Last updated: Nov 2023
Privacy Collection Notice for the processing of Personal information of Health Professional
Astellas Pharma Australia General Privacy Notice
Astellas Pharma Australia (“Astellas”, “we”, “our”) respects your right to privacy and treat compliance concerning privacy obligations seriously; this is why we have developed this Privacy Notice (“Notice”), which explains why and how we handle, collect, share and use personal information (and “sensitive personal information” or similar terms as defined by applicable laws) about you (“Personal Information”), and how you can exercise your privacy rights, when accessing or using Astellas websites, mobile or internet applications, digital tools and other services and activities (offline and online) that link to this Privacy Notice (collectively, the “Services”).
You may be subject to specific privacy notices provided by Astellas on separate websites and to policies specific to certain products or services in conjunction with this Notice. These specific privacy notices and policies shall supersede this Notice to the extent that the clauses set forth in these privacy notices and policies contradict the clauses set forth in this Notice. We ask you to read such specific privacy notices and other legal documents very carefully before you start using such product or services.
Please take the time to read this Notice carefully. If you have any questions or comments, please use the contact details provided under the “How to contact us” heading below.
What Personal Information does Astellas collect?
When you use any Services, we will collect Personal Information that you will provide voluntarily such as in applications or registration forms or survey forms and questionnaires that you may complete through the Services or while you are interacting with Astellas during such Services. Depending on your interactions with Astellas, this may include the following categories of Personal Information:
- Basic identifying information about you such as your name, surname, your gender, age/date of birth, your language preference as well as registration information when you register with any Services such as usernames and passwords. Healthcare professionals may be also asked to provide information relating to their specialty, registration number or license, education, experience and professional affiliations.
- Contact information that will enable us to contact you (e.g., telephone, email, address, social media profile, etc.).
- Financial information to enable payments to you, if applicable, such as bank account numbers and codes or credit card numbers.
- Health information and insurance information that you may provide while using the Services (e.g., when downloading an application or registering with an online patient support program or when you submit via Services a question about an Astellas product or report an adverse event) such as information that describes your health status and any health conditions or symptoms that you are experiencing.
- Transactional information related to the use of the Services including your feedback, your opinions and preferences about the Services and/or Astellas and its products, your interactions with us, your preferred method of communications with us, any purchases or product/service orders you have made via the Services or inquiries you had submitted.
- Audio or visual information such as photos, videos or voice recordings that may take place during the Services.
Also, we may collect your Personal Information automatically through your use of the Services (“Usage and Behavior Information”) such as your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information such as media access control (“MAC”) addresses, international mobile equipment identity (“IMEI”) numbers, mobile operating systems, the platform used to access or download any Services (e.g., Apple, Google, Amazon, Windows), location information and usage information about your devices, etc. Typically, such Personal Information will not directly identify you, but may make identification possible through the combination of other information or identifiers. Also, some of this information is collected using cookies and similar tracking technologies (“cookies”). Collecting this information enables us to better understand the users of our Services, where they come from, and what content on our Services is of interest to them. We use this information, including information collected using cookies, for our internal analytics purposes and to make our Services easier for you to use and navigate, to assist in your registrations and login, to personalize the content of our Services to your preferences and to personalize and improve our interactions with you by making the information we provide more relevant to you. We may also add your usage data relating to our Services to the general profile we maintain about you in our customer relationship management tools, so that we improve and personalize your experience when interacting with our Services. When we send email communications to you, we may place a web beacon or similar tracking technology in the email to know whether the email or an attachment or link in the email has been opened because this will help us determine if a particular part of our communication was more relevant to you and to create aggregated statistics and reports to analyze the effectiveness of and improve our marketing campaigns. In some jurisdictions, we ask for your consent before using cookies or other tracking technologies, in which case you will be presented with a choice as to whether you wish to allow the collection and use of this type of information. Otherwise, we collect this information for our legitimate business purposes to optimize our Services and customize your experience when using our Services. You can find more information about our use of cookies in our “Cookies Policy”.
Certain Services may link with social media platforms and social media plug-ins (e.g., the Facebook "Like" button, "Share to Twitter" button). If you use Services via such social media plug-ins, Astellas will automatically have access to information provided to or through the relevant social media platform for the purposes described in this Notice. We strongly recommend you get familiarized with the privacy settings of those social media platforms and exercise your rights with them accordingly because Astellas does not control the privacy practices of these third parties.
Some internet browsers allow you to limit or disable the use of tracking technologies that collect unidentified information, such as a “Do Not Track” (“DNT”) setting. Currently, Astellas does not respond to DNT signals received from your web browser.
We may also obtain your personal information from third parties or may combine the Personal Information we have about you with information that we may obtain from other sources (“Third Party Originated Information”), including publicly available sources such as public databases, registries, search engines, social media platforms and from databases operated by other third parties such as vendors, business partners, data brokers, healthcare professional and healthcare providers. In particular, we may perform analyses of pseudonymized health data we obtain from relevant healthcare, research or other relevant organizations, or use third parties such as social media platforms to conduct targeted advertising in which case such social media platforms may act as independent or joint controllers with us to provide such services.
We may also process Personal Information that you make manifestly publicly available on social media platforms such as e.g., Facebook, Twitter, LinkedIn, Google, etc. and other relevant public blogs, forums and communities (“Manifestly Made Public Information”). We conduct such social media listening activities to better understand the opinions and sentiment of various stakeholders such as healthcare professionals, patients, payers, etc. about Astellas, our products, our Services, our events and the disease areas where Astellas is active and to identify key influencers, opinion leaders and experts in those disease areas and may include your Personal Information in form of comments, messages, blogs, photos and videos etc. that you make manifestly public. When you share your personal information on a public social media platform, we suggest you also familiarize yourself with the privacy policy of that specific platform as these platforms are not owned and managed by Astellas.
Please note that if you submit to Astellas through any Services any Personal Information relating to other people, you provide a warranty and you represent that you have received the permission to do so and to allow us to use such information in accordance with this Notice.
Why does Astellas collects, handles, and uses your Personal Information?
Depending on your interaction with Astellas when using our Services, we will process your Personal Information for a number of legitimate and lawful data processing purposes such as the following:
| Nr | Processing Purpose |
|---|---|
| 1 | To provide to you the relevant Service including when we need to validate your identity or your qualifications before using a Service |
| 2 | To maintain the infrastructure to provide Services to you and to secure our network systems, websites, applications and other assets |
| 3 | To personalize your experience when using our Services in order to understand your interest in our Services so that we can improve them and customize them to your needs and preferences |
| 4 | To respond to your requests or enquiries; for example, if you submit a medical information request; if you submit a question about a product; if you file a complaint or if you subscribe to any Service |
| 5 | To support Services that are used for the sale or marketing of Astellas products |
| 6 | To communicate effectively with you including providing to you, when allowed by law and under any applicable legal requirements, newsletters, articles, alerts, press releases, announcements, invitations, and other information about Astellas and/or its products and/or the therapeutic areas where Astellas is or plan to be active |
| 7 | To plan, organize and manage Astellas events or to support or sponsor events of third parties |
| 8 | To provide, where applicable, Services that will support patients and/or healthcare professionals and/or caregivers including disease awareness campaigns and other similar initiatives |
| 9 | To carry out clinical research and development activities such as interventional, clinical trials, as well as to conduct non-interventional and retrospective studies |
| 10 | To comply with a legal obligation such as for public health reasons relating to the reporting of adverse events about our products or to comply with tax and accounting obligations |
| 11 | To comply with binding regulatory requests for information, governmental or state or court orders or other binding decisions |
| 12 | To review, monitor, audit and investigate our interactions with third parties including users of Services to ensure we comply with our ethics & compliance standards, laws & regulations and industry Codes and best practices |
| 13 | To prevent fraud and identify and take actions against users of our Services who violate our terms of use or engage in behavior that is illegal or harmful to Astellas or to others’ property or rights |
| 14 | To perform data analytics, to monitor and analyze trends, usage and activities in connection with the Services and to measure the performance of our Services to help us understand which parts are more engaging or interesting and improve our Services accordingly including by analyzing information from external sources such as Google or social media platforms |
| 15 | To complete transactions with you including any purchase contracts for products or other contracts with you (e.g., for you to provide goods or services to Astellas) |
| 16 | To conduct surveys and market research to receive your opinion, insights, feedback about Astellas and its products and about other general business topics of interest for Astellas |
| 17 | To analyze public sources, such as websites, online search engines and social media channels, such as e.g., Google, Facebook, Twitter, LinkedIn, etc. to monitor, analyze and improve our understanding of the opinions and sentiment of various stakeholders such as healthcare professionals, patients, payers, etc. about Astellas, our products, our Services, our events and the disease areas where Astellas is active and to identify key influencers, opinion leaders and experts in those disease areas |
| 18 | To perform activities in relation to the Services as an employer to support and fulfill our obligations to our employees |
| 19 | To conduct training & awareness initiatives in relation to Astellas business, products and therapeutic areas |
| 20 | To support a corporate transaction such as e.g., a corporate restructuring, a sale of a Service, a merger or an acquisition |
| 21 | To protect our legal rights and our property, enforce our terms of use and other legal notices & disclaimers in the Services, and for the establishment, exercise and defence of legal claims |
Legal basis for processing Personal Information
We may collect and process your Personal Information when one of the following applies to our Services, to the extent permitted under applicable laws in your jurisdiction:
- We need to take steps to execute a contract with you or we need to perform a contract with you.
- We need to meet a legal obligation as above such as when we need to report an adverse event about any of our products or we need to process data for tax, accounting or financial disclosure purposes.
- You have given to us your consent to process your Personal Information. You can withdraw your consent at any time. We will normally need your consent in the following circumstances: (a) in certain jurisdictions, according to the relevant cookie banner that you may be presented with when providing the Services to you and the applicable Cookies Policy, when we are using cookies and other tracking technologies for optional activities such as for analytics purposes (but not for essential and strictly necessary cookies that are collected automatically on the basis of our legitimate interest to operate and provide our Services); (b) if you use the Services to share sensitive Personal Information with us such as your health information; (c) if we use the Services to communicate with you proactively via electronic means such as emails or SMS.
- However, processing of sensitive Personal Information may be also necessary for reasons of public interest in the area of public health, such as to protect you and society against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices. Also, processing may be necessary for scientific research purposes such as when we use Services to conduct clinical research.
- Where the processing is in our legitimate interests to provide the Services and not overridden by your data protection interests or fundamental rights and freedoms. This is applicable to the majority of the above purposes such as when we need to process Personal Information to provide a Service to you; to maintain the infrastructure of our Services; to respond to your requests or enquiries; to support Services for the sale or marketing of Astellas products or to plan, organize and manage Astellas events.
- Processing is related to Personal Information that is manifestly made public by you such as in posts that you have made manifestly publicly available in social media accounts or platforms.
- We need to process your Personal Information to enable us to establish, exercise or defend legal claims or proceedings.
- We need to protect your vital interests or those of others.
- Where otherwise permitted or required by applicable laws in your jurisdiction.
In cases where our processing of your Personal Information is not already covered by any of the above legal bases, we will either provide you with a separate privacy notice stating relevant legal basis or we will obtain your prior, explicit and specific consent to do so.
In cases where our processing of your Personal Information is required as part of our contractual relationship with you, failure to provide this type of Personal Information requested may obstruct conclusion of the contract or result in Astellas’ inability to perform contractual obligations.
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us using the contact details provided under the “How to contact us” heading below.
How does Astellas process Personal Information?
We will process your Personal Information in accordance with this Notice and applying the following principles:
- Fairness: We will process your Personal Information fairly. This means that we are transparent about how we process Personal Information and that we will process it in accordance with applicable law and the information we provide with this Notice or with any other or additional Notice you may have been provided with.
- Purpose limitation: We will process Personal Information for the above-specified, lawful purposes, and will not process it in a manner that is incompatible with those purposes.
- Proportionality: We will process Personal Information in a way that is proportionate to the purposes which the processing is intended to achieve.
- Data accuracy: We take appropriate measures to ensure that the Personal Information that we hold is accurate, complete and, where necessary, kept up to date.
How does Astellas keep your Personal Information secure?
We implement reasonable physical, technical and organizational security measures to protect your Personal Information against loss, misuse, and unauthorized or unlawful access, disclosure, alteration, or destruction. This includes limiting access to your Personal Information to those Astellas employees and third-party providers who strictly need to have access to fulfil a legitimate purpose when providing the Services to you. We use due diligence processes to select third parties who may have access to Personal Information. We may also use encryption of communications via SSL, encryption of information while it is at rest or in transit, firewalls, access controls, separation of duties, and similar security protocols.
Astellas trains its employees on the importance of privacy and how to handle and manage Personal Information appropriately and securely.
The measures we use are designed to provide a level of security appropriate to the risk of processing of your Personal Information. We are continuously improving our security measures in line with technological developments. It is important that you take also all appropriate actions to protect the Personal Information you submit during the Services such as e.g., protecting your passwords if you create an account with Astellas while using Services. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us using the contact details provided under the “How to contact us” heading below.
Especially, when you are using social media platforms or other online tools and websites or blogs, forums etc. to make publicly available posts or comments etc., we recommend that you use the privacy settings available to you on such platforms and tools to ensure that you take informed decisions about the level of security and protection you afford to your Personal Information.
Who does Astellas share Personal Information with?
We may engage third parties to process Personal Information for and on behalf of Astellas to provide the Services. We require such data processors to process Personal Information and act strictly on our instructions and to take steps to ensure that Personal Information remains protected. We may disclose your Personal Information to the following categories of recipients:
| Our affiliates and group companies | Disclosure for purposes consistent with this Notice. A list of our current group companies is available at https://www.astellas.com/en/worldwide |
|---|---|
| Third-party service providers and partners | Third parties who provide data processing services to us or who otherwise process personal data for purposes that are described in this Notice or notified to you when we collect your personal data. Such third parties may be processing your Personal Information in the context of the following categories of activities:
|
| Consultants | Provision of advisory services by auditors, advisors, accountants, legal counsels and similar agents in connection with the advisory services they provide to us in relation to the Services |
| Competent Authorities | Any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, (iii) to respond to regulatory investigations or investigate whistleblowing issues, or (iv) to protect your vital interests or those of any other person |
| Potential buyers (and their agents and advisers) | In connection with any proposed purchase, merger or acquisition or divestiture of any part of our business and/or any of our Services, partially or fully, provided that we inform the buyer it must use your Personal Information only for the purposes disclosed in this Notice |
International data transfers
Your Personal Information may be transferred to, and processed in, countries other than the country in which you are resident. In particular, Astellas maintains datacenters and servers around the world, including Japan and the United States which are supported by technical staff located in various countries including India. Also, our group companies and third-party service providers and partners operate around the world in countries as specified at https://www.astellas.com/en/worldwide. This means that when we collect your Personal Information, we may process it in any of these countries, which may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).
We have taken appropriate safeguards to require that your Personal Information will remain protected in accordance with this Notice. These include implementing the European Commission’s Standard Contractual Clauses for transfers of personal data between our group companies, which require group companies to protect personal data they process in accordance with applicable data protection laws. You may exercise any of your rights described under the "Your data protection rights" heading below in relation to Personal Information that we transfer to group companies outside the country where you reside. We implement similar appropriate contractual safeguards with our third-party service providers and partners.
Further details can be provided upon request by contacting our Data Protection Officer using the contact details provided under the “How to contact us” heading below.
Data retention
We retain Personal Information we collect from you where we have an ongoing legitimate business need or legal obligation to do so and according to the Astellas Records Retention Schedule which defines exact time periods for the retention of all Astellas business records. The criteria used to determine Astellas retention periods include: (i) whether there is a legal obligation to which we are subject (e.g. for pharmacovigilance or tax & accounting purposes); (ii) whether we have an ongoing relationship with you and for how long; (iii) whether retention is due to actual or threatened or anticipated litigation or internal and external investigations or legal hold orders); (iv) whether there are any industry codes or best practices in any particular case. In principle, we will not keep your Personal Information for longer than is necessary for the purposes for which we collected it and as outlined in this Notice or as required by law or contract.
Your data protection rights
We respond to requests we receive from individuals wishing to exercise their data protection rights, which will depend on the purposes for which we are processing your Personal Information and the applicable laws in your jurisdiction. As a result, where required by applicable laws and subject to limitations which may apply in consideration of exceptions or legal requirements, you may have the following rights depending on the country or state of your residence:
- You can always choose not to give us any Personal Information when we ask you for it. If you decide not to give us your personal information, however, we may not be able to provide you with the Services that you have requested or you may not be in the position to fully benefit from the Services or execute a contract with you.
- If you wish to access, rectify/correct or update your Personal Information, you can do so at any time by contacting us using the contact details provided under the “How to contact us” heading below.
- You may be entitled to ask us to delete your Personal Information in certain circumstances, subject to the law in your jurisdiction.
- In addition, you may be entitled under certain circumstances to object to processing of your Personal Information, ask us to restrict processing of your Personal Information to some limited circumstances or request portability of your Personal Information.
- Similarly, if we have collected and processed your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on legal bases other than consent.
- In particular, if you have given your consent to receive from Astellas marketing and other material, you can always update your preferences and even withdraw your consent at any time. While different Services may provide to you various options how to update your preferences or withdraw your consent, including opting out using functionalities in our sites or in the emails or texts we send you, you can always inform us of your updates and choices by simply contacting our data protection officer at [email protected].
- You have the right to complain to us about our collection and use of your Personal Information by contacting our data protection officer at [email protected].
- You have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area are available here; and the contract details of the Australian data protection authority are available here).
- If we apply any automated decision-making, including profiling, we will provide to you promptly meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
If you wish to exercise any of your data protection rights according to the applicable privacy laws and regulations, please contact us using the specific details provided under the “How to contact us” heading below. To facilitate your exercise of your data protection rights, you can complete a web form to give us the details of your request. For your protection, and to protect the privacy of others, we may need to verify your identity before fulfilling any request.
Use of this Website by minors
We do not intend for our Services to be used by anyone under the age of 18 and as a result we do not knowingly collect any Personal Information from anyone under this age without the prior, verifiable consent of a parent or guardian.
Updates to this Notice
We may update this Notice from time to time in response to changing legal, technical or business developments. When we update our Notice, we will take appropriate measures to inform you, consistently with the significance of the changes we make. Astellas recommends that you review this Notice regularly for any changes. You can see when this Notice was last updated by checking the “last updated” date displayed at the bottom of this Notice.
Links to third-party websites
Services may contain links to other sites owned and operated by third parties and not Astellas. What we describe in this Notice does not apply to those third-party sites. The availability of, or inclusion of a link to, any such site does not imply that Astellas endorses it. We are not responsible for the collection or use of Personal Information at any third-party sites. Therefore, we recommend you to be very cautious and read carefully the privacy notices or statements or other legal disclaimers in those sites and contact them if you have any questions or concerns.
How to contact us
If you want to exercise any of your data protection rights, please use this link.
If you have any questions or concerns about our use of your personal data, you can always contact Astellas Data Protection Officer using the following details: [email protected].
You can also contact Astellas online or in writing in any of its local establishments that you can find here: https://www.astellas.com/en/worldwide
Last updated: Nov 2023