Privacy & Terms

Data Protection at Mabxience

Welcome to the Mabxience Holding S.L. and affiliates* (“Mabxience” or “we”) data protection information page. As a global pharmaceutical company that specializes in lifesaving biologics, we need to collect, use and share your personal data to carry out our work. We need to ensure that this data is appropriately handled and protected.

This site explains how we incorporate data protection in our operations and how your data is used in our processes. Furthermore, you will find information on how to execute your rights.

1. How We Take Care of Your Data

1.1 Our Data Protection Organization

Mabxience as part of the Fresenius Kabi Group, follows its policies, procedures and standards for data protection. Our local data privacy advisor supports local management with the compliance programs, by executing risk and compliance assessments for the different data processing activities. The monitoring of our data protection compliance efforts is overseen by our data protection officer.

1.2 Our Data Protection Policy

Mabxience has adopted The Fresenius Kabi Binding Corporate Rules on the protection of personal data. These rules have been approved by the European Data Protection Authorities and describe the principles for protecting personal data and determine how we apply them when collecting and using personal data. (For more information please go to https://edpb.europa.eu/system/files/2022-10/fresenius_bcr-c_approval_decision_20220726.pdf)

The Fresenius Binding Corporate Rules, associated security policies and procedures aim to create a global adequate and uniform level of data protection across our group. They set the rules for the internal data transfers between Fresenius Kabi companies (including Mabxience) and our internal service providers worldwide.

*Mabxience Holding S.L is the parent company of Mabxience SAU (Argentina), GH Genhelix SA (Spain), Mabxience Research S.L (Spain) and Mabxience S.A. (Switzerland).

1.3 Our Security Measures

At Mabxience we know information security is important to our customers, patients, and business partners. We are committed to maintaining information security through responsible management, appropriate use, and protection of our and your data in accordance with legal and regulatory requirements and our agreements.

2. Transparency on Our Data Processing Activities

We collect and use your personal data in various ways and for various purposes. We collaborate with other organizations to achieve our purposes. In the sections below you can find when and how we do that. If you have any further questions, requests, inquiries or complaints relating to your personal data you can contact us. Please refer to the information in Section 2.4.

2.1 Situations in which we collect your data

2.1.1 If you visit our websites

Please be informed that our websites include links to external sites which are not covered by this data protection statement.

2.1.1.1 Why we collect and use your data

We collect and use your data for the following purposes:

To make the website work and optimized for the device you use

To provide the best possible service to you, enhance your user experience and store your preferences for your current or future browsing sessions

To further improve our websites.

2.1.1.2 What data we collect and how we do that

We collect your data of your visit to our website in the following ways:

2.1.1.2.1 Automatically by our website or by using cookies and other technologies

We collect and use the following internet protocol data or cookie data during your visits on our websites:

The name of your service provider including IP address

The website that directed you to our site

The pages you visited on our websites

Your web browser type

The date and length of your visit

The preferences you select.

You can accept or reject the use of certain cookies & other technologies for this website. Please note that if you choose not to accept the use of certain cookies you may not be able to experience the full functionality of this website and may have to confirm certain dialogs once again.

Your cookie settings are always related to the web browser you are using, and the settings are of no effect if you use a different web browser upon your next use of this website. Alternatively, you can manage the settings of your web browser or on your mobile device. Here you can delete cookies at your own discretion at any time.

We use the following types of cookies:

2.1.1.2.1.1 Strictly necessary cookies

This type of cookies is required to make the website work. They are exclusively used by us during the session. They help to make the page load more quickly and to limit the number of sessions originating from a user to prevent a website-overload.

We use a “cookie notifier” cookie which saves your decision either to agree with the usage of cookies on our website or not. It is saved automatically upon your click on one of the two options available. Your acceptance of our cookies is stored for one year from the acceptance date. If you decide to refuse our cookies, your decision will be stored for 30 days. During this time, the cookie information banner will not be shown again.

All other strictly necessary cookies remain valid during the session and are automatically deleted when you close the browser.

2.1.1.2.1.2 Functional cookies

Functional cookies save the choices and preferences you make while visiting this website in order to offer you an improved functionality and personal features. They can remember your login status, or the status of videos played. These will be stored for 30 days

2.1.1.2.1.3 Analytical cookies

When you consent to the usage of analytical cookies, respective cookies will be stored on your device. Analytical cookies allow us to analyze the way the website is used, how often visitors use a page of our website, and if they get error messages from our pages. For this purpose, your IP address will be processed in a pseudonymized manner by deleting the last three digits. That way we are no longer able to directly identify you as an individual. We will delete this data within three years.

2.1.1.2.1.4 Social Media cookies

When you consent to the usage of social media cookies or when you press ‘I consent’ in the social media feeds section, cookies will be placed. You are then able to see the activity streams of our corporate social media channels which are embedded on our website. Your consent is stored for the duration of your visit of our website through our “social media” cookie.

An overview of all the cookies we use can be found at https://mabxience.com/cookies-policy-2/

2.1.1.3 Legal basis to collect, use and share your data

We process your personal data on one or more of the following legal bases:

You have given us your consent for the intended processing or international transfer of your personal data, (e.g., in the EU Art. 6.1 a, and Art. 49.1 a GDPR; In Argentina Law No. 25,326, Regulatory Decree No. 1558/2001). This is e.g. the case for cookies that are not strictly necessary.

The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR; In Argentina Law No. 25,326, Regulatory Decree No. 1558/2001). These legitimate interests are:

the establishment, exercise or defense of legal claims

to provide information on our products and service via a working and optimized website.

2.1.1.4 With whom we share your data

Besides the general recipients as mentioned on our With Whom We Share (Section 2.2.), we share your data with social media platforms if you activate the plug ins.

Fresenius Kabi has no influence on the scope or the kind of data that will be submitted by activating the plug-ins. Besides, further data processing operations could be triggered, on which we do not have any influence. To learn more about the scope of personal data collected and used, the purposes for which we may use your data, and your respective rights and configuration options to protect your privacy (including your right of withdrawal of consent), please refer to the respective social network’s data protection statement.
YouTube: https://policies.google.com/privacy
LinkedIn: https://www.linkedin.com/legal/privacy-policy

2.1.1.5 How long we retain your data

Information collected via the website or cookies & similar technologies will be stored as long as your visit or as long as the cookie is valid as explained above.

2.1.2 If you contact us by mail, phone or via an online form

2.1.2.1 Why we collect and use your data

We collect and use data you actively provided to us. For instance, when filling in online forms or when contacting us by other means of communication such as e-mail, telephone or mail. We may do this:

To validate, handle and respond to you based upon your inquiry or request

To fulfill our compliance requirements under pharmacovigilance and medicines laws.

2.1.2.2 What data we collect and how we do that

We collect the information you provide to us, which may include the following data:

Name

Gender

Contact and address information (e.g., address data, email address, phone number, fax number)

Country of residence

Organization / Company

Profession

Type of request and possible further information for the purpose of responding to your inquiry

2.1.2.3 Legal basis to collect, use and share your data

We process your personal data on one or more of the following legal bases:

The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR; In Argentina Law No. 25,326, Regulatory Decree No. 1558/2001). More specifically legal obligations in relation to requirements under pharmacovigilance and medicines laws.

The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR; In Argentina Law No. 25,326, Regulatory Decree No. 1558/2001). These legitimate interests are:

To validate, handle and respond to you based upon your inquiry or request

The establishment, exercise or defense of legal claims

To provide information on our products and service.

2.1.2.4 Requirements to provide personal data

Your contact details are required to be able to provide you an answer to your request.

2.1.2.5 How long we retain your data

Your contact details will be stored for up to six months after the inquiry has been completed unless legal obligation exists to retain data for a longer duration, which is the case if you report, or you are mentioned in an adverse event or reaction associated with the use of medicinal products and safety of medical devices (vigilance).

2.1.3 If you interact with us as a business contact

2.1.3.1 Why we collect and use your data

As our valued commercial prospect, client, vendor, interested business contact or otherwise representative of an organization we interact with (business contact), we may collect and use certain personal data from you. Depending on the business relationship we have with you and/or the organization you are working for, we may collect and use your data for the following purposes:

Asses a potential business relationship and/or maintaining our business relationship with you or the organization you are working for (including customer relationship management, supplier management, investor relations management, and business partner qualification)

Vendor assessment and qualification (e.g., whether you and your organization meet certain quality and certification requirements)

Procurement of products and services from you or the organization you are working for

Exchange of information related to existing contracts or potential future contracts with you or the organization you are working for

Fulfill our contract with the organization you are working for, including the enforcement of any rights we may have under such contract

Termination of contracts and agreements

Fulfillment of compliance requirements related to a business transaction (e.g., conflict checks, business partner due diligence, sanction list screening, anti-money laundering laws, secure supply chain requirements, customs and export law requirements, tracing requirements for products)

Manufacture and quality management of products

Provide and deliver products and services

Marketing (e.g., informing you about products and services or related information)

Carry out surveys to understand customer requirements in more detail

Relationship administration and key account management including external communication and public relationship

Assess and categorize which specific business needs match best with your abilities (e.g., when we look for a key opinion leader in a certain field or for specific products, the extent you belong to the group of scientific input providers, based on scientific or professional experience) or if you can influence in your professional capacity, the use, purchase, ordering, prescribing or recommendation of Fresenius Kabi products, or affect tender decisions, formulary placement, award status or other preferential or qualifying status of Fresenius Kabi products in accordance with applicable law

Finance and accounting, invoicing, payment collection and reporting

Assess your company’s financial solvency and credit risk

Assess potential investments in Fresenius shares, a potential acquisition, divestiture or joint venture transaction with us or any Fresenius Kabi affiliate

Improve our products and services

Organize, secure and improve internal processes including communication, administration, research and IT

Develop, provide, support and maintain IT infrastructure and solutions

Security analysis of our IT systems, to protect the confidentiality, availability, integrity of the data and systems

Facilitate mergers, acquisitions and re-organizations.

2.1.3.2 What data we collect and how we do that

We collect and use your personal data in the following ways:

2.1.3.2.1 Information you provide to us

We may collect your personal data when you contact us, order our products and services or enter into a contract with us for the supply of goods and services. Such personal data include:

First and last name

Gender

Contact and address information, including address, e-mail address, phone number, fax number

Country of residence

Role and function in your organization

Your areas of expertise

Your profession and qualifications

Information on the kind of a relationship you have with Fresenius Kabi

Employer name and employer address

Contact preferences

2.1.3.2.2 Information we collect from other organizations

We may process data that is provided to us by contracted service providers, by competent authorities or obtained from publicly accessible trade registers or trade associations and other publicly available sources, including rating agencies, financial solvency, risk information and financial service agencies and institutions, government or supranational agencies, in particular tender authorities or procurement agencies, data brokers, websites, blogs and printed media.

Such personal data may include:

First and last name

Contact and address information (e.g., address, e-mail address, phone number, fax number)

Organization / Company

Your organization’s bank accounts

Your profession and qualifications

Professional identifiers

Organizational details, affiliation details of your company

Certifications and quality statements issued by your organization’s officers, representatives or auditors

Percentage of shares held

Details related to public filings, trade registers and professional boards

Details related to published transactions of your organization including tenders and financial arrangements

Details related to specially designated nationals or blocked persons lists

Previous interactions with Fresenius Kabi and any of our subsidiaries.

2.1.3.3 Profiling and automated decision making

An automated decision making (e.g., in the EU Art. 22 GDPR) occurs according to our obligation to conduct a sanction-control-procedure. Within this procedure we check if you, or your organization is listed on an official published sanctions list applicable to the business transaction or relation you have with us. This is necessary for entering into, or performance of, a contract between you and us. The consequence of this can be the refusal to enter into a contractual relationship with you.

We create profiles in our systems, that enable us to assess and categorize which specific business needs match best with your abilities (e.g. when we look for a key opinion leader in a certain field or for specific products, the extent you belong to the group of scientific input providers, based on scientific or professional experience) or if you can, in your professional capacity, influence the use, purchase, ordering, prescribing or recommendation of Fresenius Kabi products, or affect tender decisions, formulary placement, award status or other preferential or qualifying status of Fresenius Kabi products in accordance with applicable law

2.1.3.4 Legal basis to collect, use and share your data

Depending on the business contact we have with you and the purposes we collect and use your data, we process your personal data on one or more of the following legal bases:

The processing of your personal data is necessary for the performance of a contract (to be) concluded between you and us (e.g., in the EU Art. 6.1 b GDPR)

The processing of your personal data is necessary for us to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR). More specifically we are obliged to comply with laws on anti-money laundering, customs and export, secure supply chain requirements, product tracing requirements, statutory disclosure and notification requirements or similar compliance requirements that might require us to process certain of your personal data

The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR). These legitimate interests are:

Investigate your interests for a potential business relationship and/or maintaining our business relationship with you or the organization you are working for

Fulfilling our contract with the organization you are working for, including the enforcement of any rights we may have under such contract

Gather information and knowledge management related to the interests in and satisfaction about internal processes, products and services

Development, optimization and improvement of our products and services

Optimization of internal communication

Optimization of administration

Carrying out research work

Organizational management

Risk Management: safeguarding against e.g., financial / reputational risks

Maintenance of the IT infrastructure, IT security, guarantee of IT support and the detection and correction of errors

Complying with legal requirements outside the EEA

Establishment, exercise or defense of legal claims.

2.1.3.5 Requirements to provide personal data

You may need to provide your personal data to us for the purpose of fulfilling a contract with you or the organization you are working for, e.g., we might need your contact details if you are our business contact at a supplier. If you do not provide your personal data, we might not be able to enter into the respective contractual relationship.

2.1.3.6 With whom we share your data

Besides the general recipients as mentioned on Section 2.2., we collaborate with professional data and analytics providers such as IQVIA, Veeva, CDQ and Acxiom to achieve our purposes.

2.1.3.7 How long we retain your data

We store your personal data for one of the following periods of time:

Until the purpose of the data collecting and using is fulfilled, e.g. for the term of the contractual relationship with you or the organization you are working for. The exact period depends on the organization you are working for and your position in the company.

As long as we have a duty to retain the data in line with applicable laws (e.g., because we are obliged to store the data for tax purposes)

If longer retention periods apply after the time periods listed above (e.g., because we are obliged to store the data for tax purposes or civil or criminal proceedings where initiated) our aim also includes that the data will be blocked until the end of the respective retention period and then erased.

2.1.4 If you interact with us as a speaker, advisor or otherwise in your capacity as a healthcare professional

2.1.4.1 Why we collect and use your data

We may collect and use your data for the following purposes:

Execute the contract with you, including value transfers (such as payments and expenses), communication with you and the arrangement of hospitality and other facilities

Maintain a database of HCPs with whom we already collaborated and/or may collaborate in the future

Assess and categorize which specific business needs match best with your abilities (e.g., when we look for a key opinion leader in a certain field or for specific products, the extent you belong to the group of scientific input providers, based on scientific or professional experience)

Best practice sharing internally and externally

Disclosure of value transfers to you if you have given us your consent or if we are legally required to disclose such transfers

Fulfillment of our compliance requirements, e.g. from anti-corruption laws, anti-money laundering laws and other laws on economic crime, regulatory and pharmacovigilance and medicines laws, as well as disclosure obligations resulting from applicable laws and self-regulatory codes of conduct as a result of our membership in trade associations

2.1.4.2 What data we collect and how we do that

We may collect and use your personal data in the following ways:

2.1.4.2.1 Information you provide to us

We collect your personal data depending on the different types of interaction you have with us. Such personal data may include:

First and last name

Gender

Contact and address information, including address, e-mail address, phone number, fax number

Country of residence

Curriculum vitae information, including information on your professional experience, your engagement with us and other companies, events you attended, publications, organizations you worked for

Pictures of you

Audio-visual recordings of your voice, appearance and statements, if a presentation of yours is recorded and this has been agreed

Your areas of expertise and your areas of professional interest as an HCP

Information on payments made and benefits granted to you (transfers of value)

Your bank account number

Your tax identification number

Contract entered between you and us

2.1.4.2.2 Information we collect from publicly available sources

Before we enter in an interaction with you, we may collect information about you and your professional experience from publicly available sources, such as the internet, social media platforms, sanction lists and other online and print publications.

Such data includes:

First and last name

Contact information

Country of residence

Curriculum vitae information, including information on your professional experience, your engagement with other companies, events you attended, publications etc.

Business address

Pictures and audio-visual recordings of you

2.1.4.3 Legal Basis for Processing Your Data

Depending on the business contact we have with you and the purposes we collect and use your data, we process your personal data on one or more of the following legal bases:

The processing of your personal data is necessary for the performance of a contract (to be) concluded between you and us (e.g., in the EU Art. 6.1 b, GDPR; In Argentina Law No. 25,326, Regulatory Decree No. 1558/2001)

The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR; In Argentina Law No. 25,326, Regulatory Decree No. 1558/2001). More specifically we

are obliged to comply with national and, if applicable, international laws and regulations relating to the fight against corruption, anti-money laundering anti-terrorism financing and other economic crime.

have to assess the appropriateness of the remuneration and other payments made and other support granted to you and are subject to certain documentation, publication and reporting obligations and therefore, can be obliged to disclose the remuneration paid or other support in kind availed to you as a speaker or other service provider, to your employer or to competent regulatory authorities, criminal prosecutors and other recipients responsible for the implementation of transparency rules upon request, or make such payments and in kind support available publicly. This includes particularly documentation, disclosure and reporting obligations in connection with medicines, medical devices and healthcare regulations, transparency laws, laws on anti-money laundering and self-regulatory regimes such as industry and patient codes

The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (e.g., in the EU Art. 6.1 f, GDPR). These legitimate interests are:

Maintenance of a database that contains all HCPs with whom we already collaborated or may collaborate in the future, to manage the interactions with you and other HCPs

Establishment, exercise or defense of legal claims

You have given us your consent for the intended processing of your personal data (e.g., in the EU Art. 6.1 a GDPR), e.g., for disclosing value transfers made to you, if not legally required or for publishing your photo or audiovisual recordings, if not contractually agreed.

2.1.4.4 Requirements to provide personal data

Your personal data is required to enter into and/or perform the respective interaction with you. If you do not provide your personal data, we may be required to refrain from entering into an interaction with you, as we could be unable to meet our due diligence and disclosure requirements under applicable laws and self-regulatory codes.

2.1.4.5 With whom we share your data

Besides the general recipients as mentioned under Section 2.2, we also share your data with:

The general public, to the extent we are obliged to publicly disclose payments made to you and other benefits provided to you, e.g., meals, travel and accommodation as well as other hospitality. Where there is no statutory legal basis for public disclosure including the identity of the recipient, you may choose to withhold or withdraw your consent to such disclosure, and we would then disclose the payments and benefits on an anonymous aggregated basis

2.1.4.6 How Long We Retain Your Data

Your interactions with us will be deleted ten years after the completion of the last interaction with you, unless we are legally required to retain the data.

2.1.5 If you report or are mentioned in an adverse event or reaction associated with the use of medicinal products and safety of medical devices (vigilance)

2.1.5.1 Why we collect and use your data

The quality and safety of Mabxience’s products, services and therapies are of paramount importance. Our interactions with patients using our products do not end with the supply of products or the provision of services but involve the monitoring and analysis of applicability, effectiveness and safety for patients of our products on the market. The gained insights are the basis for identifying opportunities for continuous improvement of products and services. Therefore, Mabxience monitors and evaluates relevant information and feedback on the products, services and therapies during its use and where necessary reports these to health authorities.

The monitoring of adverse reactions or events (side effects) associated with the use of medicinal products is referred to as pharmacovigilance (drug safety). The statutory pharmacovigilance commitments relate to our medicinal products for human use. Similar regulations exist for medical devices.

With the help of our vigilance activities, Mabxience ensures that the patients’ safety of its products is always guaranteed, and that Mabxience is enabled to identify any changes in the benefit-risk-ratio at an early stage and react in a timely manner.

2.1.5.2 What data we collect and how we do that

We may collect and use your personal data in the following ways:

2.1.5.2.1 Information you provide to us, we collect from other organizations or from publicly available sources

We collect and use the data:

you provide directly to us (e.g., via phone, letter or webform), as patient using our products

as reporter of adverse reactions or events

as reported and published on publicly available sources such as social media and internet forums, literature or other reports we became aware of

as provided to us by healthcare organizations or organizations otherwise involved in the provision of care such as hospitals, our distributors and resellers or universities.

The exact amount and kind of data depends on the information submitted to us or the information that is published, posted or shared. Such data includes:

Information identifying the patient (potentially including first and last name, date of birth, gender)

Medical history and other characteristics including laboratory data, pregnancy, weight, height and age

Measures and treatment of adverse reactions and events

Information identifying the reporter or on the primary source of the data for potential follow-up requests

First and last name

Contact and address information (e.g., address, e-mail address, social media account name, phone number)

Signature (in case you report on behalf of a healthcare provider)

Information on the adverse reactions and events or other information on the safety of our products

Description of the adverse reactions and events related data including start, stop, duration

Drug/active substance related data including dosage, application, suspected causality indication and duration of treatment

Medical device related data including application, and malfunctioning

Seriousness criteria of reaction such as death, life threatening, hospitalization or prolonged hospitalization, permanent injury or disability, important medical event

Outcome of reactions.

2.1.5.3 Legal Basis for Processing Your Data

We process your personal data on the following legal basis:

The processing of your personal data is necessary for reasons of public interest in the area of public health to ensure high standards of quality and safety of medicinal products and devices based on law (e.g., in Europe Art. 6.1 e Art. 9.2 i GDPR; In Argentina Law No. 25,326, Regulatory Decree No. 1558/2001). These laws include inter alia Section 63c of the German Medicines Act and Article 24 of Regulation (EC) No. 726/2004.

You have given us your consent for the intended processing (e.g., in Europe Art. 6.1 a GDPR and Art. 9.2 a GDPR; In Argentina Law No. 25,326, Regulatory Decree No. 1558/2001) which can be the case if you participate in a clinical trial or research study)

The processing relates to personal data which is manifestly made public by you (e.g., in Europe Art. 9.2 e GDPR; In Argentina Law No. 25,326, Regulatory Decree No. 1558/2001) which can e.g. be the case if you publish it on social media

The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in Europe Art. 6.1 f GDPR; In Argentina Law No. 25,326, Regulatory Decree No. 1558/2001). This legitimate interest is explained under ‘Why we collect and use your data’

The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in Europe Art. 6.1 c GDPR and Art. EU 9.2 i GDPR; In Argentina Law No. 25,326, Regulatory Decree No. 1558/2001). More specifically we are obliged to have post market surveillance based on Regulation (EU) No 1235/2010 and Directive 2010/84/EU concerning the pharmacovigilance of medicinal products for human use. See also Commission Implementing Regulation No 520/2012 of 19 June 2012 and the European Medicines Agency (EMA) Guidelines on Good Pharmacovigilance Practices (GVP). Furthermore, legal obligations arise as part of a clinical trial, see Regulation (EU) No 536/2014 and as part of medical device regulations EU 745/2017 and 746/2017.

2.1.5.4 Requirements to provide personal data

If you do not provide all necessary personal data, we might not be able to respond or process your report properly because we cannot comply with the legal requirements as listed above.

2.1.5.5 How Long We Retain Your Data

Mabxience only stores personal data that is required to be compliant with the current legislation in our global safety databases.

For events related to medicinal products / Drugs, the data will be kept for 10 years after the marketing authorization has ceased to exist or 5 years after the completion of formal discontinuation of the last clinical trial.

For events related to medical devices the data will be kept for 10 years after the last device has been placed on the market (15 years for implantable devices).

Complaint related documentation related to our products the data will be kept for 30 years after closing.

2.1.6 If you submit a data subject request

2.1.6.1 Why we collect and use your data

We collect and use your data to validate, handle and respond to your request, and to fulfill our accountability requirements arising from the General Data Protection Regulation or other data protection legislations.

2.1.6.2 What data we collect and how we do that

2.1.6.2.1 Information you provide to us

We collect and use the data you provide to us. The exact amount and kind of data depends on what information you include in your request and what type of request you submit. Such data includes:

First and last name

Academic title

Gender

Contact and address information (e.g., address, e-mail address, phone number, fax number)

Country of residence

Information on your relationship with Fresenius Kabi and its entities

Your request

Data needed to identify yourself

2.1.6.3 Legal Basis for Processing Your Data

We process your personal data on one or more of the following legal bases:

The processing of your personal data is necessary for us in order to comply with a legal obligation, we are subject to (e.g., in Europe Art. 6.1 c GDPR; In Argentina Law No. 25,326, Regulatory Decree No. 1558/2001). We are legally obliged to respond to your request and to process your personal data accordingly. More specifically, in Europe legal obligations in relation to requirements under the General Data Protection Regulation (Regulation (EU) 2016/679).

The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in Europe Art. 6.1 f GDPR; In Argentina Law No. 25,326, Regulatory Decree No. 1558/2001). More specifically, these legitimate interests are the establishment, exercise or defense of legal claims

The processing is necessary for the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity (e.g., in Europe Art. 9.2 f GDPR; In Argentina Law No. 25,326, Regulatory Decree No. 1558/2001)

2.1.6.4 Requirements to provide personal data

If you do not provide all necessary personal data, we may not be able to respond to or properly process your request.

2.1.6.5 How Long We Retain Your Data

We store your personal data until we have responded to your request. Afterwards, the respective personal data shall be blocked (i.e., we block your data for all other purposes) until the end of the respective statute of limitation for corresponding legal claims. After the end of this status of limitation (after four years), your data will be erased entirely.

If longer retention periods apply after the time periods listed above (e.g., because we are obliged to store the data for tax purposes or civil or criminal proceedings where initiated) our aim also includes that the data will be blocked until the end of the respective retention period and then erased.

2.1.7 If you interact with us on social media

2.1.7.1 Why we collect and use your data

We may collect data about you for the following purposes:

to answer your inquiries you sent to us by direct message

to follow up and report on posted adverse events (Section 2.1.6)

follow up on any hate speech or other statements that allegedly threatens our employees, organization, our brand or reputation

to gain insights in our and your online presence and standing

to adapt our online presence with the respective platform or network to best suit the preferences and interests of its users

to provide advertisements to targeted groups

2.1.7.2 What data we collect and how we do that

We may collect and use your personal data in the following ways:

2.1.7.2.1 Information you post

We collect information you post about us, our brands, our employees, our markets, our products and services or otherwise affects us. This may include:

Your name as selected by you for your social media user account, including your picture and profile description/bio

The content of your published posts

The content of your direct messages

2.1.7.2.2 Information obtained from social media providers

We collect information from social media providers which they collect when you use their platforms and they provide to us. This may include:

your profile as determined by the social media provider, which can include:

Geography

Interests

Gender

The industry you are working in

Age groups

Values

Channels

2.1.7.3 Legal basis to collect, use and share your data

We process your personal data on one or more of the following legal bases:

The processing of your personal data is necessary for us in order to comply with a legal obligation we are subject to (e.g., in the EU Art. 6.1 c GDPR; In Argentina Law No. 25,326, Regulatory Decree No. 1558/2001). More specifically legal obligations in relation to requirements under pharmacovigilance and medicines laws. These include inter alia Section 63c of the German Medicines Act and Article 24 of Regulation (EC) No. 726/2004.

The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (e.g., in the EU Art. 6.1 f GDPR; In Argentina Law No. 25,326, Regulatory Decree No. 1558/2001). These legitimate interests are:

To validate, handle and respond to you based upon your inquiry or request

To provide information on our products and service

To provide an adequate online presence which meets the demands of the users

To protect our employees, organization, brands and reputation

The processing relates to personal data which is manifestly made public by you (e.g., in Europe Art. 9.2 e GDPR; In Argentina Law No. 25,326, Regulatory Decree No. 1558/2001)

2.1.7.4 With whom we share your data

Besides the general recipients as mentioned Section 2.2., we share your data with social media platform providers. These providers are responsible as Controller for the data they receive.

2.1.7.4.1 Responsibility regarding LinkedIn

For all processing of personal data related to LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, is the responsible controller.

You can find information on respective processing of personal data here: https://linkedin.com/legal/privacy-policy

2.1.7.4.2 Responsibility regarding YouTube

For all processing of personal data related to YouTube, Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA, is the responsible controller.

You can find information on respective processing of personal data here: https://policies.google.com/privacy?hl=en

2.1.7.5 How Long We Retain Your Data

We store your data for as long as it is necessary to answer your inquiry. So, until you receive the last relevant message from us to answer your query, plus a 6-month transition period so that we can respond if you have any further or follow-up questions. If your post or you are mentioned in a post that relates to an adverse event or reaction associated with the use of medicinal products and safety of medical devices (vigilance), we store the information longer .

2.2 With Whom We Share Your Data

In all the situations as mentioned above, we collaborate with other organizations to achieve our purposes. Therefore, we may send your personal data in parts or as a whole to other organizations.

Apart from the specific recipients as mentioned above for the specific situations, such recipients are:

Other Fresenius Kabi Group companies (https://www.fresenius-kabi.com/imprint/entities)

Other Fresenius Group Companies (https://www.fresenius.com/group-overview)

Service providers which process personal data on our behalf (e.g., for hosting or maintenance services) and have to follow our instructions on such processing;

Authorities, courts and/or parties, or their delegated bodies, in a litigation in case we are required to do so to meet any applicable laws, regulations, legal processes or enforceable governmental requests

Professional advisors or auditors, such as tax advisors, financial auditors, lawyers, insurers, banks and other external professional advisors in the countries in which we operate

Other entities in the event of a change in ownership, a merger with, acquisition by, or sale of assets.

2.2.1 International data transfers

We may send your personal data in parts or as a whole to the above recipients in other countries. For some of these countries the European Commission or respective legislator or authority in your country has determined an adequate level of data protection to be in place that matches the level of data protection in your country.

The European Commission has done this for the following countries / international organizations in which Fresenius entities are located: Argentina, Canada, Japan, South-Korea, United Kingdom, New Zealand, Switzerland or Uruguay.

For countries where the respective legislator or authority has not decided that an adequate level of data protection exists that matches the level of data protection in your country, we have provided safeguards in order to secure your personal data to a degree that is equivalent to the level of data protection in the European Union or your home country as a minimum.

These safeguards are:

For the exchange of data within our company: our Binding Corporate Rules for Controllers

For the exchange of data with our service providers and other international organizations: Standard Contractual Clauses that have been issued by the European Commission, and/or as issued by other authorities or legislators as applicable.

You can obtain a copy of these Standard Contractual Clauses and our Binding Corporate Rules, online, or upon request.

2.3 Changes to our personal data processing activities

As our collection and use of your data may change over time, we may update the information on this site from time to time to correctly reflect our data processing practices. We encourage you to review it from time to time.

2.4 Contact, Requests, Inquiries and Complaints relating to your data

For all the situations where we collect and use your data the following information is applicable.

2.4.1 Controller contact

The controller or designated responsible entity representing the Mabxience group, for processing of your personal data is:

Mabxience Holding, S.L-
Calle Manuel Pombo Angulo, 28, 2nda Planta,

28050 Madrid

Spain

For Argentina:

MABXIENCE S.A.U.

1535 Paraguay Street,

City of Buenos Aires

Argentina

For Switzerland:

MABXIENCE S.A.

Via Ferruccio Pelli 17

6900 Lugano

Switzerland

2.4.2 Requests and inquiries

Where applicable based on data protection legislation, you have the right to request:

confirmation whether or not we process your personal data

access to or a copy of your personal data: You can ask to access/receive information about e.g. the purpose of processing, the categories of personal data concerned, the recipients, storage periods, any existence of automated decision-making.

rectification of your personal data if they are incomplete or incorrect

deletion of your personal data, unless it must be maintained e.g. due to legal retention requirements

to restrict of processing of your personal data if either the accuracy of the personal data is contested, or the processing is unlawful (no longer required for the pursued purposes).

data portability of your data to another organization in a commonly used and machine-readable format, if the following conditions are met:

Personal data have been provided by the individual

The processing is based on the individual’s consent or on a contract with the individual

The processing is carried out by automated means.

Object to processing on grounds specific to your situation or to direct marketing and profiling.

revocation or withdrawal of your previously given consent at any time. You can withdraw your consent to all processing or for individual purposes of your choice. The withdrawal of consent will not affect the lawfulness of processing based on your consent before the withdrawal.

to be not subject to automated decision making (incl. profiling) which could lead to legal or similar significant effects to your, unless:

It is necessary for entering into or performance of a contract between the you and Fresenius Kabi

It is based on your explicit consent.

If you submit a request, our data protection organization may contact you for additional information to confirm your identity and to clarify your request. We provide information free of charge unless requests are manifestly unfounded or excessive. In those circumstances we may charge a fee.

We aspire to answer your request within four weeks. We reserve the right to extend the period within the scope of the admissibility by law and will inform you if this is the case. Please do not inquire about your processing status.

If you want to submit a request to Mabxience please send an email to dataprotection@mabxience.com.

2.4.3 Complaints

You have the right to lodge a complaint about the way we manage your personal data with our data protection officer, via our compliance hotline (please go to https://mabxience.com/speak-up-policy-and-reporting-channels/)  or with the data protection authority. You can contact those as follows:

2.4.3.1 Data Protection Officer:

Fresenius Kabi AG
Data Protection Officer
Else-Kröner-Straße 1
61352 Bad Homburg
Germany
E-mail: dataprotectionofficer@fresenius-kabi.com

Mabxience

Local Data Protection Advisor

Calle Manuel Pombo Angulo,28 2da Planta

28050 Madrid

Spain

dataprotection@mabxience.com.

2.4.3.2 Data Protection Authority:

In Spain:

Agencia Española de Protección de Datos Personales

C/ Jorge Juan, 6.

28001 – Madrid

In Argentina:

Agency for Access to Public Information

Av. Pte. Gral. Julio A. Roca 710, 3rd floor

City of Buenos Aires

Argentina

In Switzerland:

Office of the Federal Data Protection and Information Commissioner FDPIC
Feldeggweg 1
CH – 3003 Berne

Switzerland

ADDENDUM TO MABXIENCE’S PRIVACY POLICY FOR ARGENTINA

The provisions of this annex are applicable exclusively to users of the website https://mabxience.com/es/ residents of the Argentine Republic. In the event of any contradiction between the provisions of the main text of the Privacy Policy and this annex, the provisions of this Annex shall prevail in relation to users residing in Argentina.

Who is the Controller of Personal Information

In Argentina, MABXIENCE S.A.U. CUIT N° 30-71072656-2 (hereinafter “MABXIENCE”) with address at 1535 Paraguay Street, in the City of Buenos Aires, Argentina, is responsible for the treatment and responsible for the personal databases that are registered with the National Registry of Databases of the National Directorate of Personal Data of the Agency for Access to Public Information of the Argentine Republic (Responsible Code RL-2023-117752544-APN-DNPDP#AAIP)  in accordance with current regulations in the Argentine Republic.

Users’ Data Protection Rights

Without prejudice to the provisions of this Privacy Policy, in compliance with the provisions of Law No. 25,326, Regulatory Decree No. 1558/2001, and the provisions and/or binding resolutions issued by the Agency for Access to Public Information, Users as holders of personal data may exercise the right of access to their personal data free of charge at intervals of no less than six months,  unless a legitimate interest is proven for this purpose in accordance with the provisions of Article 14, paragraph 3 of Law No. 25,326. They may also exercise their rights to rectify, update, delete and block personal information under the terms of Article 16 of Law 25,326.

Data subjects may revoke the consent given for the processing of personal data at any time. The revocation does not have retroactive effect.

To exercise their rights, the User must send an email  to dataprotection@mabxience.com and  we will contact them as soon as possible to verify their identity and proceed to give access or modify or update their personal data.

Complaints for Violation of the Protection of Personal Data

THE AGENCY FOR ACCESS TO PUBLIC INFORMATION, in its capacity as the Control Body of Law No. 25,326, has the power to deal with complaints and claims filed by those whose rights are affected by non-compliance with current regulations on the protection of personal data. The AGENCY FOR ACCESS TO PUBLIC INFORMATION is located at Av. Pte. Gral. Julio A. Roca 710, 3rd floor of the Autonomous City of Buenos Aires (Email: info@aaip.gob.ar). The claim can be made through its website: https://www.argentina.gob.ar/aaip/tramites#4

Governing Law and Jurisdiction

This Addendum to the Privacy Policy shall be governed by the laws of Argentina. In the event of any controversy or divergence related to the interpretation, validity, execution or compliance thereof, the User and MABXIENCE declare that they submit to the exclusive jurisdiction of the Ordinary National Courts sitting in the Autonomous City of Buenos Aires, expressly waiving any other jurisdiction and/or jurisdiction that may correspond to them.