1. Handling of personal data
At Grünenthal, we believe transparency is the foundation of trustful collaboration. Below we’ll provide you with information on how we handle your personal data when you use our website. We handle your personal data because this is necessary to make certain functionalities of our website available and give you the best possible experience. Unless otherwise indicated, the legal basis for the handling of your personal data results from our legitimate interest to make available the functionalities of the website requested by you and to promote our business interests, according to (Art. 6(1) f) General Data Protection Regulation – “GDPR”).
1.1 Using our Website
1.1.1 Accessing our Website
When you browse to/ visit our website, your browser will transfer certain data to our web server. This is done for technical reasons so that we can provide the information you request. In particular, the following data are collected, briefly stored and used:
- IP address
- Date and time of access
- Time zone difference to Greenwich Mean Time (GMT)
- Content of request (specific site)
- Status of access/HTTP status code
- Transferred volume of data
- Website requesting access
- Browser, language settings, version of browser software operating system and surface
We will also store such data for a limited period so that we are able to initiate a tracking of personal data in the event of actual or attempted unauthorized access to our servers (Art. 6 (1) f) GDPR).
What are cookies?
Our website uses so-called “cookies”. Cookies are small text files that are stored in the memory of your terminal via your browser. They store certain information (for example your preferred language or site settings). Your browser may retransmit these to us when you revisit our website, depending on the lifespan of the cookie.
What cookies do we use?
We differentiate between two categories of cookies: (1) functional cookies which are necessary for the functionality of our website and (2) optional cookies. These are used for website analysis and marketing purposes. You can find a detailed list of the cookies that we use in the cookie banner that pops up when you access our website or by clicking on the “privacy settings” symbol.
Subject to your consent
We only use optional cookies if we have obtained your prior consent (Art. 6(1) a) GDPR). When you visit our website for the first time, a banner will appear asking you to give us your consent to the setting of optional cookies. If you consent, we will place a cookie on your computer and the banner will not appear again as long as the cookie is active. After expiration of the cookie’s lifespan, or if you actively delete the cookie, the banner will reappear the next time you visit our website and will again ask you for your consent.
How to prevent the placing of cookies
This may, however, lead to a restriction of the functions or have adverse effects on the user-friendliness of our Website. You may object to the setting of optional cookies at any time by using the respective objection option indicated in the table above.
1.1.3 Website Analysis
Google Tag Manager
This Website uses GTM (Google Tag Manager) to initiate and control the connection to Google Analytics. It is used most of all to minimize administrative effort and to analyze reporting problems. The tool also triggers other tags that may themselves collect data. Google Tag Manager does not access this data. If you have disabled it at the domain or cookie level, it will remain in place for all tracking tags implemented with Google Tag Manager. These processing operations only take place if consent is granted through the consent management tool on this website in accordance with Art. 6 (1) a) GDPR.
On our Website we use Google Analytics, a web analysis service provided by Google Ireland Limited (https://www.google.com/about/) (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter referred to as "Google"). Google will analyze your use of our website on our behalf. To this purpose we use, among others, the cookies described in more detail in the consent management tool on this website. The information collected by Google in connection with your use of our website (for example the referring URL, our webpages visited by you, your browser type, your language settings, your operating system, your screen resolution) will be transmitted to a server of Google in the USA, where it will be stored and analyzed. The respective results will then be made available to us in anonymized form. Your usage data will not be connected to your full IP address during this process. We have activated on our Website the IP anonymizing function offered by Google, which will delete the last 8 digits (type IPv4) or the last 80 bits (type IPv6) of your IP address.
These processing operations only take place if consent is granted through the consent management tool on this website in accordance with Art. 6 (1) a) GDPR. Your consent also covers the transfer of your personal data to the US as explained above.
You may revoke your consent to the use of web analysis at any time, either by downloading and installing the provided Google Browser Plugin or by administrating your consents in the consent management tool, in which case an opt-out cookie will be placed. Both options will prevent the application of web analysis only as long as you use the browser on which you installed the plugin and do not delete the opt-out cookie. Additional information on data protection with respect to Google Analytics is available on the Google Analytics website in the help section (https://support.google.com/analytics/answer/6004245?hl=en)
This website uses the web analysis software of Matomo (www.matomo.org).
This software enables us to collect and store data for statistical analysis of user behavior for purposes of optimization and marketing. For example, we can see in which sequence certain media content is selected, which webpage a user accesses after using the internal search function and how often a specific device is used to visit our website. Pseudonymous user profiles can be created and evaluated from these data for the same purpose.
We have configured the tool in a way that your IP address is anonymized. We do not create a User ID which would allow us to recognize a user across several devices. The information generated by the cookie in the pseudonymous user profile is not used to personally identify the website visitor and is not combined with personal data about the bearer of the pseudonym. If you do not agree to the storage and evaluation of these data on your visit, you can object to their storage and use at any time.
The data collected with Matomo technology (including your anonymized IP address) are processed entirely on our servers. The data is not shared with third parties and neither do we receive information on our visitors from third parties.
These processing operations only take place if consent is granted through the consent management tool on this website in accordance with Art. 6 (1) a) GDPR. The data will be stored on your device until you choose to delete the cookie or until the cookie expires.
Profiling of HCPs
If you are a health care professional registering on our website, additional methodologies might be used in order to create a unique user profile which will help us to design our relationship in the most convenient way for you. Further information on the processing of personal data in this context can be received by visiting our privacy statement for HCPs at https://www.grunenthal.com/en/footer-links/privacy-statement-hcp.
1.1.4 Use of contact forms and marketing communication
You can contact us directly by using the contact forms available on our website. In particular, you may provide us with the following information:
- Name, surname and title
- Address (Street, Postal Code, City)
- Contact data (e.g. e-mail address, phone number)
- Log-in information (e.g. your credentials)
- Organisation where you work
We collect, process and use the information you provide via the contact forms exclusively for the processing of your specific request. The legal basis for data processing is our legitimate interest in responding to your request pursuant to Art. 6 (1) f) GDPR. If you contacted us with the objective of concluding a contract, processing is also legally based on Art. 6 (1) b) GDPR. Your data will be deleted once we have finished processing your query. This is the case when it can be inferred from the circumstances that the relevant facts have been clarified in a conclusive manner and there are no statutory retention obligations in place that prevent its deletion.
We might also process your personal data for sending you marketing materials in case you have consented hereto through one of our registration forms. In this case the legal basis for the processing of your personal data is your consent according to Art. 6 (1) a) GDPR. You will find more information on the processing of your personal data as a health care professional by visiting our privacy statement for HCPs at https://www.grunenthal.com/en/footer-links/privacy-statement-hcp.
1.1.5 External services or content on our Website
We include third-party services and/or content on our website. When you use such third-party services or when third-party content is displayed, communication data are exchanged between you and the respective provider for technical reasons. The respective provider of the services or content may also process your data for own additional purposes. To the best of our knowledge, we have configured the services and content of providers known to process data for own purposes in such a way that either any communication for other purposes than to present their services or content on our website is blocked, or communication only takes place once you have actively opted to use the respective service. However, since we have no control over data collected and processed by third parties, we are not in a position to provide binding information regarding the scope and purpose of such processing of your data.
For further information regarding the scope and purpose of such collection and processing of your data, please consult the privacy statements of the providers whose services and/or content we include and who are responsible for the protection of your data in this context: For the purpose of an interactive design of our website third-party content from YouTube and Vimeo is integrated into this website. This serves to safeguard our predominant legitimate interests in a multimedia presentation of our services and our activities in accordance with Art. 6 (1) f) GDPR.
• YouTube (videos)
This website YouTube videos. YouTube is operated by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is an affiliate of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Consequently, log information may be transmitted from our website to Google. Google’s server in the United States thus automatically stores information (“log data”), such as the information that your browser sends to a website when you visit, or the information that your mobile app sends when you use it. This log data may contain your IP address, the address of the website you visited that uses Google features, the browser type and settings, the date and time of your request, information about your use of Google, and cookies.
If you are logged onto YouTube at the same time as you visit our website, YouTube identifies the specific sub-page of our website you visit when a sub-page containing a YouTube video is accessed. This information is collected through YouTube and Google and assigned to your YouTube account.
Through the YouTube component, YouTube and Google receive information that you have visited our website whenever you are logged in to YouTube at the same time as accessing our website, regardless of whether you click on a YouTube video or not. If you do not want this information transferred to YouTube and Google, you can prevent this by logging out of your YouTube account before visiting our website.
These processing operations only take place if express consent is granted in accordance with Art. 6 (1) a) GDPR.
• Vimeo (videos)
This website uses plug-ins from the American company Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. Therefore, log information may be transmitted from our website to Vimeo. Vimeo’s server in the United States thus automatically stores information (“log data”), such as the information that your browser sends to a website when you visit, or the information that your mobile app sends when you use it. This log data may contain your IP address, the address of the website you visited that uses Vimeo features, the browser type and settings, the date and time of your request, information about your use of Vimeo, and cookies.
If you are logged into Vimeo, Vimeo can link your visit to our website directly to your Vimeo account. If you interact with the plugins (e.g. by clicking the start button on a video), this information is also transmitted directly to a Vimeo server and stored there.
If you do not want Vimeo to associate any data collected via our website with your Vimeo account, you should log out of Vimeo before you visit our website.
These processing operations only take place if unambiguous consent is granted in accordance with Art. 6 (1) a) GDPR.
1.1.6 Registration for closed user groups
Limited access for special user groups
Specific information such as details on our products we can only share with a limited group of people due to restrictions in pharmaceutical marketing law. Therefore we request the following personal data:
- Name and surname
- User name and password
- E-mail address
- Other identifiers such as lifelong physician number, phone number, etc., as requested in the registration process
1.1.7 Webinars with GoToWebinar and similar solutions
Grünenthal uses the services of LogMeIn Ireland Unlimited Company, The Reflector 10 Hanover Quay, Dublin 2, D02R73, Ireland (“LogMeIn”) to facilitate webinar sessions via the tools “GoToWebinar” or “GoToMeeting” in which our customers and business partners can voluntarily participate.
The scope of the data that we process when you participate in a webinar session with us depends on the functionalities you will use and what kind of data you will provide to us in the webinar. Usually, the following categories of personal data will be processed by Grünenthal:
User details: first name, last name, telephone (optional), e-mail address, password (if "single sign-on" is not used), profile picture (optional), department, entity or occupation (optional).
Meeting data: Topic, description (optional), attendee IP addresses, device/hardware information.
In case of recordings (only optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
If you participate via telephone, the following data will be processed to make this possible: information about the incoming and outgoing call number, country name, start and end time.
Content data: If you make use of the chat or survey functions, the text entries you make are processed in order to display them and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the LogMeIn applications.
If we want to record webinars, we will transparently inform you in advance and - if necessary - ask for your consent. The fact of the recording will also be displayed to you in the app.
If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.
We may also process questions asked by webinar participants for purposes of recording and following up on webinars. If you are registered as a user with LogMeIn, the reports of online meetings (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) may be stored at LogMeIn for up to one month.
The legal basis for the processing of your personal data as outlined above is Art. 6 (1). b) GDPR, insofar as the webinars are conducted in the context of contractual relationships, e.g. if you are an HCP in a contractual relationship with us or have registered for a conference to which the webinar is an integral part.
Should no contractual relationship exist, the legal basis is Art. 6 (1). f) GDPR. In these cases our interest lies in the effective conduct of online sessions and conferences.
We have concluded an Data Processing Agreement with LogMeIn that meets the requirements of Art. 28 (3) GDPR. Processing of your data will usually take place in the European Union but we cannot ensure that some data might be transferred to LogMeIn´s affiliated companies in the United States and the United Kingdom.
In order to guarantee an adequate level of data protection, we have concluded the so-called EU Standard Contractual Clauses with LogMeIn. In addition, LogMeIn provides technical and organizational measures to protect your data when transferred to countries outside the EU. You can find a description of these measures on LogMeIn´s website under this link: https://logmeincdn.azureedge.net/legal/Schrems-II-FAQ.pdf.
1.1.8 Information on side effects and quality complaints
Please note that our corporate website is not intended or designed for communications regarding side effects, lack of therapeutic effect, medication errors, grey market products/counterfeit medicine, incorrect or off-label use, quality complaints and/or other issues regarding the safeness or quality of our products. We understand you may wish to report side effects or make a quality complaint. You can do this by either contacting your health care professional (e.g. physician or pharmacist) or your local health authority, or by using the reporting form on our portal dedicated to the reporting of suspected adverse drug. (https://drug-safety.grunenthal.com/ or you may directly contact firstname.lastname@example.org) If you nevertheless report undesirable side effects or other issues regarding the safety or quality of our products, we will be legally bound to deal with your communication and may have to contact you for clarification purposes. Subsequently, we may have to notify the health authorities and, in this context, your information will be forwarded in pseudonymized form, that means no information by which you may be directly identified will be passed on. We may also have to forward these pseudonymized notifications to our group companies and cooperation partners, to the extent these are likewise obliged to notify their respective health authorities.
1.1.9 User Surveys
We sometimes conduct user surveys on our website. Participation is voluntary, of course. We use functional cookies to carry out the user surveys. The technical information recorded by the user survey is the same information that is recorded when users visit the website (see above). Your responses submitted during the user survey will not be linked to your personal data such as your IP address.
1.2 Transfer of data for commissioned processing
We will to some extent use specialized service contractors for the processing of your data. We carefully select and regularly monitor these service contractors. They will only process personal data upon our instruction and strictly in accordance with our directives, based on respective data processor agreements.
1.3 Processing of data outside the EU/the EEA
Your data will partly be processed in countries outside the European Union (“EU”) or the European Economic Area (“EEA”). The respective countries may have a lower data protection level than European countries. In such cases, we will ensure that a sufficient level of protection is provided for your data, e.g. by concluding specific agreements with our contractual partners, or we will ask for your explicit consent to such processing.
2. Information regarding your rights
You have the following rights according to applicable data privacy laws:
- right to information about your personal data stored by us;
- right to request the correction, deletion (provided that we are not legally obliged to keep the data) or restricted processing of your personal data;
- right to object to a processing for reasons of our own legitimate interest, public interest or profiling, unless we are able to proof that compelling, warranted reasons overruling your interests, rights and freedom exist, or that such processing is done for purposes of the assertion, exercise or defense of legal claims;
- right to data portability;
- right to file a complaint with a data protection authority.
- You may revoke your consent to the collection, processing and use of your personal data at any time with future effect. For further information please refer to the chapters above describing the processing of data based on your consent.
If you wish to exercise your rights, please address your request to the contact form or to our company data protection officer whose contact detail you will find below.
Do you have any questions regarding our data privacy? Then please let us know! You can either use our contact form or get in touch with our company data protection team at the following address: email@example.com
If, as the data subject, you have any questions regarding our data privacy or if you do not agree with the way Grünenthal or representatives of Grünenthal process your data, please get in touch with Grünenthal’s Global Data Protection officer by using the following email address: firstname.lastname@example.org
You can contact our data protection officer only through this email address. The data protection officer is obliged to keep your identity confidential. In case your identity could be inferred in the course of clarifying a complaint, the data protection officer will point this out to you in advance and, if necessary, ask you to release him from his obligation to secrecy.
Data Protection Supervisory Authority
You may address questions and complaints also to the Data Protection Supervisory Authority:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
4. Amendment of Privacy Statement
We may update our Data Privacy Statement from time to time and we will publish these updates on our website. They become effective upon publication, so we recommend you regularly visit the site to keep yourself informed on possible amendments.
This Data Privacy Statement was last updated on 02 December 2021
If you are a healthcare professional and you would like to learn more about how Grünenthal processes your personal data, please click on this link https://www.grunenthal.com/en/footer-links/privacy-statement-hcp