Policy on the privacy of personal data

Last updated: 5/25/2018

Below we provide you with all the necessary information concerning our Privacy Policy in relation to the personal data that we gather.

1. Those responsible for processing your personal data

FAES FARMA, S.A. (A48004360) (herein, “FAES FARMA”)

Avenida Autonomía 10, 48940 Leioa, Bizkaia, España

Contact email: rgpd@faesfarma.com

Likewise, we inform you that this data protection policy will be applied to any of the companies belonging to Grupo Faes. You can consult all of the companies that make up Grupo Faes.

2. Specific personal data that will be collected

The personal data that we will collect and process will be those provided to us where there are data collection forms and the data will be forwarded to us on using any contact sections that may exist. The personal data that we will process will be appropriate, relevant and non-excessive as will be required with the aim of fulfilling the purposes that are listed below.

3. Purposes, legal capacity and preservation of the processing of your personal data

3.1 CLIENT OR POTENTIAL CLIENT DATA

Purpose: to maintain contact and communication with the client, manage the commercial and/or contractual relationship, including post-sales and managing and invoicing requested products and/or services. Likewise, advertising or promotional notifications can be sent to the clients pursuant to article 21 of the Law 34/2002, of 11th July, regarding the computerised and electronic business services.

Legal capacity: The legal foundation that validates us for processing our clients’ personal data is the contractual relationship in each instance.

Preservation: until the end of the contractual relationship, and subsequently, for the legally demanded time periods.

3.2 SHAREHOLDER, ANALYST, INVESTOR AND MEDIA DATA

Purpose: To maintain the contact and communication with shareholders, investors, analysts and the media.

Legal capacity: The consent from the user on requesting data with our contact form and by checking the approval box for the privacy policy.

Preservation: Until consent is revoked by the interested party and they request to terminate the service.

3.3 PHARMACOVIGILANCE

Purpose: Managing the data provided pursuant to the applicable law.

Legal capacity: The legal foundation that validates us for processing users’ personal data concerning pharmacovigilance activity is the compliance by FAES FARMA of the Royal Decree 577/2013, for which human use of medication pharmacovigilance is governed.

Preservation: for the legally demanded time periods.

3.4 SUBSCRIPTION TO OUR WEBSITES

Purpose: Service provision, at the request of the interested party, in every instance, in compliance with the description on each of the websites.

Legal capacity: The consent from the user on requesting the subscription on the website for the provision of the services and by checking the approval box for the privacy policy.

Preservation: Until consent is revoked by the interested party and they request to terminate the service.

3.5 CONTACT FORM

Purpose: Providing them with a means through which they can get in contact with us and answer their requests for information.

Legal capacity: The consent from the user on requesting data with our contact form and by checking the approval box for the privacy policy.

Preservation: Once their request is resolved by way of our form or answered by email, if new processing hasn’t taken place.

3.6 REGISTRATION FORM FOR PARTICIPATING IN THE BLOGS

Purpose: Possibility for the users to actively participate in the different publications on the websites, by posting personal opinions on them.

Legal capacity: The consent from the user on providing us with their personal data and by checking the approval box for the privacy policy.

Preservation: Until consent is revoked by the interested party and they request to remove their personal data.

3.7 SENDING EMAILS

Purpose: Answering the requests for information, dealing with their requests and answering their queries or doubts.

Legal capacity: The consent from the user on requesting information from us by using the email address.

Preservation: Once their request has been answered by email, if new processing hasn’t taken place.

3.8 SENDING CVs

Purpose: Having their CV so that they can participate in our staff recruitment processes.

Legal capacity: The consent from the user on providing us with their personal dataand documentation for our staff recruitment processes and by checking the approval box for the privacy policy.

Preservation: For the progression of the open staff recruitment processes and, subsequently, for one (1) year for future openings.

3.9 SUBSCRIPTION TO OUR NEWSLETTERS

Purpose: Sending advertising and informative notifications regarding any of the Grupo Faes’ products and/or services, even electronically, by email.

Legal capacity: The consent from the user on subscribing to our newsletters and/or business notifications and by checking the approval box of the privacy policy.

Preservation: Until consent is revoked by the interested party and they request to terminate the service.

3.10 COMPETITIONS AND DRAWS

Purpose: Participating in competitions and/or draws organised by Grupo Faes.

Legal capacity: The consent from the user on subscribing to the competitions and/or draws and by checking the approval box of the privacy policy.

Preservation: Whilst these competitions and/or draws are under way.

3.11 WI-FI ACCESS FOR VISITORS

Purpose: Providing the visitors from any of the company facilities that are part of Grupo Faes with access to the internet using their own devices, with it also being a necessary security measure in order to know about the devices connected to the Grupo Faes network.

Legal capacity: The consent from the user to access the wi-fi network and by checking the approval box for the privacy policy.

Preservation: For the time needed the visitors to access the wi-fi network.

3.12 SOCIAL NETWORKS

The companies that are part of Grupo Faes have different profiles on some of the main social networks online, with FAES FARMA being responsible for the personal data that the users may send privately to Grupo Faes companies. The data processing that takes place on the people that follow the official pages that Grupo Faes companies have on the different social networks, and/or are put in contact with by using these official pages, and/or have any link or connection through these social networks, will be governed by this section and by the privacy policies and use of the social network that is processing them in each instance, insofar as that, the processing that FAES FARMA will carry out with the data within each of the websites will be, at most, the one that the social network allows for corporate profiles.

Purpose: Their data will be processed for the purpose of appropriately administrating their presence on social networks, informing about Grupo Faes activities, products or services, as well as any other purpose that social network legislations allow for.

4. Recipients of their personal data

FAES FARMA is committed to not selling, broadcasting or transmitting in any other way, the users’ personal data to third parties, except in the situations indicated in this privacy policy.

Their personal data will be handed over to other businesses belonging to Grupo Faes for internal administrative purposes, including data processing for clients or employees.

Likewise, in order to provide the services offered on our websites, FAES FARMA can share their personal data with the following service providers, who are contractually bound to protect the confidentiality and security of the personal data that they have access to, who will, in turn, have their corresponding privacy conditions:

Equally, FAES FARMA can share the personal data of clients and employees of their clients that may be essential for implementing the contractual relationship of the following companies:

Likewise, the users’ personal data can be consulted by regulatory, police, public or national and international bodies, or transferred to them, either when we are obliged to do so in compliance with the applicable law or when it is requested by them.

By accepting this data protection privacy policy, the users grant express, explicit authorisation to the communication of their data to Grupo Faes companies, understanding that this, on certain occasions, means an international transfer of data to a country that doesn’t belong to the European Union, and giving their explicit consent to this transfer. If we transfer the user personal data to any territory outside of the European Economic Area (constituting the Member States of the European Union, plus Iceland, Liechtenstein and Norway), we guarantee the protection of the users’ personal data by: (i) applying the level of protection required in accordance with the local law in terms of data or privacy protection applicable to FAES FARMA; (ii) acting in accordance with our rules and policies; and (iii) and we inform you that MailChimp certifies the agreement with the EU – US Privacy Shield Framework.

5. Rights to assist the users regarding their personal data

The rights exposed in this section and that assist the users, can be exercised by sending a communication to FAES FARMA to the registered office that is listed in the first section of this personal data privacy policy or to the email address rgpd@faesfarma.com, attaching a copy of their ID card.

The users can revoke their consent at any time. Equally, the users are informed that they can request to exercise the following rights:

In the event of diverging from FAES FARMA in relation to processing their data, we inform you that you can submit your claim before the corresponding data protection authority, with the Spanish Data Protection Agency being the qualified body, www.agpd.es

6. The origin of personal data

The personal data that we process at FAES FARMA come either directly from the interested party where it was them who provided us with it, or from other companies belonging to Grupo Faes.

The categories of the data that is processed are:

Likewise, especially protected personal data is processed such as genetic data and data concerning health, which is duly protected under the appropriate security measures established to that effect.

7. Transactional and technical data

Below, we indicate the transactional and technical data categories that we can gather on the users:

The aforementioned data, as well as the personal data generated by way of cookies (you can consult the Cookies Policy at the following link are gathered under a pseudonym and are subjected to objections to the processing of this personal data, as the Cookies Policy states.

Purpose: We don’t use the personal data indicated in this section to check on individual visitors or identify them, but to obtain practical knowledge on the way in which the users use our websites, which may allow FAES FARMA to improve them for the users.

8. Third-party personal data

With regards the data of other people, we remind you that their privacy must be respected, paying special attention when publishing their personal data. Equally, as a user, only they can consent to processing their personal data, but not that of third parties, with communicating third-party data constituting the release of personal data.

In the event that we are provided with third-party personal data, it’s your exclusive responsibility to gain their prior express consent to use it and inform us of it, making yourselves responsible of informing these third parties about the inclusion of their data on our files.

9. What happens if their personal data isn’t given to us?

Providing personal data is voluntary, so if it isn’t given to us, we can’t deal with it appropriately nor grant the users the services that we offer on our different websites.

10. Updating their personal data

When personal data is voluntarily provided, it guarantees that they are authorised to provide us with this data and that the information is correct, true and up to date. Likewise, in order to keep their personal data up to date, we need to be informed us when there has been a change in it, if not we will not be held responsible for their authenticity.

11. Linked website and third-party applications

On our websites there might be hyperlinks that will take them away from the original sites, allowing them to have access to another website. The linked websites are not under FAES FARMA’s control and they have different privacy policies. The FAES FARMA Privacy Policy only affects the personal data that is acquired from our websites, with the usage that you make of the Grupo Faes software or the Grupo Faes services, or through their relationship with Grupo Faes. FAES FARMA doesn’t accept any responsibility for the third-party websites.

FAES FARMA’s privacy policy applies to the following websites: