WEBSITE PRIVACY NOTICE
This website is operated by Taiho Oncology Europe GmbH (“Taiho”). For the purposes of this Privacy Policy, Taiho is the controller, meaning Taiho determines how and to what extent your personal data will be processed (the controller is also referred to in this Policy as “Taiho”, “we”, “our” and “us”). This Policy explains how and why we use your personal data, e.g. when we provide you with information you have requested from us, within the framework of any agreement pursuant to which you provide services to Taiho, or when you simply use our websites and other digital platforms or in the course of clinical studies or clinical trials. In all cases, Taiho understands and respects your privacy and acknowledges that in particular the information about an individual’s health and healthcare is confidential and sensitive. In this Policy, when we talk about personal data we mean any information that relates to an identifiable natural person – in this case, you. You should read this Policy, so you know what personal data we collect about you, what we do with it and how you can exercise your rights in connection with it. You should also read any other privacy notices that we give you, that might apply to our use of your personal data in specific circumstances from time to time.
If you have any questions about this Policy, you can contact Taiho’s Data Protection Officer at Alliance Data Privacy Solutions:
- Telephone numbers:
- France: + 33 488 715 203
- UK: + 44 0174 890 5003
- Email: dpo@alliancedataprivacy.com
In summary:
- We use your personal data within the framework of any agreement pursuant to which you provide services to Taiho, when you use our websites and other digital platforms, to provide you with information, where you have requested them, manage our business, recruit new staff, comply with our legal obligations, and improve and monitor the performance of our digital platforms;
- We have measures in place to safeguard your personal data when we transfer it outside the European Union or the UK (as applicable);
- We take steps to minimise the amount of personal data we hold about you and to keep it secure;
- We delete your personal data when we no longer need it, and we have policies in place to govern retention requirements;
- You have a number of rights in relation to your personal data, all of which are subject to applicable exemptions and restrictions under applicable European privacy laws and you can exercise them by completing the form linked in this Policy below;
- We are happy to answer your questions about any of the above – please submit them to us at: dpo@alliancedataprivacy.com.
In more detail;
1. Our data protection responsibilities
Taiho is a "controller" in relation to its use of your personal data. This is a legal term - it means that we make decisions about how and why we use your personal data and, because of this, we are responsible for making sure it is used in accordance with applicable data protection laws. We are required by law to give you the information in this Policy.
2. What types of personal data do we collect and where do we get it from?
2.1. The personal data we process about you broadly falls into four main categories: (i) Contact Information; (ii) Agreement Information; (iii) Candidate Information; (iv) Browsing Information and (v) Medical/health Information.
2.2. We collect your personal information from limited sources. The table below sets out the different types of personal information that we collect and the sources we collect it from:
| Category | Type of personal data | Sources | Lawful processing grounds |
|---|---|---|---|
| Contact Information |
• Name • Address • Telephone number • Organisation details (e.g., your place of work, practice, professional area, job title and organisation contact information) |
• You • Third Parties such as persons employed at your organisation or a third party organisation |
• Legitimate interests • Contract |
| Agreement Information |
• Contact Information (see above) • Details relating to the services you provide to us, including service related communications with you • Information about other people (e.g., your customers and/or staff) that you share with us in connection with your services or when ordering products from us • Information you provide us when you interact with Taiho (e.g., for a product order, conference, patient cohort) • Billing and payment information • You/your organisation’s banking details • To be able to keep accurate records of Taiho’s communications with you. In addition, we may need the information you provide to comply with our regulatory monitoring and reporting obligations. • Disclosure of payments according to regulatory requirements • To understand how our products impact your patients, to track and respond to safety concerns and to further develop and improve our products and services. For example, we may create a record about you to decide whether to invite you to participate in various programs, panels of experts or surveys about our products or services. • Compliance with our legal obligations where data related to safety or pharmacovigilance is concerned, including those related to adverse events, product complaints and patient safety. |
• You or your staff |
• Legitimate interests • Contract • Legal obligations (including tax and banking obligations) |
| Candidate Information |
• Contact Information (see above) • Details you include in your application, e.g., CV, references, certificates |
• You • Third Parties as previous employers, agencies or background screening providers |
• Legitimate interests • Contract • Consent • Legal obligations |
| Browsing Information |
• Responding to your enquiries • Monitoring and producing statistical information regarding the use of our platforms, and analysing and improving their functionality |
• You/your activities online |
• Contract • Legitimate interests• Consent (for tracking data) |
| Medical/health Information | •Key-coded data relating to your health, medical condition, response to a clinical trial or clinical study |
• You • Your physician • Other organisations involved in the clinical study or clinical trial |
• Consent • Medical research |
2.3. Please note that if you do not provide us with your Contact Information we will not be able to provide you with any information you request, and if you do not provide us with your Contact Information, Agreement Information or Candidate Information, we will not be able to interact or contract with you.
2.4. Cookies and similar technologies
For more information regarding how we use cookies and similar technologies in connection with your use of our website, please read our Cookies Policy (taihooncology.eu). We request consent to the use of non-essential cookies such as statistical and analytical cookies. You can refuse consent or withdraw consent or adjust your browser setting after providing consent.
3. Who do we share your personal data with and why?
3.1. Sometimes we share your personal data with third parties, including the following:
3.1.1. other Taiho companies where necessary for the purposes described above;
3.1.2. alliance partners who co-commercialise our products in certain territories for the purposes described above;
3.1.3. courts, where we are asked to respond to a court order or other binding requests;
3.1.4. regulatory authorities and law enforcement agencies, where necessary for any investigations or to respond to enquiries in relation to our compliance with applicable law or regulations; and
3.1.5. professional advisors (such as lawyers and accountants). These organisations will also use your personal data as a “controller” – they will have their own privacy notices which you should read, and they have their own responsibilities to comply with applicable data protection laws.
3.2. We also ask third party service providers to carry out certain business functions for us. These include:
3.2.1. IT support, cloud platform and data hosting providers who help us with the operation of our websites, mobile applications, document and workflow management systems and other systems and applications;
3.2.2. Service providers assisting us in the organisation of events, arranging travel logistics and bookings;
3.2.3. Service providers who assist with supply chain logistics, delivery of and payment for products and related queries or complaints;
3.2.4. Third parties assisting on the collection and disclosure of transfer of value information to the public;
3.2.5. Communication service providers, including companies who send out surveys and communications on our behalf; and
3.2.6. Survey providers who help collate feedback for us. We will have in place an agreement with our service providers which will restrict how they are able to process your personal data and impose appropriate security standards on them.
4. Where is your personal data transferred to?
4.1 Since Taiho is part of a global company, we will sometimes need to transfer your personal data outside the European Union, in particular to the US and our headquarters in Japan. We will only make that transfer if:
4.1.1. that country ensures an adequate level of protection for your personal data;
4.1.2. the recipient or recipient country is subject to an approved certification mechanism or code of conduct with binding and enforceable commitments which amount to appropriate safeguards for your personal data;
4.1.3. we have put in place appropriate safeguards to protect your personal data, such as a contract with the person or entity receiving your personal data which incorporates specific provisions as directed by the European Commission or other applicable supervisory authority or government;
4.1.4. the transfer is permitted by applicable laws; or
4.1.5. you explicitly consent to the transfer.
4.2. If you would like to see a copy of any relevant provisions, please contact us at the address above.
5. How do we keep your personal data secure?
5.1. We will put in place appropriate security measures to protect your personal data from unlawful or unauthorised processing and accidental loss, destruction or damage.
5.2. However please note that, in relation to any personal data you submit to us online, we cannot guarantee the security of data sent to us in this way. Transmission of data over the internet is at your own risk.
6. How long do we keep your personal data for?
6.1 We will only retain your personal data for a limited period of time, and for no longer than is necessary for the purposes for which we are processing it for. This will depend on a number of factors, including:
6.1.1. any laws or regulations that we are required to follow;
6.1.2. whether we are in a legal or other type of dispute with each other or any third party;
6.1.3. the type of information that we hold about you; and
6.1.4. whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.
By way of a summary of our key retention periods:
The table below provides details about how long we will process your data.
| Category of data | Retention Period |
|---|---|
| Cookies / Analytics data | For a period of not longer than 26 months from collection. |
| Information from enquiry forms | Until the enquiry has been completed and no further responses are received for a reasonable period. If you are an existing customer, the enquiry may be added to other information that we hold about you as a customer. |
| Complaints data | For a period of up to 6 years after resolution of the complaint. If you are an existing customer, the complaint and its resolution may be added to other information that we hold about you as a customer. |
| Subscription / marketing requests | Until you tell us that you no longer wish to receive the subscription or marketing material. |
7. What are your privacy rights and how can you exercise them?
7.1. Where our processing of your personal data is based on your consent (see table at paragraph 2 above), you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we can rely on – in which case, we will advise you and indicate what other lawful basis we may continue to process your personal data.
7.2. Where our processing of your personal data is based on legitimate interests (see table at paragraph 2 above), you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.
7.3. You have the right to (subject to certain limitations and exemptions under applicable privacy laws):
7.3.1. access your personal data and to be provided with certain information in relation to it, such as the purpose for which it is processed, the persons to whom it is disclosed and the period for which it will be stored;
7.3.2. require us to correct any inaccuracies in your personal data without undue delay;
7.3.3. require us to erase your personal data;
7.3.4. require us to restrict processing of your personal data; and
7.3.5. receive the personal data which you have provided to us, in a machine readable format, where we are processing it on the basis of your consent or because it is necessary for your contract with us (see table at paragraph 2 above).
7.4. Please complete this data subject form here if you would like to exercise any of your privacy rights. We will endeavour to respond within a month but we may determine it will take up to three months, depending on the nature of your request, in which case we will notify you within the first month of the extended timeline to respond to you.
7.5. We also encourage you to let us know if you have any concern about how we are processing your personal data so we can try to resolve your concerns. However, if you consider that we are in breach of our obligations under data protection laws, you are always entitled to submit your concerns to a competent supervisory authority.
7.6. We may decide to update or replace this Policy from time to time. If the change is fundamental or may significantly affect you, we will provide you with the updated notice in advance of the change actually taking effect. We encourage you to review the content of this Policy regularly.