Last updated: February 6, 2023
Astellas Pharma Inc. and its affiliates globally (“Astellas”, “we”, “our”) respect your right to privacy and treat compliance concerning privacy obligations seriously; this is why we have developed this Privacy Notice (“Notice”), which explains why and how we collect, share and use personal information about you when you are working for Astellas (“Personal Information”), and how you can exercise your privacy rights, as a current or past employee, contractor, external service provider or temporary worker, intern, trainee or applicant for employment (“Employee”) or if you are a dependent of the above.
This Notice applies alongside our Global Data Privacy Policy, which describes the principles that Astellas applies to protect Personal Information in general and is available in Astellas’ global repository of policies & procedures.
Astellas Pharma Inc. (2-5-1, Nihonbashi-Honcho, Chuo-Ku, Tokyo 103-8411, Japan), together with the Astellas affiliate which has an employment relationship with you, are the data controllers of your personal information. You can find more information on the relevant Astellas affiliate in the following link: at https://www.astellas.com/en/worldwide.
Please take the time to read this Notice carefully. If you have any questions or comments, please use the contact details provided under the “How to contact us” heading below.
What Personal Information does Astellas process?
We collect Personal Information about you from a variety of sources, including directly from you such as from documents or forms that you provide to Astellas in order to participate in a recruitment process, in the course of your employment, or in other contexts. We also collect Personal Information about you indirectly, including information that you provide to vendors that work on our behalf, such as event or travel organization companies, recruiting agencies or background screening agencies. Such indirectly collected information include (among others): documents, records, logs and materials that are created in the course of our business processes and events; information from publicly available sources including social media platforms such as LinkedIn, Facebook, etc. and online search engines; and online and other databases and websites operated by certain of our vendors and third parties. We may also receive Personal Information about you from our customers and internal and external stakeholders, for example, if our customers provide feedback about the services you provide to them.
Your Personal Information processed by Astellas broadly falls into the following categories:
| Types of Personal Information | Examples |
| Personal identifiers and biographical information | Name; gender; nationality; place and date of birth; personal photos or images in videos for business purposes (where applicable); IP address; driving licence |
| Contact information | Postal address (home & office); telephone numbers (home & office); e-mail addresses (business & private, where necessary) |
| Employment related information | Job titles and grades including pay grades; job descriptions and position in organizational charts; roles & responsibilities within Astellas; user identification numbers; data about employment contracts; type of employment; notes from interviews and other coaching or mentoring opportunities; data about grievances or internal investigations and disciplinary matters or employees complaints or questions; audits; compliance reviews and investigations including conflict of interest checks; participation in employee surveys; data about promotions and mobility to other positions and/or countries; data about redundancies, reorganizations and dismissals |
| Past employment history | Prior employers and role & responsibilities in their organization; prior compensation; past employer references |
| Education and training information | Academic degrees; training certificates; professional qualifications & skills acquired; membership in professional organizations; CVs and resumes; test results; training records |
| Identifiers for payroll administration | Social security/insurance numbers; national identification numbers; bank account details; data about working time tracking and management |
| Family data | Family status; children/dependent data; spouse/partner data; emergency contacts |
| Health-related information | Medical data (e.g. Covid-19 related health data, if required under local rules); leave of absence data; health & safety assessments; data about accidents within the working environment |
| Financial information | Data about salaries, benefits and bonuses; taxes; business expenses; pension administration records; salary review |
| Security background check information | Information on criminal records and other background screening (where applicable) |
| Data required to ensure access to and use of Astellas systems and devices | User credentials, activity logs and other records about user interaction with Astellas systems or devices |
| Performance evaluation information | Data about professional performance and rating; evaluation of personal skills; succession planning and assessments on current and future roles; results from internal and external assessments |
| Business travel and arrangements | Travel/accommodation/subsistence information related to business travel and events |
| Work and process related data | Records including employee input, feedback, decisions or other steps or actions taken during a business process or activity (e.g. during the review and approval of promotional material) and records including employee data created during a business process, event or activity (e.g. the record of presence in official meeting minutes, photos or videos taken during company organized events). |
Where necessary and permitted by law, your Personal Information that we process may contain information relating to race or ethnic origin, political opinions or religious beliefs, physical or mental health or condition, sexual orientation, trade union membership, commission or alleged commission of criminal offences and any related legal actions (“Sensitive Personal Information”).
Although we aim to minimize the amount of Sensitive Personal Information that we process, we may process Sensitive Personal Information in certain circumstances, for example, when required to do so by law (e.g., equal opportunity monitoring) or it is necessary to provide you with a service (such as a health or other benefit) or we are performing a criminal background check. If we are not already permitted by applicable laws to process your Sensitive Personal Information for the purposes it is required, then we will obtain your consent to our use of your Sensitive Personal Information. Where we ask for your consent, you have the right to decline to provide your consent and (if provided) to withdraw your consent at any time.
Please note that if you choose not to provide us your Personal Information or withhold or withdraw consent to processing your personal data, Astellas may not be able to proceed with your application or perform your employment contract (or aspects of your employment contract).
Why does Astellas process Employee Personal Information?
We process your Personal Information for legitimate interests and contractual purposes, to operate effectively in our role as your employer or when using approved service providers, and in particular for the following main processing purposes:
| Nr | Processing Purposes |
| 1 | To manage workforce and budget-planning, incl. reporting on headcount for each line of business, geography and function, budget progress and HR compliance matters |
| 2 | To manage the entire recruitment process and in particular new hires onboarding to Astellas, incl. management of candidate profile, screening and background check, candidate interview process, and new hire data |
| 3 | To monitor and manage Employee performance, incl. regular monitoring vs KPI or status reporting, objective-setting, performance feedback and appraisals, career development and/or performance improvement plans |
| 4 | To provide Employee training, incl. coaching, mentoring and general or tailor-made development programs |
| 5 | To manage and develop talents internally, including succession planning, based on business priorities, and talent profile maintenance |
| 6 | To develop and conduct Employee surveys and other similar initiatives to monitor organizational effectiveness of Astellas or seek other types of feedback from employees |
| 7 | To design and deliver organizational changes for key business and HR projects |
| 8 | To develop and implement plans that manage diversity and inclusion within Astellas |
| 9 | To manage collective agreements and relationships with labour unions and/or work councils and other labor representation bodies |
| 10 | To manage and resolve Employee queries, complaints and/or grievance cases or other similar cases or appeals, incl. whistleblowing/Speak Up hotlines and other similar reporting tools and resources; to conduct compliance and/or legal investigations on reported events or incidents and to manage Employee disciplinary matters |
| 11 | To conduct internally or externally initiated audits, incl. handling and administering relevant corrective and preventive action plans |
| 12 | To manage Employee payroll, incl. salaries/compensation, social security contributions, taxes and benefits, as well as incentives, recognition plans and related initiatives, incl. bonuses, long term incentive plans, one-off payments, pension and shares plans and any other benefits |
| 13 | To establish, define and manage job positions and job descriptions within Astellas |
| 14 | To manage changes in Employee files, incl. personal data maintenance and integrity, management of employment data changes, promotions and other job moves within Astellas |
| 15 | To manage voluntary and involuntary exit of Employees from Astellas including resignations, termination of employment, redundancies and retirement |
| 16 | To manage occupational health, annual leave, short term and long-term sickness leave or other leave of absence, incl. managing return to work and flexible working |
| 17 | To manage Employee relocation and global mobility, incl. complying with tax, visa and immigration requirements globally |
| 18 | To conduct administrative and managerial tasks, incl. the management of events and meetings or other project management, and the management of relationships with vendors, incl. due diligence and vendor payment administration |
| 19 | To manage Employee traveling, expense tracking and reimbursement, as well as Employee time-tracking and working time-management as well as to effectively manage the use of company fleet and devices. |
| 20 | To ensure Employee compliance with Astellas policies and applicable legal and other requirements |
| 21 | To record, store, manage and follow up on adverse events that may be reported by Astellas Employees for Astellas medicinal products |
| 22 | To enable internal contacts and communication, incl. to provide IT support to Employees, manage and maintain the functioning and security of IT systems and network and give access to Employees to Astellas tools and systems that may be relevant to their tasks and job descriptions, e.g. create Employee accounts in Astellas Global Account Management System to provide access to Astellas systems such as Astellas mailboxes |
| 23 | To promote, internally and externally Astellas’ events, initiatives and projects incl. material published using internal communication channels such as intranet and SharePoint sites and emails, as well as external channels such as corporate websites and company’s social media channels |
| 24 | To facilitate communications with external stakeholders (e.g.. publishing employee business contact details and/or photos in dedicated company websites, portals, assets or relevant material) |
| 25 | To create and maintain business records, general administrative information and transitory information required by business processes |
| 26 | To design, develop, implement and manage Astellas strategy in various HR business areas such as rewards & benefits, recruitment, talent management, performance management, organizational structure & effectiveness, HR technology, labor and work council relations (where applicable), and policies and procedures |
| 27 | When required or allowed to do so by law or as necessary to enable Astellas to protect its interests, establish legal rights, pursue legal action or litigation (for instance, when necessary to prevent or detect fraud or crime or respond to a regulatory investigation) |
| 28 | To respond to requests for references from mortgage providers, estate agents or landlords |
| 29 | To respond to requests for employment references, to which Astellas will offer factual information only. If you require a character reference from a colleague/manager, these must be in a personal capacity only. Such references will not be regarded as official Astellas references and must not be issued on behalf of Astellas or written on company headed paper. Please note that requests must be made in writing to the HR department and will only be answered once your written consent has been obtained. We will not provide employment references by telephone. |
| 30 | To promote Astellas activities and events in social media platforms and in Astellas sponsored sites |
| 31 | To ensure safety and security of employees, visitors and Astellas’ property |
| 32 | To carry out any other obligation and exercise specific rights of the Astellas or of Employees in the field of employment and social security and social protection law |
Legal basis for processing Personal Information (UK and European Economic Area (EEA) individuals only)
We collect and process your Personal Information in order to:
- Comply with our legal obligations under applicable employment or other legislation (e.g. for tax and social security purposes)
- Perform our contractual agreement with you or to take relevant steps at your request prior to entering into a contractual relationship with you
- Protect your vital interests in case of emergency
- Pursue public interest in the area of public health, where we are required to collect special categories of personal information related to such public interest (e.g., Covid-19 containment measures)
- Fulfil our legitimate interests as employer, as these are described in detail in the table “Processing Purposes” above and provided that they are not overridden by your data protection interests or fundamental rights and freedoms.
In cases where our processing of your Personal Information is not already covered by any of the above legal bases, we will either provide you with a separate privacy notice stating relevant legal basis or obtain your prior, explicit and specific consent to do so (e.g., to manage diversity and inclusion in our organisation).
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us using the contact details provided under the “How to contact us” heading below.
How does Astellas process Employee Personal Information?
We will process your Personal Information in accordance with this Notice and applying the following principles:
- Fairness: We will process your Personal Information fairly. This means that we are transparent about how we process Personal Information and that we will process it in accordance with applicable law.
- Purpose limitation: We will process Personal Information for the above-specified, lawful purposes, and will not process it in a manner that is incompatible with those purposes.
- Proportionality: We will process Personal Information in a way that is proportionate to the purposes which the processing is intended to achieve.
- Data accuracy: We take appropriate measures to ensure that the Personal Information that we hold is accurate, complete and, where necessary, kept up to date. However, it is also your responsibility to ensure that your Personal Information is kept as accurate, complete and current as possible by informing Astellas of any changes or errors. You should notify HR via myHR (where available) or via your local HR department of any changes to the Personal Information that we hold about you and your family (e.g. a change of address).
How does Astellas keep Employee Personal Information secure?
We implement appropriate physical, technical and organizational security measures to protect your Personal Information against unauthorized or unlawful processing or disclosure. The measures we use are designed to provide a level of security appropriate to the risk of processing of your Personal Information. For further information on the steps that we take to keep Personal Information secure and your responsibilities in this regard, please refer to the Global Information Technology Security Policy and Global Information Technology Security Standard.
Who does Astellas share Employee Personal Information with?
We may engage third parties to process Personal Information for and on behalf of Astellas. We require such data processors to process Personal Information and act strictly on our instructions and to take steps to ensure that Personal Information remains protected. We may disclose your Personal Information to the following categories of recipients:
| Our affiliates and group companies | Disclosure for purposes consistent with this Notice. A list of our current group companies is available at https://www.astellas.com/en/worldwide |
| Third-party service providers and partners |
Third parties who provide data processing services to us or who otherwise process personal data for purposes that are described in this Notice or notified to you when we collect your personal data. Such third parties may be processing your Personal Information in the context of the following categories of activities:
|
| Consultants | Provision of advisory services by auditors, advisors, legal representatives and similar agents in connection with the advisory services they provide to us for legitimate business purposes and under contractual prohibition of using the Personal Information for any other purpose |
| Competent Authorities | Any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, (iii) to respond to regulatory investigations or investigate whistleblowing issues, or (iv) to protect your vital interests or those of any other person |
| Potential buyers (and their agents and advisers) | In connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your Personal Information only for the purposes disclosed in this Notice |
| Any other person | Such disclosure will only be based on your consent |
Astellas does not, and especially will not without your consent, sell your information to third parties.
We also take precautions to allow access to Personal Information only to those Employees who have a legitimate business need for access and with a contractual prohibition of using the Personal Information for any other purpose.
International data transfers
Your Personal Information may be transferred to, and processed in, countries other than the country in which you are resident, including China, India, Philippines, Singapore, and the United States. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective). Also, our group companies and third-party service providers and partners operate around the world. This means that when we collect your Personal Information we may process it in any of these countries.
We have taken appropriate safeguards to require that your Personal Information will remain protected in accordance with this Notice. These include implementing the European Commission’s Standard Contractual Clauses for transfers of personal data between our group companies, which require all group companies to protect personal data they process in accordance with applicable data protection laws. You may also exercise any of your rights described under the "Your data protection rights" heading below in relation to Personal Information that we transfer to group companies outside the country where you reside. We implement similar appropriate contractual safeguards with our third-party service providers and partners.
Further details can be provided upon request by contacting our Data Protection Officer using the contact details provided under the “How to contact us” heading below.
Data retention
We retain Personal Information we collect from you where we have an ongoing legitimate business need or legal obligation to do so. We will not keep your Personal Information for longer than is necessary for the purposes for which we process it or as required by law, contract, the Astellas Global Policy for Records and Information Management and the Astellas Records Retention Schedule which are available at Astellas global repository of policies & procedures.
Your data protection rights
We respond to requests we receive from individuals wishing to exercise their data protection rights in accordance with all applicable data protection laws. Where provided by applicable data protection laws in your country and/or state of residence:
- If you wish to access, correct or update your Personal Information, you can do so at any time by contacting us using the contact details provided under the “How to contact us” heading below.
- You may be entitled to ask us to delete your Personal Information in certain circumstances, subject to the law in your jurisdiction. If you wish to exercise your right to deletion, please contact us using the contact details provided under the “How to contact us” heading below.
- In addition, you may be entitled under certain circumstances to object to processing of your Personal Information, ask us to restrict processing of your Personal Information or request portability of your Personal Information. Again, you can exercise these rights by contacting us using the contact details provided under the “How to contact us” heading below.
- Similarly, if we have collected and processed your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on legal bases other than consent.
- You have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area are available here; the UK Information Commissioner’s contact details are available here).
- If we apply any automated decision-making, including profiling, we will provide to you promptly meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
Monitoring
Astellas retains the right to monitor all IT systems, physical areas of the business and/or work-related activities to protect Astellas and ensure the appropriate use of Astellas resources and information assets in compliance with applicable law and in accordance with the Astellas Acceptable Use Policy which is available at the Astellas global repository of policies & procedures.
Updates to this Privacy Notice
We may update this Notice from time to time in response to changing legal, technical or business developments. When we update our Notice, we will take appropriate measures to inform you, consistently with the significance of the changes we make. You can see when this Notice was last updated by checking the “last updated” date displayed at the top of this Notice.
How to contact us
If you want to exercise any of your data protection rights, please use this link.
If you have any questions or concerns about our use of your personal data, you can always contact Astellas Data Protection Officer using the following details: [email protected].
You can also contact the data controller via the HR department through myHR (where available) or via your local HR department.