Privacy Policy
Celltrion Inc. (hereinafter referred to as the "Company") establishes and discloses the Privacy Policy as follows in order to protect the personal information of information subjects in accordance with Article 30 of the Personal Information Protection Act and to enable the prompt and smooth handling of grievances related thereto.
1. General Statement
Celltrion, Inc. (“we”, “us”, “our” or “Celltrion”) is committed to protecting and respecting your
personal data. In the event that you send us any of your personal data, we are committed to collecting,
maintaining, and securing personal data about you in accordance with our internal data protection
policies and local laws.
This privacy notice (“Privacy Notice”) outlines the types of personal data we collect and why and how we
process your information. We advise you to carefully read this Website Privacy Notice so that you are
aware of how, where and why we are using your personal data.
This website (“Site”) is provided
and operated by Celltrion. This Site is intended for the general public, healthcare professionals and
business partners.
If you have any queries regarding this Privacy Notice, please contact us
using one of the following email addresses:
- - DPO_EU@celltrion.com (if you live in the EU/EEA); or
- - DPO@celltrion.com (non-EU/EEA)
This Privacy Notice is updated from time to time. If we update the terms, we will
provide notice through our website, or by other means, so you can review the changes. Please check back
if you continue to use this website or interact with Celltrion.
For purposes of this Privacy
Notice, “personal data” is any information by which you can be individually identified both directly and
indirectly, including, but not limited to, your name, address, e-mail address, IP address and telephone
number.
2. Type of information we have; Why we collect and use it
Personal Data Obtained Through the Site. We may collect and process personal data provided by you through the Site, for example:
- Your names, contact information, email address, and other information in combination with these identifiers including your CV if you apply to Celltrion via the Site;
- records of your correspondence if you contact us, such as emails;
- other technical data, such as IP address, browser type and operating system;
- communications data, such as your preferences in receiving communications from us
We do not use tracking cookies. This means we only require the minimum amount of your
personal information necessary.
We may process your personal data provided through the Site for
many reasons, including:
- To respond to your requests or inquiries;
- To complete a transaction;
- To offer a career;
- To share with our affiliates;
- To operate, improve and maintain the website, including for security purposes.
LEGAL BASIS: If you make inquiries from our Site, we will ask your consent and we will
process your personal data provided by you on your consent. If your personal data is obtained via emails
sent from you to one of our official email addresses provided in the Site, the collection and process of
your personal data will be done for our legitimate interests, where the legitimate interests impact
assessment has been carried out. If we request further information, we will request and collect your
Personal Data on your consent.
Personal Data Obtained Through our
business activities. As well as information collected through this Site, we may
obtain personal data in other ways during the course of our business operations such as by phone, email
or in paper form including business cards. The type of personal data includes:
- names, contact information, and email address;
- records of your correspondence with us; or
- your financial information such as your billing and payment information if you provide services to us.
We may process your personal data provided to us during the business operation for many reasons, including:
- administering a contract we have entered into with you;
- providing you with information and/or services;
- understanding your business needs and improving our products and/or services;
- holding discussion forums, such as scientific advisory boards;
- communications regarding our products, therapy areas and/or services.
Personal Data obtained as a Processor.
Celltrion may collect your information as a processor, who process your personal data on behalf of a
third-party controller, who has a legal basis for obtaining and processing your personal data. In this
case, we will only use your personal data in accordance with the instructions of the data
controller.
LEGAL BASIS: The collection and process of personal data provided by you will be
done for performance of contractual obligation with Data Controller. We will have a valid Data
Processing Agreement in place in order to undertake such service.
Personal Data obtained from Public Sources. We may collect personal
data from public sources such as conferences, symposiums or training events we attend in order to stay
in contact with you and manage our relationship with you or to enquire about potential services or
business opportunities. The type of personal data include names, contact information and email
address.
LEGAL BASIS: The collection and process of your Personal Data will be deemed electronic
marketing (unless carried out by Post) and the legal basis is legitimate business interests, with the
addition of “soft opt-in” (as defined by the EU e-Privacy Directive (2002)). The legitimate interests
impact assessment has been carried out. If we request further information, we will request and collect
your Personal Data on your consent.
Please see the detailed privacy notice for each of the
following:
- For personal data obtained and processed for the purpose of reporting any adverse medical events and responding to any medical information inquiries, either via the Site or via any other channels, please see our Pharmacovigilance and Medical Information Inquiries Privacy Notice.
- For personal data obtained from professionals service providers with whom we create or maintain a relationship, please see our Privacy Notice for Consultants and Professional Services Providers. This may also be provided in the contract we enter into with you.
3. How We Share Your Personal Data
We may share your personal data with a member of the Celltrion Group of companies around
the world. Our group companies will use your Personal Data for the same purposes as we do.
We
may also share your Personal Data with third parties, including our data processors, Consultants and
professional advisors, certain software or IT systems services providers, for the following purposes:
- To help fulfill Celltrion business transactions;
- To provide services such as website hosting, data analysis, information technology and related infrastructure provision, customer service, email delivery, auditing and other services;
- To facilitate a merger, consolidation, transfer of control or other corporate reorganization in which Celltrion participates, or pursuant to a financial arrangement undertaken by Celltrion; and
- to comply with applicable laws and our regulatory monitoring and reporting obligations (which may include laws outside your country of residence), to respond to requests from public and government authorities (which may include authorities outside your country of residence), to cooperate with law enforcement, or for other legal reasons.
Celltrion does not sell, rent, or trade personal data it collects with third parties.
Any third parties to with whom Celltrion shares personal data are not permitted to sell, rent, or trade
such personal data.
We have put in place appropriate security measures to prevent your personal
information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed
without your specific authorization.
4. The Rights of Individuals
If you would like to request to review, correct, update, suppress, restrict or delete
personal data that you have provided to us through the Site, or if you would like to request to receive
an electronic copy of such personal data for purposes of transmitting it to another company, you may
contact us at DPO@celltrion.com or DPO_EU@celltrion.com, if you live in EU/EEA. We will respond to your
request consistent with applicable law.
In your request, please tell us what personal data you
would like to have changed, whether you would like to have it suppressed from our database, or otherwise
let us know what limitations you would like to put on our use of it. For your protection, we may need to
verify your identity before implementing your request. We will try to comply with your request as soon
as reasonably practicable, but in any case within a calendar month.
If you live in Europe
(EU/EEA), you have the following specific rights with respect to our use and processing of your personal
data:
- a) Right to be informed - you have the right to enquire what data is held about you as an individual.
- b) Right to access - you have the right to request a copy of all data held about you as an individual, including emails in which your name has been mentioned, or other structured records.
- c) Right of rectification - you have the right to request corrections to information held about you which is erroneous.
- d) Right to data portability - you have the right to request structured personal data in a machine-readable format.
- e) Right to opt-out from marketing - you have the right to opt-out from marketing purposes at any time.
Note that the Right to be forgotten (also known as “Right of Erasure”) is not absolute,
and may be denied to comply with a legal obligation. Furthermore, there is no right to object to
processing, because the data is necessary to be processed for the performance of a contract (the
exception to this is marketing.)
At any time, you have the right to complain to Celltrion's DPO
or a relevant supervisory authority. This will usually be the Data Protection Authority located in the
country where you are normally resident. The following link provides a list of the relevant authorities
within the EU: https://edpb.europa.eu/about-edpb/board/members_en
5. How we store your Data; International Transfers
Your personal information may be transferred to, and processed in, countries other than
the country in which you are resident. These countries may have data protection laws that are different
to the laws of your country.
Specifically, our servers are located in South Korea and our group
companies and third party service providers and partners operate around the world. This means that when
we collect your personal information, we may process it in any of these countries.
However, we
have taken appropriate safeguards to require that your personal information will remain protected in
accordance with this Privacy Notice. These include implementing the European Commission's Standard
Contractual Clauses for transfers of personal information between our group companies, which require all
group companies to protect personal information they process from the EEA in accordance with European
Union data protection law.
Our Standard Contractual Clauses can be provided on request. We have
implemented similar appropriate safeguards with our third-party service providers and partners and
further details can be provided upon request.
On 17 December 2021, the European Commission (the
Commission) and on 23 November 2022, the Information Commissioner's Office (the ICO) each adopted an
adequacy decision for South Korea. This means that free unrestricted transfers of personal data from the
European Economic Area (EEA) and/or the UK to private and public entities in South Korea will be
permitted from that date onwards (including remote access from South Korea) without the need for certain
restrictions such as, but not limited to, implementation of Standard Contractual Clauses.
6. Security Measures
We seek to use reasonable organizational, technical and administrative measures to protect your personal data. Specific measures we use include encrypting your personal information in transit and at rest.
- Our organizational measures include establishment and implementation of internal management plans, regular employee training, etc.
- Our technical measures include installation of security programs, encryption of matters such as unique identifiers, installation of access control systems, and careful management of access authority.
- Our physical measures includes access controls for the data processing room or data storage room.
7. Data Retention
We will retain your personal data for as long as needed or permitted in light of the
purpose(s) for which it was obtained and as outlined in this Privacy Notice. The criteria used to
determine our retention periods include: (i) the length of time we have an ongoing relationship with you
and provide the Site to you; (ii) whether there is a legal obligation to which we are subject; or (iii)
whether retention is advisable in light of our legal position (such as in regard to the enforcement of
the Site Terms of Use, applicable statutes of limitations, litigation or regulatory
investigations).
Unless otherwise required by law, the general retention period for each of the
personal data obtained by us is as follows:
- Personal identification number for confirmation of name: 3 years
- Records on consumer complaints or settlement of disputes: 5 years from the termination date of handling the dispute
- Cases relating to product administration and medical information relating to the products: 5 years from receipt
- Personal data processed in connection with product research, development and improvement: 5 years after completion of the project (pseudonymized information will be kept after 5 years retention period)
When we have no ongoing legitimate business need to process your personal information or the applicable retention period elapses, whichever is later, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
8. Minors
This Site is neither designed nor intended for use by children under the age of 16. We do not knowingly collect any personal data from anyone under the age of 16 without the prior, verifiable consent of a parent or guardian. Such parent or guardian may have the right, upon request, to view the information provided by the child and require that it be deleted. Moreover, all minors should seek their parent's or guardian's permission prior to using or disclosing any personal data on this website or online resource.
9. How to complain
In the first instance, please contact our data protection officer via DPO@celltrion.com
or DPO_EU@celltrion.com (if you live in EU/EEA). You may contact our EU data protection officer at the
following address:
Data Protection Officer
21F, IBS Building, 263,
Central-ro, Yeonsu-gu
Incheon, 22006, Republic of Korea
Tel.: +82 32 850 9016
Email:
DPO@celltrion.com / DPO_EU@celltrion.com
10. Representative for data subjects in the EU and UK and Switzerland
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:
- European Union (EU)
- United Kingdom (UK)
- Switzerland
Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to
access or erase personal data). If you want to contact us via our representative, Prighter or make use
of your data subject rights, please visit the following website: https://prighter.com/q/15163507
Last updated: September 1, 2023