This Privacy Notice (“this Notice”) sets out how Samsung Bioepis Co., Ltd. ("Samsung Bioepis") collects, uses, transfers, processes, and discloses your data and sets out our security practices. We respect your privacy and are committed to protecting your personal information. When we say “Samsung Bioepis”, “we”, “us” or “our”, this is who we are referring to. Please note, our privacy practices are subject to the applicable laws of the places in which we operate, including the General Data Protection Regulation as of May 25, 2018 ("GDPR"). We may change this Privacy Notice from time to time, and we recommend you to review this Notice periodically.
2.1 The Data Protection Officer is responsible for ensuring that this Notice is made available to data subjects prior to the collection and/or processing of such data subject’s personal data by Samsung Bioepis.
2.2 All Employees/Staff of Samsung Bioepis who interact with data subjects are responsible for ensuring that this Notice is drawn to the data subject’s attention and their consent to the processing of their data is secured.
3.1 The name and the contact details of the Controller/Data Protection Officer
Samsung Bioepis is the Data Controller and a biopharmaceutical company focused on increasing patient access to high-quality medicines through the development of biosimilars.
The contact details of our Data Protection Officer/Data Protection Representative have been changed as follows:
Samsung Bioepis’ Data Protection Officer:
Data Protection Representative:
Samsung Bioepis may collect your personal data. The applicable categories of personal data and data subject are as follows:
Applicable Categories of Personal Data Collected | Applicable Categories of Data Subjects |
---|---|
Name, Contact information and Unique Identifiers: Identifiers, such as a real name, alias, postal address, telephone number, unique personal identifier, online identifier, device ID, internet protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers as well as demographic information such as date of birth, place of birth, country of residence, income, family size, marital status, etc. An individual’s written or digital signature. |
|
Financial Information: Bank account number, credit or debit card number, credit reports, background checks or other financial information. |
|
Medical Information: Any information in possession of or derived from yourself, a healthcare provider, healthcare insurer, healthcare service plan, pharmaceutical company, or contractor regarding an individual’s medical history, mental or physical condition, or treatment. This includes an individual’s insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in the individual’s application and claims history (including prescription information). |
|
Biometric Information: Physiological, biological, or behavioral characteristics that can establish an individual’s identity, including DNA, face, iris or retina imagery, fingerprint, voice recordings and sleep, health, or exercise data that contain identifying information. |
|
Special Categories of Personal Data Other than Medical Information and Biometric Information: Race, age, nationality, physical or mental disability, and religion. |
|
Purchase History and Tendencies: Information regarding products or services purchased, obtained, or considered. |
|
Network Activity: Internet or other electronic network activity information, such as browsing history, search history, and information regarding an individual’s interaction with an internet website, application, or advertisement. Includes analytics evaluation and cookies. |
|
Geolocation Data: Precise geographic location information about a particular individual or device, including geolocation information derived from your GPS, WiFi and Bluetooth signals, IP address, and other device information. |
|
Electronic and Sensory Data: Audio, electronic, visual, or similar information (e.g., a recording of a customer service call, answers to a quiz/questionnaire or profile photograph). |
|
Education and Professional Information: An individual’s academic information and records, resume, professional credentials (such as field of expertise and specialization, institutional affiliations, and scientific activities, such as previous clinical trial experience, activity on social media platforms, and participation in past or current research studies with us or other companies), information related to your practice (such as license information and disciplinary history), publication of academic or scientific research and articles, membership in association and boards, information provided to participate in our sponsored initiatives (such as clinical research and development activities or promotional activities), and information about your professional experience and interactions with GSK, such as the kinds of meetings we have held and the topics covered. |
|
Inferences: Inferences drawn from any of the information listed above to create a profile about an individual reflecting the individual’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. We may combine the information we collect about you from different sources, including to draw these inferences. |
|
Correspondence or communications you send to us. |
|
Samsung Bioepis may pass on your personal data to third parties. The third parties are as follows:
From time to time, Samsung Bioepis may process your personal data obtained from other sources, such as public databases, social media platforms and other third parties. For example, we may use such third-party data to confirm contact or financial information, to verify licensure of healthcare professionals or to better understand your interests by associating demographic information with the data you have provided.
The personal data we collect will be used for following purposes:
The legal basis for the processing of the personal data shall be where:
The personal data you provide to Samsung Bioepis may be transferred outside the country in which your personal data has been collected. Where the cross-border transfer is necessary, Samsung Bioepis will transfer your personal data with your explicit consent or other legal basis under applicable laws.1 When obtaining your consent for the cross-border transfer, Samsung Bioepis will notify you in advance of the following matters:
The country to which your personal data will be transferred may not guarantee the same level of protection of personal data as that of the country in which your personal data has been collected. In such case, Samsung Bioepis will take appropriate measures (e.g., Standard Contractual Clauses to safeguard the transfer of data outside of the EEA), in compliance with applicable law, to ensure that your personal data remains protected.
1 For your reference, Adequacy Decision to Republic of Korea has been adopted by EU Commission (https://commission.europa.eu/document/e9453177-f192-4416-a147-3c57adc468c4_en) and Information Commissioner’s Office of UK (https://www.gov.uk/government/publications/uk-data-adequacy-for-the-republic-of-korea-supporting-documents#full-publication-update-history). This term applies to cases other than cross-border transfers from UK or EEA (EU Member States, Iceland, Norway and Liechtenstein) to Republic of Korea.
Samsung Bioepis will process and store the personal data for as long as required under the applicable laws or the duration written on the informed consent form when collecting your consent.
Samsung Bioepis will destroy your personal data without delay when the retention period of your personal data ends or when the retention becomes unnecessary due the fulfillment of the purposes stated in Section 3.2. Nevertheless, if it is necessary to continue to process your personal data under relevant laws and regulations, Samsung Bioepis will transfer such data to a separate database (DB) or location.
The process and method of destruction are as below:
When entrusting the processing of your personal data, Samsung Bioepis will enter into a data processing agreement with the entrustee (“data processor” or “processor”) and inform you of the data processor(s) and the entrusted task. Under the applicable laws, the data processing agreement will include the purpose of entrustment, technical and administrative safeguards for protecting your personal data, conditions for re-entrustment, supervision of data processors, liabilities for the breach, and Samsung Bioepis will monitor whether the processor is processing your personal data compliant with the terms of the data processing agreement.
We may aggregate and/or pseudonymize and use it for scientific research or statistical purposes. To the extent we pseudonymize any data originally based on your personal data, we will maintain and use such data only in pseudonymized form and will not attempt to reidentify the data.
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
Samsung Bioepis is taking the following technical, administrative, and physical measures to ensure safety of your personal data:
In the event that you wish to make a complaint about how your personal data is being processed by Samsung Bioepis (or third parties as described in 3.4 above), or how your complaint has been handled, you have the right to lodge a complaint directly with the lead supervisory authority and the Data Protection Officer described in Section 3.1. The lead supervisory authority is CNIL (Commission Nationale de l'Informatique et des Libertés), full contact details for which can be found at https://www.cnil.fr/en/contact-cnil. You may also complain to local supervisory authorities, contact details for which can be found at https://edpb.europa.eu/about-edpb/board/members_en.
For clarity, the provision of personal data is partly required by law (e.g. clinical trials regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded.
We use cookies to analyze traffic of our website. Please refer to our Cookie Policy.
This Notice is subject to change from time to time. Any changes will be effective immediately upon the posting of the revised Privacy Notice.
Notice date : July 31, 2024
Effective date : July 31, 2024
This site uses cookies to analyze traffic as described in our Cookie Policy.
Please click the “ACCEPT” button or continue to use our site if you agree to our use of cookies.