU_compliance@intaspharma.com for further information on which law imposes us a legal obligation to use your personal data.

Special Categories of Personal Data

We may also use your special category personal data for the purposes described in section 6 above when processing is necessary for complying with a legal obligation to which we are subject, such as our pharmacovigilance and employment obligations, or where otherwise allowed by applicable Data Protection Laws.

8. Who do we share your personal data with?

A. Group Companies

We may share your information with our parent company Intas Pharmaceuticals Ltd (Corporate House, Nr. Sola Bridge, S. G. Highway, Thaltej, Ahmedabad – 380 054, India) and other members of our group of companies (located in India or elsewhere around the world and listed in the link below) but only for the purposes specified in this privacy policy and only when it is necessary to perform a contract with you or your organisation, to comply with a legal obligation or it is necessary in our legitimate interests. To see a full list of such companies, please click here.

 In particular:
  • for internal reporting purposes;
  • compliance purposes;
  • within the context of an M&A transaction;
  • for the provision of intra-group quality assurance services;
  • for the provision of intra-group financial services;
  • for the provision of intra-group legal services;
  • for the provision of intra-group recruiting services;
  • for the provision of intra-group IT services.

B. Third-party services providers

We (and the members of our group of companies) may also disclose your personal data to carefully selected third-party service providers who provide services such as:

  • data security, website hosting, cloud hosting, storage solutions, software as a service (SaaS) and other IT services;
  • pharmacovigilance and medical queries handling services;
  • legal, regulatory, tax and recruitment services;
  • translation, legalization and notarization services;
  • customer relationship management (CRM) services; and
  • access control and security services.
 

We will only share your information with these suppliers where this is necessary for them to provide us with the services we need. We do not share your information with third parties for marketing purposes.

Please contact EU_compliance@intaspharma.com for further information.

C. Legal and regulatory requirements

We may also disclose your personal data as required by law, including laws outside your country of residence, to comply with a court order or to comply with other legal or regulatory requirements, for example, to the relevant agencies responsible for the supervision and safety monitoring of medicines, data protection supervisory authorities or tax authorities.

D. Transfers outside of the European Economic Area

The information which we collect about you may be transferred outside the European Economic Area as detailed in sections A, B and C above.

While some members of our group and third party services providers are located in countries whose laws (according to the European Commission) do not offer the same level of protection to personal data as that granted by countries within the EEA, such as Intas Pharmaceuticals Ltd (Corporate House, Nr. Sola Bridge, S. G. Highway, Thaltej, Ahmedabad, 380 054, Gujarat, India) and Lambda Therapeutic Research, Ltd (Lambda House, Plot No. 38, Survey no. 388, Near Silver Oak Club, S. G. Highway, Gota, Ahmedabad, 382481, Gujarat, India), we and the members of our group of companies adopt appropriate security measures to prevent unauthorised and unlawful use of personal data. Furthermore, such transfers are usually supported by contractual commitments between such group entities and/or third parties to ensure that the relevant technical and organisational and other safeguards required by the Data Protection Laws have been put in place.

For further information on transfers outside of the European Economic Area and/or specific safeguard methods adopted, please contact EU_compliance@intaspharma.com.

9. How long do we keep it for?

We will keep your personal data for as long as required:

  • to prove compliance with applicable laws or as required by applicable laws, government agencies and other public authorities;
  • to maintain your account;
  • to determine whether to enter into a commercial relationship with you or an organisation and to maintain such relationship;
  • to maintain a business relationship with you or your organisation;
  • for the provision of services to us or by us;
  • to answer your queries;
  • to allow us to bring or defend legal proceedings;
 

or as otherwise set forth below or notified by us to you.

In some circumstances, some of your data will be deleted in much shorter timescales, for example:

  • images in CCTV footage are kept for a maximum of 1 month from the date of your visit to our premises, except if those have to be kept to prove any activities against the integrity of persons, property or our premises;
  • other access control data are kept for a maximum of 6 months from the date of your visit to our premises;
  • customer services call recordings are kept for a maximum of 3 months from the date of recording;
  • recruitment and interview records for unsuccessful candidates are kept for 6 months after the start date of the successful candidate;
  • personal data in the context of an unsuccessful M&A transaction are kept for 12 months after the end of negotiations;
  • cookies are refreshed in accordance with our cookies policies.

10. Security of your personal data

When handling your personal data, we take appropriate measures reasonably designed to protect your information from unauthorised access, loss, misuse, disclosure, alteration or destruction. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our websites or apps; any transmission is at your own risk.  Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

11. Your rights in relation to your personal data

You have a number of rights under the Data Protection Laws in relation to the way we process your personal data, which are set out below.  You may contact us using the details at the beginning of this privacy policy to exercise any of these rights.

In some instances, we may be unable to carry out your request, in which case we will write to you to explain why.

A. You have the right to request access to your personal data

You have the right to request confirmation that your personal data is being processed, access to your personal data (through us providing a copy) and other information about how we process your personal data.

B. You have the right to ask us to rectify your personal data

You have the right to request that we rectify your personal data if it is not accurate or not complete.

C. You have the right to ask us to erase your personal data

You have the right to ask us to erase or delete your personal data where there is no reason for us to continue to process your personal data.  This right would apply if we no longer need to use your personal data to provide services to you, where you withdraw your consent for us to process special categories of your personal data, or where you object to the way we process your personal data (see sub-section F below).

D. You have the right to ask us to restrict or block the processing of your personal data

You have the right to ask us to restrict or block the processing of your personal data that we hold about you.  This right applies where you believe the personal data is not accurate, you would rather we block the processing of your personal data rather than erase your personal data, where we do not need to use your personal data for the purpose we collected it but you may require it to establish, exercise or defend legal claims.

E. You have the right to port your personal data

You have the right to obtain and reuse your personal data from us to reuse for your own purposes across different services.  This allows you to move personal data easily to another organisation, or to request us to do this for you.

F. You have the right to object to our processing of your personal data

You have the right to object to our processing of your personal data on the basis of our legitimate business interests, unless we are able to demonstrate that, on balance, our legitimate interests override your rights or we need to continue processing your personal data for the establishment, exercise or defence of legal claims.

G. You have the right not to be subject to automated decisions

You have the right to object to any automated decision making, including profiling, where the decision has a legal or significant impact on you.

H. You have the right to withdraw your consent

You have the right to withdraw your consent, at any time, where we are relying on it to process your personal data.

12. Children's policy

We do not knowingly collect, retain or use personal data received from children under 14 years of age, and no part of our websites or apps is directed to children under the age of 14. If your child has provided us with personal information without your consent, you may inform us at EU_compliance@intaspharma.com, or write us a letter to the address given at the beginning of this policy. If we discover that we have received or collected any personal information from children under 14 years old, we will take steps to delete such information promptly.

13. What if you have a complaint?

If you have any concerns regarding our processing of your personal data, or are not satisfied with our handling of any request made by you, or would otherwise like to make a complaint, please contact our Data Protection Responsible Person in the first instance using the details at the start of this privacy policy, so that we can do our very best to sort out the problem.

You also always have the right to lodge a complaint with the competent data protection authority of your country of residence (in Spain, the Spanish Data Protection Agency (AEPD) at Jorge Juan, 6, 28001 Madrid, www.aepd.es).

14. Sole Traders, Partnerships and Businesses

Where we provide products and/or services to or for a sole trader, partnership or business that you represent or by whom you are employed /contracted and this involves the collection and use of your personal data by us, this will be done in accordance with the relevant parts of this privacy policy.

15. Third Party and Social Media Websites and Apps

Our websites and apps may, from time to time, contain links to and from the websites and/or apps of third parties.  If you follow a link to any of these websites or apps, please note that these websites and apps have their own privacy policies and that we do not accept any responsibility or liability for these policies or your use of those websites and apps. 

16. Merger, Sale, or other Asset Transfers

If we are involved in a reorganisation, acquisition, asset sale, merger, financing, transition of services to another provider, due diligence, bankruptcy or receivership, your information may be disclosed and transferred in connection with and as part of such a transaction as permitted by law and/or contract.

17. Changes to this Privacy Policy

We will take reasonable measures to communicate any changes to this privacy policy to you, and will post any updated privacy policies on this page.

18. References to the EU/Member States

For the purposes of this policy, references to the EU or its Members States shall include the United Kingdom.

This policy was last reviewed and updated in January 2020.