OGEDA SA Vendor and Customer Privacy Notice
Ogeda SA (hereinafter “Ogeda”) collects data concerning former, existing and prospective vendors and customers (“Partners”), including limited personal data about the employees of such Partners (“Partner Employees”) at the beginning and throughout the course of its vendor/customer relationships. As the controller of Partner Employees’ personal data, Ogeda will be responsible for what happens to those data.
2. The categories of data we process
The personal data we process concerning Partner Employees include: (i) professional contact information (e.g., name, postal address, email address, fax number and phone number); (ii) professional information (e.g., profession and title, place of work, and relationship to our Partner); (iii) electronic identification data (e.g., username and password); (iv) personal mobile phone number.
In some very limited cases, it may be a contractual requirement for us to collect such personal data from Partner Employees (for example, because the Partner Employee is a designated “point of contact”). If this information is not collected, this could result in a breach of contract by Ogeda or the Partner.
Note that Partner Employees’ passwords cannot be viewed by Ogeda as they are encrypted. We are able, however, to process passwords in a limited way – for example by resetting passwords which have been forgotten, or which have been compromised.
3. The legal bases we rely on to process data
We only process Partner Employees’ personal data to the extent it is necessary (i) to comply with Ogeda’s legal obligations; or (ii) for the purpose of our legitimate interests, including preventing fraud, ensuring compliance with company policies, and protecting the rights, property and safety of Ogeda or others. Partner Employees can obtain further information on our legitimate interests, and how we have balanced them against Partner Employees’ rights and freedoms, by contacting us using the details below.
4. What we use data for
In particular, we process the personal data of Partner Employees to: (i) manage our contractual relationship with Partners and exercise our rights under the contract and enforce contractual terms and conditions; (ii) communicate with Partners; (iii) protect against and prevent fraud, unauthorized transactions, claims and other liabilities; and (iv) comply with applicable legal requirements, industry standards and our policies (e.g., including anti-corruption/anti-bribery legislation).
5. Who we share data with
Ogeda may share personal data of Partner Employees with: (i) other entities within the Ogeda group (see Schedule 1); (ii) third-party vendors who process personal data on behalf of Ogeda or Ogeda group entities (See Schedule 2); and (iii) government authorities or other third parties if required by law or reasonably necessary to protect the rights, property and safety of Ogeda and others.
Some of the data recipients are established in countries outside of the European Economic Area (“EEA”), such as the U.S. and Japan, where applicable laws may provide a different level of privacy and data protection compared to the laws in your home country. If Ogeda transfers your personal data to recipients outside of the EEA, it will protect the data in accordance with applicable law. If the personal data are transferred to countries that have not been recognized by the European Commission as providing an adequate level of data protection, Ogeda will put in place contractual safeguards to protect the data. For more information about the safeguards that have been put in place to protect personal data when transferred outside the EEA (including how to obtain a copy or consult these safeguards) Partner Employees may contact Ogeda using the contact details provided below.
6. How long we keep data for
Ogeda stores personal data relating to Partner Employees for as long as the Partners are in a contractual relationship with Ogeda, and for a minimum period of 10 years after that relationship has ended.
7. Data Protection Rights
Partner Employees have a number of data protection rights available to them, which apply in certain circumstances. One key right is the right to object to us using their data, where we are processing the data for the purposes of our own legitimate interests.
The other rights are the right to access to the personal data we process about them, the right to have incorrect personal data corrected, to have data erased where it should no longer be used, and the right to restrict our processing activity to storage of the personal data. Partner Employees have the right to ask us to transfer their personal data to them or to another business (data portability).
To exercise these rights, a written request should be sent to us, using our contact details set out below.
8. Comments, inquiries, requests and complaints
We encourage Partner Employees to contact us first if they have concerns about how Ogeda has handled their data. However, Partner Employees have the right to lodge a complaint about Ogeda’s processing of their personal data with a supervisory authority, in particular in the EU Member State of their residence, place of work or of an alleged infringement of data protection law.
• Astellas Pharma Global Development, Inc (USA)
• Astellas Pharma Europe B.V (The Netherlands)