Privacy Policy
Last updated: August 2024
Introduction
Lupin Neurosciences, a Specialty Pharma Division of Lupin Atlantis Holdings SA (“Lupin,” “we,” or “us”), is pleased that you are visiting our website. We are committed to improving the lives of patients affected by underserved neurological disorders. Data protection and data security are very important to us.
This Privacy Notice (or “Notice”) communicates to you how Lupin will make use of information that identifies or can reasonably be used to identify you (“personal data”) when you visit this website and describes your data protection rights, including the right to object to some of the processing Lupin carries out. More information about your rights and how to exercise them is set out in the “Your choices and rights” section.
Data Controller
The body that determines how and why your personal data is processed is defined as the “Controller.” The Controller of your personal data is:
Lupin Atlantis Holdings SA
Landis + Gyr Str. 1
CH – 6300 Zug, Switzerland
Phone: +41 (0)52 633 70 00
E-Mail: customerserviceLEG@lupin.com
You can contact us at the details above if you have questions about this notice or wish to contact us for any reason in relation to personal data processing.
Compliance with applicable laws
When using your personal data, Lupin as Controller will always comply with relevant data privacy and data protection laws, including regulatory and national law requirements that may apply, and where applicable, giving you the specific rights that apply in the country where you reside (altogether “Applicable Data Protection Law”).
Data Protection requirements
Lupin will comply with data protection law. This means that the personal data we hold about you must be:
- Used lawfully, fairly, and in a transparent way;
- Collected only for valid purposes that we have explained to you clearly and not used in any way that is incompatible with these purposes;
- Relevant to the purposes we have told you about and limited to those purposes only;
- Accurate and kept up to date;
- Kept only for such time as is necessary for the purposes we have told you about; and
- Kept securely.
Data Processing
Device Information
When you access and use our website, we collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a log file. The following personal data is processed to the extent necessary for the provision of a functional website and our contents and services (“Device Information”):
- IP address
- Main language of browser
- Date and time of access in local time zone
- Country, region, city
- Title of the page(s) being viewed
- Page generation time
- URL of the page that was viewed prior to the current page (i.e., the “referrer URL”)
- Files that were clicked and downloaded
- Screen resolution
- Type of browser, browser version, device type, and operating system
- Network type (e.g., WiFi, broadband, or mobile)
- The name of your internet access provider
Personal data we collect from you
We collect your personal data, including Device Information, from you and process it for the following purposes and based on the following legal bases under GDPR (where applicable):
Category of personal data | Purpose for processing | Legal basis |
---|---|---|
Device Information (IP address) and your language preference (if selected using the dropdown on the Site) | To tailor the language of the Site to suit your location/preference. | Our legitimate interest in ensuring your user experience is optimized to your needs. |
Device Information | We may be required by applicable law to disclose the Device Information in our server logs to law enforcement bodies or regulators. | Legal obligation |
Device Information | To the extent necessary for the provision of a secure and functional website. | Necessary for our performance of a contract with you (our terms of use for provision of the website). |
Contact information (such as your name and e-mail address) | Such information you provide to us in an email or via telephone conversation (e.g., information about your (medical) inquiry and, if applicable, your health data). | Our legitimate interest in being able to respond to your query, the necessity for our performance of a contract with you, as well as our legal obligations. |
Pharmacovigilance / Reporting of adverse effects
Please note that the Lupin group has designated Hormosan Pharma GmbH / Lupin Europe GmbH as representatives for pharmacovigilance activities in the European Union. This means these entities are responsible for the processing of data in connection with such activities (including but not limited to the reporting of adverse effects). For further information, please see the Hormosan Pharma Privacy Statement.
Your NDM Story
On our website, we offer you the opportunity to share your NDM Story with us. If you make use of this possibility, your personal information will be sent to Lupin by end-to-end encryption and stored on a secure server hosted by Hostpoint Switzerland. Any media files will be scanned for viruses. Your personal data as part of your story will be used to raise disease awareness only. The following personal data will be processed:
- Contact details and e-mail address
- Information you provide as part of your story (e.g., uploaded media, statement, photo, video, etc.)
This data processing for the purpose of establishing contact is carried out based on your consent in accordance with Art. 6 (1) (a) GDPR and Art. 9 (2) (a). You have the right to withdraw your consent at any time. If you withdraw your consent, this will not affect the lawfulness of processing based on consent before its withdrawal.
Retention
We retain your personal data for no longer than is necessary for the purposes for which it is processed. More specifically:
- In general, we apply a retention period of no more than six months.
- Where we collect your personal data to tailor the language of the Site to suit your location or preference, it is retained for no longer than your browser session.
- Further storage may occur in individual cases if required by applicable law.
Data sharing
We share your personal data with the following categories of recipients:
- Our hosting provider (our website is hosted by a third-party provider on servers located in the UK).
- In some scenarios, we may be required to share your personal data with law enforcement agencies or regulators in accordance with applicable law.
- In the event that our business is sold or integrated with another business, your details will be passed to the new owners to continue operating the Site.
International Transfers
The Site is hosted on secure servers in the UK.
Your Choices & Rights as a Data Subject
If you are based in Switzerland, the UK, or the EU, you have at least the following rights:
Right | Summary |
---|---|
The right of access | Enables you to receive a copy of your personal data. |
The right to rectification | Enables you to correct any inaccurate or incomplete personal data we hold about you. |
The right to erasure | Enables you to ask us to delete your personal data in certain circumstances. |
The right to restrict processing | Enables you to ask us to halt the processing of your personal data in certain circumstances. |
The right to object | Enables you to object to us processing your personal data on the basis of our legitimate interests (or those of a third party). Your objection will be upheld unless the processing is based on compelling legitimate grounds or is needed for legal claims. |
The right to data portability | Enables you to request us to transmit personal data that you provided to us to a third party, or give you a copy of it, where technically feasible. |
These rights may be limited if fulfilling your request would reveal personal data about another person or if you ask us to delete information we are required by law to retain. If you wish to exercise any of these rights, please email us at customerserviceLEG@lupin.com.
Data Security and Security Measures
We are committed to protecting your privacy and treating your personal information confidentially. We take extensive technical and organizational security measures to prevent manipulation, loss, or misuse of your data. Our security measures are regularly reviewed and adapted to technological progress.
Minors
This website is not intended for use by children aged 16 years and younger. Lupin does not knowingly collect personal data from any users under 16 without verifiable parental consent. Parents or guardians may request to view or delete personal data provided by the child.
Contact Information
For questions about this notice or data processing, please contact us:
Bird & Bird DPO Services SRL
Avenue Louise 235 b1, 1050 Brussels, Belgium
Email: dpo@lupin.com
If you have any concerns, you may complain to a data protection authority in your country of residence.
Update to this privacy notice
Changes to laws or corporate processes may require an update to this Privacy Notice. We recommend reviewing it regularly. The most current version can always be accessed on this website.
td{border:1px solid #000; padding:1em;}