We welcome your interest in Fresenius Kabi AG (“Fresenius Kabi”). Protecting the personal data of our patients, healthcare professionals, suppliers, customers and other business contacts is important to us. As a global healthcare company in the digital age, data forms a cornerstone and enabler of our worldwide business. With data being one of our key assets we need to ensure that it is appropriately handled and protected.
We would like to provide you with the relevant information on how our organization incorporates data protection into its operations. With this we aim to ensure compliance and provide transparency and trust. You will also find information on how to execute your rights as a patient, healthcare professional, supplier, customer or website user.
Our Data Protection Organization
Fresenius Kabi operates a central data protection center of competence. This center has set up a data protection management framework in alignment with ISO 29100 (privacy framework for the protection of personally identifiable information). The competence center aims to implement a harmonized and consistent way of processing personal data across all Fresenius Kabi entities. It sets the policies, procedures and standards for data protection and provides tools and processes for the employees as well as training and awareness material. Furthermore, this center provides expertise on all data protection topics.
Our data protection and security policies, associated procedures as well as our guidelines for processing personal data aim to create a uniform and basic level of adequate data protection across all Fresenius Kabi entities.
Our local data privacy advisors at the various Fresenius Kabi legal entities support local management in their compliance efforts. They do this by executing risk and compliance assessments for the different data processing activities. With these assessments we aim to integrate data protection requirements into the design of a process or a system.
Our internal IT service provider, Fresenius Netcare, has implemented a certified management system for information security according to ISO 27001 in order to provide high security standards for data centers. Our Global Cybersecurity Emergency Response Team (CERT) identifies, evaluates and responds to security incidents and acts as a central contact point for security-related topics.
The monitoring of our data protection compliance efforts is overseen by our data protection officer.
Our Data Protection Policy
Our data protection policy sets out the requirements for our employees when collecting and processing personal data. It includes that all processing activities that are introduced are subject to a risk and compliance assessment process.
In these assessments we ensure that all relevant data protection principles have been taken into consideration within the design. In certain cases, a data protection impact assessment might be necessary before starting the respective processing activity.
We register the data processing activities within Fresenius Kabi in the “Records of Processing Activities”. This register contains essential information to comply with the data protection laws.
If you interact with us as a website user, we collect and use your personal data. In the data protection statement below, we explain how we collect and use your data.
You have the right to view and change the personal data that we have collected from you. You have the right to object to the processing of your personal data. In certain cases, you can also ask us to limit the processing of your personal data, erase your data, transfer your data to another data controller or have it deleted. If you wish to do any of these, please send a request to: email@example.com and indicate that it concerns a personal data request.
Please enclose a copy of your identity document so that we can be sure that you are the person submitting the request. Make sure that you black out your passport photograph and citizen service number. This is to protect your privacy. Also provide your private address. You will receive an overview of your data or a response to your request within one month of your request. We store this information until we are sure that you are satisfied with our response.
The security of your data is important to us and we have made significant effort to ensure that your personal information is respected and protected.