Data Privacy Policy Teva Germany

When you contact the Teva Group in Germany (with the companies Teva GmbH, ratiopharm GmbH, AbZ-Pharma GmbH, Merckle GmbH, Teva Biotech GmbH, Transpharm Logistik GmbH), hereinafter „Teva“, Teva collects and processes your personal data in the manner described here and is the controller in this context within the meaning of Art. 4 GDPR.
 
You can always find the current version of our privacy policy at www.teva.de/allgemeine-datenschutzrichtlinie. We update this policy from time to time.
 

1. General

In this privacy policy, we would like to inform you about how we process your personal data (Art. 4 No. 2 GDPR) and what rights you have in this context. Personal data is any information relating to you, i.e. any information relating to an identified or identifiable natural person and which is an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes, for example, information such as your name, address, postal address, telephone number or online identifiers such as IP addresses or device ID. It is sufficient if the information theoretically enables the identification of the data subject, so it does not matter whether the person actually is identified.

2. Categories of personal data

Depending on the nature of your relationship with Teva, we process different categories of personal data from you, as we explain in more detail below.

We may process personal data that we have permissibly collected from publicly accessible sources (e.g. telephone book, trade and association registers, press, internet). Where applicable to you, we process the following personal data: Name, private and business contact data, profession, function, department, marital status, lifelong doctor number, information about your pharmacy (information about and photographs of your sales shelves for business retail intelligence purposes, operating licence or equivalent proof), date of birth, gender, professional group, field of activity, visiting data and similar data. In addition, we may process your data in connection with a contract, such as your bank details, method of payment or product data.

In addition, we process personal data about you that we have received from affiliated companies or from third parties in a permissible manner (e.g. for the performance of contracts or on the basis of consent given by you).

3. Legal basis and processing purposes

3.1. Fulfilment of contractual obligations (Article 6 (1) (b) GDPR)

Personal data is processed to provide our services under contracts with you, in particular to fulfil our (payment-) obligations to you, and to perform our contracts or pre-contractual measures (e.g. in the context of drug delivery, studies, events, participation in third-party events or similar).

3.2. Protection of legitimate interests (Article 6 (1) (f) GDPR)

Where necessary, we process your data to protect our legitimate interests or those of third parties, such as

  • Review and optimization of procedures for analysis and direct customer approach
  • Advertising or marketing and opinion research, as long as you have not objected to the use of your data
  • Assertion of legal claims and defense in legal disputes
  • IT security and IT operations
  • Analysis and evaluation of the effective prescription/prescribing of certain medicines by doctors by means of comparison of corresponding databases (by using commissioned service providers), whereby the processing of the evaluation results is based only on anonymous data (aggregated data)
  • (Marketing) measures for business management and further development of services and products
  • Generating business insights (optimising and professionalising the business driver of brand and product visibility) and processing information for business (sales) intelligence purposes
  • Evaluation of business related information for the assessment of needs orientation and focus of interest of target groups (e.g. in relation to medical practice and sales) by our sales representatives in order to support target oriented interaction. The result of the evaluation thereby does not contain detailed information but only a rough categorization of needs in one of three categories
  • Analysis of sales management, customer segmentation, campaigns, market shares, product sales and profitability of specific products/medicines by customers, demographics and other

3.3. Your consent (Article 6(1) (a) GDPR)

Insofar as you have given us consent to process personal data for certain purposes (e.g. side effect reports, evaluation of payment transaction data for marketing purposes, advertising), this processing is lawful on the basis of your consent. Consent given can be revoked at any time. This also applies to the revocation of declarations of consent given to us prior to the application of the GDPR.

E-mail marketing (based on your consent)

Subscribing to a newsletter or other email services requires your consent to receive emails from Teva. Your consent can be given electronically, for example on a tablet, or in writing. After you have provided your e-mail address, we will send you a confirmation email to the e-mail address you have provided, in which you must confirm that you wish to receive information or a newsletter (so-called double opt-in procedure). If we do not receive such confirmation, we will send you a reminder by e-mail if necessary. In case of complete lack of confirmation your registration will usually be deleted within 10 working days at the latest. Teva stores your IP addresses and the times of registration via websites and confirmation to prevent misuse of your personal data and to document the consent you have given.

In the context of a newsletter or other email service, we process your personal data to send emails, as well as to measure and analyse whether you open our communications and how you interact with the content, to determine click-through rates and to improve the content of our newsletters and marketing communications.

You can cancel an e-mail subscription at any time. For this purpose, an unsubscribe link is provided in every newsletter. If you do not find a link, please use the e-mail address below.

Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.

3.4. Legal requirements (Art. 6 (1) (c) GDPR)

Teva is subject to various legal requirements from e.g. the Drug Law, the Social Security Codes or tax laws as well as regulatory requirements (e.g. from the Regierungspräsidium Tübingen and the Federal Institute for Drugs and Medical Devices (BfArM)), which require the processing of personal data. Legal requirements include, among other things, documentation of the delivery route for drugs, ongoing monitoring of drug safety (pharmacovigilance) and support for doctors and pharmacies in prescribing and dispensing drugs in accordance with the indications.

4. Digital communication

On our websites or in Teva applications, we process your personal data when you provide it to us yourself or when you use one of our services. You can find more information about this and about digital communications in general at www.teva.de/datenschutz.

5. Data security

Teva takes technical and operational measures to protect your personal data from accidental loss and unauthorized access, use, modification or disclosure. Data is forwarded securely using encryption and stored on secure data servers. In addition, we provide for further information security measures, which include access control, mandatory physical security and qualified information collection, storage and processing.

6. Profiling

We do not make automated decisions. If we evaluate user behavior, this does not have any legal effect for you, but is done only for the purpose of an individual approach and in order to find offers suitable for you. 

7. Storage

Your personal data will be deleted if there are no legal obligations to retain it and if you have made a claim for deletion, if the data is no longer required to fulfil the purpose for which it was stored or if its storage is not permitted for other legal reasons.

If necessary, we process and store your personal data for the duration of our relationship with you, which also includes, for example, the initiation and execution of a contract or the organization of events. In addition, we are subject to various storage and documentation obligations, which result from the German Commercial Code (HGB), the German Fiscal Code (AO) and the German Medicines Act (AMG), among others. The periods specified there for storage and documentation are two to ten years. Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are usually three years, but in certain cases can be up to thirty years.

8. Transfer of your data

We do not sell your data to third parties and transfer them to third parties for their own commercial purposes. We may transfer your personal data to service providers working for Teva who are contractually obliged to comply with data protection regulations (e.g. IT provider, shipping companies, advertising service providers, login service providers, banks, insurance agencies, debt collection agencies, credit agencies or address checkers). We may also transfer them to other companies in our group, only to the extent that this is permissible according to data privacy law and necessary for the purposes mentioned above.

Should we be requested by an authority to disclose your data, we will only do so to the extent that we are legally obliged to do so and only to the extent that is required for this purpose.

9. Transfer of data to third countries

If we process personal data outside the European Union (EU) or the European Economic Area (EEA), i.e. in a so-called third country or if we transfer or disclose the data to other persons, bodies, organisations or companies in a third country, this will only be done in accordance with the legal requirements. Subject to explicit consent or contractually or legally required transfer, we only process data in third countries with an appropriate level of data protection, contractual obligation through EU standard contractual clauses of the EU Commission (ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en), in the presence of certifications or binding internal data protection regulations (ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/binding-corporate-rules-bcr_en) (Art. 44 - 49 GDPR). Details can be found at the following link: ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en, a site of the EU Commission. For further information or a copy of the implemented measures you can contact datenschutz@teva.de.

10. Right to access, rectification, objection, erasure

You have the following rights under the respective legal conditions (data subject rights):

  • Right of access (Art. 15 GDPR),
  • Right to rectification (Art. 16 GDPR),
  • Right to erasure (Art. 17 GDPR),
  • Right to restriction of processing (Art.18 GDPR),
  • Right to data portability (Art. 20 GDPR),
  • Right to revoke consent (Art. 7 (3) GDPR), as well as
  • Right to object to certain data processing measures (Art.21 GDPR).

You may object to the processing of your personal data in certain circumstances (in particular where we do not process the data to comply with contractual or other legal requirements, or in case of direct marketing) under Article 21 GDPR. You can object to the processing of your data for advertising purposes, including direct advertising (also in the form of data analyses) at any time without giving reasons.

If you have concerns about the way we handle your personal data, you have the right to complain to a data protection authority at your usual place of residence, workplace or the place of the alleged breach (Art. 77 GDPR).

Where the processing of your personal data requires consent from you, you also have the right to withdraw that consent without affecting the lawfulness of our processing based on your consent prior to its withdrawal.

For any objection a special form is not required, you can contact us by e-mail or use our contact form on the internet.

Please use the following address to contact us in writing:

Teva GmbH, Datenschutz, Graf-Arco-Straße 3, 89079 Ulm

If you have any further questions regarding the processing of your personal data or the exercise of your rights, please contact: E-Mail: datenschutz@teva.de.

Our data protection officer can be reached at the following contact details:

Bird & Bird International LLP, 12 New Fetter Lane, London, EC4A 1JP, United Kingdom E-Mail: dataprotectionofficer.teva@twobirds.com

11. The Teva Group comprises the companies

ratiopharm GmbH
Graf-Arco-Str. 3
89079 Ulm
www.ratiopharm.de

AbZ-Pharma GmbH
Graf-Arco-Straße 3
89079 Ulm
www.abz.de

Teva GmbH
Graf-Arco-Str. 3
89079 Ulm
www.teva.de

Transpharm Logistik GmbH 
Nicolaus-Otto-Straße 16  
89079 Ulm
www.transpharm.de

Merckle GmbH
Ludwig-Merckle-Str. 3
89143 Blaubeuren

Teva Biotech GmbH
Dornierstr. 10
89079 Ulm