Last updated: 16 May 2018
Tillotts Pharma AG and its wholly-owned affiliates (“Tillotts”, “Tillotts Group”, or “we”) respects your right to privacy. This privacy notice (“Notice”) explains how we collect, share and use personal data about you, and how you can exercise your privacy rights. We are therefore providing you with this Notice as part of our commitment to processing personal data in line with applicable data protection laws, in particular the EU General Data Protection Regulation (EU Regulation 2016/679) (“GDPR”). If you have any questions or concerns about our use of your personal data, you may contact us using the contact details provided at the bottom of this Notice.
The personal data that we may collect about you broadly falls into the following categories:
We ask you to provide certain information voluntarily. The types of information we ask you to provide, and the reasons why we ask you to provide it, include:
|Types of personal data||Why we collect it|
|Identification and contact details (name, address, telephone number and email address)||To establish and manage our relationship with you
|Financial information (bank account details, payment card)|
|Employment details (employer, job title)|
In addition, you may provide certain personal data when you correspond with us in the ordinary course of business, such as to schedule meetings and calls.
If we ask you to provide any other personal data not described above, we will clarify the reasons why we ask you to provide such personal data at the point we collect it.
From time to time, we may collect personal data about you from publicly available sources, or we receive your personal data from third party sources (including other suppliers, partners and our distributors); these third parties either have your consent or are otherwise legally permitted or required to disclose your personal data to us under applicable data protection laws.
The types of information we collect from third parties include contact details of you, and we use the information we receive from these third parties to manage our relationship and to make relevant arrangements.
We may disclose your personal data to the following categories of recipients:
Our legal basis for collecting and using the personal data described above will depend on the type of personal data and the specific context in which we collect it.
However, we will normally collect personal data from you only (i) where we need the personal data to perform a contract with you, (ii) where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal data from you or may otherwise need the personal data to protect your vital interests or those of another person.
If we collect and use your personal data in reliance on our legitimate interests, this interest will normally be (i) to receive services/products from you, (ii) to collaborate with you, or (iii) to manage our interactions with you.
If you have any concerns about the processing of your personal data based on our legitimate business interests, you have the right to object to such processing. For more information on your corresponding rights, please see the “What are your data protection rights” heading below.
If we collect and use your personal data in reliance on anything other than our legitimate business interests, we will make this clear to you at the relevant time. For example, if we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data).
If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, you may contact us using the contact details provided under the “How to contact us” heading below.
We use appropriate technical and organisational measures to protect your personal data. The measures we use are designed to provide a level of security commensurate with the risks related to the processing your personal data.
Your personal data may be transferred to, and processed in, countries other than the country in which you are a resident. These countries may have data protection laws that are different to the laws of your country of residence.
Our servers are located in Switzerland, a country that that the European Commission has decided provides an adequate level of data protection, and our parent company and some of our third party service providers and partners operate in countries like Japan and the USA. This means that when we collect your personal data, we may process it in any of these countries.
In cases where your personal data is transferred to a country outside the EU/European Economic Area (“EEA”) which is not covered by a decision of the European Commission that the country concerned ensures an adequate level of protection, we will take such measures as are necessary to ensure the transfer is in compliance with the applicable data protection laws, including the GDPR. Such measures may include (without limitation) transferring your personal data to a recipient that has achieved binding corporate rules authorisation in accordance with applicable data protection laws, or to a recipient that has executed standard contractual clauses adopted or approved by the European Commission. In addition, data transfers to recipients in the USA may be protected by an EU-U.S. / Swiss-U.S. Privacy Shield certification.
We retain your personal data for as long as we have an ongoing legitimate business interest to do so (for example, to receive services from you or to comply with applicable legal, tax or accounting requirements).
When we no longer have a legitimate business interest to process or retain your personal data, we will either delete or anonymise it.
You have the following data protection rights:
You may contact Tillotts at any time with a request to exercise your data protection rights, at no cost to you, by e-mail to firstname.lastname@example.org.
You will receive a response to your request in accordance with applicable data protection laws.
We may update this Notice from time to time in response to changing legal, technical or business developments. When we update our Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make.
You can see when this Notice was last updated by checking the “last updated” date displayed at the top of this Notice.
If you have any questions or concerns about our use of your personal data, please contact us using the following details: email@example.com.
 Affiliates include: Tillotts Pharma AB (Sweden), Tillotts Pharma GmbH (Germany), Tillotts Pharma UK Ltd., Tillotts Pharma Limited (Ireland), Tillotts Pharma Spain S.L.U., Tillotts Pharma France S.A.S. Tillotts Pharma Czech s.r.o.