Privacy Policy

PRIVACY POLICY

  1. General

This Privacy Policy describes how Xiromed, LLC, as part of Exeltis Pharmaceutical Holding, S.L. and all its subsidiaries located in Spain, EU or third countries (hereinafter, jointly referred to as “Exeltis”) processes the information collected from you (the “User”) when registering or navigating through the website http://www.xiromed.com/usa (hereinafter, the “Website”), owned by Insud Pharma, S.L.U. Please read carefully this Privacy Policy as it contains important information concerning the personal data of Users and how we use it.

Exeltis and all its subsidiaries located in Spain, EU or third countries are globally known as Insud Pharma Group (hereinafter, “Insud Pharma Group”). Please find additional information about Insud Pharma Group and a non-exhaustive list of Exeltis subsidiaries here.

Exeltis dedicates all its efforts to respect the privacy and security of the Users and undertakes to use personal data in accordance with the national data protection law. In any event, EU General Data Protection Regulation (“GDPR”) provisions shall be applied to personal data processings carried out at a global level in accordance with Insud Pharma Group internal policies.

The identification of the data controller and the data protection officer are the following:

Corporate name

Xiromed, LLC

Registered office

180 Park Ave, Suite 101 Florham Park, NJ 07932

Tax Identification Number

9892424-0161

Telephone

844-947-6633

Email

dataprotection@insudpharma.com

Companies House Information

[*]

  1. Categories of Personal Data and Purposes of the Processing

Users may use some functionalities of the Website without having to provide Exeltis any personal data. However, for certain functions, Users shall provide personal data in order to register for certain services, receive newsletters or other information of interest. In addition to the information you provide directly to Exeltis, we collect certain information when you visit our Website.

Personal data collected through the Website will be duly incorporated in databases under the responsibility of Exeltis which will be registered in Exeltis record of processing activities.

We also inform the Users that fields requested in forms marked with an asterisk are mandatory. In this sense, if the requested information is not provided, we will not be able to carry out the service.

Below, we have specified the categories of personal data we collect, the purposes for which we use such data and how long we will keep the personal data:

  1. Users Communications and Customer Service

This category includes any personal data provided by the User during their communications with Exeltis for the purpose of solving any incident or claim. In this sense, if the User has made any request or suggestion through our contact forms, we will process the personal data in order to answer it.

The legal basis for the processing of these personal data is consent when the Users provide their data through the contact forms.

  1. Pharmacovigilance

The information provided by the User spontaneously or through contact forms for the processing and management of incidents regarding any adverse effects will be processed by Insud Pharma Group.

The legal basis for the processing of these personal data is consent, when the User provides his or her personal data spontaneously or through the specific form.

  1. Newsletter and Commercial Communications

If you subscribe to any of our notification or messaging services, we will use the email address provided by the User to provide the service. If the User has subscribed to any product, service or functionality, we may also communicate with the User to inform him or her of other similar products or candidatures that may be of interest.

If the User no longer wishes to receive e-mails, he or she may unsubscribe at any time by using the opt-out feature enabled in each e-mail message or by contacting us at dataprotection@insudpharma.com.

The legal basis for this processing is consent, when the User checks the box implemented in the specific form. Likewise, Exeltis, based on its legitimate interest, may send the Users or customers information about products and services. We will delete your email address once you have opted-out, unless it is also used for any other purposes listed in this Privacy Policy.

  1. Marketing

Information about Users online searches (clicks and views), settings on our Website, requests for information and / or their contact history may be subject to processing by Exeltis. This information allows us to use different means to manage the relations with our customers and commercialize our products and services through e-mail or online advertising which may include customizing the content of the Website and offers in order to suit User preferences.

You may at any time object to this processing (for more information on how to do this, please read sections 7 and 8).

We use this personal data based on our legitimate interest in order to improve our products and services. Personal data will generally be deleted or anonymised 1 month after your last visit to our Website, except where we are legally required to keep the personal data or where it is retained for any other purpose.

  1. Information About the Use of our Website

Exeltis collects information automatically obtained by the Website related to the identification of the User’s computer equipment, use and navigation habits.

Said information includes data regarding language, pages or sections of the Website, keywords, date, time, amount of time the User expends in certain types of webpages, which section of the page he or she has visited, and similar information related to the use of the Website. Exeltis may collect this information using cookies. To obtain additional information please visit our Cookies Policy.

We use this personal data based on our legitimate interest in order to improve our products and services. We will keep the Personal Data for 1 month from the date of the last visit to the Website.

Exeltis may combine your personal data with other information provided by the User or collected from the Website as above mentioned. In those cases, all combined information will be processed as personal data during the period the information remains combined.

  1. Information Provided in “Careers” Section

When completing the registry process included in the section “Careers”, the User will provide his or her CV, personal data and professional information in order to take part in the recruitment procedure. Likewise, the candidate could send the CV as spontaneous application.

When a candidate provides his or her CV and personal data in the context of a recruitment procedure, Exeltis may collect his or her express consent for receiving commercial communications and in order to maintain the CV in its databases for future recruitment procedures.

Human resources area will keep the information regarding a specific application for 1 year from the end of the recruitment process.

The legal basis for the processing of these personal data is consent, when Users provide their personal data for the management of the job vacancy.

  1. Services Maintenance and Optimization

Users’ personal data will also be used for the maintenance and analysis of our Website, solve any problem, improve availability and protect the Website against fraud (e.g. in case of repeated log attempts or non-compliance with our terms and conditions, e.g. by persons under the age of 18). Analytics also allow us to check whether the online services we offer work effectively in order to improve them whenever possible.

The use of User’s personal data for these purposes is necessary based on our legitimate interest and will be retained for a maximum period of 6 months.

  1. Comply with Our Legal Obligation

We may need to process your personal data to comply with legal obligations binding or accepted by us. Likewise, we may need to provide information to and as required by local law enforcement agencies, other government authorities, or otherwise required by law or to protect the rights and safety of our property, company, employees and customers.

  1. How we Share Personal Data

Sometimes it is necessary to share your personal data with other Exeltis subsidiaries, companies of the Insud Pharma Group or third parties in order to guarantee the correct provision of the Website. We may share such information with the following:

  • Insud Pharma Group companies due to the use of shared computer systems, which may be located in the European Economic Area (EEA) or in third countries.

  • Business partners who offer products or services jointly with Exeltis.

  • Service providers, to the extent necessary for the provision of a service.

Such entities may be located in Spain, other countries in the EEA or anywhere else in the world. When we keep personal data outside the EEA, we guarantee an adequate level of protection of the transferred data. To this purpose, we require service providers to take appropriate measures to protect the confidentiality and security of personal data.

For example, for services provided by providers outside the European Economic Area, we use Standard Model Clauses approved by the European Commission.

Exeltis may disclose User’s personal data to any public administration, when required by law and compelled to do so by such authorities. All data communications will always be carried out in compliance with the GDPR and the national data protection law.

  1. Security

Exeltis cares to ensure the security and confidentiality of the Users personal data. Therefore, we have taken several security measures and technical means to prevent the loss, misuse or access to the personal data without the User permission in accordance with GDPR and the national data protection law

Nevertheless, it is also the User responsibility to control his or her personal information, therefore Exeltis asks and encourages all Users to be careful sharing information and content. Exeltis shall not control the content and information the User chooses to share with other Users and, therefore, Exeltis is not responsible for the consequences of the Users own actions.

Exeltis pledges (i) to act rapidly and in a responsible manner in the event the Users personal data security is deemed at risk, and (ii) to report it if relevant with the greatest diligence.

In case of a personal data breach, Exeltis undertakes to notify the relevant data protection authority without undue delay after becoming aware of such breach. Likewise, when the personal data breach is likely to result in a high risk to the rights and freedoms of Users, Exeltis will communicate the personal data breach and the measures taken to mitigate the risks and adverse effects to Users.

  1. Cookies

Much of the information referred to in this Privacy Policy is collected through the use of cookies. Cookies are small text files containing small amounts of information that are downloaded and can be stored on your user device, for example, your computer, smartphone or tablet. These cookies are sometimes necessary to remember your account settings, language and country, but they also allow us to track and analyse Users behaviour on our Website and to display personalised advertisements on our Website or on third party websites. Where necessary, you will be asked to consent to the use of cookies. To obtain additional information on how cookies are used in the Website and its deactivation please visit the Cookies Policy.

  1. Minors

The Website is not intended to be used by persons under the age of 18. Under no circumstances will Exeltis voluntarily collect personal data from persons under the age of 18.

  1. Users rights concerning data protection

At any time, Users may exercise before Exeltis their data protection rights, in particular the right of access, rectification, restriction of processing, erasure, objection and portability pursuant to the applicable legislation. This means Users can ask what personal data we have about them, update, or they can request that Exeltis stops using data for a specific purpose, or simply require Exeltis to delete all personal data from our files and databases among other.

In the event the User decides to object to the processing of the personal data, Exeltis will no longer process personal data in connection to such User. Personal data may still be processed for the purposes established in data protection legislation or bring defence against legal claims.

After the User exercises any of the abovementioned rights, and during Exeltis verification period, all personal data will be kept blocked. The blocking procedure will prevent Exeltis from processing or erasing such personal data.

For the exercise of any of the abovementioned rights, the User shall contact Exeltis by email, addressing the request to dataprotection@insudpharma.com, indicating as reference: “EXERCISE OF RIGHTS” and identifying at the right to be exercised. In addition, Users may also lodge a claim before the relevant data protection authority if they consider that we have not processed their personal data in accordance with the regulations.

  1. Users erasure right

As User, at any time you have the possibility to exercise your right to object to the processing of your personal data by sending an email to dataprotection@insudpharma.com with the subject “DATA ERASURE”.

  1. Privacy policy updates

Exeltis reserves the right, at our sole discretion, to modify or replace this Privacy Policy. Your continued use of the Website after any such changes constitutes your acceptance of the new Privacy Policy.

Please review this agreement every so often in order to acknowledge any possible modifications. If you do not accept this document, partially or as a whole, or any subsequent modification, please refrain from the use, access or continue to access the Website or discontinue any use of the Website immediately.

  1. Contact

If you have any further questions about the use of your personal data or about our Privacy Policy, you can contact Insud Pharma’s Group DPO by email through dataprotection@insudpharma.com.

Website.