Privacy Policy

Privacy Notice Healthcare Professionals

Indivior respects your privacy and is committed to protecting the confidentiality and security of your personal data. This Privacy Notice describes how Indivior (“Indivior”, “we”, “us”) collects and processes personal data of healthcare professionals (referred to as “you” in this Privacy Notice) during and after our relationship with you and your rights in relation to your personal data.

We advise you to read this notice carefully, as well as any other information notice that we may provide on certain occasions when we collect or process personal data about you, so that you are aware of the reasons why your personal data are collected and the manner in which they are processed.

THE PERSONAL DATA WE COLLECT AND USE

Personal data is any information that identifies or could identify you directly or in combination with other information. This does not include anonymised data.

We may collect, store and use the following categories of personal data about you:

  • general contact information such as name, profession, date of birth, address, telephone numbers and email addresses;
  • information required to make payments or refunds such as your bank details;
  • professional information about your educational background and your professional qualifications;
  • information relating to our interactions with you, such as reports on our exchange;
  • information relating to your attendance to professional events;
  • information relating to your preferences for receiving communications from us;
  • automatically collected data, such as your IP address, type of browser and operating system, application version and geographical location

We also collect and generate data based on your use of our electronic platforms. We collect these data by placing cookies. For more information regarding the cookies we use, please refer to our general privacy and cookie notice.

WHAT SOURCES DO WE RELY ON?

We collect your personal data directly from you, for instance information you provide when interacting with us or when attending our events. We also collect personal data indirectly from third parties such as organisations specialising in data collection, like Veeva Systems Inc. These organisations collect data directly from you or from publicly available sources, such as professional registers. We have appropriate contractual arrangements in place to ensure that these organisations  collect and share your personal data with us in compliance with applicable laws.

FOR WHAT PURPOSES DO WE USE YOUR PERSONAL DATA?

We use your personal data for the following purposes:

  1. to manage our working relationship with you;
  2. to provide you with adequate and up-to-date information about medications as well as our products and services;
  3. to manage invitations to conferences, PR and other professional events of a medical or scientific nature;
  4. to manage the reports on the visits made by our employees;
  5. to manage financial relations (payment for services rendered, reimbursement of expenses, etc.);
  6. for market research purposes;
  7. for data segmentation and classification purposes, including to help identify communication and activities of most relevance to you;
  8. to assist you in accessing any relevant website with scientific and medical content and to provide you with electronic information and services including:
    1. online events, such as webcast events;
    2. access to online engagement tools, for example Veeva Engage;
    3. our press releases;
    4. financial results; and
    5. information and marketing communications about our products and services.

    We will always obtain consent for marketing where required by applicable law. Whether or not your consent is required by applicable law, you may at any time optout of receiving communications by unsubscribing by means of the unsubscribe link included in each communication sent or by contacting us as stated below;

  9. to contact and interact with you, including to:
    1. respond to your requests (for instance in case you contacted us in relation to a specific medical query or regarding an event); and
    2. provide important notices and updates, such as changes to our terms and policies, security alerts and administrative messages;
  10. to operate our business, including to:
    1. respond to reports you make of a possible side effect associated with one of our products and to monitor the safety of our products.
    2. comply with applicable laws, regulations, selfregulation and guidance. For instance, we may publicly disclose your personal data as necessary to fulfil our transparency obligations following from applicable local laws or selfregulatory requirements in relation to contracts with or benefits granted to healthcare professionals and healthcare organizations;
    3. comply with demands or requests made by regulators, governments, courts and law enforcement authorities;
  11. to improve our daytoday operations, including:
    1. for internal purposes such as if needed to help us deliver and improve our digital platforms, content and services only if relevant to you;
    2. where you use any of our electronic platforms to monitor and analyse trends, usage and activities in connection with our products and services;
    3. to understand which parts of any digital platforms and services we roll out to you are of the most interest and to improve the design and content of our platforms; d. to improve our products and services and our communications to you;
    4. (where applicable) to ensure we have uptodate contact information for you; and
  12. to exercise our rights where it is necessary to use your personal data to defend our business interests, for example to detect, prevent and respond to fraud claims or undesired activities. We can also use your personal data to protect or exercise our rights or the rights of third parties.

Indivior does not use your personal data for automated decisionmaking.

Legal basis of processing

We only use your personal data when permitted to do so by applicable law. We rely on the following legal bases for the processing of your personal data:

  1. The performance of a contract that we have concluded with you, for instance to pay you for services rendered or reimburse you for expenses made;
  2. Compliance with a legal and / or regulatory obligation, for instance to comply with demands or requests made by regulators, governments, courts and law enforcement authorities or for the publication of the benefits and agreements concluded with you on an official basis only;
  3. Our legitimate interests (or that of a third party, such as a service provider) in using your personal data, for instance to operate our business, improve our day-to-day operations, communicate with you, conduct market research and exercise our and third parties’ rights.
    We will always balance your rights with our or third party’s interests and take appropriate measures to ensure that the processing is necessary and that your interests or fundamental rights and freedoms are respected.

More rarely, the processing of your personal data may be founded on the following legal bases:

  1. When we need to protect your interests (or the interests of someone else); and / or
  2. When the public interest commands it, for instance for purposes of pharmacovigilance, drug safety and protection of public health.

In the event applicable law requires us to obtain your consent for the processing of your personal data, we will specifically ask for your consent before we start processing your data.

Change of purpose

We only use your personal data for the purposes as set out in this Privacy Notice. In the event we will process your personal data for new purposes which are incompatible with the original purposes for which we collected your personal data, we will inform you thereof and set out the legal basis that will allow us to do so or ask for your consent.

SHARING PERSONAL DATA

We only share personal data with parties that we trust or where we are required to share data by applicable law. We require these third parties to respect the security and confidentiality of your personal data and to process personal data in accordance with applicable laws.

  • Group companies: we share personal data with other entities of the Indivior Group, for instance for internal reporting, security, market research and to optimise our products and services.
  • Service providers: we share personal data with our service providers to the extent this is relevant for their services, for example, to provide IT services, to handle payments, to investigate and prevent fraud, to distribute marketing communications, to optimise our services or to analyse data.
  • Legal consultants and insurers: If data processing is necessary for establishment, exercise or defence of legal claims we may also transfer your personal data to our legal consultants and insurers.
  • Authorities and regulators: we share your personal data with authorities or regulators to the extent this is relevant and required by applicable laws, regulations or codes of practice. For example, with supervisory or regulatory authorities, courts and public bodies, to the extent this is necessary to fulfil a legal obligation or to prosecute criminal offences and fraud. We may also transfer personal data to authorities to protect our rights and property, or the rights and property of third parties. We may transfer your personal data to third parties located outside the EU, for example with group companies within the Indivior Group. Recipients of your personal data may be located in countries that have a lower legal protection level for personal data than the EU. We have put in place appropriate safeguards (such as contractual commitments) to ensure your personal data is adequately protected in line with European standards. For data transfers within the Indivior Group we have an intra-group agreement in place to ensure that your personal data is adequately protected. We may also need to share your personal data with regulatory agencies, authorities or regulators outside the EU where we are required by law. If you have questions about the international transfer of your personal data or the appropriate safeguards that Indivior has taken to protect your personal data, please send an email to [email protected].
DATA SECURITY

We have put in place appropriate physical, technical and organisational security measures to protect your personal data against accidental loss, use or unauthorised access, alteration or destruction.
These measures are aimed at ensuring the on-going integrity and confidentiality of your personal data, for instance by ensuring that only authorised employees, agents or subcontractors with a strict need to know have access to your personal data. We evaluate and update these measures on a regular basis. We also have sound procedures in place to deal with any alleged data security breach and, if required by law, we will notify you thereof as well as any competent regulatory agency.

DATA RETENTION

We will retain your personal data as long as we have a relationship with you. When deciding on how long to keep your personal data after our relationship with you has ended, we take into account our legal obligations and regulators’ expectations, as well as how long we need or are obliged to retain information and to retain appropriate business records for accounting, audit and reporting purposes. We may also retain records to investigate or defend potential legal claims. We have appropriate archiving and deletion policies in place to ensure all documents and information are retained in accordance with applicable laws.

YOUR RIGHTS
Your role

It is important that the personal data we hold about you are accurate and up to date. During your working relationship with us, you are invited to notify us of any changes to your personal data by sending an email to [email protected].

Your rights

You have different rights in relation to your personal data, subject to certain exceptions under applicable law. In certain circumstances and in accordance with applicable law, you have the right to:

  • request access to any personal data we hold about you;
  • request that your personal data is corrected or completed;
  • request that we delete personal data we hold about you;
  • object to the processing of your personal data for a particular purpose;
  • request that we block or restrict the processing of your personal data;
  • furnish instructions on what happens to your personal data after your death;
  • receive your personal data you have provided to us in a structured, commonly used and machine-readable format and ask us to send these personal data to a third party (right of data portability);
  • withdraw your consent to the processing of your personal data at any time, to the extent consent was required and provided by you.

If you wish to exercise any of these rights, you can send an email to the following address: [email protected].
You can also contact us at any time if you have questions or complaints about this Privacy Notice or about the processing of your personal data. We are committed to handling your queries and complaints as best as we can. If you are of the opinion that we have been unable to help you with your complaint, you have the right to file a complaint with your local data protection authority.

No fees normally required

You will not have to pay any fees to access your personal data or exercise any of the other rights mentioned above. Please note however that in case your request is clearly unfounded or excessive, we may charge you a reasonable fee or we may refuse to respond to the request.

CONTACT AND COMPLAINTS

Indivior UK Limited is the data controller of your data and controls the processing of your personal data as described in this Privacy Notice. Indivior UK Limited is located at The Chapleo Building, Henry Boot Way, Hull, HU4 7DY England.

You can send an email to our Data Protection Officer through the following address should you have any queries or concerns: [email protected]

CHANGES TO THIS PRIVACY NOTICE

We may update our Privacy Notice from time to time to provide you with more information about how and why we process your personal data or in response to changes in our data processing activities or policies. If we make any material changes that have an impact on you, we will notify you of these changes before they take effect, for instance by sending an email, by means of a notice on our website or by using other appropriate methods. We encourage you to periodically review this Privacy Notice to learn how Indivior processes and protects your personal information. You will be able to see when we last updated the Privacy Notice by checking the “last updated” date at the top of the notice.