Skip to content

Privacy Notice | Ipsen Global Medical Information (GMI)

If you are a resident of the following countries, please click the local link in the table below.

Austria, Germany, Switzerlandhttps://www.ipsen.com/germany/medinfo-datenschutz/
China Mainlandhttps://www.ipsen.cn/privacy.html
UK, Irelandhttps://www.ipsen.com/uk-ireland/privacy-policy/
US  https://www.ipsen.com/us/privacy-policy/
California residents please also see Ipsen’s Supplemental State Privacy Notice 
https://www.ipsen.com/us/Supplement-Website-Privacy-Notice/     

Privacy Notice

This privacy notice applies to processing personal data in relation to medical information requests, safety information and product quality complaints. This notice is for individuals requesting or reporting information on their own behalf or on behalf of others.

We understand that privacy is important to you. We are committed to treating your personal information with care and integrity.

Our privacy notice tells you what personal information we collect and how we collect it. It explains what we use your personal information for, how we process it and how we protect your personal information and keep it safe. This privacy notice explains our general practices.  However, where local laws or regulations require that we process information differently, or refrain from such processing, we will always comply with the applicable local law. 

Ipsen value your privacy. When we say ‘we,’ ‘us’ or ‘our,’ we are referring to Ipsen.

Personal information means any information or piece of information which could identify you either directly (e.g., your name) or indirectly (e.g., a unique identification number).

Who is the controller of your personal information?

Ipsen Pharma SAS (65, quai Georges Gorse, Boulogne-Billancourt – 92100, France) together with your local Ipsen company (together “Ipsen”), are the data controllers of your personal information.

What personal information do we collect about you?

Where the requestor or reporter is a Healthcare Professional (HCP), we will collect and process (as relevant):

  • Basic information- your name, last name (including prefix or title).
  • Contact information – information that enables us to contact you e.g., your personal or business email, mailing address, telephone number.
  • Professional information and experience- information related to your qualifications, areas of expertise, place of practice.

Where the requestor or reporter is a patient or a member of the public, we will process (as relevant)

  • Basic information- your name, last name (including prefix or title).
  • Contact information – information that enables us to contact you e.g., your personal or business email, mailing address, telephone number.
  • Contact details of any HCP who can provide further information.
  • Patient’s identification data (e.g., initials, age, date of birth, gender, weight, height).
  • Patient’s health data: treatments administered, test results, nature of any side effect(s), personal or family history, associated diseases or events, risk factors, information on the method of prescribing and use of the medicines and on the therapeutic conduct of the prescriber or health professionals involved in the management of the disease or side effect (s).
  • Patient’s family situation (e.g., information relating to family history and descent, conception, progress, and outcome of pregnancy).
  • Patient’s habits and behaviours (e.g., addiction, assistance, physical exercise, diet and exercise, dietary behaviour).

Why are we allowed to collect and use your personal information?

The personal data we collect in relation to this privacy notice will be used only for the specific purposes:

  • Enable the prevention, monitoring, evaluation and management of adverse events or safety issues related to our medicines.
  • Meet our legal obligation to report adverse events/safety issues to health authorities.
  • Respond to medical information requests about our medicines.
  • Monitor product quality complaints, product quality and potential of a market recall.
  • In the context of medical information:

The legal basis for processing the personal data collected in the context of medical information is Ipsen legitimate interest to respond to your requests or inquiries.

If you provide us with special category data of patient (e.g., about health) when you submit a medical information inquiry, you undertake to obtain from the individual the consent to process that data.

The condition for processing special category data in the context of medical information is to meet our legal obligations in relation to public health, or, where required, based on the patient’s consent.

  • In the context of pharmacovigilance:

The legal basis for processing the personal data collected in the context of pharmacovigilance is to meet relevant legal obligations and applicable health legislation.

  • In the context of product quality complaints:

The legal basis for processing the personal data collected in the context of product quality complaints is to meet relevant legal obligations and applicable health legislation.

If you provide us personal data of a patient when you make a medical information request, report a side effect/safety issue or product complaint/ quality issue you undertake to provide the link to this Privacy Notice to the individual.

How do we protect your personal information?

To prevent unauthorised access, maintain data accuracy, and ensure the correct use of information, Ipsen and its third-party service providers have put in place appropriate physical, electronic, and organisational procedures to safeguard and secure the information we collect.

With whom do we share your personal information?

We share your personal information on a need-to-know basis and to the extent necessary to follow laws and regulations. We only share your personal information with teams in Ipsen companies who need to see it to do their jobs and fulfil the request made (e.g., to answer a question you have asked the company). This will include service providers who carry out certain activities on our behalf. We will also have to share your personal information with other Ipsen companies to manage our obligations. We will do this only where necessary, and these may include for example:

  • Any entity who may acquire us or part of our business or brands.
  • Suppliers managing side effects reports.
  • Local or Global regulators, courts, governments, and law enforcement authorities.
  • Professional advisors such as auditors.

In what instances do we transfer your personal data outside of your home country?

We work all over the world. Therefore, we may need to transfer your personal information outside of the country in which we collected it from you. The data privacy laws in the countries we transfer it to may not be the same as the laws in your home country. Law enforcement agencies, regulatory agencies, security authorities or courts in the countries we transfer your personal information to may have the right to see your personal information. We implement appropriate measures to protect your personal information when we transfer your personal information outside of your home country such as data transfer agreements that incorporate standard data protection clauses.

Additional information if you are based in the European Economic Area (EEA) or UK

Your personal data may be processed by service providers or companies affiliated with Ipsen in non-UK or non-EU countries which do not ensure an adequate level of protection to personal data. To ensure that your personal data are protected, Ipsen will, where necessary, ensure that the recipient has entered into data transfer agreements which include appropriate standard contractual clauses, or other approved transfer agreements.

How long do we keep your personal information?

We will only retain the personal data, in relation to this privacy notice, for as long as we reasonably need to achieve the purposes described above and as required under applicable laws.

  • In the context of medical information:

In no instance will your data be retained for longer than 25 years unless there is any legal or regulatory provision requiring otherwise.

  • In the context of pharmacovigilance:

70 years after the product is withdrawn in the last country where the product is marketed.

  • In the context of product quality complaints:

Personal data in relation to product quality complaints is kept for a minimum of 5 years.

What are your rights regarding your information?

You may have the following rights regarding your information depending on the circumstances and applicable legislation:

RightWhat does this mean?
1. The right of accessYou have the right to obtain access to the information processed by Ipsen.
2. The right to rectificationYou are entitled to have your information corrected if it is inaccurate or incomplete.
3. The right to erasureThis is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for Ipsen to keep using it. This is not a general right to erasure; there are exceptions.
4. The right to restrict processingYou have rights to ‘block’ or suppress further use of your information in certain circumstances. When processing is restricted, Ipsen can still store your information, but may not use it further.
5. The right to data portabilityYou have rights to obtain and reuse your personal data in a structured, commonly used, and machine-readable format in certain circumstances.
6. The right to objectYou have the right to object to certain types of processing, in certain circumstances.

Contact information.

If you would like to exercise any of these rights, have any questions about this privacy notice, need more information or would like to raise a concern you can contact us as follows:

  • If you are not a patient, please send us a Data Subject rights request by completing this form.
  • If you are a patient, please contact Ipsen Global Data Privacy Team at dataprivacy@ipsen.com, you should be aware that your identity will be revealed to the Data Protection Team.

You have the right to complain to your relevant data protection supervisory authority, if you believe that our processing is not compliant with data protection laws.

Contact details for data protection authorities in the European Economic Area can be found here:

Our Members | European Data Protection Board (europa.eu)