We collect and use your data to validate, handle and respond to your request, and to fulfill our accountability requirements arising from the General Data Protection Regulation or other data protection legislations.

We may collect and use your personal data in the following situation:

Information you provide to us

We collect and use the data you provide to us. The exact amount and kind of data depends on what information you include in your request and what type of request you submit. Such data includes:

• First and last name
• Gender
• Contact and address information (including address, e-mail address, phone number, fax number)
• Country of residence
• Information on your relationship with Fresenius Kabi and its entities
• Your request
• Data needed to identify yourself

We process your personal data on the following legal basis:

• The processing of your personal data is necessary for us in order to comply with a legal obligation, we are subject to (Art. 6.1 c GDPR). We are legally obliged to respond to your request and to process your personal data accordingly
• The processing is necessary for purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (Art. 6.1 f GDPR). More specifically, these legitimate interests are the establishment, exercise or defence of legal claims
• The processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity (Art. 9.2 f GDPR)

We collaborate with other organizations to reach our purposes. Therefore, we may send your personal data in parts or as a whole to other organizations.

Such recipients are:

• Other Fresenius Group companies if such a transfer of personal data is required for the specific purpose (please refer to the overview of the locations in which Fresenius Kabi Group companies are active). The scope of such transfer largely depends on the scope of your request, in particular, which entities you interacted with. For example, if you are a customer of a particular Fresenius Kabi entity, we will forward your request to this entity, in order to process the necessary information to respond to it
• Service providers which process personal data on our behalf (e.g. for hosting or maintenance services) and have to follow our instructions on such processing; these service providers will not be allowed to use your personal data for other than our purposes
• Authorities, courts, parties in a litigation in case we are required to do so to meet any applicable laws, regulations, legal processes or enforceable governmental requests
• Professional advisors or auditors, such as tax advisors, financial auditors, lawyers, insurers, banks and other external professional advisors in the countries in which we operate

International Data Transfers

We may send your personal data in parts or as a whole to Fresenius Group recipients in countries, which are not member states of the European Union or international organizations, for the purposes listed above. Please refer to the overview of the locations in which Fresenius Kabi Group companies are active.

We may send data to the following countries for which the European Commission has determined an adequate level of data protection to be in place that matches the level of data protection within the European Union in which Fresenius entities have been established: Argentina, Canada, Japan, New Zealand, Switzerland or Uruguay.

With regards to such international data transfers to third countries, for which the European Commission has not decided that an adequate level of data protection exists, we have provided appropriate safeguards in order to secure your personal data to a degree that equals the level of data protection in the European Union.

Safeguards used are:

• Standard Contractual Clauses that have been issued by the European Commission

You can obtain a copy of these standard contractual clauses online, or upon request.

We store your personal data until we have responded to your request. Afterwards, the respective personal data shall be blocked (i.e. we block your data for all other purposes) until the end of the respective statute of limitation for corresponding legal claims. After the end of this status of limitation (after four years), your data will be erased entirely.

If longer retention periods apply after the time periods listed above (e.g., because we are obliged to store the data for tax purposes or civil or criminal proceedings where initiated) our aim also includes that the data will be blocked until the end of the respective retention period and then erased.

Depending on the situation you have certain rights regarding your personal data. You have the right to:

• Request access to your personal data
• Request rectification of your personal data
• Request erasure of your personal data
• Request the restriction of processing of your personal data
• Data portability
• Object on grounds specific to your situation

You can exercise these rights online by using the data protection email.

You also have the right to lodge a complaint with our data protection officer or the supervisory authority.

Data Protection Officer:

Fresenius Kabi AG
Data Protection Officer
Else-Kröner-Straße 1
61352 Bad Homburg
Germany
E-mail: dataprotectionofficer@fresenius-kabi.com

Data Protection Authority:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Presse- und Öffentlichkeitsarbeit
Gustav-Stresemann-Ring 1
65189 Wiesbaden

The controller and responsible entity for processing of personal data is:

Fresenius Kabi AG
Else-Kröner-Straße 1
61352 Bad Homburg
Germany
Contact