Data Protection Statement for Data Subject Request

We collect and use your data to validate, handle and respond to your request, and to fulfill our accountability requirements arising from the General Data Protection Regulation or other data protection legislations.

We collect and use your personal data in the following situation:

Information you provide to us

We collect and use the data you provide to us. The exact amount and kind of data depends on what information you include in your request and what type of request you submit. Such data includes:

• First and last name
• Gender
• Contact and address information (including address, e-mail address, phone number, fax number)
• Country of residence
• Information on your relationship with Fresenius Kabi and its entities
• Your request
• Data needed to identify yourself

We process your personal data on the following legal basis:

• The processing of your personal data is necessary for us in order to comply with a legal obligation, we are subject to (Art. 6.1 c GDPR, Art. 31.1 FADP). We are legally obliged to respond to your request and to process your personal data accordingly (Art. 15.3, 25, 28, FAD). Processing your personal data enables us to handle your request and satisfy your rights (Art. 32 FADP). 
• The processing might be necessary for purposes of the legitimate (overriding) interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (Art. 6.1 f GDPR, Art. 31.2 FADP). More specifically, these legitimate interests are the establishment, exercise or defense of legal claims
• The processing is necessary for the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity (Art. 9.2 f GDPR, Art. 31.1 FADP)

We collaborate with other organizations to reach our purposes. Therefore, we may send your personal data in parts or as a whole to other organizations.

Such recipients are:

• Other Fresenius Group companies if such a transfer of personal data is required for the specific purpose (please refer to the overview of the locations in which Fresenius Kabi Group companies are active). The scope of such transfer largely depends on the scope of your request, in particular, which entities you interacted with. For example, if you are a customer of a particular Fresenius Kabi entity, we will forward your request to this entity, in order to process the necessary information to respond to it
• Service providers which process personal data on our behalf (e.g. for hosting or maintenance services) and have to follow our instructions on such processing; these service providers will not be allowed to use your personal data for other than our purposes
• Authorities, courts, parties in a litigation (domestic or foreign) in case we are required to do so to meet any applicable laws, regulations, legal processes or enforceable governmental requests (Art. 17.1 (c), Art. 31.1 FADP)
• Professional advisors or auditors, such as tax advisors, financial auditors, lawyers, insurers, banks and other external professional advisors in the countries in which we operate

International Data Transfers

We may send your personal data in parts or as a whole to Fresenius Group recipients, our service providers or other international organizations in countries, which are neither member states of the European Union nor Switzerland, for the purposes listed above. Please refer to the overview of the locations in which Fresenius Kabi Group companies are active.

We may send data to the following countries for which the European Commission/Swiss Federal Data Protection and Information Commissioner (FDPIC) has determined an adequate level of data protection to be in place that matches the level of data protection within the European Union/Switzerland in which Fresenius entities have been established: Argentina, Canada, Japan, New Zealand, Switzerland, United Kingdom or Uruguay

With regards to such international data transfers to third countries, for which the European Commission/FDPIC has not decided that an adequate level of data protection exists, we have provided appropriate safeguards in order to secure your personal data to a degree that equals the level of data protection in the European Union.

Safeguards used are:

• For the exchange of data within our company: our Binding Corporate Rules for Controllers 
• For the exchange of data with our service providers and other international organizations: Standard Contractual Clauses that have been issued by the European Commission and recognized by FDPIC

You can obtain a copy of these Standard Contractual Clauses and our Binding Corporate Rules online, or upon request.

We store your personal data until we have responded to your request. Afterwards, the respective personal data shall be blocked (i.e. we block your data for all other purposes) until the end of the respective statute of limitation for corresponding legal claims. After the end of this status of limitation (after four years), your data will be erased entirely.

If longer retention periods apply after the time periods listed above (e.g., because we are obliged to store the data for tax purposes or civil or criminal proceedings where initiated) our aim also includes that the data will be blocked until the end of the respective retention period and then erased.

Depending on the situation you have certain rights regarding your personal data. You have the right to:

• Request access to your personal data
• Request rectification of your personal data
• Request erasure of your personal data
• Request the restriction of processing of your personal data
• Data portability
• Object on grounds specific to your situation

You can exercise these rights online by using the data protection contact form.

You also have the right to lodge a complaint with our data protection officer or the supervisory authority.

Data Protection Officer:

Fresenius Kabi AG
Data Protection Officer
Else-Kröner-Straße 1
61352 Bad Homburg
Germany
E-mail: dataprotectionofficer@fresenius-kabi.com

Data Protection Authority:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Presse- und Öffentlichkeitsarbeit
Gustav-Stresemann-Ring 1
65189 Wiesbaden

Data Protection Authority in Switzerland:

Préposé fédéral à la protection des données et à la transparence (PFPDT)
Feldeggweg 1
CH - 3003 Berne

Requirements to provide personal data

If you do not provide all necessary personal data, we may not be able to respond to or properly process your request.

Changes to this data protection statement

As our collection and use of your data may change over time, we may also modify this data protection statement to always correctly reflect our data processing practices. We encourage you to review it from time to time.

The controller and responsible entity for processing of personal data is:

Fresenius Kabi SwissBioSim GmbH
Terre Bonne Business Park
Route de Crassier 23 – Bâtiment A3
CH – 1262 Eysins
Contact: LDPA.swissbiosim@fresenius-kabi.com

jointly with 

Fresenius Kabi AG

Else-Kröner-Straße 1
61352 Bad Homburg
Germany

E-Mail: dataprotectionofficer@fresenius-kabi.com

The representative of Fresenius Kabi SwissBioSim GmbH in the European Union:
Fresenius Kabi Deutschland GmbH
Else-Kröner-Straße 1
61352 Bad Homburg
Germany
Contact

The representative of Fresenius Kabi AG in Switzerland for purposes of handling data subjects' requests addressed to Fresenius Kabi SwissBioSim GmbH is Fresenius Kabi SwissBioSim GmbH.