WEBSITE PRIVACY POLICIESLast updated: 16 September 2024
This Privacy Policy outlines the Zuellig Pharma group of companies’ (hereinafter referred to as “we”, “us”, “our” or “Zuellig Pharma”) general practices in relation to the collection, use, disclosure (hereinafter referred to as “processing”) and protection of the personal data you provide through this website (hereinafter referred to as the “Platform”), or when you communicate with us and/or our authorised agents through various media and communication channels. This Privacy Policy also explains your rights and the choices available to you regarding the use of, your access to, and how to update and correct your personal data.
In this Privacy Policy, “personal data” generally refers to any information that can be used, directly or indirectly (e.g. in combination with other types of data that we may have access to), to identify an individual (i.e. the “data subject” ). Local data protection laws may have differing definitions of this, and to the extent that our definition used here conflicts with the law, the definition defined by the law will apply.
Processing of Personal Data
In the course of your dealings with us, we may process personal data about you or any other person for the purposes stated in this Privacy Policy. This may occur when you voluntarily provide such personal data to us, or, where necessary, we receive such personal data from third parties.
In your interaction with us or by your usage of the Platform, we may process the following categories of personal data, including, but not limited to:• personal contact information, which includes your name, mailing address, email address, social network details, or phone number;
• account login information, which includes your account login ID/email address, screen name, password in unrecoverable form, and/or security question and answer;
• business contact information, which includes your occupation, designation and employer information;
• demographic information and interest, which includes your date of birth, age, gender, geographic location, favourite products and services, shopping information, and household or lifestyle information;
• technical data, which includes internet protocol (IP) address, operating system type, web browser type and version, your device information, and information collected through the use of cookies;
• usage data, which includes information about how you use our websites, applications, products and services;
• marketing and communications data, which includes your preferences for receiving marketing materials from us and our third parties and your communication preferences;
• geolocation data;
• your conversations with us (be it via chat or in person phone calls), when you interact with us via our communication channels; and
• other information permitted by applicable laws or as notified to you at the point of transacting with us.
As the accuracy of your personal data depends largely on the information you provide to us, kindly inform us as soon as practicable if there are any errors in your personal data or if there have been changes to your personal data.
If you provide us personal data about other individuals for any particular purpose, you represent and warrant to us that they have appointed you to act on their behalf and have agreed that you can:
• give consent on their behalf to the processing of their personal data;
• receive on their behalf any data protection notices; and
• warrant that you have obtained their consent for us to store their personal data, or have the right to allow us to process their personal data.
Generally, as our Platform is not targeted at minors, we do not consent to receiving any personal data relating to minors. In the event that specific services provided by us require the collection and processing of minors’ personal data, we will require the parent or legal guardian of such minor(s) to consent to our processing of their minor(s)’ personal data.
Lawful Basis and Purpose of Processing Personal Data
We typically rely on at least one of these lawful bases to do so:
• where we have your consent for the disclosed purposes;
• where the processing is necessary and related to the fulfilment of a contract with you or in order to take steps at your request prior to entering into a contract;
• where the processing is necessary for compliance with a legal obligation to which we are subject;
• where the processing is necessary to protect your vitally important interests, including life and health;
• where the processing is necessary in order to respond to a national emergency, or to comply with the requirements of public order and safety; or
• where the processing is necessary for the purposes of the legitimate interests pursued by us, a third party or parties to whom the data is disclosed, except where such interests are overridden by your fundamental rights and freedoms which require protection under local laws.
We generally rely on consent to process personal data. In addition, the table below summarises some of the common purposes for which we may process personal data and our legal basis for doing so:
| Purpose | Legal basis |
|---|---|
| • To create and administer your account (where applicable) • To enable you to access or use the Platform • To provide you with our products and services • To provide you with discounts, bonuses, rebates and the like for your orders and purchases • To provide support for our products and services • To contact and communicate with you, including to respond to your requests, enquiries, and to provide you with status updates • To communicate information, notices, and updates • To fulfil any other request(s) that you may have submitted to us |
Where necessary to perform our contract with you Where required to comply with a legal obligation Where it is in our legitimate interests to ensure that services requested of us are effectively and appropriately delivered |
| • To deal with any product safety issue or product complaint, and to contact and communicate with you in relation to the same • To undertake remediation activities • To resolve disputes or to investigate any complaints you made or made against you |
Where required to comply with a legal obligation Where it is in our legitimate interests to ensure that complaints are investigated and appropriately resolved |
|
• To do adverse event and safety reporting in respect of any product or service • To improve patient care and safety in relation to the use of medicines and all medical and paramedical interventions • To improve public health and safety in relation to the use of medicines • To detect problems related to the use of medicines and communicate the findings in a timely manner • To encourage safe, rational and more effective use of medicines • To promote understanding, education and clinical training in pharmacovigilance and effective communication to the public |
Where required to comply with a legal obligation Where it is in our legitimate interests to: (a) ensure that pharmacovigilance is done; and/or (b) promote public health and safety |
|
• To conduct due diligence on the third parties we transact with, such as vendors and business partners •For internal functions such as reporting, and audit and risk management •To maintain our operations or client relationship management systems •To maintain and upkeep customer or company records and development in the ordinary course of business •For our internal record keeping •For the preparation and execution of all necessary documents, agreements and/or contracts •For general operation and maintenance of the Platform |
Where required to comply with a legal obligation Where it is in our legitimate interests to: (a) ensure the smooth operation of our business; and/or (b) keep accurate records of our business |
| • To develop and improve our product and service offerings by analysing and assessing the information we have access to, such as by conducting data analytics and market research • To develop, show, measure, and track advertising (including, but not limited to, content, survey, and promotions of the Platform or products and services of ours, our subsidiaries, related and/or associated companies, business partners, and other third parties) and to collect information about you and on how you interact with it while you use the Platform |
Where it is in our legitimate interests to: (a) develop new product or service offerings to meet the needs of our customers; and/or (b) improve user experience when using our products and service offerings, including the Platform |
| • To implement and/or facilitate risk and fraud controls and payment processing • To prevent, detect, or investigate any potential breaches, illegal activities or prohibited content on the Platform • To enforce and exercise rights stated in this Privacy Policy or any contract • To comply with any legal or regulatory requirements relating to all the commercial transactions, our conduct of the business or activities or our provision of products and/or services, and to make disclosure under the requirements of any law, regulations, directives, court orders, by law, guidelines, circulars or codes applicable to us or any member of our group of companies from time to time • To cooperate with regulators and law enforcement bodies |
Where required to comply with a legal obligation Where it is in our legitimate interests to: (a) prevent and investigate legal disputes, potential breaches, illegal activities or prohibited content; (b) enforce contractual rights; and/or (c) cooperate with regulators and law enforcement bodies |
| • To facilitate the conduct of due diligence exercises or the actual transfer of assets in the event of potential, proposed or actual business transfer, whether in whole or in part, sale of business, disposal, acquisition, merger, spin-off, joint venture, assignment, reorganisation of Zuellig Pharma’s business, assets or stock or similar transaction | Where required to comply with a legal obligation Where it is in our legitimate interests to undertake any corporate restructuring for the growth or optimisation of our businesses |
| • To send you information or invitations to events, seminars, conferences, initiatives and promotions and talks which may be of interest to you • To organise and manage professional events and congresses, including your participation in such events • To promote and communicate news and information about the Platform, products and services of ours, our subsidiaries, related and/or associated companies, business partners, and other third parties, and such communications may be initiated from us or through third parties • To deliver online behavioural advertising (i.e., to show you online advertisements for products and/or services which may be of interest to you based on your previous behaviour, and to show you advertisements and content on social media platforms) |
Where it is in our legitimate interests, and subject to obtaining your consent when required under applicable laws, to provide you with marketing information that may be of interest to you |
Consequences of Refusal or Failure to Provide Personal Data
Unless stated otherwise, the personal data provided to us are wholly voluntary in nature and you are not under any obligation or duress to do so. However, in some circumstances if you do not provide us with your personal data described in this Privacy Policy, we shall not be held liable for any of the consequences arising therefrom. These include:
• the inability for us to provide you with the products and/or services you requested, either to the same standard, or at all;
• the inability for us to provide you with the information about the products and/or services that you may want, including information about discounts or special promotions, or our new products and/or services; and
• the inability for us to tailor the content of the Platform to your preferences and your experience of using the Platform may not be as enjoyable or useful.
Disclosure of Personal Data
In order for us to fulfil the purposes listed above, we may disclose your personal data to the following parties, including, but not limited to:
• the various entities within our group of companies (including those incorporated in the future), licensees, or business partners;
• our employees, agents, representatives, partnerships, joint venture entities, contractors, third-party service providers, subcontractors, or other parties as may be deemed necessary by us to facilitate your dealings with us;
• our suppliers, manufacturers, and business alliance partners of our products and/or services;
• relevant holders of the marketing authorisation of our products and/or services;
• parties whom we have obligations to report safety issues or product complaints;
• our professional advisers, including but not limited to our lawyers, accountants, auditors, and other financial or professional advisors appointed in connection with our business;
• any person, government authority, statutory authority, industry regulator or other relevant third party whom we are compelled or required to do so pursuant to any law, or if we have good faith belief that such disclosure is necessary to protect and/or defend our rights and interests or in connection with an investigation of fraud, infringement, piracy, tax avoidance and evasion or other unlawful activity;
• potential acquirers and other stakeholders in the event of potential, proposed or actual business transfer, whether in whole or in part, sale of business, disposal, acquisition, merger, spin-off, joint venture, assignment, reorganisation of Zuellig Pharma’s business, assets or stock or similar transaction; and
• any other party requested or authorised by you for the above purpose or any other purpose for which your personal data was to be disclosed at the time of its collection or any other purposes directly related to any of the above purposes.
Third parties are legally tasked with processing the personal data in line with the principles specified by us. Third parties are also held legally responsible for securing the personal data at an appropriate level of security in relation to applicable data protection laws and widely accepted industry standards.
Protection of Personal Data
We will ensure that all appropriate confidentiality obligations and technical and organisational security measures are in place to protect the confidentiality and security of your personal data collected through the various methods described in this Privacy Policy to prevent any unauthorised access, unauthorised or unlawful alteration, disclosure or processing of such information and data, and the accidental loss or destruction of or damage to such information and data.
Some of the security measures we put in place include, but are not limited to:
• storing your personal data in systems that are protected by secured networks;
• putting in place role-based access controls to limit access to such personal data only to employees who have a need to know this information for the purpose of performing their official duties, and authorised third parties who are contractually bound to take reasonable measures to keep your personal data secure;
• regularly monitoring our systems for possible vulnerabilities and attacks, and regularly reviewing our information collection, storage and processing practices to update our physical, technical and organisational security measures; and
• verifying the identity of a requester before they can access or modify the personal data that they have legitimate access or modification rights to.
Compliance with these provisions will be required by all authorised third parties who may access the personal data as described above.
Your Rights
In respect of the personal data which you have submitted to us, you may have the right at any time to:
• request for access to your personal data in our records;
• request to make correction of your personal data in our records in the event the information is inaccurate, misleading, out-of-date or incomplete upon validation and verification of the new information provided;
• request to cease processing your personal data for the purposes of marketing;
• object to the processing of your personal data, request to restrict or limit processing of your personal data, or request portability of your personal data;
• withdraw your consent for us to continue processing your personal data; and
• lodge an inquiry or complaint to the relevant data protection authority about our collection and use of your personal data.
Should you wish to exercise any of the abovementioned rights and such right is recognised within your country, please write in to us using the contact information found at Part XIII (Contact Us) below. In respect of requests for access to or to make correction of your personal data in our records, such requests must be supported with submission of the relevant documents as may be required by us. Depending on the nature and sensitivity of the request, we may require you to submit these documents in person so as to verify your identity from time to time to the address found at Part XII (Contact Us) below. We will only make appropriate corrections based on the verifiable/verification and updated information provided by you. Your request may also be subject to payment of a fee in accordance with applicable legal requirements.
With regard to the withdrawal of consent, you may withdraw, in full or in part, your consent given to us.
You may request for deletion of your personal data by us, and we will use commercially reasonable efforts to honour your request. However, please note that we may be required to keep such information and not delete it for such period of time required by law or in order to fulfil our legal obligations. When we delete any information, it will be deleted from the active database but may remain in our archives. We may also retain your information for fraud prevention and detection or similar purposes.
Your exercise of any of the rights or withdrawal of consent referred to above is, in each case, subject to any applicable legal restrictions, contractual conditions, and a reasonable time period. This may also be subject to whether it would affect the operation of our business and our ability to meet our legal obligations.
We may also, in accordance with the data protection laws applicable to us, refuse to comply with your request. If we refuse to comply with such request, we will inform you of our refusal and reason for our refusal.
Retention of Personal Data
The personal data you submit to us will only be retained for as long as is required for the purpose for which it was collected or as permitted by applicable laws.
Even though our systems are designed to carry out data deletion processes according to the above guidelines, we cannot promise that all data will be deleted within a specific timeframe due to technical constraints. When we no longer need to use your personal data, it is removed from our systems and records or anonymised so that you can no longer be identified from it.
International Transfers of Personal Data
To provide our products and services, we may transfer your personal data to our affiliates and authorised employees, agents and third parties in the jurisdictions where we operate or where we deem it appropriate or desirable (unless applicable laws provide otherwise) for the purposes stated in this Privacy Policy. In particular, we may transfer your personal data to our overseas affiliate(s) where our information technology storage facilities and servers may be located. There may be a possibility that the data protection levels in other jurisdictions do not completely meet the requirements of the data protection laws in the country where you reside, but all such transfers are performed in accordance with the requirements of applicable laws.
Links to Other Websites or Applications
The Platform may contain links to and from the websites and applications of our partner networks, advertisers and/or other third parties. If you click on a link to any of these websites or applications, you will leave the Platform and be redirected to the website or application you selected. As we cannot control the activities of third parties, we cannot accept responsibility for any use of your personal data by such third parties, and we cannot guarantee that they will adhere to the same data privacy practices as us. We encourage you to review the privacy policy of these websites or applications before providing any personal data.
If the Platform offers you the opportunity to use your social media login, please be aware that you may be sharing your profile information with us. We encourage you to visit the relevant social media platform and review its privacy policy to understand how your personal data is shared and used in this context, and to make the necessary changes to your social media settings.
Marketing and Promotions
We may use your personal data to market products, services, events, seminars, conferences, initiatives, and promotions and talks of ours (i.e., those of our subsidiaries, related and/or associated companies), business partners, sponsors and/or advertisers. We may communicate such marketing to you by way of post, phone call, email, short message service (SMS), social media and/or any other appropriate communication channels, depending on what you have agreed to with us. If you wish to unsubscribe to the processing of your personal data for marketing and promotions, you may click on the “Unsubscribe” link in the relevant email or message you receive from us. Alternatively, you may contact us directly at the email address found at Part XIII (Contact Us) below. Please note that once we have received your request to unsubscribe, it may take up to fourteen (14) working days for us to process your request and to be reflected in our systems. Therefore, you may still receive marketing communications during this period of time. Please also note that, even if you opt-out from receiving marketing communications, you may still receive administrative communications from us, such as order or other transaction confirmations, and other important non-marketing related announcements.
Language
In the event of any inconsistency between the English version and any other language version of this Privacy Policy, the English version shall prevail.
Amendments to Privacy Policy
Zuellig Pharma reserves the right to modify, update and/or amend this Privacy Policy at any time. We will take reasonable steps to ensure amendments to this Privacy Policy are communicated by posting all amendments prominently on the Platform and other places we deem appropriate for a reasonable period of time. Amendments to this Privacy Policy will be effective immediately once published on any of the Platform unless otherwise noted. We invite you to check this Privacy Policy periodically to be informed of any relevant amendments to it, especially before providing any information to us. Your continued access or usage of the Platform and/or providing your personal data to us, following any amendments to this Privacy Policy, indicates your consent to the practices described in the revised Privacy Policy. If you do not agree, you should immediately discontinue your use of the Platform, cease providing to us any of your personal data and notify us in writing in the manner described in Parts VI (Your Rights) and XIII (Contact Us).
Contact Us
If you have any feedback or questions about this Privacy Policy and the way we handle your personal data, or you wish to exercise any of your rights above, you may contact us via our website’s “Contact Us” form. The data controller for this website is:
Zuellig Pharma Sdn Bhd
No. 15 Persiaran Pasak Bumi
Section U8, Perindustrian Bukit Jelutong
40150 Shah Alam, Selangor Darul Ehsan. Malaysia