Back

Evenity® Website - Privacy Policy for Healthcare Professionals (EWPP)

1. WHO WE ARE AND HOW YOU CAN CONTACT US

UCB or we means UCB Pharma Ltd, a company incorporated under the laws of England and Wales with its registered office at 208 Bath Road, Slough, Berkshire, SL1 3WE (UK).

As the controller, i.e. the legal entity that decides on the why and how information relating to you (personal data) is collected and processed including in the context of this UCB website regarding Evenity® (romosozumab) medication and the related patient support programme, exclusively dedicated to HCPs (the Website), we respect your right to privacy.

UCB collects and processes the below mentioned personal data regarding you within the framework of your use of this website.  Please read this EWPP to understand how we collect and process personal data concerning you.

We will only process your personal data as described in this EWPP and in accordance with the relevant data protection legislation, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation or GDPR).

We have a data protection officer (DPO), who can be contacted by any of the following means for any privacy-related questions, including on how we collect, store and use your personal data:

  • E-mail: dataprivacyuk@ucb.com; or
  • Regular mail:
    UCB Pharma Ltd
    To the attention of the data protection officer
    208 Bath Road, Slough, Berkshire, SL1 3WE (UK) .

2. THE REASON BEHIND THIS PRIVACY POLICY

The Policy governs the collection, use and retention by UCB of your personal data when you register to access the Website in order to receive product information about Evenity®
The EWPP consists of five main components and informs you about:

  1. Who we are and how you can contact us;
  2. The reason behind this Policy;
  3. The purposes for which we process your personal data, the related legal basis under the relevant data protection legislation and applicable retention periods;
  4. What your rights are in relation to the personal data we hold about you and how you can exercise them; and
  5. Further details on how we process (including transfer) your personal data.

This Policy may be updated periodically to reflect changes in our personal data processing activities. In that case, we will inform you of any significant changes via an appropriate channel, in the same manner as we have informed you before.

 

3. THE PURPOSES FOR WHICH WE PROCESS YOUR PERSONAL DATA AND APPLICABLE LEGAL BASIS

The table below indicates per purpose (i) the categories of personal data we collect and process concerning you, (ii) the source, (iii) how long we retain your personal data, (iv) who we share it with, and (v) the relevant legal basis.

 

1. In order to make the Website and its content available to you, UCB:

Collects the following personal data about you:
  1. *Electronic identification data: IP address
  2. *Information collected through cookies
Failure to provide the personal data with an (*) may result in (some features of) the Website not being accessible.

Obtains this personal data from:
  • You (through the device you use to access the Website)

Retains (**) your personal data for:
  • IP addresses are deleted after 6 hours
  • For cookies, see our Cookie Policy for more information
 

Shares your personal data with:
  • UCB affiliates and third party processors (as detailed in section 5.A)

Relies on the following GDPR legal basis:
  • Processing necessary for performance of a contract with you
  • For cookies, processing based on your consent except for functional cookies (see our Cookie Policy for more information)

2. In order to maintain Website security, we deploy cookies and log files to monitor access to and traffic on our Website in order to detect and prevent malicious activity or invalid traffic. In this context, UCB:

Collects the following personal data about you:
  1. *Electronic identification data: IP address
  2. *Information collected through cookies

Failure to provide the personal data with an (*) may result in (some features of) the Website not being accessible.

Obtains this personal data from:
  • You (through the device you use to access the Website)

Retains (**) your personal data for:
  • IP addresses are deleted after 6 hours
  • For cookies, see our Cookie Policy for more information

Shares your personal data with:
  • UCB affiliates and third party processors (as detailed in section 5.A)

Relies on the following GDPR legal basis:
  • Processing necessary for the purpose of the legitimate interests pursued by UCB to protect its IT infrastructure and the data it holds. To this end, UCB strives to maintain a fair balance between its need to process your personal data and the preservation of your rights and freedoms, including the protection of your privacy. For more information or if you have any questions regarding how we assess this balance, please contact us through any one of the channels set out under Section 1 above (“Who we are and how you can contact us”).
  • For cookies, processing based on your consent except for functional cookies (see our Cookie Policy for more information).

3. In order to improve our Website functionality, we use cookies to support and improve the Website and to better understand usage patterns relating to our Website, including by retaining and evaluating information on recent use you made of our Website and how you access different features of our Website for analytics purposes so that we can make our Website more intuitive. In that context, UCB:

Collects the following personal data about you:
  1. Electronic identification data: IP address
  2. Information collected through cookies

Obtains this personal data from:
  • You (through the device you use to access the Website)

Retains (**) your personal data for:
  • IP addresses are deleted after 6 hours
  • For cookies, see our Cookie Policy for more information

Shares your personal data with:
  • Google Analytics
  • UCB affiliates and third party processors (as detailed in section 5.A)

Relies on the following GDPR legal basis:
  • Processing necessary for the purpose of the legitimate interests pursued by UCB to conduct its business and to improve upon its services and products. To this end, UCB strives to maintain a fair balance between its need to process your personal data and the preservation of your rights and freedoms, including the protection of your privacy. For more information or if you have any questions regarding how we assess this balance, please contact us through any one of the channels set out under Section 1 above (“Who we are and how you can contact us”).
  • For cookies, processing based on your consent except for functional cookies (see our Cookie Policy for more information).

4. In order to enable you to create a log-in, to authenticate and manage your profile and consent to receiving emails containing product information, medical & scientific information or webinars via our website, UCB:

Collects the following personal data about you:
  • First and last names*
  • Work postcode*
  • Credentials for login* (email address and password)
  • Confirmation that you are an HCP*
  • Your opt-in to receive emails containing product information, medical & scientific information or webinars
Failure to provide the personal data with an (*) will prevent you from creating a personal account and therefore being able to access the dedicated parts of the Website. Failure to provide your opt-in to UCB email will prevent you from receiving such email. 

Obtains this personal data from:
  • You. Please note that you can access the full features by registering through the Website and that the provided data will be checked against our HCP database. Should you not yet be included in this HCP database, we ask you to contact UCBCares first to ensure we include you before you complete the registration process and access the full features.

Retains (**) your personal data for:
  • 12 months from the day of the last activity on your account/profile.
  • If you opt-out of receiving emails relating to UCB branded products, such opt-out will be immediately implemented.

Shares your personal data with:
  • UCB affiliates and third party processors (as detailed in section 5.A)

Relies on the following GDPR legal basis:
  • Processing necessary for performance of a contract with you regarding the creation and management of your profile
  • Processing based on consent regarding the receipt of emails relating to UCB branded products
 

5. In order to enable you to be informed about the progress of your patients in the “My Bones & Me Patient Support Programme” (including to send you (offline) a hard copy of the milestone report about your patient’s progress in such Programme), UCB:

Collects the following personal data about you:
  • Your identification details*: including your full name;
  • Your contact details*: postal address, phone number(s), e-mail address;
  • Your professional details*: including your job title, your area of expertise;
  • A unique identifier assigned to you by and in our databases.
Failure to provide the personal data with an (*) will prevent you from receiving the milestone report about your patient’s progress in the Programme.

Obtains this personal data from:
  • You directly
  • Your patient who has enrolled in the Programme (or the caregiver of this patient)
  • IQVIA (nursing and homecare provider)

Retains (**) your personal data for:
  • 4 years from the day your patient starts the My Bones & Me Patient Support Programme

Shares your personal data with:
  • IQVIA (nursing and homecare service provider)
  • UCB affiliates and third party processors (as detailed in section 5.A)

Relies on the following GDPR legal basis:
  • If the request comes directly from you: processing necessary for performance of a contract with you.
  • If the request to inform you comes in through the patient or their caregiver:  processing necessary for the purpose of the legitimate interests of the patient to ensure follow-up within the framework of the My Bones & Me Patient Support Programme and of UCB to conduct its business and to maintain a professional/business relationship with HCPs . To this end, UCB strives to maintain a fair balance between its need to process your personal data and the preservation of your rights and freedoms, including the protection of your privacy. For more information or if you have any questions regarding how we assess this balance, please contact us through any one of the channels set out under Section 1 above (“Who we are and how you can contact us”);
 

6.In order to enable the coordination of care with your patients to whom you prescribed our products as part of this Programme, UCB:

Collects the following personal data about you:
  • Your identification details: including your full name;
  • Your contact details: postal address, phone number(s), e-mail address;
  • Your professional details: including your job title, your area of expertise;
  • A unique identifier assigned to you by and in our databases.

Obtains this personal data from:
  • You directly
  • Your patient who has enrolled in the Programme (or the caregiver of this patient)
  • IQVIA (nursing and homecare provider)

Retains (**) your personal data for:
  • 4 years from the day your patient starts the My Bones & Me Patient Support Programme

Shares your personal data with:
  • IQVIA (nursing and homecare service provider)
  • UCB affiliates and third party processors (as detailed in section 5.A)

Relies on the following GDPR legal basis:
  • Processing necessary for the purpose of the legitimate interests pursued by UCB, which include to conduct its business and deliver patient value. To this end, UCB strives to maintain a fair balance between its need to process your personal data and the preservation of your rights and freedoms, including the protection of your privacy. For more information or if you have any questions regarding how we assess this balance, please contact us through any one of the channels set out under Section 1 above (“Who we are and how you can contact us”)
 

(**) We will retain your personal data in accordance with the retention periods set out in the table above. These retention periods, included in our data retention policy, are dictated by:

  • Applicable statutory/legal requirements;
  • Industry guidelines, and
  • For those data categories for which no express statutory or legal requirements apply, certain other determining factors such as the need to prove or enforce a transaction or contract, enforce our policies, etc.

We will delete your personal data once the above mentioned retention periods will have expired or if you object to or if you withdraw your consent to our processing of your personal data (to the extent such processing is based on your consent), except where we need to hold on to such data for the establishment, exercise or defense of legal claims, for the protection of the rights of another natural or legal person, for compliance with a legal obligation of the European Union, a European Union Member State or the United Kingdom which requires such further processing or where we need to prove or enforce a transaction or contract or enforce our policies.

4. YOUR RIGHTS AND HOW YOU CAN EXERCISE THEM

4.A Your rights

Right to access
You have the right to obtain confirmation from us as to whether or not we process personal data concerning you, and if so, the right (as far as this does not adversely affect the rights and freedoms of others) to obtain a copy of your personal data from us. For more information, please check Section 4.B “How to exercise your rights”.

Right to rectification
You have the right to ask us to rectify without undue delay any inaccurate personal data concerning you. You can also ask us to complete incomplete personal data regarding you by providing us with a supplementary statement containing such additional information. For more information, please check Section 4.B “How to exercise your rights”.

Right to erasure
You have the right to ask us to erase without undue delay personal data concerning you, where one of the following grounds applies:

  • Your personal data are no longer necessary in relation to the purposes for which they were processed;
  • You have withdrawn your consent - for those processing activities based on your consent – and we have no other legal ground for such processing;
  • You object to the processing of your personal data (for more information on the right to object, see further below) and there are no overriding legitimate grounds for such processing;
  • Your personal data have been unlawfully processed;
  • Your personal data must be erased for compliance with a legal obligation of the European Union, a European Union Member State or the United Kingdom to which UCB is subject.

Please note that your right to erasure will not apply to the extent that processing is necessary for:

  • exercising the right of freedom of expression and information;
  • compliance with a legal obligation of the European Union, a European Union Member State or the United Kingdom to with UCB is subject;
  • reasons of public interest in the area of public health in accordance with article 9(2)(h) and (i) GDPR as well as article 9(3) GDPR;
  • archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with the relevant provisions of the GDPR;
  • the establishment, exercise or defense of legal claims.

For more information, please check Section 4.B “How to exercise your rights”.

Right to restriction on processing
You have the right to obtain from UCB restriction of processing by UCB of your personal data where one of the following applies:

  • You contest - in good faith - the accuracy of personal data regarding you and held by us, in that case the restriction of processing will apply for a period enabling us to verify the accuracy of your personal data;
  • The processing is unlawful and you oppose the erasure of your personal data and request restriction of their use instead;
  • We no longer need your personal data, but you require them for the establishment, exercise or defence of legal claims;
  • You have objected to the processing of your personal data by UCB in accordance with the relevant GDPR provision, in that case the restriction of processing will apply for a period enabling us to verify if our legitimate grounds override yours.

Please note that notwithstanding the above, we are still allowed to continue storing your personal data (throughout the period of restriction) or to process your personal data for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person.
If you have requested restriction of processing, we will inform you before the restriction of processing is lifted. For more information, please check Section 4.B “How to exercise your rights”.

Right to data portability
You have the right (insofar this does not adversely affect the rights and freedoms of others) to receive the personal data concerning you, that you have provided to UCB, in a structured, commonly used and machine-readable format and to transmit those data to another controller, without hindrance from UCB, where the processing is:

  • based on your consent or on a contract; and
  • carried out by automated means.

For more information, please check Section 4.B “How to exercise your rights”.

Right to objection to processing
You have the right to object at any time, on grounds relating to your specific situation, to the processing of your personal data by UCB which is based on UCB’s pursuit of its legitimate interests as a controller. In that case UCB will no longer process your personal data, unless:

  • UCB demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms; or
  • For the establishment, exercise or defence of legal claims.

You have the right to object at any time to the processing of your personal data for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing. For more information, please check Section 4.B “How to exercise your rights”.

Right to withdraw consent
Where the processing is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

You can also directly withdraw your consent for receiving emails regarding UCB branded product information by using the Tab “My Profile” and unticking the specific box in this respect.

For more information, please check Section 4.B “How to exercise your rights”.

4.B How to exercise your rights

If you wish to exercise any of the rights mentioned above, you can always contact the local UCB Data Protection Officer by e-mail at dataprivacyuk@ucb.com or otherwise reach out to us by postal mail to the attention of the data protection officer, UCB Pharma Ltd, 208 Bath Road, Slough, Berkshire, SL1 3WE (United Kingdom). Please clearly identify the right(s) you wish to exercise and include your contact details (including a valid e-mail or postal address) so that we can respond to your request. Please note that you may be asked to provide proof of your identity. 

When you contact us to exercise any of the rights mentioned above, we will respond to your request within one month following receipt of the request. This period may be extended by two additional months where necessary, but in that case we will inform you of any such extension within one month of receipt of your initial request together with the reasons for the delay.

Right to lodge a complaint with supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the United Kingdom or the European Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that UCB’s processing of your personal data infringes the relevant data protection legislation. Please visit the website of the relevant national supervisory authority for more information on how to submit such a complaint.

5. MORE DETAILS ON HOW WE PROCESS YOUR PERSONAL DATA

5.A Who we share your personal data with.

Principle
We will disclose your personal data only as described in this Policy, as may be updated from time-to-time.

Affiliates and third party processors
UCB transfers or discloses your personal data to its personnel, affiliates, third party service providers processing personal data on UCB’s behalf for the purposes set out above and our partners (including e.g. other pharmaceutical companies) with whom we have a collaboration agreement and who have a need to know this information.

Third party service providers include IT services and website hosting companies, (internet) connectivity providers, providers of data analytics and reporting tools as well as nursing and homecare service provider. These service providers provide their services from locations both within the European Economic Area (“EEA”) and outside the EEA (including India and the USA). 

Other third parties include regulatory and government agencies (see further below in this Policy), our advisors and external legal counsel, our auditors, and potentially, third parties with whom UCB may merge or which may be acquired by UCB (see further below in this Policy). 

Compliance with laws and legal proceedings
UCB will disclose your personal data where:

  • UCB is required to do so by applicable law, by a governmental body or by a law enforcement agency;
  • To establish or exercise our legal rights or defend against legal claims;
  • To investigate, prevent or take actions against illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our policies or as otherwise required by law.

Other
If a third party acquires all (or substantially all) of our business and/or assets, we will disclose your personal data to that third party in connection with the acquisition. However, such disclosure will occur subject to and in accordance with applicable data protection laws.

5.B International transfers

UCB will transfer your personal data to its affiliates, including our affiliates outside of the EEA. In that case UCB relies on UCB’s Binding Corporate Rules, which can be accessed through the following link: https://www.ucb.com/UCB_BCRs.pdf .

As indicated above, your personal data may have to be transferred to certain third party service providers both within and outside the UK and/or the EEA, including for processing, storage, back-up, to guarantee a continued service in case of major IT issues and to allow for adverse event reporting. Such non-EU countries may not offer the same level of personal data protection as the UK and EEA countries. We will therefore put in place suitable safeguards to ensure such transfer is carried out in compliance with the applicable data protection rules.

You may request additional information in this respect and obtain a copy of the relevant safeguard by exercising your rights as set out above.

The transfer of your personal data to (other) third party service providers outside of the EU (as set out above under Section 5.B) occurs on the basis of Standard Contractual Clauses that have been executed between UCB and the relevant third party service provider. For more information on these Standard Contractual Clauses, please contact us as set out above under Section 4.B (“How to exercise your rights”).