Introduction
At CSL (“we”, “us”, “CSL”) we are committed to protecting your privacy. When you use our websites, we will collect certain personal information that may be used to identify you, sometimes referred to as ‘personal data’, ‘personal information’ or ‘personally identifiable information’ (collectively “Personal Data”). For a complete list of CSL entities, please click here.
CSL is the “Data Controller” of the Personal Data we collect. This means that we are responsible for decisions about the collection and use of Personal Data. It also means we are responsible for responding to your questions and requests in relation to the Personal Data we hold about you. This privacy notice explains how we use the Personal Data we collect when you use our website. It also explains the rights you have in relation to your Personal Data. On this page you will find the website privacy notice that applies to CSL’s operations globally, including additional information for website visitors from the jurisdictions listed below.
What Personal Data Does CSL Collect and How Will We Use It?
We may collect and process the following types of Personal Data from you when you use our website:
- Contact details: this is information that allows us to contact you, such as your name, address, telephone numbers, email addresses and social media handles/usernames.
- Demographic information: this is information about your background, which can help us identify you more precisely such as gender, citizenship, date of birth.
- Payment information, purchase, and account history: if you are a healthcare professional/ provider (“HCP“) or a distributor of products we may collect and process information about your account and business with us. This may include information such as credit/debit card details, bank account details, billing addresses and customer numbers, as well as records relating to the products and services which you have purchased from us.
- Information about your professional activities: this is information on your professional registration number, the dates and types of our interactions with you and the results of those interactions, your approach to our products and to treatments more generally, responses to surveys in which you agreed to participate, information you requested of us and any samples or information we provided, the services you provided to us, and the compensation or financial support for research and education we may have provided. We also collect information about your medical practice and your areas of professional interest. This includes, for example: information concerning seminars, meetings and events which you attend, your professional activities, expertise and interests, and your concerns about the use of medicinal products, therapeutic affinity, product awareness and preferences.
- Personal Data in reports and notifications you submit to us: if you submit information to us about our products and services through our website, for example, through a suspected adverse event reporting form, we will collect and process any Personal Data you include within your report.
- Health data: if you submit health data to us in relation to our products or services, we will collect and process any Personal Data and Sensitive Personal Data you include.
- Employment information: if you apply for a job vacancy with us, we will collect and process information such as your employment history, references and anything else you may include in the job application form or in any attachments such as CVs.
- Records of your discussions with us: when you contact us using the contact options on the website (whether by email, phone, an online form or through social media (such as through Twitter or on Facebook), we may keep a record of the information you provide when doing this.
- How you use our website: we collect and process information about the pages you look at and how you use them.
- Location information: We collect and store access data that is automatically transmitted to us by your browser when you visit our website. Data recorded for communication between your browser and our web server during a connection may include information concerning your IP address, geographic location, browser used, language and version of the browser software, resources you have accessed and similar information. We use this data to run, maintain and secure our websites and network systems.
We may collect and process your Personal Data for the purposes described below:
| Contact and communicate with you in relation to our business, products and services | |
| All the categories of Personal Data listed above | Legal Basis: Performance of contract |
| If you are an HCP or distributor of our products, we will use your Personal Data to manage your account with us, perform credit checks where this is necessary, take payment for our products and services and arrange delivery | |
| Contact details, Payment information, purchase and account history, Records of your discussions with us | Legal Basis: Legitimate interest, Reasonably handling personal information already disclosed by you |
| If you contact us with any queries or complaints, we will use your Personal Data to help us respond to you | |
| All the categories of Personal Data listed above | Legal Basis: Legitimate interest, Compliance with a legal obligation |
| In the course of investigating misuse of your account, fraud and debt collection | |
| All the categories of Personal Data listed above | Legal Basis: Legitimate interest, Compliance with a legal obligation |
| To review our products and services, assess their safety and performance and to develop new products and services | |
| All the categories of Personal Data listed above | Legal Basis: Consent or as otherwise specified in the Informed Consent Form |
| For enrolment and participation in clinical trials | |
| Contact details, Demographic information, Personal Data in reports and notifications you submit to us, Health data, Records of your discussions with us | Legal Basis: Legitimate interest, except where consent is required – including for electronic direct marketing |
| To perform direct marketing (where local law permits) | |
| Contact details and communication preferences, Demographic information, Information about your professional activities, Purchase and account history, How you use our website, Any Personal Data you submit to us about products or services you are interested in | Legal Basis: Consent |
| To conduct market research | |
| Contact details, Demographic information, Other Personal Data relevant to the market research being conducted | Legal Basis: Consent, Legal obligation, Public interest |
| If you take part in blood plasma donations and provide information to us in relation to the donation through our website, we will use your Personal Data to facilitate your donation | |
| Contact details, Health data, Further information about our collection and use of Personal Data for this purpose will be provided by us in a specific Plasma Donation Privacy Notice where required by law | Legal Basis: Legal obligation, Public interest |
| For individuals to report Suspected Adverse events | |
| Contact details, Health data, Further information about our collection and use of Personal Data for this purpose will be provided by us in a specific Suspected Adverse Event Privacy Notice where required by law | Legal Basis: Contractual obligation, Legal obligation, Legitimate interest, Human resources management, Consent where required |
| For recruitment and employment | |
| Contact details, Demographic information, Employment information | Legal Basis: Performance of contract |
Where the legal basis for using your Personal Data is that you have provided your consent, you may withdraw your consent at any time. You can withdraw your consent by contacting us using the contact details listed below.
We will collect Personal Data from a number of sources, these include:
- Directly from you: for example, we will collect Personal Data directly from you when you set up an account with us, purchase products or services from us, complete forms we provide to you, make a report or notification about our products or services or contact us by phone, email, or communicate with us directly in some other way (such as through social media).
- Our website: we will collect information we observe about the way you use our website.
- Third parties: we may collect Personal Data about you from third parties. This typically includes: credit reference agencies (if we believe this is necessary to facilitate your purchase of products or services from us) or referees references (if you are applying for a job vacancy with us) or healthcare professional/providers (in relation to your use of our products).
Who Has Access To Your Personal Data?
We may share your Personal Data with the following:
- Our staff: your Personal Data will be accessed by our staff but only where this is needed for their job role.
- Companies in the same group of companies as us: for any of the purposes specified above.
- Delivery companies: to deliver products that you have ordered from us.
- Credit reference agencies: so that we can verify your identity, and to provide information on missed or late payments or other activity which may affect your credit score.
- Other service providers and advisors: such as companies that support our IT, help us analyze the data we hold, process payments, send communications to our customers, provide us with legal or financial advice and help us deliver our services to you.
- The government or regulatory agencies: where we are required to do so by law or to assist with their investigations or initiatives, including relevant data protection and healthcare regulators. Such parties use the Personal Data for their own purpose and their own privacy notice will apply to the use of the Personal Data they hold.
- Distributors, license partners, or other companies with which we collaborate: for the purposes specified above.
We could disclose your Personal Data to third parties in connection with the sale or transfer of all or part of our business, in which case we would require the third parties to treat those data in accordance with this privacy notice.
We do not disclose Personal Data except as set out above or where we have a legal obligation to do so, or we need to share information to assist with the investigation and prevention of crime. We may provide other third parties with statistical information and analytics but we will take steps to aggregated and anonymize this information before we disclose it.
How We Will Keep Your Data Secure?
We have put in place security measures to protect your Personal Data from being accidentally lost or used, accessed, altered or disclosed in an unauthorized way. In addition, we limit access to your Personal Data by our employees and service providers, to individuals who need access to perform their job or provide a service to us. They will only use your Personal Data on our instructions and are required to keep your Personal Data confidential. We have put in place procedures to deal with suspected data security breaches and will notify you and any applicable regulators of breaches in accordance with relevant legal requirements.
How Long Does CSL Retain My Personal Data?
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or reporting requirements. In some circumstances we may anonymize your Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
What Rights Do You Have?
You may have the right to:
- Request access to your Personal Data (commonly known as a ‘data subject access request’). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
- Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate Personal Data we hold about you corrected.
- Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
- Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You can also object to receiving direct marketing.
- Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you under certain circumstances, for example if you want us to restrict processing while the accuracy of the Personal Data is being established.
- Request that we transfer Personal Data that you have provided to us to you or another party.
- Request not to be subjected to automated decision-making. We will only use automated decision making and profiling for our online operations in limited circumstances.
You can exercise your rights by using the CSL Data Subject Request portal by following this link Data Privacy Request.
Alternatively, you can contact us using the contact details at the end of this notice. We will always aim to help you when you wish to exercise your rights but, in some instances, we may have lawful grounds to reject your request, in which case we will let you know the reasons for the rejection.
We will investigate any request you make immediately and will respond to you within the required local legal timeframe. That period may be extended by us for an amount of time permitted under local law where this is needed to help us respond properly (for example, if the request is complicated for us to deal with and we need more time) but we will let you know the reasons for the delay. Please note that we may require you to provide us with additional information and details for us to verify identify and/or assist you in your requests.
If you do not agree with a decision we make in relation to a rights request or believe that we are in breach of data protection laws in your jurisdiction, then you can lodge a complaint with the data protection regulator in your jurisdiction.
Do We Transfer Your Personal Data Cross Border?
In order to process your Personal Data for the purposes set out in this notice, CSL may be required to transfer your Personal Data to other companies in the same group of companies as us or third parties, as mentioned above, which may be located in jurisdictions that do not offer equivalent levels of data protection. In such cases, your Personal Data will always be processed on behalf of CSL, in accordance with this privacy notice, appropriate standards of security and confidentiality, and will preserve the ability to exercise your rights as a Data Subject under applicable laws. In case of inquiries or requests regarding the processing of your Personal Data and to exercise your rights as a result of this data transfer, please contact privacy@cslbehring.com.
How Will My Personal Data Be Used For Direct Marketing?
We will only send you electronic marketing materials if you have provided your consent. If you are a healthcare professional or provider and, depending on the marketing preferences that you indicate to us at the time we collect your Personal Data, we may contact you via post, telephone or electronic methods with information about our products and services. You can opt-out or unsubscribe using the options provided to you within our communications or by contacting us using the contact details at the end of this notice.
Is Personal Data Collected From Children or Minors?
CSL recognizes the privacy concerns of parents and guardians and the importance of protecting the privacy of Personal Data collected from or about children or minors. This website is operated primarily for the use of healthcare providers, adult consumers and caregivers and is not designed or intended for children or minors.
From time to time, we may offer an online program or activity that allows children or minors to participate. In such instances, we provide additional privacy protections and will only process the Personal Data of children or minors with the express consent of the parent or guardian of the child or minor concerned.
How Is Personal Data Collected When You Interact with Our Websites?
Linked Websites
For your convenience, hyperlinks may be posted on this website that link to other websites (“Linked Sites“). We are not responsible for, and this notice does not apply to, the privacy practices of any Linked Sites or of any companies that CSL does not own or control. Linked Sites may collect information in addition to that which we collect on this website. CSL does not endorse any of these Linked Sites, the services or products described or offered on such Linked Sites, or any of the content contained on the Linked Sites. We encourage you to seek out and read each Linked Site’s privacy notice to understand how the Personal Data about you is used and protected.
Cookies
When you visit our website, CSL may automatically collect information about your device or internet activity through the means of cookies and other technologies, identified in our cookie policy. Cookies and similar technologies are small pieces of data (text files) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:
- Essential Cookies: These cookies are necessary for our website to operate properly and enable you to use its features.
- Strictly Necessary Cookies: These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but this may cause some parts of the website not to work. These cookies do not store any personally identifiable information.
- Performance Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our website. They help us to know which pages are the most and least popular and see how visitors move around the website. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our website and will not be able to monitor its performance.
- Functional Cookies: These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these services may not function properly.
- Targeting Cookies: These cookies may be set through our website by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other websites. If you do not allow these cookies, you will experience less targeted advertising.
- Social Media Cookies: These cookies are set by a range of social media services that we have added to the website to enable you to share our content with your friends and networks. They are capable of tracking your browser across other websites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies, you may not be able to use or see these sharing tools.
Further, some of our websites and online resources may enable you to download an application, widget, or other tool that you can use on your mobile or other computing device. Some of these tools may store information on your mobile or other device. These tools may transmit Personal Data to CSL to enable you to access your user account and to enable CSL to track use of these tools. Some of these tools may enable you to e-mail reports and other information from the tool. CSL may use Personal or non-identifiable Data transmitted to CSL to enhance these tools, to develop new tools, for quality improvement and as otherwise described in this notice.
Google Services
CSL may use Google services such as Google Analytics to improve the experience of our websites and apps. When these services are integrated into our websites and apps, they may share Personal Data and aggregated information with Google. CSL may also set Google-specific cookies on your browser or read cookies that are already there.
Further information about Google Analytics can be found here, and you may opt-out of Google Analytics at any time, here.
Is Additional Personal Data Collected From CSL Applications?
We may collect the following types of Personal Data from you when you interact with CSL applications using your mobile device. You can control what Personal Data you provide using the settings on your Mobile Device. Providing these types of Personal Data is optional and will not be shared with third parties.
- Mobile Device Contact List: CSL apps may request contact list access to enable content sharing between app users and contact list. This function enables the app user to share content with their treating clinicians regarding product dosing or about their medical condition. This is the contacts list stored on your device, including contact name, phone number, and email address. CSL will not store your contact list information.
- Photos from your Mobile device: CSL apps may allow you to provide profile photos in your profile when you sign up on our website or mobile applications.
- Calendar on your Mobile device: CSL apps may request mobile device calendar access to enable the recording of medical appointment scheduled with the user’s treating clinician. CSL will not store your calendar information.
How Do You Contact CSL About Data Privacy?
If you have any questions about how we process your Personal Data or want to exercise any of your rights, you can contact us at: privacy@cslbehring.com
Or, via the CSL Data Subject Request portal: Data Privacy Request
How Does CSL Update This Privacy Notice?
We may update this notice from time to time to reflect changes in the way we process Personal Data (e.g., if we implement new systems or processes that involve new uses of Personal Data) or to clarify information we have provided in the notice. Our changes will be in accordance with applicable data protection laws.
We recommend that you check for updates to this notice from time to time but we will notify you directly about changes to this notice or the way we use your Personal Data when we are legally required to do so.
