SHIONOGI Group Global Privacy Policy

Effective Date: January 1, 2021

SHIONOGI Group companies (hereafter "SHIONOGI" or "we") recognize the importance of personal data and the need to observe applicable laws and regulations governing the protection of personal data, in order to respect human rights and handle personal data in a lawful and appropriate manner. This Global Privacy Policy sets out the key principles that SHIONOGI adheres to when handling personal data. Each SHIONOGI Group company will comply with applicable local laws and regulations when handling personal data. In the event of any conflict between such local laws and regulations and this Global Privacy Policy, the local laws and regulations shall prevail. This Global Privacy Policy is organized in the following sections:

        1.      Collection of Personal Data

        2.      Use of Personal Data  

        3.      Lawful Processing of Personal Data

        4.      Sharing of Personal Data

        5.      Protection and Retention of Personal Data

        6.      Rights of Individuals

        7.      International Transfers of Personal Data

        8.      Contact Information and Links to Local Privacy Policies

        9.      Updates to This Policy

SHIONOGI collects personal data in lawful and appropriate ways, and provides transparent information to individuals as required by applicable law when collecting such information. In this section, we provide a non-exhaustive description of the common types of personal data collected by SHIONOGI, as well as the sources of such data. For more detailed information about the types of personal data we collect and the sources from which it is collected, please refer to our local privacy policies under Section 8, or, where applicable, to the privacy notice provided by SHIONOGI in relation to a particular collection or use of personal data.

1.1.  Type of personal data we collect

SHIONOGI will collect the minimum amount of personal data necessary to fulfil the purpose for which it was collected. This may include the following types of information, depending on the situation:

· Personal attribute information (e.g., name, date of birth, gender)

· Information required for payment (e.g., account information)

· Education, employment information, occupational information, and qualification information (e.g., to evaluate job applicants or for the employee file)

· National ID number or social security number (e.g., to comply with tax requirements or other applicable laws)

· Physical and health information (e.g., medical examinations of employees to ensure fitness for the job, as well as information collected in connection with an individual’s participation in clinical trials)

· Biometric information (as may be necessary to authenticate a person’s identity)

· Photos/videos that can identify individuals (e.g., for promotional purposes)

· Information relating to SHIONOGI shareholders (e.g., number of shares held)

· Personal purchase history

1.2.  Sources of personal data

SHIONOGI may acquire personal data from any of the following sources, depending on the situation:

· Directly from the individual

· Indirectly from the individual (e.g., information on participants in a clinical study)

· Publicly available information (e.g., information made available on the Internet)

· Social media (e.g. Twitter, Facebook, LINE, etc.)

· Survey documents or certain industry database provided by a third party

SHIONOGI uses personal data for a variety of different purposes, depending on the situation.

In this section, we provide a non-exhaustive description of the common categories of individuals whose personal data we collect, as well as the common purposes for which SHIONOGI collects and processes their personal data. For more detailed information about the individuals whose personal data we collect or the purposes for which it is used, please refer to our local privacy policies under Section 8, or, where applicable, to the privacy notice provided by SHIONOGI in relation to a particular collection or use of personal data.

2.1.  Personal data of healthcare professionals such as physicians, dentists, pharmacists, nurses, and clinical laboratory technologists

· To communicate about our products and services, including medical information

· To conduct investigations, studies and research in the fields of medicine and pharmaceutical science

· To collect information about, manage, and report adverse events

2.2.  Personal data of researchers involved in the fields of medicine and pharmaceutical science

· To conduct research and provide relevant information in the fields of medicine and pharmaceutical science

· To obtain marketing approvals

2.3.  Personal data of personnel working for corporations and entities with whom SHIONOGI does business (or is developing a commercial relationship)

· To conduct business, communicate, and share relevant information

2.4.  Personal data of individuals who participate in clinical trials, post-marketing surveillance（PMS), and/or other clinical studies

· To communicate about the trial, study, or PMS

· To conduct scientific research

· To respond to any concerns raised or provide compensation for an injury or side effect suffered (as applicable)

2.5.  Personal data of individuals who contact SHIONOGI

· To respond to questions or inquiries that may arise

· To collect information about, manage, and report adverse events

2.6.  Personal data of SHIONOGI shareholders

· To fulfil obligations stipulated by Corporate Law and enable the exercise of shareholders' rights, as applicable

· To communicate with shareholders in order to facilitate the relationship between shareholders and SHIONOGI

2.7.  Personal data of applicants for employment

· To communicate regarding recruitment selection and results

· To implement pre-employment procedures

2.8.  Personal data of consumers and patients

· To communicate about our products and services

· To analyze information for purposes related to sales, advertising, product marketing, strategic planning, and other related  business  purposes

2.9.  Personal data of patients

· To collect information about, manage, and report adverse events

2.10. Personal data of directors and employees (including retirees) and their families

· To ensure the appropriate implementation of labor management, welfare, and health & safety measures for employees, and  related purposes

· To provide education and training to SHIONOGI personnel

· To communicate with labor unions, mutual aid associations, health insurance associations, subsidiaries and affiliates, and other  parties

· To maintain contact with and answer any inquiries from retirees

With respect to all types of personal data described above, we may use such data to notify and/or respond to requests from government authorities and/or other public institutions to comply with applicable laws.

Applicable laws and regulations may require SHIONOGI to process personal data pursuant to a legal basis. In this section, we describe the common legal bases upon which SHIONOGI relies where this requirement applies. For more detailed information about the legal basis we may rely on to process personal data, please refer to our local privacy policies under Section 8, or, where applicable, to the privacy notice provided by SHIONOGI in relation to a particular collection or use of personal data.

3.1.  Where the individual has consented to the processing of his or her personal data for one or more specified purposes.

＊Subject to limitations under applicable law, such consent may be withdrawn at any time in the manner specified by SHIONOGI at the time of obtaining consent. Withdrawal of consent will not affect the legality of processing based on consent prior to its withdrawal.

3.2.  Where the processing is necessary to fulfill a contract or in order to take steps prior to entering a contract.

3.3.  Where the processing is necessary to comply with legal obligations.

3.4.  Where the processing is necessary to protect a person’s vital interests.

3.5.  Where the processing is necessary for the performance of a task carried out in the public interest.

3.6.  Where the processing is necessary for the purposes of the legitimate interests pursued by SHIONOGI or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the individual whose personal data is processed.

＊Examples of legitimate interests may include:

    · Marketing to customers (direct marketing), without intrusive profiling

    · Customer service

    · Application for recruitment to SHIONOGI

    · General HR management and performance assessment

    · CCTV cameras for security purposes

SHIONOGI may share personal data internally and externally as necessary to fulfill the purposes described in Section 2.  Where applicable law imposes restrictions on sharing personal data, SHIONOGI will take appropriate measures to comply.  In this section, we list the most common categories of recipients with whom we may share personal data.  For more detailed information about the parties with whom we may share personal data, please refer to our local privacy policies under Section 8, or, where applicable, to the privacy notice provided by SHIONOGI in relation to a particular collection or use of personal data.

4.1.  We may share personal data internally with other SHIONOGI personnel.

4.2.  We may share personal data with healthcare professionals and researchers.

＊For example, SHIONOGI participates in a platform operated jointly by several pharmaceutical companies (Clinical Study Data Request, hereinafter referred to as "CSDR") to enable researchers to access clinical trial-related information and clinical trial data, and CSDR grants access to Data Sharing Servers upon request from researchers subject to review and approval by an independent review board composed of third-party experts.  Individual clinical trial data for subjects will be anonymized for disclosure to researchers in compliance with relevant privacy laws and regulations.

4.3.  We may share personal data with business partners and their personnel.

4.4.  We may share personal data with third-party vendors on whom we rely to enable us to provide products, services, and/or to take other actions necessary for the purposes we have described.   

4.5.  We may share personal data with government authorities or other public institutions where required by law; where necessary to obtain approvals (e.g., product marketing approvals), authorizations or certificates’; and/or where necessary to comply with valid demands or requests.

＊For example, SHIONOGI may disclose personal data related to clinical trials in applications for approval of SHIONOGI products, in order to aid scientific progress and public health, support patients, and assist healthcare professionals in making the right decisions in clinical practice.

4.6.  We may share personal data with other third parties as permitted under applicable law

SHIONOGI takes appropriate measures to protect personal data against unauthorized access, loss, destruction, falsification and/or divulgation of the personal data. SHIONOGI will continuously review and take steps to improve its technical and organizational measure to ensure the protection of personal data.

SHIONOGI will retain personal data only for as long as necessary to achieve the purpose for which the data was collected, or otherwise to comply with applicable laws. The applicable retention period will be determined in consideration of the purpose of processing personal data and the nature of personal data, as well as legal and business needs, always in accordance with applicable law.

Under applicable law, individuals may have certain rights with respect to their personal data. If the individuals wish to access, correct, add or delete any personal data in possession of SHIONOGI or otherwise exercise any rights recognized in any country with respect to data of the individuals, the individuals have the right to access, correct, add, or delete such data to the extent reasonable without delay after confirming identity of the individuals. Where applicable, such individuals’ rights may include the right to object to and/or restrict processing, data portability, and not to be subject to automated processing, and SHIONOGI will respond to such requests promptly and in accordance with applicable law. SHIONOGI will take appropriate measures required under applicable law to protect individual’s rights if SHIONOGI performs automated processing of personal data. In certain jurisdictions, individuals also have the right to file a complaint with their local data protection authority.

SHIONOGI may transfer personal data internationally. Where applicable law imposes restrictions on the cross-border transfer of personal data, SHIONOGI will take appropriate measures to comply. For example, for transfers of personal data from a SHIONOGI Group company in Europe to a third country, SHIONOGI may implement Standard Contractual Clauses or another lawful transfer mechanism. For more detailed information about international transfers and how SHIONOGI complies with cross-border transfer restrictions, please refer to our local privacy policies under Section 8, or, where applicable, to the privacy notice provided by SHIONOGI in relation to a particular collection or use of personal data.

If you have any questions or requests in relation to this Privacy Policy, or if you would like to exercise your personal data rights (where applicable), please contact the representative from your local SHIONOGI Group company using the contact information below:

・Japan

    Email: madoguchi_privacy@shionogi.co.jp

    Address: Attn: Privacy Inquiry, 1-8, Doshomachi 3-Chome, Chuo-ku, Osaka 541-0045, Japan

・US

    Email: data.privacy@shionogi.com

    Address: Attn: Privacy Inquiry, 300 Campus Drive Florham Park, NJ 07932, USA

・Europe

    Email: dataprotectionlead@shionogi.eu

    Address: Attn: Data Protection Lead, 33 Kingsway, London, WC2B 6UF, United Kingdom

In addition to this Global Privacy Policy, we maintain separate privacy policies and notices for each SHIONOGI Group company. You can access the primary privacy policies for each country through the following links:

･ Shionogi & Co., Ltd.: https://www.shionogi.com/jp/ja/personal-info.html

･ Shionogi, Inc.: https://www.shionogi.com/us/en/privacy-policy.html

･ Shionogi B.V.: https://www.shionogi.com/eu/en/privacy-policy.html

SHIONOGI may update this Policy from time to time. Any substantial or material changes will be communicated on this website, so we encourage you to periodically review this Policy to ensure you have the latest information.