In this Data Privacy Statement, “Grünenthal”, “we”, “us”’’ and ‘’our’’ refers to Grünenthal GmbH. As a science-based pharmaceutical company, we may process your personal data for the purposes and by the manners described in this Privacy Statement.
The collection and processing of personal data is carried out in accordance with the applicable law, namely the General Data Protection Regulation (GDPR).
The types of personal data and the purposes why we process your data differ depending on the specific data processing activities, and can be grouped according to the following categories:
Examples of professional data that we collect are:
In case you are a registered healthcare professional in your country we may also collect:
We gather professional data from public registers, from data brokers like, for instance, IQVIA Commercial GmbH & Co. KG (formerly IMS GmbH) and from our sales force and/or other Grünenthal employees that interact with you. Information deriving from activities in our websites, social media profiles, etc. is collected via so-called “cookies”. Cookies are small text files that are stored in the memory of your terminal via your browser and store certain information (for example your preferred language or site settings). Your browser may retransmit these to us when you revisit our website, depending on the lifespan of the cookie.
Professional data is stored and processed by us for different purposes:
The legal basis for the processing of these professional personal data may be: your consent for processing for specific purposes pursuant to Art. 6 (1) a) GDPR granted by you (e. g. for sending you our newsletter), our legitimate interest under Art. 6 (1) f) GDPR (e. g. for the planning of sales force visits or assessing the effectiveness of campaigns and impact of our marketing material) and / or in accordance with Art. 6 (1) (c) GDPR, fulfilment of a legal obligation to which the responsible is subject (e. g. for the information exchange relevant for drug safety and pharmacovigilance).
Interaction documentation includes the following data:
Interaction documentation is registered by our teams in our systems during and/or after each interaction, especially if you are a registered healthcare professional in your country.
Why do we process “interaction documentation” data?
We use the data collected during the interaction for the following purposes:
The legal basis for the collection and processing of this data may be: a consent granted by you for processing for specific purposes pursuant to Art. 6 (1) a) GDPR (e. g. for sending information materials to you), our legitimate interest under Art. 6 (1) f) GDPR (e. g. for the coordination of visits of our field staff or assessing the effectiveness of campaigns and impact of our marketing material) and the fulfilment of a legal obligation according to Art. 6 (1) c) GDPR (e. g. for the purpose of documenting giving away a sample.)
We process the following information about your medical information requests and other professional interests in our systems:
This information is usually collected by phone, email, fax or direct face to face interaction with our team members. Information deriving from activities in our websites, social media profiles, etc. is collected via so-called “cookies”. Cookies are small text files that are stored in the memory of your terminal via your browser and store certain information (for example your preferred language or site settings). Your browser may retransmit these to us when you revisit our website, depending on the lifespan of the cookie. We also collect information about your interests in our products, campaigns and other related content, when you have given us your explicit consent to receive this information through digital means from us. For example, when you receive an e-mail about a certain campaign from us, we are able to see whether you have accessed the content of this e-mail; this helps us assess the effectiveness of our different campaigns and improve the manner in which the information is presented.
Information about your medical information requests and other professional interests is used for the following purposes:
The basis for the collection / storage of data is a consent granted by you pursuant to Art. 6 (1) a GDPR (e.g. for sending newsletters) or our legitimate interest under Art. 6 (1) f) GDPR (e.g. for assessing the effectiveness of campaigns and impact of our marketing material).
We collect and process data to plan and fulfil our contractual relationships with you. These include:
The data is usually collected while setting up the contract, insofar as this is necessary for the execution, fulfilment and documentation of the collaboration.
The processing of this data serves the following purposes:
The legal basis for the collection and processing of this data may be a consent granted by you for processing for specific purposes pursuant to Art. 6 (1) a) GDPR (e.g. disclosing payment information in accordance with the Transparency Code), for fulfilling a contract or precontractual measures pursuant to Art. 6 (1) b) GDPR (e. g. for execution of the contract), for fulfilment of a legal obligation under Art. 6 (1) c) GDPR (e. g. for the purposes of meeting the requirements of compliance regulations) or a legitimate interest pursuant to Art. 6 (1) f) GDPR (e. g. for the avoidance of any compliance risks or assessing the effectiveness of campaigns and impact of our marketing material).
Grünenthal uses different IT systems and applications to store and process your data. You can be identifiable in these systems based on the use of direct identifiers, such as your name or e-mail address, or indirect identifiers, such as your registration ID or IP address.
Grünenthal uses a central Customer Relationship Management System (“CRM”) in which we combine, update and rectify your personal data which you have provided to us or which was collected by us as outlined above in a central customer profile. This is necessary to pursue our legitimate interests in managing your personal data in the most effective way (for example, centralising your personal data helps us to easily keep it up-to-date), efficiently managing our relationship with you and enhance your customer experience as well as to facilitate our direct marketing efforts in the most efficient manner. You have the right to object to this kind of processing at any time. In such case Grünenthal will carefully evaluate your request and only continue to process your personal data to the extent that it is legally required or in accordance with your explicit consent.
In addition, in order to keep you up to date and informed about our products, we are collecting and maintaining your contact data and information regarding your professional skills with the help of OneKey, a database containing the current contact data and latest information regarding professional skills of active health professionals. OneKey is operated by IQVIA™ Commercial GmbH & Co. OHG, Albert-Einstein-Allee 3, 64625 Bensheim. All data processing is carried out in compliance with the so called ‘balance-of-interests clause’ as specified in Art. 6 (1) f) GDPR. When your data is registered in the OneKey database, IQVIA™ will then contact you in order to verify your data or update it if necessary, and then it can be accessed by other pharmaceutical companies. You have the right to object to the inclusion of your data into OneKey at any time. If you wish to raise an objection, please contact IQVIA™ or the OneKey data protection officer. In this case, please reach out to DatenschutzOneKeyDE@iqvia.com via e-mail. You will also find further information about OneKey at https://www.iqvia.com/OneKeyGermanyDE.
We ensure that the personal data we process from you is adequately protected by taking state of art technical and organizational measures. Access to our systems is strictly personal and purpose based on a graduated authorization concept, that is, only those of our employees may access the data who require access for the particular processing purposes outlined above.
We will store and process your personal data as long as we can claim a legitimate interest, you have provided a valid consent or if there is a legal requirement for a specific time period which is determined by applicable laws and the company´s IT security and data privacy policies, as the case may be.
Your personal data may be transferred to other Grünenthal affiliates and may be stored by contracted third parties as software vendors and IT solution providers. We use Grünenthal proprietary and standard industry solutions to process your data in a safe environment.
We may also share categories of your personal data listed above with certain service providers or third parties such as: IT providers for the purposes of system development and technical support (for example, IQVIA, Salesforce, Veeva or DOMO); auditors and consultants to verify our compliance with external and internal requirements; statutory bodies, law enforcement agencies and litigants, as per a legal reporting requirement or claim.
Some of these parties are located outside the European Union (“EU”) or the European Economic Area (“EEA”), which means that your data will partly be processed in countries that may have a lower data protection level than European countries. In such cases, Grünenthal will ensure that a sufficient level of protection is provided for your data, e.g. by concluding specific agreements with these contractual partners.
Grünenthal does not sell personal data to third parties. We do permit third parties to collect information through our website but only for the purposes described herein and as described in our Cookie Notice.
The following rights are available to you based on applicable privacy laws:
If you want to exercise your rights, please address your request to firstname.lastname@example.org
In case of any questions regarding our data privacy you can get in touch with our company data protection team at the following address:
Grünenthal GmbH, Zieglerstr. 652078 Aachen
Or by e-mail:
You may also directly contact Grünenthal´s external Data Protection Officer by using the following email address: email@example.com