Data protection statement
We welcome your interest in Fresenius Kabi Deutschland GmbH (“Fresenius Kabi”). Protecting the personal data of our patients, healthcare professionals, suppliers, customers and other business contacts is important to us. As a global healthcare company in the digital age, data forms a cornerstone and enabler of our worldwide business. With data being one of our key assets we need to ensure that it is appropriately handled and protected.
We would like to provide you with the relevant information on how our organization incorporates data protection into its operations. With this we aim to ensure compliance and provide transparency and trust. You will also find information on how to execute your rights as a patient, healthcare professional, supplier, customer or website user.
Our Approach to Protect Your Data
Our Data Protection Organization
Fresenius Kabi operates a central data protection center of competence. This center has set up a data protection management framework in alignment with ISO 29100 (privacy framework for the protection of personally identifiable information). The competence center aims to implement a harmonized and consistent way of processing personal data across all Fresenius Kabi entities. It sets the policies, procedures and standards for data protection and provides tools and processes for the employees as well as training and awareness material. Furthermore, this center provides expertise on all data protection topics.
Our data protection and security policies, associated procedures as well as our guidelines for processing personal data aim to create a uniform and basic level of adequate data protection across all Fresenius Kabi entities.
Our local data privacy advisors at the various Fresenius Kabi legal entities support local management in their compliance efforts. They do this by executing risk and compliance assessments for the different data processing activities. With these assessments we aim to integrate data protection requirements into the design of a process or a system.
Our internal IT service provider, Fresenius Netcare, has implemented a certified management system for information security according to ISO 27001 in order to provide high security standards for data centers. Our Global Cybersecurity Emergency Response Team (CERT) identifies, evaluates and responds to security incidents and acts as a central contact point for security-related topics.
The monitoring of our data protection compliance efforts is overseen by our data protection officer.
Our Data Protection Policy
Our data protection policy sets out the requirements for our employees when collecting and processing personal data. It includes that all processing activities that are introduced are subject to a risk and compliance assessment process.
In these assessments we ensure that all relevant data protection principles have been taken into consideration within the design. In certain cases, a data protection impact assessment might be necessary before starting the respective processing activity.
We register the data processing activities within Fresenius Kabi in the “Records of Processing Activities”. This register contains essential information to comply with the data protection laws.
Transparency on Our Data Processing Activities
If you interact with us, e.g. as a patient, healthcare professional, supplier, customer or website user, we collect and use your personal data. In the data protection statements below, we explain how we collect and use your data in these different contexts.
Business Contacts (Vendor, Client, interested business contact)
As our Business Contact, we mostly collect and use your personal data in order to prepare, fulfill or perform an agreement or contract with you or with your organization for the provision of products and services. This includes:
- the evaluation of our relationship with the company you work for (business partner evaluation), and
- the fulfillment of compliance requirements such as business partner due diligence, sanction list screening and money laundering laws.
In our data protection statement for business contacts you will find further details.
Healthcare Professionals
If you are a healthcare professional we mostly collect and use your data to send you product and service related information and to assess whether you are a suitable contact for specific business needs, e.g. when we look for an expert in a certain field or for a specific product.
In our data protection statement for healthcare professionals you will find further details.
Website Users
If you are using our website, we also collect data about you. How and why we do that is stated in our data protection statement for website visitors.
Obtain Insight and Manage Your Data
By using our data protection email you can request information regarding the processing of your personal data including but not limited to the origin and recipients of your data and the purposes of the processing. You can also request to have access to your data or to object to the processing of your data. If your personal data are incorrect, incomplete or not processed in compliance with applicable law, you have the right to have this data rectified, deleted or blocked. Furthermore, you can in certain cases, also ask to directly transfer them to another organization (portability).
If you submit a request, our data protection organization may contact you for additional information to confirm your identity and to ensure rapid clarification of your question. We provide information free of charge unless requests are manifestly unfounded or excessive. In that case we may charge a fee.
We aspire to answer your request within four weeks. We reserve the right to extend the period within the scope of the admissibility by law and will inform you if this is the case. Please do not inquire about your processing status. More information on how we handle your request is stated in our data protection statement for data subject requests.
You also have the right to file a complaint about the way we manage your personal data with our data protection officer.
Transferarea datele dumneavoastră
Colaborăm cu alte organizații pentru a ne atinge scopurile. Prin urmare, este posibil să trimitem datele dumneavoastră cu caracter personal parțial sau în întregime altor organizații.
Astfel de destinatari sunt:
• Alte companii ale Grupului Fresenius, Locations Worldwide - Fresenius Kabi Global (fresenius-kabi.com) dacă un astfel de transfer de date cu caracter personal este necesar pentru scopul specific (Vă rugăm să consultați prezentarea generală a locațiilor în care sunt active companiile Grupului Fresenius Kabi)
• Furnizorii de servicii care prelucrează date cu caracter personal în numele nostru (de exemplu, pentru servicii de găzduire sau întreținere) care trebuie să urmeze instrucțiunile noastre cu privire la o astfel de prelucrare; acestor furnizori de servicii nu li se va permite să utilizeze datele dumneavoastră cu caracter personal în alte scopuri decât în scopurile noastre
Transferuri internaționale de date
Nu este prevăzut niciun transfer ulterior specific al datelor dumneavoastră către țări terțe (țări din afara Spațiului Economic European), cu excepția solicitărilor dumneavoastră. Pentru a putea gestiona solicitarea dumneavoastră, o vom transmite, inclusiv informațiile cu caracter personal furnizate de dumneavoastră, către persoana de contact din țara dumneavoastră. Dacă o astfel de persoană de contact locală se află într-o țară terță, vom transfera datele pe baza consimțământului dumneavoastră.
Cât timp păstrăm datele dvs
Detaliile dumneavoastră de contact vor fi stocate până la șase luni după finalizarea solicitării, cu excepția cazului în care există obligația legală de a păstra datele pentru o perioadă mai lungă.
Informațiile colectate prin cookie-uri vor fi stocate atâta timp cât cookie-ul este valabil așa cum este explicat mai sus.
Cereri, solicitări și reclamații
In funcție de situație aveți anumite drepturi cu privire la datele dumneavoastră cu caracter personal. Aveți dreptul să:
• Solicitați acces la datele dumneavoastră cu caracter personal
• Solicitați rectificarea datelor dumneavoastră cu caracter personal
• Solicitați ștergerea datelor dumneavoastră personale
• Solicitați restricționarea prelucrării datelor dumneavoastră cu caracter personal
• Portabilitatea datelor
• Obiectați din motive specifice situației dumneavoastră
Vă puteți exercita aceste drepturi online utilizând formularul de contact pentru protecția datelor Formular contact protectia datelor - Fresenius Kabi România (fresenius-kabi.com)
De asemenea, aveți dreptul de a depune o plângere la responsabilul nostru pentru protecția datelor sau la autoritatea de supraveghere.
Responsabil pentru protecția datelor:
Fresenius Kabi AG
Responsabil pentru protecția datelor
Else-Kröner-Straße 1
61352 Bad Homburg
Germany
E-mail: dataprotectionofficer@fresenius-kabi.com
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal
B-dul G-ral. Gheorghe Magheru 28-30
Sector 1, cod postal 010336
Bucuresti, Romania
E-mail: anspdcp@dataprotection.ro
Informații suplimentare pentru situații specifice
Cerințe pentru furnizarea datelor cu caracter personal
Datele dumneavoastră personale sunt necesare pentru a vă face accesibil site-ul și pentru a putea urmări solicitarea dumneavoastră.
Dacă nu furnizați datele dumneavoastră cu caracter personal, site-ul web nu va funcționa corespunzător și este posibil să nu putem răspunde sau procesa în mod corespunzător solicitarea dumneavoastră.
Modificări ale acestei declarații de protecție a datelor
Deoarece colectarea și utilizarea datelor dumneavoastră se pot modifica în timp, este posibil să modificăm și această declarație privind protecția datelor pentru a reflecta întotdeauna corect practicile noastre de prelucrare a datelor. Vă încurajăm să o revizuiți din când în când.
Operator și Contact
Operatorul și entitatea responsabilă pentru prelucrarea datelor cu caracter personal este:
Fresenius Kabi Romania
Str. Henri Coandă, Nr. 2
RO-507075, Ghimbav, Brașov