1.1 Introduction
Whereas
- IBSA Pharma Limited, the UK affiliate of IBSA Institut Biochimique SA, is in the process of establishing or already has a contractual relationship with its suppliers and consultants (hereinafter the “Supplier”) in accordance with the current legislation on personal data protection:
The Data Controller is the natural or legal person responsible for decisions regarding the purposes and methods of the processing of personal data and the instruments used, including those related to security. With regard to the personal data of the employees of the Supplier used by IBSA Pharma Limited in managing its business dealings with the Supplier, the Data Controller for that data is IBSA Pharma Limited.
The “data subject” refers to the natural person to whom the personal data belongs; it cannot be a legal person.
The Data Controller is required to inform the data subject and the person from whom the personal data are collected in advance about the processing of that data.
- In the case of relationships between legal persons, as is currently the case between IBSA Pharma Limited and the Supplier, the notice to any data subjects involved in the related processing – when they provide work or professional or consultancy services to the Supplier and whose data may be communicated, known and/or processed by the Data Controller in the execution and performance of the main relationship – is issued by the Controller through the Supplier.
- The Supplier undertakes to ensure that the data subject is fully aware of the essential elements of this notice.
- In consideration of the above, IBSA Pharma Limited, with registered office at Unit 4-6, Colonial Way, Watford, WD24 4PR, United Kingdom, as the Data Controller, hereby notifies the data subjects about the purposes and methods of processing of the personal data collected, their scope of communication and dissemination, as well as the nature of their provision.
1.2 Purpose of the Personal Data Processing
IBSA Pharma Limited, as the Data Controller (hereinafter the “Company” or the “Controller”), processes the personal data of the data subjects solely for the execution and management of the provision of services, including professional and qualified services, and for purposes strictly related to this.
1.3 Data Processed
The data processed are the identification and contact details of the Supplier’s personnel that the Company interacts with for the purpose of providing services. These are necessary for the execution and management of the contractual relationship between the Controller and the Supplier.
1.4 How the Data Are Processed
Personal data are processed using electronic means as well as non-automated instruments.
1.5 Scope of Circulation of the Data
The data may be used by personnel of the Company who have been assigned specific roles and provided with appropriate operating instructions. The data may also be used by third-party companies providing operational services on behalf of the Data Controller, acting as external data processors under the direction and supervision of the Controller.
The list of Data Processors is available upon request by contacting dataprivacy.uk@ibsagroup.com.
1.6 Communication of the Data
Data may be communicated to other companies within the IBSA Group under specific agreements for shared processing, administrative and accounting purposes, and for use in accordance with the same objectives. Data may also be shared with public bodies to fulfil legal obligations, and with third parties such as banks, credit institutions, legal and industry consultants, auditors, and companies providing credit recovery, administration, and contractual advice. These third parties will act as independent data controllers.
Further information on the names of individual companies in the group or categories of data recipients can be obtained by writing to dataprivacy.uk@ibsagroup.com.
1.7 Non-Dissemination of the Data
Personal data are not disclosed to unspecified recipients.
1.8 Transfer of the Data Abroad
Personal data may be transferred to foreign countries where IBSA Group branches are located. For transfers to third countries outside the UK and EU, including those that may not offer the same level of data protection, the Company ensures appropriate safeguards through the adoption of standard contractual clauses.
1.9 Data Retention Period
Data will be retained for the duration of the contractual relationship and, in any case, up to the statutory and legal time limits, in compliance with the rights and obligations arising therefrom.
1.10 Data Controller
The Data Controller is IBSA Pharma Limited, with registered office at Unit 4-6, Colonial Way, Watford, WD24 4PR, United Kingdom.
1.11 Data Protection Officer
The Company has appointed a Data Protection Officer (DPO).
The DPO can be contacted via: ellis.chung@ibsagroup.com
1.12 Rights of the Data Subject
Data subjects have the right to obtain confirmation of the existence of their data, be informed of its content and origin, verify its accuracy, and request its supplementation or correction. They may also request the erasure, anonymisation, or blocking of data processed unlawfully, and object to its processing on legitimate grounds.
Requests should be addressed to:
dataprivacy.uk@ibsagroup.com
Data subjects also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if they believe their rights have not been respected or they have not received a lawful response.