Last updated: August 2022
Data protection and data security are important to Lupin Healthcare (UK) Limited (hereinafter “Lupin” or “the Company”). Therefore, we would like to inform you about the personal data we collect during your visit to our website and about the intended purposes.
As changes to the law or changes to our corporate processes may require an adaptation of this privacy statement, we ask you to read this privacy policy regularly. The privacy policy can be accessed any time under “Privacy Policy”, saved and printed out.
1. Data Controller and Scope
Under the UK General Data Protection Legislation (UK-GDPR), the body that determines how and why your personal data is processed is defined as the “controller”. The controller of your personal data is:
Lupin Healthcare (UK) Limited
The Urban Building, 3-9 Albert Street
Slough, SL1 2BE, United Kingdom
Phone: +44 (0)1565 751 378
E-Mail: information@lupin.com
Website: www.lupinhealthcare.co.uk
2. Data Protection Officer
The (external) Data Protection Officer of Lupin can be contacted at:
Bird & Bird DPO Services SRL
Avenue Louise 235 b 1
1050 Brussels, Belgium
E-Mail: dpo@lupin.com
3. Principles of Processing Personal Data
Personal data are all information relating to an identified or identifiable natural person. This includes information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behaviour. Information from which you cannot be identified e.g. because the information has been anonymised, is not personal data. The processing of personal data (e.g., the collection, retrieval, use, storage or transmission) always requires as legal basis your consent.
Lupin will comply with data protection law. This means that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes that we have explained to you clearly and not used in any way that is incompatible with these purposes;
- Relevant to the purposes we have told you about and limited to those purposes only;
- Accurate and kept up to date;
- Kept only for such time as is necessary for the purposes we have told you about; and
- Kept securely
In case we process your personal data for the provision of certain offers, please find below information about the specific processes, the scope and purpose of data processing, the legal basis for processing and the respective storage period.
4. Data Processing
1) Website
a. Data processing on the website, purpose and legal basis
When you access and use our website, we only collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a log file.
The following personal data is processed to the extent necessary for the provision of a functional website and our contents and services:
- IP address of the requesting computer
- Date and time of access in local time zone
- Country, region, city
- Main language of browser
- Title of the page(s) being viewed
- Pages generation time
- URL of the page that was viewed prior to the current page – i.e. the website from which access is made (referrer URL)
- Files that were clicked and downloaded
- Screen resolution
- The used browser and, if applicable, the operating system and type of device of your computer, the name of your access provider
Legal Basis
Art. 6 (1) (b) UK-GDPR serves as the legal basis for the data processing. The processing of the mentioned data is necessary for the provision of our services as requested and thus serves also the protection of a legitimate interest of our company. Processing your data is helping identify what is working and what is not on our website. Your data will be used only to improve the user experience on our website and help you find the information you are looking for.
b. Web-analytics
This website uses Matomo to collect, measure, analyse and report visitors’ data for purposes of understanding the surfing behaviour of our users and optimising our website. No cookies are placed for this purpose, but only server-log data is facilitated.
The following personal data is processed to the extent necessary for our web-analytics purposes:
- Anonymized IP address of the requesting computer
- Date and time of access in local time zone
- Country, region, city
- Main language of browser
- Title of the page(s) being viewed
- Pages generation time
- URL of the page that was viewed prior to the current page – i.e. the website from which access is made (referrer URL)
- Files that were clicked and downloaded
- Screen resolution
- The used browser and, if applicable, the operating system and type of device of your computer, the name of your access provider
Data collected enables us to analyse the behaviour of the website visitors to identify potential pitfalls, i.e., not found pages, search engine indexing issues, which content are most appropriate, etc.
Legal Basis
Art. 6 (1) (f) UK-GDPR serves as the legal basis for the data processing. The processing of the mentioned data is based on our legitimate interests in the provision of our services and thus serves the protection of a legitimate interest of our company. Processing your data is helping identify what is working and what is not on our website. Your data will be used only to improve the user experience on our website and help you find the information you are looking for.
c. Data Deletion and Storage Time
The data subject’s personal data are deleted or anonymized as soon as the purpose of the storage is fulfilled. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection for the user. Further storage may take place in individual cases if this is required by law.
2) Contact
a. Scope and Purpose of Processing
On our website we offer you the opportunity to get in contact with us. In case you make use of this possibility, the following personal data will be processed:
- e-mail address
- any information which you provide to us as part of your contact request
The purpose of entering your e-mail address is to assign your request and to be able to reply to you. Your personal data will not be forwarded to third parties.
b. Legal Basis
The data processing described above for the purpose of establishing contact is carried out in pursuance of our legitimate interest in engaging with our customers voluntarily in accordance with Art. 6 (1) (f) UK-GDPR
c. Data Deletion and Storage Time
Once your request has been processed and all relevant details have been clarified, your personal data will be deleted. Your personal data will be stored for as long as it is necessary to achieve the specific purposes for which the data was collected and will be retained specified in applicable laws.
The Company holds your personal data only for as long as is necessary for the purposes for which it is processed. This means that the retention periods will vary according to the type of personal data and the reason that we are processing the data. After a retention period has lapsed, the personal data is securely deleted or anonymised, unless it is necessary for the establishment, exercise or defence of legal claims.
5. Recipient of personal data and Third-Party Transfers
We only share your personal information with third parties if:
- you have given your express consent pursuant to Art. 6 (1) (a) UK-GDPR,
- it is legally permissible and necessary for the fulfilment of a contractual relationship with you pursuant to Art. 6 (1) (b) UK-GDPR,
- there is a legal obligation to pass on the data in accordance with Art. 6 (1) (c) UK-GDPR,
- the disclosure pursuant to Art. 6 (1) (f) UK-GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data
In the event of cross-border data transfer, the relevant national requirements for disclosing Personal Data abroad must be met. Data is transferred outside the UK on the basis of data processing agreements, the applicable standard contractual clauses according to the respective data protection requirements and other safeguards such as adequacy decisions where the country of destination has been determined to provide adequate levels of data protection. You can obtain a copy of these safeguards on request to Lupin.
For example, we share your data with Matomo Analytics Cloud (provider: InnoCraft Ltd, 7 Waterloo Quay, PO Box 625, 6140 Wellington, New Zealand). Your data will only be processed by Matomo in the EEA for the purpose stated in section 1. The adequate level of protection in New Zealand has been approved by the European Commission (Art. 45(3) GDPR). Please contact us under the contact information in §1 in order to obtain a copy of such safeguards.
6. Cookies
a. Scope and Purpose of Processing
We use cookies on our website. Cookies are small files which are sent by us to the browser of your terminal device and stored there as part of your visit to our internet pages. Some functions of our website cannot be offered without the use of technically necessary cookies. Other cookies allow us to perform various analyses. Cookies are, for example, able to recognize the browser you are using when you visit our website again and to transmit various information to us. We can use cookies to make our internet offer more user-friendly and effective, for example, by tracking your use of our website and by determining your preferred settings (e.g. country and language settings). In case third parties use cookies to process information, they will collect the information directly from your browser. Cookies do not cause any damage to your device. They cannot run programs or contain viruses.
Various types of cookies are used on our website, the types and functions are explained in more detail below. Our website uses transient cookies, which are automatically deleted when you close your browser. This type of cookie allows us to collect your session ID allowing you to assign different browser requests to a common session and enabling us to recognize your end device during visits to websites in one session.
These cookies are required for technical reasons so that you can visit our website and use the functions we offer. This applies, for example, to the following applications:
- viewed_cookie_policy – Is the primary cookie that records the user consent for the usage of the cookies upon accept and reject. It doesn’t track any personal data and is set only upon user action(accept/reject).
- cookielawinfo-checkbox-necessary/cookielawinfo-checkbox-non-necessary – Records the default button state of the corresponding category. It works only in coordination with the primary cookie.
- Cookie Law Info Consent – Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie. In addition, these cookies contribute to the safe and correct use of the website
b. Legal Basis
Due to the described purposes of use the legal basis for the processing of personal data using cookies lies in Art. 6 (1) (f) UK GDPR. If you have given us your consent to the use of cookies on the basis of a reference (“cookie banner”) given by us on the website, the lawfulness of the use is additionally governed by Art. 6 (1) (a) UK GDPR.
c. Storage Time
As soon as the data transmitted by the cookies is no longer necessary for the purposes described above, this information will be deleted. Further storage may take place in individual cases if this is required by law.
c. Browser Settings
Most browsers are already set to accept cookies by default. However, you can change your browser settings so that it only accepts certain cookies or no cookies at all. However, we would like to point out that you may no longer be able to use all the functions of our website if cookies are disabled by your browser settings on our website.
You can also use your browser settings to delete cookies already stored in your browser. Furthermore, it is possible to set your browser so that it informs you before cookies are stored. Since the different browsers may differ in their respective functions, we ask you to use the respective help menu of your browser for the setting options.
If you would like a comprehensive overview of all third-party access to your Internet browser, we recommend that you install specially developed plug-ins.
7. Hyperlinks
Our website contains hyperlinks to websites of other providers. When you activate these hyperlinks, you will be directed directly to the other providers’ website. You will recognize this when the URL is changed. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
8. Your Rights as a Data Subject
As a data subject, in certain circumstances you may have the following rights. You can:
- Pursuant to Art. 15 UK-GDPR, you can request information about your personal data processed by us. In particular, you may obtain information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the right to lodge a complaint with a supervisory authority, the origin of your data, if not collected from us, about transfer to third countries or international organizations, and the existence of automated decision-making, including profiling and, where applicable, meaningful information about the logic involved.
- Pursuant to Art. 16 UK-GDPR, you can immediately demand the correction of incorrect data, or the completion of your personal data stored with us.
- Pursuant to Art. 17 UK-GDPR, you may request the deletion of your personal data stored by us, provided that the processing is not necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
- Pursuant to Art. 18 UK-GDPR, you can request the restriction of the processing of your personal data if you contest the accuracy of the data, if the processing is unlawful, if we no longer need the data and if you refuse their deletion because you need to establish, exercise or defend legal claims. You are also entitled to the right under Art. 18 GDPR if you have objected to the processing in accordance with Art. 21 UK-GDPR.
-
- Pursuant to Art. 20 UK-GDPR, you may request that the personal data you have provided us with be received in a structured, current and machine-readable format or you may request that it be transmitted to another person responsible.
- Pursuant to Art. 7 (3) UK-GDPR, you can withdraw your consent at any time. Consequently, we are no longer allowed to continue the data processing based on this consent for the future.
- Pursuant to Art. 77 UK-GDPR, you have the right to complain to a supervisory authority. You can contact the supervisory authority of your habitual residence, place of work or our company headquarters.
9. Right to Object
In case the processing of your personal data is based on legitimate interest in accordance with Art. 6 (1) (f) UK GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 UK GDPR insofar as there are reasons which arise from your particular situation or if the objection refers to direct marketing. In the case of direct marketing, you have a general right of objection which will be considered without mentioning any particular situation.
10. Data Security and Security Measures
We are committed to protecting your privacy and treating your personal information confidentially. In order to avoid any manipulation, loss or misuse of your data stored by us, we take extensive technical and organisational security measures that are regularly reviewed and adapted to technological progress. Our security measures are continuously revised in line with technological developments. Our employees are obliged to maintain confidentiality. This includes, among other things, the use of recognized encryption methods (SSL or TLS).
However, we would like to point out that due to the structure of the internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions for which we are not responsible. In particular, unencrypted data – e.g., if this is sent by e-mail – can be read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data provided by him against misuse by encryption or in any other way.
11. Minors
This website, and the information provided on this website, are not designed or intended for use by children 16 years and younger. Lupin also do not knowingly collect, process or store any Personal Data from any users under the age of 16 without the verifiable consent of a parent or guardian prior to collecting, processing or storing information collected either directly or indirectly through the use of this websites. Parents or guardians of minors may have the right to request to view or delete Personal Data provided by the child either directly or indirectly through the use of this website.