Data Protection Policy - Flen Health Group
1. INTRODUCTION
The Flen Health group places great importance on the secure, transparent and confidential collection and processing of your personal data. In particular, we want to protect the data of our clients, suppliers, health care professionals, employees and other contact persons against loss, leaks, errors, wrongful access or unlawful processing, and so on.
By means of this Data Protection Policy we wish to inform you about the collection and processing of your personal data. We ask that you read this Data Protection Policy carefully, since it contains essential information about how your personal data are processed and for which purposes. By communicating your personal data, you expressly declare that you have taken knowledge of this Data Protection Policy and that you expressly accept it, as well as the processing itself.
2. SCOPE OF APPLICATION
This Data Protection Policy relates to all business and services that are provided by (or to) us and to all activities that we perform generally.
3. CONTROLLER
The following companies are the joint controllers of your personal data:
- Flen Health Pharma NV, with registered office established at Blauwesteenstraat 87, 2550 Kontich, Belgium and with Belgian company number 0473.295.959, founded in 2000;
- Flen Health SA, with registered office established at Rue Henri Koch 29, 4354 Esch-sur-Alzette, Luxembourg and with Luxembourg company number (RCS) B161933, founded in 2011;
- Flen Health Group SA, with registered office established at Rue Henri Koch 29, 4354 Esch-sur-Alzette, Luxembourg and with Luxembourg company number (RCS) B170456, founded in 2012;
- Flen Health s.r.l., with the registered office established at Corso Unione Sovietica 248, Torino 10134, Italy and with Italian company number 13000590011, founded in 2024;
- PARARTIS SA, with registered office established at Rue Henri Koch 29, 4354 Esch-surAlzette, Luxembourg and with Luxembourg company number (RCS) B212174, founded in 2017;
- Flen Health BV, a Dutch company with registered office established at Mr B.M. Teldersstraat 11b, 6842 CT Arnhem, and with Dutch company number (KVK) 52574032, founded in 2011;
- Flen Health UK Ltd, a UK company with registered office established at Level 3, 207 Regent Street, London, W1B 3HH and with UK company number 09908733, founded in 2015;
- Flen Health GmbH, a German company with registered office established at Königsallee 92A 40212 Düsseldorf Germany and with German company number HRB 68936, founded in 2012;
- Flen Health US, a US company with registered office established at 1209 Orange Street, Wilmington, Delaware 19801, founded in 2019;
- Flen Health Ire Limited, a Ireland company with registered office established at Distillery Buildings, Cork P72 XY06, Ireland and with Ireland company number 679526, founded in 2021;
In accordance with article 26 of the General Data Protection Regulation ("GDPR"), we confirm that the arrangement between the companies is such that each company remains responsible for the data they respectively receive and process, but data subjects can exercise their rights through a single point of contact:
When collecting and processing your personal data, we respect any applicable local data protection legislation as well as the General Data Protection Regulation ("GDPR") as of its entry into force on 25 May 2018.
4. PERSONAL DATA
Depending on your activities and your relationship to our company, we will be processing your personal data. We wish to point out that you bear responsibility for all of the data that you provide to us and that we rely on the accuracy thereof. If your data should no longer be up-to-date, we ask you to report this to us as by return post.
You are not obliged to communicate your personal data, but you understand that the granting of certain services or the collaboration becomes impossible if you do not consent to the collection and processing.
It occasionally happens that personal databases are collected from purchased databases or publicly accessible sources. In that case, we will inform you of the source of these data.
5. PERSONAL DATA, PROCESSING PURPOSES AND LEGAL BASIS
5.1 Data of clients
Within the framework of our services and activities, we collect and process personal data of our clients and principals, their personnel, employees, agents and other useful contact persons. We process the following personal data: personal identification data; picture (software linked with social media platforms), financial identification data, data concerning solvency, financial transactions, professional activities, agreements and settlements, visit history, samples and promotional information given during the visits (in accordance with the applicable ISO standards), company number, etc.
The reasons for such processings are the execution of the agreements with our clients, our client management, the execution of market research, the bookkeeping and direct marketing activities such as the sending of promotional or commercial information or use on social media. The legal bases are the execution of the agreement, compliance with statutory and regulatory obligations and/or our legitimate interest. For direct marketing activities by e-mail (such as a newsletter or invitation for events) consent will always be requested, and it can also be retracted at any time.
5.2 Data of suppliers and subcontractors
We collect and process personal data of our suppliers, subcontractors, agents and distributors, their personnel, employees, agents and other useful contact persons. We process the following personal data: personal identification data, financial identification data, data concerning solvency, financial transactions, professional activities, agreements and settlements, company number, picture (linked with social media platforms), etc.
The reasons for such processings are the execution of this agreement, the management of the suppliers, the execution of market research, the bookkeeping and direct marketing activities such as the sending of promotional or commercial information. The legal bases are the execution of the agreement, compliance with statutory and regulatory obligations and/or our legitimate interest.
5.3 Data of health care professionals
We collect and process personal data of health care professionals, using or (potentially) interested in using our products. We process the following personal data: personal identification data, visit history, samples and promotional materials, picture (linked with social media platforms), etc.
The reasons for such processings are the execution of market research and direct marketing activities such as the sending of promotional or commercial information. The legal bases are the execution of the agreement and/or our legitimate interest.
5.4 Data of end users
In general, we do not process personal data from our end users, unless these data have been provided by the data subject him/herself, for example through our contact form on our website or on social media. In that case, we only process the person’s contact details.
5.5 Data of personnel
We process the personal data of our employees within the framework of our personnel management and the payroll administration. Given the specific nature thereof, this processing is more extensively regulated in a separate policy for employees.
5.6 Website visitors
We may collect and process personal data of the visitors of the websites of our companies and products. For more information about these processings, we refer to the specific privacy policies and/or cookie policies as published on these websites.
5.7 Other data
Along with the above-mentioned data, we also process personal data of others, such as possible new clients/prospects, useful contacts within our sector, network contacts, etc. The reasons for such processings are in the interest of our activities, direct marketing and public relations. The legal basis is our legitimate interest or, in some cases, the execution of an agreement.
6. DURATION OF THE PROCESSING
The personal data are kept and processed by us for a period that is necessary as a function of the purposes of the processing and as a function of the relationship (whether or not contractual) that we have with you.
Your data will in any case be removed from our systems after a period of ten years after termination of the agreement, the file, the collaboration or the project, except with regard to those personal data that we, on the basis of specific legislation, must preserve for a longer period or in the event of an ongoing dispute for which the personal data are still necessary.
7. RIGHTS
In accordance with and subject to the European data protection legislation and the provisions of the GDPR, we hereby inform you that you have the following rights:
- Right to access and inspection: You have the right to access, free of charge, the data we have about you, and to check for what purposes they are used.
- Right to rectification: You have the right to rectify (correct) inaccurate personal data, as well as to complete incomplete personal data.
- Right to data erasure or restriction: You have the right to ask that we erase your personal data or restrict the processing thereof in the circumstances and under conditions set by the GDPR.
- Right to data portability: You have the right to obtain in a structured, common and machine-readable form the personal data you supplied to us. You have the right to transfer these data to another party responsible for the processing.
- Right to object: You have the right to object to the processing of your personal data on serious and legitimate grounds.
- Right to withdraw consent: You have the right to withdraw the consent given by you.
- Automated decision-making and profiling: We confirm that the processing of your personal data does not include profiling and that you are not subject to fully automated decisionmaking.
You can exercise these rights by contacting
We make every effort to deal with your personal data in a careful and legitimate manner, in accordance with the applicable legislation. If you nevertheless believe that your rights have been violated and your concerns are not addressed by our company, you are free to file a complaint with the competent supervisory authority. Additionally, you may turn to a court in case you feel you suffer any injury as a result of the processing of your personal data.
8. TRANSFER TO THIRD PARTIES
We do not share or sell your data to any other company without your prior consent other than to those third party recipients we use for our business operations, such as our software providers, IT providers, bookkeepers, auditors, payroll agencies, professional advisors, insurance companies, etc.
It is possible that one or more of the above-mentioned third parties are located outside of the European Economic Area ("EEA"). However, personal data will only be passed on to third countries where there is a suitable level of protection (for the US: privacy shield protected).
The employees, managers and/or representatives of the above-mentioned service providers or institutions and the specialised service providers hired by them must respect the confidential nature of your personal data and can only use these data for the purposes within whose framework they were provided.
Under some circumstances we may be required to disclose or share your information without your consent, for example if we are required to by the police, the courts or for other legal reasons. If necessary, your personal data can be transferred to other third parties. For example this can be the case if we should be reorganised in whole or part, our activities should be transferred or if we should be declared bankrupt. It is also possible that personal data must be transferred as a result of a court order or in order to comply with a certain statutory obligation. In that event we will make reasonable efforts to inform you in advance about this communication to other third parties. You will nevertheless acknowledge and understand that in certain circumstances this is not always technically or commercially feasible or that legal restrictions may possibly apply.
We will under no circumstances sell your personal data or make them commercially available to direct marketing agencies or similar service providers, except with your prior consent.
9. TECHNICAL AND ORGANISATIONAL MEASURES
We take the necessary technical and organisational measures in order to process your personal data with an adequate degree of security, so as to protect them against destruction, loss, falsification, change, unauthorised access or erroneous disclosure to third parties, as well as any other unauthorised processing of these data.
Under no circumstances can any of our companies be held liable for any direct or indirect damage deriving from an erroneous or wrongful use by a third party of the personal data.
10. ACCESS BY THIRD PARTIES
With a view to the processing of your personal data, we grant access to your personal data to our employees, collaborators and agents. We guarantee an equivalent level of protection by making contractual obligations opposable to these employees, collaborators and agents, which are identical to this Data Protection Policy.
11. ANY QUESTIONS?
If, after reading this Data Protection Policy, you have further questions or comments regarding the collection and processing of your personal data, you can send an e-mail to