Privacy Notice (EU Business Partners)

Privacy Notice

Privacy Notice

PURPOSE OF THIS NOTICE

Hanmi Pharm.Co.,Ltd. (“we”, “our”, “us”, “the Company”) keeps and processes information about contact persons (each a “Business Partner Contact”, “you”) at our customers, suppliers, vendors and partners (each a “Business Partner”). This notice describes how we collect and use personal information about you during and after your business relationship with us, in accordance with the EU General Data Protection Regulation ((EU) 2016/679) (GDPR).

It is important that you read this notice, together with any other notice we will provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information and what your rights are under the GDPR.

DATA CONTROLLER AND CONTACT DETAILS

The Company is the data controller for the purposes of the GDPR and other applicable data protection laws. If you wish to contact the Company regarding your personal information or concerns you have about this Privacy Notice, please contact


[Contact Information]

Hanmi Pharm. Co., Ltd., 14,
Wiryeseong-daero, Songpa-gu, Seoul,
Republic of Korea, 05545,
security@hanmi.co.kr


[DPO contact information in case appointed]

Hong Sung-Hwan, security@hanmi.co.kr

DATA PROTECTION PRINCIPLES

We will comply with data protection law. This says that the personal information we hold about you must be:

  • 1. Used lawfully, fairly and in a transparent way.
  • 2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • 3. Relevant to the purposes we have told you about and limited only to those purposes.
  • 4. Accurate and kept up to date.
  • 5. Kept only as long as necessary for the purposes we have told you about.
  • 6. Kept securely.
THE KIND OF INFORMATION WE HOLD ABOUT YOU

The GDPR defines “personal data”, or “personal information”, as any information about an individual from which that person can be identified. We collect, store, and use certain categories of personal information about you, such as:

  • · Personal contact details such as name, title, work addresses, work telephone numbers, work fax numbers and work email addresses
  • · Information necessary to manage and administer our relationship with you and Business Partner such as work history, educational background, performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services
HOW YOUR PERSONAL INFORMATION IS COLLECTED

We collect your information directly from you (e.g. signing a contract, filling in a form, presenting business card or making a call to us).

HOW WE WILL USE INFORMATION ABOUT YOU

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following purposes:

  • · Communicating with Business Partners about products and services
  • · Performing marketing campaigns or other promotional activities or events
  • · Planning, performing and managing the (contractual) relationship with Business Partners
  • · Ensuring compliance with legal obligations such as record keeping obligations
  • · Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims

If you refuse to provide personal information listed hereinabove, business relationship and communication with you could be deferred or limited.

We will use your personal information in the following legal bases:

  • 1. Where we need to perform the contract we have entered into with Business Partners.
  • 2. Where we need to comply with a legal obligation.
  • 3. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

We can also use your personal information in the following legal bases, which are likely to be rare:

  • 1. Where we need to protect your interests (or someone else’s interests).
  • 2. Where it is required to defend or pursue legal claims.
  • 3. Where your consent is given
  • Please see the Appendix for more information on those legal bases.
DATA SHARING

We share your data with third parties, including affiliates and third-party service providers, in or outside the EU to comply with our legal or contractual requirements or to pursue our legitimate interests in connection with business relationship.

If such a recipient is located outside of the European Union and the European Economic Area (“EEA”) in a country that is not recognised by the European Commission as ensuring an adequate level of data protection, we will implement appropriate measures to ensure that your personal information remains protected and secure when it is transferred outside of your home country, in accordance with applicable data protection and privacy laws. These measures include data transfer agreements implementing European Commission's Standard Contractual Clauses (a form of data transfer agreement pre-approved by the European Commission as providing adequate safeguards for personal information).

DATA SECURITY

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

DATA RETENTION

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, as more fully set out in our Data retention policy, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. Broadly, most of your information is kept for the duration of our working relationship with you.

In certain circumstances we anonymise your personal information so that it can no longer be associated with you, in which case we will use such information without further notice to you.

RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION
Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Your rights in connection with personal information

Under certain circumstances, by law you have the right to:

  • · Request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • · Request correction and/or deletion of the personal information.
  • · Request the restriction of the processing of your personal information.
  • · Request the object to that processing (especially if we use your information for direct marketing, you can “opt out” at any time)
  • · Request receipt or transmission to another organisation, in a machine-readable form, of the personal information that you have provided to us

We will need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

In the event that you wish to make a complaint about how we process your personal information, please contact and we will endeavour to deal with your request as soon as possible. You have also the right to complain directly to the relevant data protection authority.

RIGHT TO WITHDRAW CONSENT

In the limited circumstances where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law

ENQURIES ABOUT THIS NOTICE

If you have any questions about this notice or how we handle your personal information, please contact.

CHANGES TO THIS NOTICE

We reserve the right to update this notice at any time without prior notice, and we will notify you when we make any material updates.

APPENDIX PURPOSES FOR PROCESSING BUSINESS PARTNER DATA
Purpose of Use Legal Basis for Processing
Communicating with Business Partners about products and services Contract
Legitimate interests
Performing marketing campaigns or other promotional activities or events Legitimate interests
Planning, performing and managing the (contractual) relationship with Business Partners Contract
Legitimate interests
Ensuring compliance with legal obligations such as record keeping obligations Legal obligation
Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims Contract
Legitimate interests