Data Privacy Framework Policy
Last updated: January 17, 2024
Shionogi, Inc. (“Shionogi”) understands the importance of privacy and is committed to protecting the privacy of Personal Information (defined below) that it obtains regarding business partners, healthcare professionals, participants in clinical trials, visitors to its websites, and others. We comply with all applicable laws and regulations when collecting and using Personal Information.
This Data Privacy Framework Policy describes Shionogi’s policies and procedures for using and safeguarding Personal Information, for managing our relationships with third parties who may have access to Personal Information, and for complying with applicable data protection laws. This Data Privacy Framework Policy also describes how individuals can contact us to update their Personal Information or express their preferences about how we Process (defined below) their Personal Information.
In furtherance of its commitment to the protection of Personal Information, Shionogi complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”), as set forth by the U.S. Department of Commerce. Shionogi has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the Processing of Personal Information received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Shionogi has further certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of Personal Information received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms of this Data Privacy Framework Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the EU-U.S. DPF Principles or the Swiss-U.S. DPF Principles, as applicable, shall govern. To learn more about the Data Privacy Framework Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
“Framework” means, collectively, the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework, as set forth by the U.S. Department of Commerce.
“Framework Principles” means, collectively, the Framework principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability as well as applicable supplemental principles.
“Personal Information” means data that (i) is transferred from the European Union, United Kingdom, or Switzerland to the United States in reliance on the Framework, (ii) is recorded in any form, (iii) is about an identified or identifiable individual, and (iv) can be linked to that individual.
“Process” or “Processing” means any operation or set of operations which is performed upon Personal Information, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
“Sensitive Information” means Personal Information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or the sex life of the individual or any other Personal Information received from a third party where the third party identifies and treats the information as sensitive.
How We Collect Personal Information
In the course of our ordinary business activities, Shionogi may collect Personal Information from our business partners and other commercial entities, healthcare professionals, participants in clinical trials, and others. Some of the ways in which we may receive Personal Information are as follows.
- We may receive Personal Information about individuals who participate in our clinical trials.
- We may receive Personal Information about healthcare professionals who serve as investigators in our clinical trials.
- We may receive Personal Information about healthcare professionals who treat diseases that are the focus of our research.
- We may receive Personal Information about individuals who are employees of another organization, such as our vendors and business partners.
- We may receive Personal Information about patients who participate in disease awareness programs that we support.
- We may receive Personal Information about visitors to our websites who choose to provide us with information, such as through the “Contact” page of our website.
We collect only Personal Information that is necessary for our legitimate business purposes or to fulfill our legal obligations. This information may include, for example, name, age, contact details, employment history, education history, occupation or business details (such as areas of specialization), and/or medical information.
Shionogi avoids collecting Sensitive Information. However, in some instances, such as in the context of clinical trials, Shionogi may need to collect Sensitive Information, including information regarding medical history, diagnoses, treatments, and medications.
How We Use and Share Personal Information
Shionogi is committed to using reasonable commercial measures to ensure that its collection, use, disclosure, and maintenance of Personal Information complies with this Data Privacy Framework Policy, all applicable laws and regulations, the Framework, and the following principles. Personal Information will be:
- Fairly and lawfully collected, used, disclosed, and maintained;
- Processed only for the specified and lawful purposes for which it was collected;
- Adequate, relevant, and not excessive for the purposes for which it was collected;
- Accurate and, where necessary, kept up-to-date;
- Not kept longer than necessary for the purposes for which it was collected;
- Appropriately protected against unauthorized, inadvertent, or illegal access, use, or disclosure through administrative, physical, and technical safeguards; and
- Neither transferred to, nor accessed by, any person in a country or jurisdiction which has inadequate protections in place (as determined by Shionogi) without additional contractual or other safeguards.
In the event that Shionogi collects Personal Information from an individual, Shionogi will notify the individual, through this Data Privacy Framework Policy or otherwise, of the following: (i) the types of Personal Information that it collects about the individual, (ii) the purposes for which it collects and uses the Personal Information, (iii) the type or identity of third parties to which it discloses the Personal Information and the purposes for which it does so, and (iv) the location of this Data Privacy Framework Policy, which contains further information on the individual’s rights and how to contact Shionogi with any inquiries or complaints. Notice will be provided in clear and conspicuous language at the time the Personal Information is collected or as soon as reasonably practicable thereafter (and in any event before Shionogi uses the information for a purpose other than that for which it was originally collected or Processed or discloses it for the first time to a third party other than an agent).
We use Personal Information in connection with our research and development activities, clinical trials, pharmacovigilance, and other legitimate business purposes and to comply with applicable laws. With respect to Personal Information that we may collect from patients participating in clinical trials, we use this for research purposes and to support the clinical development of our product candidates, and to comply with applicable laws and regulations. With respect to Personal Information that we may collect from healthcare professionals, researchers and staff participating in our research and development activities, we use this to administer our research and development activities and to comply with applicable laws and regulations. With respect to Personal Information that we may collect from vendors, business partners, patients, or members of the general public, we use this to conduct our business, for marketing purposes, to conduct market research, and to participate in community activities.
We may transfer Personal Information to business partners, subcontractors, regulatory authorities, law enforcement agencies, and other third parties in furtherance of the foregoing activities or as otherwise required by applicable law. For example, Shionogi may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or other law enforcement requirements.
For information on how Shionogi uses and discloses information collected through its Website, see our Online Privacy Notice, available at http://www.shionogi.com.
We offer individuals the opportunity to choose (opt-out) whether their Personal Information is (i) to be disclosed to a third party, other than to an agent performing tasks on our behalf and pursuant to our instructions, or (ii) to be used for a purpose that is materially different than the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Information, we obtain affirmative, express consent (opt-in) from the subject of the information before disclosing their Sensitive Information to a third party or using their Sensitive Information for a purpose other than that for which it was originally collected or subsequently authorized with the individual’s consent. An individual who wishes to limit the use or disclosure of their Personal Information should contact Shionogi at the email or mailing address below.
Prior to disclosing Personal Information to a third party, other than to an agent performing tasks on our behalf and pursuant to our instructions, Shionogi will notify the relevant individual of the disclosure and allow the individual the choice to opt-out of the disclosure. We will ensure that any third party to which Personal Information is disclosed has agreed to use such Personal Information for only limited and specified purposes, provides the same level of protection as required by the Framework, and otherwise makes the commitments required by the Framework.
Shionogi’s accountability for Personal Information that it receives in reliance on the Framework and subsequently transfers to a third party is described in the Framework Principles. For Personal Information that Shionogi receives in reliance on the Framework and subsequently transfers to a third party for Processing, Shionogi remains responsible and liable if the third party Processes the Personal Information in a manner inconsistent with the Framework Principles, unless Shionogi proves that it is not responsible for the event giving rise to the damage.
Shionogi takes reasonable and appropriate measures to protect Personal Information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the Processing and the nature of the Personal Information. We have put in place appropriate administrative, physical, and technical safeguards in furtherance of this commitment.
Data Integrity and Purpose Limitation
We only Process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, we take reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete, and current. We retain Personal Information in a form that identifies or could identify the individual for only as long as required by its intended purpose or for scientific research or statistical analysis.
We allow individuals to access their Personal Information and to correct, amend, or delete Personal Information that is inaccurate or has been Processed in violation of the Framework, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question or where the rights of persons other than the individual would be violated. An individual who wishes to receive access to, or to correct, amend, or delete, their Personal Information should contact Shionogi at the email or mailing address below.
Recourse, Enforcement, and Liability
We use a self-assessment approach to assure compliance with the Framework and this Data Privacy Framework Policy and periodically verify that this Data Privacy Framework Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and accessible and in conformity with the Framework.
We encourage individuals who have an inquiry or complaint regarding Shionogi’s Processing or transfer of their Personal Information to contact Shionogi at the email or mailing address below. We will investigate and attempt to resolve any inquiries or complaints regarding our use and disclosure of Personal Information in accordance with the Framework.
For inquires and complaints that cannot be resolved through our internal processes, Shionogi has engaged an independent dispute resolution service based in the United States, called JAMS, and this independent dispute resolution service is offered to individuals free of charge. Individuals can contact JAMS to open a Framework dispute by following the instructions at https://www.jamsadr.com/file-a-dpf-claim. Under certain circumstances, individuals may have a right to invoke binding arbitration to resolve a dispute with Shionogi regarding the Processing or transfer of their Personal Information under the Framework.
Shionogi is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission and other United States regulatory bodies.
If you have questions regarding this Data Privacy Framework Policy or Shionogi’s Processing or transfer of your Personal Information or would like to exercise any of your rights described above, please contact us by mail or e-mail at the following addresses:
Attn: Anthony Marolda, Corporate Counsel
400 Campus Drive
Florham Park, NJ 07932
Changes to This Policy
This Data Privacy Framework Policy may be amended by Shionogi from time to time in a manner that is consistent with the requirements of the Framework. When this Data Privacy Framework Policy is amended, the “Effective Date” date at the top of this document will be updated accordingly. Any material changes to this Data Privacy Framework Policy will be posted on Shionogi’s website and available to the general public at https://www.shionogi.com.