Astellas Pharma Inc. and its affiliates globally including Astellas Pharma Vietnam LLC (“Astellas”, “we”, “our”) respect your right to privacy and treat compliance concerning privacy obligations seriously; this is why we have developed this Privacy Notice (“Notice”), which informs you of our processing of, and explains why and how we collect, share and use, personal data, including “Sensitive Personal Data” as defined by applicable laws on personal data protection, including Decree No. 13/2023/ND-CP of the Government of Vietnam and other applicable Vietnamese laws and regulations on personal data protection (“Data Protection Regulations”) about healthcare professionals (“Personal Data”), and how you can exercise your privacy rights. A healthcare professional is any person in a position to prescribe, administer, purchase or dispense Astellas products, or otherwise influence the use of, or a purchasing decision for, an Astellas product (“HCP”). Examples of healthcare professionals include physicians, nurse practitioners, nurses, pharmacists, transplant coordinators, reimbursement specialists, and formulary decision makers, and the definition of a healthcare professional may depend on local legislation.
Please take the time to read this Notice carefully. If you have any questions or comments, please use the contact details provided under the “How to contact us” heading below.
Astellas Pharma Inc. (2-5-1, Nihonbashi-Honcho, Chuo-Ku, Tokyo 103-8411, Japan), together with the Astellas affiliate, such as Astellas Pharma Vietnam LLC, which has a relationship with you, are the data controllers of your Personal Data. You can find more information on the relevant Astellas affiliate in the following link: at https://www.astellas.com/en/worldwide.
What does Astellas do?
Astellas is a global pharmaceutical business, whose ultimate parent company is headquartered in Tokyo, Japan. Our mission is to improve the lives of patients. For more information about Astellas, including information about our focus therapeutic areas, please see the "About" and the “Therapy Areas” sections of our Website at https://www.astellas.com/en/about.
What Personal Data does Astellas process?
We collect Personal Data about you from a variety of sources, including directly from you such as from documents or forms that you provide to Astellas in order to participate in Astellas-sponsored or supported initiatives, such as Astellas-sponsored clinical research and development activities, market research, real world evidence studies, or in other contexts; from business partners (i.e. the legal entity for whom you work), third parties (e.g. vendors or medical agencies) or publicly available sources including professional registries, journals and scientific portals, PubMed, ClinicalTrials.gov, congress websites, university or hospital websites, national registries, social media platforms such as LinkedIn, Facebook, etc. and online search engines; CVs and resumes; and online and other databases (such as HCP databases managed by specialized data providers) and websites, which may be owned and managed by third parties.
Your Personal Data processed by Astellas, which may include Sensitive Personal Data, such as your bank account details as below, broadly falls into the categories described below. The actual scope of Personal Data Astellas processed about you depends on the actual types and volumes of interactions with you and is limited to Personal Data that is necessary for Astellas to achieve the purpose of such interactions.
| Types of Personal Data | Examples |
|---|---|
| Personal identifiers and biographical information |
Name, incl. prefix; nationality; place and date of birth; personal photos or images/voice in recordings for business purposes (where applicable); identity details (passport No., medical registration number/authorization ID, Astellas unique business partner ID), profile name or handle on social media platform |
| Contact information | Postal address (home and/or workplace); telephone numbers; e-mail addresses. |
| Professional information | Job titles, place of practice, the medical field(s) in which you are active, your professional qualifications and scientific activities (such as years of clinical experience, number of publications of academic or scientific research and articles, participation in advisory boards and clinical trials and other research studies with Astellas and other companies, leadership positions, presentations, membership in professional associations, boards and committees (also for conflict of interest checks); CVs, preferred language. |
| Identifiers for payment administration | Details about the underlying interaction of an agreement, and amount of the values transferred to you under an agreement, if you are the ultimate beneficiary; Social security/insurance numbers; national identification numbers; professional identification numbers; bank account details. |
| Business travel and meeting arrangements | Travel/accommodation/subsistence information related to business travel and events, special conditions (dietary preferences/requirements, accessibility information). |
| Electronic personal identifiers | Your electronic identification data where required for the purpose of providing services through websites or applications we operate (such as username, password, IP address, device type, unique device identification numbers, browser type, broad geographic location (e.g., country or city-level location) and other technical information, image recording or sound). We may also collect information about how your device has interacted with our website or application, including the pages accessed and documents, files or applications that you have downloaded (we use Google Analytics or Adobe Analytics for this purpose). For the Astellas-Pro website, we may verify your identity using the OWA (on-line Web Authentication) service from IQVIA Inc. This verification requires you to confirm your username and password to enable access to this Gated site. Please note that we do not have access to your password. |
| Details of interactions with Astellas | Details of interactions with us, such as what kind of meetings we have held, topics discussed, your knowledge of and questions you have had on our business and products, what kind of material we have provided to or shared with you and any feedback that you have provided (e.g. when you fill in forms to attend or during an Astellas event, or when you provide feedback in a survey), as well as your opinions and routines on prescribing, routines regarding your patients and diagnosis, and similar information which may also be collected as market research and/or real world evidence data through a third party agency or data broker; information regarding your utilization, responses and/or preferences including channels of communication and frequency. Some services, websites or applications, such as Astellas-Pro, capture details of your visit to the site, pages visited etc. but only where the relevant cookie consent has been given as explained further under the heading “Cookies Declaration” in the relevant service, website or application etc. used to collect such data. |
Why does Astellas process your Personal Data?
We process your Personal Data, primarily for contractual purposes and where required by the law with your consent, to manage our relationship with you, which includes undertaking the following processing activities:
| Nr | Processing Activities |
| 1 | Develop and strengthen our professional relationship with you and enhance your knowledge about Astellas’ products; enhance our knowledge about relevant disease areas and trends in patient management to improve our ability to deliver treatments of value that improve the lives of patients; conduct general stakeholder segmentation within your geographical area and area of expertise; identify key external experts as well as identify relevant study sites for the conduct of clinical trials. |
| 2 | Manage our relationship with you in our customer databases (such as Veeva or Sales Force), including the planning of potential collaboration, contacts, visits and meetings (virtual and/or physical) with you and any subsequent execution of such activities. This will include planning, reporting and tracking of our activities with you and the materials provided to you, including measuring our interactions to help develop, distribute and evaluate the information we provide you about diseases and Astellas’ products and services and ensure that it is relevant given your expertise, interests and preferences based on our evaluation and ranking of your profile and your opinions, routines and practices; develop databases of thought leaders and key experts in different therapy areas; and understand your scientific, therapeutic approach and satisfaction with Astellas’ products and services. |
| 3 | Manage our interaction with you in relation to an agreement under which services will be provided by you, including to determine the appropriate level of remuneration based on your professional qualifications (fair market value), perform our obligations and exercise our rights under such agreement, or if services will be provided by Astellas to you or the organisation for which you work. |
| 4 | Document our transactions with you and ensure transparency on transfers of value where you are the ultimate beneficiary (such as contribution to costs related to educational events managed by Astellas, including travel and accommodation expenses, fees for services for speaker and consultancy services). |
| 5 | Manage consents provided by you to Astellas (such as electronic marketing consents) or consents for Astellas to disclose Personal Data relating to you and arising from our agreement(s) with you (including, without limitation, your name and the amount and/or value of the transfers made to you under such agreements) where such consent is required by code or by law. |
| 6 | Manage our IT resources, including infrastructure management and business continuity, and give you access to our information and services, including to ensure access restriction for services and information that are limited to only healthcare professionals; to better understand your use of our websites and/or applications and what content is of interest to you so that we can improve the quality and relevance of our website and/or applications, and for internal analytics. Some of this information may be collected using cookies and similar tracking technology, as explained further at the time of cookie collection. |
| 7 | Manage any requests you may submit to us for medicines (e.g. samples or for compassionate use) and for medical information, incl. information related to your patients or their carers, as relevant. |
| 8 | When required or allowed to do so by law, code of practices or as necessary, to enable Astellas to protect its interests, including to manage our corporate compliance program to comply with legal, regulatory, industry requirements or best practices and ethical obligations, for monitoring, audit or inspection purposes; to establish legal rights, pursue legal actions or litigation (for instance, when necessary to prevent or detect fraud or crime or respond to a regulatory investigation). |
| 9 | Record, store, manage and follow up on adverse events or product quality issues that may be reported by you for Astellas medicinal products; to enable direct communications with you in relation to important and sometimes vitally urgent safety warnings and drug recalls and to facilitate and evaluate effectiveness of our communication to you related to risk management plans related to our marketed products. |
| 10 | Conduct surveys, market research and social media listening projects to understand your insights and views on position of Astellas in the life sciences sector and the opinion and the sentiment of the healthcare community on various related issues and topics. |
| 11 | Efficiently manage our relationship with you within the framework of collaboration agreements with our partners (including other pharmaceutical companies or companies with which we may co-promote a medicinal product) and to facilitate any corporate transactions and associated due diligence processes. This includes transactions like transfer of Marketing Authorization to a new holder, mergers, acquisitions and other types of assignments and company restructuring). |
| 12 | Efficiently manage activities related to your attendance in online and live meetings or events organized or supported by Astellas; send you direct marketing material, medical and scientific updates, corporate information and/or products or services we provide using post or electronic means. |
| 13 | If you visit our office or site, we will collect basic information for security reasons to manage access to the building, and we may also capture images on our CCTV cameras. |
| 14 | Documentation and records containing official correspondence with authorities such as a Drug Agency, Ministry of Health, a Sick Fund and other relevant authorities and official bodies related to Astellas’ work as a pharmaceutical company. |
In general, we will use the Personal Data we collect from you only for the purpose described in this Notice or for other purposes that we explain to you at the time we collect your Personal Data, subject to your consent. However, we may also use your Personal Data for other purposes that are not incompatible with the purpose we have disclosed to you and that you have consented to where this is permitted by applicable Data Protection Regulations as prescribed hereunder.
Legal basis for processing Personal Data
We collect and process your Personal Data in order to:
- Make your Personal Data publicly available under the applicable law or to serve the competent authority’s operation as required under specialized law.
- Perform the obligations under our contractual agreement with you or to take relevant steps at your request prior to entering into a contractual relationship with you
- Perform the activities where we have your valid consent to do so (in such cases, you can withdraw your consent at any time)
In cases where our processing of your Personal Data hereunder is not already covered by any of the above legal bases, we will either provide you with a separate privacy notice stating relevant legal basis for the processing of your Personal Data without consent or obtain your prior, explicit and specific consent to do so, unless we are permitted to process your Personal Data without your consent under the Data Protection Regulations.
In cases where our processing of your Personal Data is required as part of our contractual relationship with you, failure to provide this data may obstruct conclusion of the contract or result in Astellas’ inability to perform contractual obligations.
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided under the “How to contact us” heading below.
How does Astellas process your Personal Data?
We will process your Personal Data in accordance with this Notice and apply all principles for data processing as required under the Data Protection Regulations, including the following key principles:
- Fairness: We will process your Personal Data fairly. This means that we are transparent about how we process Personal Data and that we will process it in accordance with applicable law.
- Purpose limitation: We will process Personal Data for the above-specified, lawful purpose, and will not process it in a manner that is incompatible with this purpose.
- Proportionality: We will process Personal Data in a way that is proportionate to the purpose which the processing is intended to achieve.
- Data accuracy: We take appropriate measures to ensure that the Personal Data that we hold is accurate, complete and, where necessary, kept up to date.
How does Astellas keep your Personal Data secure?
We implement appropriate physical, technical and organizational security measures to protect your Personal Data against unauthorized or unlawful processing or disclosure. The measures we use are designed to provide a level of security appropriate to the risk of processing of your Personal Data.
Who does Astellas share your Personal Data with?
We may engage third parties to process Personal Data for and on behalf of Astellas. We require such data processors to process Personal Data and act strictly on our instructions and to take steps to ensure that Personal Data remains protected. We may disclose your Personal Data to the following categories of recipients:
| Our affiliates and group companies | Disclosure for purposes consistent with this Notice. A list of our current group companies is available at https://www.astellas.com/en/worldwide |
| Third-party service providers and partners |
Third parties who provide data processing services to us or who otherwise process Personal Data for the purpose described in this Notice or notified to you when we collect your Personal Data. Such third parties may be processing your Personal Data in the context of the following categories of activities:
|
| Consultants | Provision of advisory services by agencies, consultants, auditors, accountants, advisors, legal counsels and similar agents in connection with the advisory services they provide to us for legitimate business purposes and under contractual prohibition of using the Personal Data for any other purpose. |
| Competent Authorities | Any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, (iii) to respond to regulatory requests or investigations or investigate whistleblowing issues, or (iv) to protect your life or health or those of any other person. |
| Potential buyers (and their agents and advisers) | In connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your Personal Data only for the purpose disclosed in this Notice. |
| Any other person | Such disclosure will only be based on your consent. |
Astellas does not, and will not without a legal ground, sell your Personal Data to third parties.
We also take precautions to allow access to Personal Data only to our employees who have a legitimate business need for access and with a contractual prohibition of using the Personal Data for any other purpose.
International data transfers
Your Personal Data may be transferred to, and processed in, countries other than the country in which you are resident, including China, India, Philippines, Singapore, and the United States. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective). Also, our group companies and third-party service providers and partners operate around the world. This means that when we collect your Personal Data, we may process it in any of these countries.
We have taken appropriate safeguards to require that your Personal Data will remain protected in accordance with this Notice. These include, among others, implementing the European Commission’s Standard Contractual Clauses for transfers of personal data between our group companies, which require all group companies to protect personal data they process in accordance with the Data Protection Regulations. You may also exercise any of your rights described under the "Your data protection rights and obligations" heading below in relation to Personal Data that we transfer to group companies outside the country where you reside. We implement similar appropriate contractual safeguards with our third-party service providers and partners.
Further details can be provided upon request by contacting our Data Protection Officer using the contact details provided under the “How to contact us” heading below.
Data retention
Unless indicated otherwise or provided by the Data Protection Regulations, we will start processing your Personal Data from the date we receive your consent or upon having a legal basis for processing. We retain Personal Data we collect from you where we have an ongoing legitimate business need or legal obligation to do so. We will not keep your Personal Data for longer than is necessary for the purpose for which we process it or as required by law, contract, the Astellas Global Policy for Records and Information Management and the Astellas Records Retention Schedule.
Unexpected consequences and damage during the processing of your Personal Data
We commit to the protection of the Personal Data received from you or from other legal sources and have implemented reasonable technical and organizational measures to achieve this goal. However, you acknowledge that no data transmission over the internet is completely secure and may be exposed to cyberattacks causing leakage of or unauthorized access to the Personal Data we collect, and that you or other sources transmit such information to us at his/her/its own risk.
Your data protection rights and obligations
We respond to requests we receive from individuals wishing to exercise their data protection rights in accordance with all applicable data protection laws. Where provided by applicable data protection laws in your country and/or state of residence:
- You have the right to consent or not consent to our processing of your Personal Data through your expression in the Consent Form enclosed herewith.
- If you wish to know, access, correct or update your Personal Data, you can do so at any time by contacting us using the contact details provided under the “How to contact us” heading below.
- You may be entitled to ask us to delete your Personal Data in certain circumstances, subject to the Data Protection Regulations. If you wish to exercise your right to deletion, please contact us using the contact details provided under the “How to contact us” heading below.
- In addition, you may be entitled under certain circumstances to object to processing of your Personal Data, ask us to restrict processing of your Personal Data or request provision/portability of your Personal Data. Again, you can exercise these rights by contacting us using the contact details provided under the “How to contact us” heading below.
- Similarly, if we have collected and processed your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on legal bases other than consent.
- You may have the right to object to Personal Data being used for the purpose of marketing. Where this right applies, please use “opt-out” or “unsubscribe” functionality in the relevant communication or contact us using the contact details provided under the “How to contact us” heading below.
- You have the right to complain, denounce to a data protection authority, or file a lawsuit against our collection and use of your Personal Data. For more information, please contact your local data protection authority.
- You are entitled to claim compensation for damage due to any infringement of the Data Protection Regulations in accordance with applicable laws.
- If we apply any automated decision-making, including profiling, we will provide to you promptly meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
- At any time, you have the right to self-defense or to request competent authorities or organizations to protect your civil rights in accordance with the laws in your jurisdiction.
Besides the rights above, you have some obligations prescribed by the Data Protection Regulations, such as the following:
- Protect your Personal Data; request other relevant organizations and individuals to protect your Personal Data.
- Respect and protect others’ Personal Data.
- Provide your Personal Data fully and accurately once you consent to the processing of your Personal Data.
- Participate in propagating and disseminating skills to protect Personal Data.
- Comply with, and prevent and combat violations of the Data Protection Regulations.
Classification and Automated Decision-Making
We may use algorithms in our profiling and decision-making activities. For example, we may categorize you as a healthcare professional using an algorithm to assess your professional expertise, such as research activity and publications, clinical experience, academic qualifications and communication preferences. We use this categorization to support our planning of potential collaboration, contacts, visits and meetings with you. Decisions based on our use of algorithms will typically be done by individuals and will not have any significant effect for you. However, we will provide you with further information and, where required, ask for your prior consent if fully automated processes will be used that will produce legal or other significant effect for you.
Updates to this Notice
We may update this Notice from time to time in response to changing legal, technical or business developments. When we update our Notice, we will post any revisions on relevant privacy sections of our corporate websites (list of our websites can be accessed using: https://www.astellas.com/eu/worldwide) and may take appropriate additional measures to inform you, consistently with the significance of the changes we make. You can see when this Notice was last updated by checking the “last updated” date displayed at the bottom of this Notice.
How to contact us
If you want to exercise any of your data protection rights, please use this link.
If you have any questions or concerns about our use of your Personal Data, you can always contact Astellas Data Protection Officer using the following details: [email protected].
The data controller of your Personal Data is Astellas Pharma Vietnam LLC which is registered with the Department of Planning and Investments of Ho Chi Minh City with registration number 0317021217.
Last updated: June 2023