The EU Commission adopted on 17 December 2021 an adequacy decision addressing the transfers of personal data to the Republic of Korea under the General Data Protection Regulation (GDPR) and the Law Enforcement Directive.
Accordingly, personal data transferred offshore from the EU to Korea are processed in accordance with the Korean Personal Data Act
Hanmi Pharm.Co.,Ltd. (“we”, “our”, “us”, “the Company”) keeps and processes information about contact persons (each a “Business Partner Contact”, “you”) at our customers, suppliers, vendors and partners (each a “Business Partner”). This notice describes how we collect and use personal information about you during and after your business relationship with us, in accordance with the EU General Data Protection Regulation ((EU) 2016/679) (GDPR). It is important that you read this notice, together with any other notice we will provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information and what your rights are under the GDPR.
The Company is the data controller for the purposes of the GDPR and other applicable data protection laws. If you wish to contact the Company regarding your personal information or concerns you have about this Privacy Notice, please contact.
We will comply with data protection law. This says that the personal information we hold about you must be:
The GDPR defines “personal data”, or “personal information”, as any information about an individual from which that person can be identified. We collect, store, and use certain categories of personal information about you, such as:
We collect your information directly from you (e.g. signing a contract, filling in a form, presenting business card or making a call to us).
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following purposes:
If you refuse to provide personal information listed hereinabove, business relationship and communication with you could be deferred or limited. We will use your personal information in the following legal bases:
We can also use your personal information in the following legal bases, which are likely to be rare:
Please see the Appendix for more information on those legal bases.
We share your data with third parties, including affiliates and third-party service providers, in or outside the EU to comply with our legal or contractual requirements or to pursue our legitimate interests in connection with business relationship. If such a recipient is located outside of the European Union and the European Economic Area (“EEA”) in a country that is not recognised by the European Commission as ensuring an adequate level of data protection, we will implement appropriate measures to ensure that your personal information remains protected and secure when it is transferred outside of your home country, in accordance with applicable data protection and privacy laws. These measures include data transfer agreements implementing European Commission's Standard Contractual Clauses (a form of data transfer agreement pre-approved by the European Commission as providing adequate safeguards for personal information).
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, as more fully set out in our Data retention policy, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. Broadly, most of your information is kept for the duration of our working relationship with you. In certain circumstances we anonymise your personal information so that it can no longer be associated with you, in which case we will use such information without further notice to you.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Under certain circumstances, by law you have the right to:
We will need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it. In the event that you wish to make a complaint about how we process your personal information, please contact and we will endeavour to deal with your request as soon as possible. You have also the right to complain directly to the relevant data protection authority.
In the limited circumstances where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law
If you have any questions about this notice or how we handle your personal information, please contact.
We reserve the right to update this notice at any time without prior notice, and we will notify you when we make any material updates.
Purpose of Use | Legal Basis for Processing |
---|---|
Communicating with Business Partners about products and services | Contract, Legitimate interests |
Performing marketing campaigns or other promotional activities or events | Legitimate interests |
Planning, performing and managing the (contractual) relationship with Business Partners | Contract, Legitimate interests |
Ensuring compliance with legal obligations such as record keeping obligations | Legal obligation |
Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims | Contract, Legitimate interests |
Each of marketing authorization holders of Hanmi products is obliged to report pharmacovigilance related information to health authorities worldwide. Hanmi is performing such pharmacovigilance activities as a marketing authorization holder and/or on behalf of the marketing authorization holders pursuant to a specific delegation agreement. It requires us to process certain information, which allow to directly or indirectly identify a person, (hereinafter “personal data”) of a patient and/or the reporter of an adverse event that we receive in order to comply with strict obligations.
This Pharmacovigilance Privacy Statement provides important information to you about how we process Personal Data for PV purposes, in line with our obligations under applicable data privacy laws and in particular the EU General Data Protection Regulation ((EU) 2016/679) (“GDPR”).
We may need to obtain and process the following personal data for the purpose of pharmacovigilance:
Any personal data provided to us related to reporting adverse events or other activities related to pharmacovigilance will be used solely for the following purposes:
We will use and store your personal data in accordance with mandatory legal requirements governing storage and reporting of pharmacovigilance related information. Such mandatory requirements oblige us to archive PV information which may include personal data at least for the duration of the product life-cycle and for an additional ten years after the withdrawal of the product in the last country where it is marketed.
As part of meeting our pharmacovigilance obligations, we may share personal data with the following parties:
Please note that your personal data may be transferred to, and processed in, countries other than the country in which you are resident. Specifically, our affiliates, third party service providers and partners operate around the world. This means that when we collect your personal data we may process it in any of these countries. These countries may have data protection laws that are different to the laws of your country. However, we have taken appropriate safeguards to require that your personal data will remain protected in accordance with this Privacy Notice.