Celltrion

Welcome to Celltrion's
Medical Products Portal

Privacy Notice

Last updated: 2025. 12. 19.

Introduction

This Privacy Notice is to explain who we are, how we collect, share, and use personal data about visitors to this website or other individuals contacting us for customer management or product monitoring purposes (hereinafter “you” or “your”), as well as how you can exercise your privacy rights.

If you have any questions or concerns about our use of your personal data, or would like to exercise any of your rights, including, but not limited to, objecting to the processing of your personal data in the ways that we describe here, then please contact us using the details provided at the end of this Privacy Notice in the “Contact Us” section.

Who We Are

Celltrion, Inc. and its subsidiaries ("Celltrion Group") are committed to protecting and respecting your privacy. This Privacy Notice is issued on behalf of the Celltrion Group so when we mention “Celltrion”, “Company”, "we", "us" or "our" in this privacy notice, we are referring to the relevant company in the Celltrion group which is established in the country where you specifically choose to access, and responsible for processing your personal data.

Celltrion may have a privacy notice or statement specific to particular local laws, products, services, events or collaborations in which case such notice or statement shall supplement, and where there is a conflict supersede, this privacy notice.

Information That We Collect

We do not require registration to visit our websites. However, some services may require you to provide us with Personal Data, such as contact details and interests.

“Personal Data” may refer to any data that identifies one as an individual or relates to an identifiable individual. We may collect, use, store and transfer different kinds of Personal Data about you or individuals about whom you are contacting us, such as:

  • • Contact data (including name, address, telephone numbers and email addresses);
  • • Interests data (including specific requests made through the website);
  • • Technical data (including internet protocol (“IP”) address browser type and version, time zone setting and location browser plug-in types and versions, operating systems and platform, device IP and other technology on the devices you use to access this website); and
  • • Usage data (including information about how you interact with and use our website, products and services).
  • • Health Data: Data concerning health and medicinal products including, but not limited to, the nature of adverse effects, examination results, patient information, personal or family medical history, diseases or associated events, risk factors, information about the use of medicines and therapy management, physical exercise, diet, eating behavior, sexual life/contraception, and consumption of tobacco, alcohol, and drugs. Information about the patient may also include name, hospital record numbers, age, date of birth, sex, weight, height, race, whether pregnant and/or breastfeeding, and strictly necessary occupational data for the evaluation of the adverse event.

If you are a Healthcare Professional (“HCP”), we may collect, use, store and transfer additional kinds of Personal Data related to our professional interaction with you.

HCP refers to any member of the medical, dental, pharmacy, or nursing professions or any other person who, during his or her professional activities, may prescribe, purchase, supply, or administer a medicinal product.

Additional kinds of Personal Data requested from HCP may include, but are not limited to:

  • • Professional data such as professional biography/credentials and data related to licenses, specialties, professional affiliations, publications, credentials, and other occupational achievements; and
  • • Customer data related to your use of our products, your interactions with us, and services for those whom you care for.

If we ask you to provide any other personal information not described above, then the specific information requested and the reasons why we require them will be made clear to you at the point we collect your personal information.

Providing us with, or giving us permission to collect, any Personal Data relating to individuals other than yourself requires you to have valid authority to do so pursuant to relevant legislation.

How We Collect Your Personal Data

We use different methods to collect Personal Data from and about you including through:

  • Your interactions with us. You may give us your Personal Data by filling in online forms or by corresponding with us by post, phone, email or otherwise, including but not limited to when you give us feedback or contact us. Also, you may share adverse events or medical information enquiries with us.
  • Automated technologies or interactions. As you interact with our website, we will automatically collect Technical and Usage data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our Cookie policy for further details.
  • Third parties or publicly available sources. We will receive Personal Data about you from various third parties and public sources as set out below:
    • • Technical data is collected from the following parties:
      • • analytics providers, such as Google based outside the EU/EEA or the UK;
    • • Health data may be collected in connection with adverse event reporting from healthcare professionals, distributors, regulatory authorities, or other individuals reporting on your behalf. Health data is collected in connection with adverse event reporting, including regulatory databases where such reports are made.

How We Use Your Personal Data

We use Personal Data in order to maintain functionalities on our website and to provide other services such as:

  • • Providing customer service to individuals;
  • • Responding to individuals’ inquiries and fulfilling any requests from them;
  • • Monitor the safety of medicinal products and medical devices, which includes detecting, assessing, following up on and preventing adverse events, and reporting adverse events to health authorities;
  • • Respond to queries regarding medical information including, but not limited to, relation to availability of products, clinical data, dosing and administration, formulation and stability, and interactions with other drugs, foods, and conditions;
  • • Respond to quality complaints regarding our products, such as any fault of quality and/or effectiveness, stability, reliability, safety, performance, or usage;
  • • Answer other questions or requests and improve our products and services;
  • • Comply with our policies and local legal, regulatory, and compliance requirements; or
  • • Conduct audits and defend litigation.
  • • Sending administrative information to individuals, such as changes to our terms, conditions, and policies, as well as market information that we believe may be of interest to you.

We also use Personal Data to ensure that our business operations comply with any relevant legal obligations and match our legitimate interests.

Our business activities may include:

  • • Data analysis;
  • • Internal data audits;
  • • Identifying usage trends for our websites;
  • • Detecting, preventing, and investigating fraud in the use of our websites;
  • • Cyber security monitoring;
  • • Developing, enhancing, or modifying our products and services;
  • • Validating users’ ability to access or utilise our products and services;
  • • Understanding how our products and services impact you and / or those in your care;
  • • Disclosing information about our dealings with you to relevant authorities in line with industry best practice and the maintenance of transparency;
  • • Expanding our business network and scale of operations.

The Personal Data that you and others provide may be aggregated, and we may use and disclose such aggregated data for any purpose. Aggregated data does not personally identify you or any other individual.

How we Disclose Personal Data

We take your privacy very seriously and will never disclose, share or sell your data without your consent, unless required to do so by law or as otherwise set out below.

We disclose Personal Data to third parties as follows:

  • • Other members of the Celltrion group of companies, for the purposes described in this Privacy Notice.
  • • Our employees (including those at Medical, Quality, Legal and Compliance Departments) and other Celltrion Group (especially Celltrion Inc., the manufacturer of our products)
  • • Other pharmaceutical and medical device companies if the adverse event, request for information, or complaint relates to one of their products
  • • Service providers acting on behalf of us and our subsidiaries/affiliates, such as IT system and data hosting providers, and adverse event processing service providers. These third parties are contractually and legally obliged to protect the confidentiality and security of personal data, in compliance with applicable law
  • • Other companies with whom we collaborate regarding products or services, including our co-promoting partners for products that we develop and market jointly.

Personal data may be shared with:

  • • Healthcare professionals involved in an adverse event, request for information, or complaint
  • • A national and/or international regulatory, enforcement, public body or court where we are required to do so by applicable law or regulation or at their request; Including but not limited to:
    • • The European Medicines Agency (EMA) which controls the EudraVigilance database (for more information visit https://www.ema.europa.eu);
    • • The U.S. Food and Drug Administration (FDA) which controls the Adverse Event Reporting System (for more information visit https://open.fda.gov/data/faers/); or
    • • The Korea Institute of Drug Safety & Risk Management (KIDS) which controls the Korea Adverse Event Reporting System (for more information visit https://kaers.drugsafe.or.kr/)
    • • To any other person with your consent to the disclosure.

    We may also disclose your Personal Data as necessary or appropriate:

    • • To comply with applicable law, as well as our regulatory and industry monitoring and reporting obligations (including laws outside your country of residence);
    • • to respond to requests from both public and government authorities (including authorities outside your country of residence);
    • • to cooperate with law enforcement; or
    • • for other legal purposes.

    Legal basis and purpose for Processing Personal Data

    The law requires us to have a legal basis for collecting and using your Personal Data. Our legal basis for collecting and using the Personal Data as described above will depend on the Personal Data concerned and the specific context in which we collect it.

    In the context of our website, we will generally collect Personal Data from you as described in the following table:


    Purpose/Use Type of data Legal basis
    To manage our relationship with you which will include:
    (a) Notifying you about changes to our terms or privacy policy
    (b) Dealing with your contact to us, requests, complaints and queries     		(a) Contact
    (b) Interests
    (c) Customer     		(a) Necessary to comply with a legal obligation
    (b) Necessary for our legitimate interests (to keep our records updated and manage our relationship with you)
    (c) Performance of a contract with you
    To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Contact
    (b) Technical
    (c) Interests     		(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
    (b) Necessary to comply with a legal obligation
    To deliver relevant website content and measure or understand the effectiveness of our interactions (a) Contact
    (b) Usage
    (c) Interests
    (d) Technical     		Necessary for our legitimate interests (to study how customers use our website, products and services, to develop them, to grow our business and to inform our marketing strategy)
    To use data analytics to improve our website, products/services, customer relationships and experiences and to measure the effectiveness of our communications and marketing (a) Technical
    (b) Usage
    (c) Professional
    (d) Customer
    		 Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
    To carry out market research through your voluntary participation in surveys (a) Contact
    (b) Professional
    (c) Customer     		(a) Necessary for our legitimate interests (to study how customers use our products/services and to help us improve and develop our products and services)
    (b) Consent, having obtained your prior consent to participation in such surveys
    Ensure the safety of our products, services, and websites by investigating incidents and taking action against illegal or harmful behavior, as well as assisting law enforcement and regulatory bodies. (a) Technical
    (b) Other information listed above and below in this notice that is relevant to protecting the safety of our products, services, and websites.     		Our legitimate interest to protect our business and ensure the safety of our products, services, and websites.

    In the context of our customer management activities (e.g. Respond to queries etc. generally in relation to HCPs), we will generally collect Personal Data from you as described in the following table:


    Purpose/Use Type of data Legal basis
    To manage our lead database, create a prospecting blacklist, prepare quotes and commercial proposals, and management our commercial relationship with customers (a) Contact
    (b) Interests
    (c) Customer
    (d) Technical
    (e) Usage
    (f) Disclosable
    		 (a) Necessary for our legitimate interests (ensuring the successful provision of services to our customers; compliance with regulatory and industry standards)
    (b) Performance of a contract with you
    To conduct customer satisfaction monitoring relating to HCPs (a) Contact
    (b) Professional
    (c) Customer     		Necessary for our legitimate interests (ensuring the successful provision of services to our customers)
    To support product analysis and development, quality and improvement of our services (a) Contact
    (b) Professional
    (c) Customer     		Necessary for our legitimate interests (ensuring the development of our products and services)
    To respond to your queries/complaints and provide you with information (including medical information or adverse events) (a) Contact
    (b) Professional
    (c) Customer
    		 Necessary for our legitimate interests (ensuring the development of our products and services)

    In the context of monitoring the marketing of our products (e.g. managing our legal marketing obligations, adverse effects, etc.), we will generally collect Personal Data from you as described in the following table:


    Purpose/Use Type of data Legal basis
    To manage contracts and general relationship management with HCPs (a) Contact
    (b) Professional
    (c) Customer
    (d) Health
    (e) Disclosable     		Performance of a contract with you
    To process information about adverse events (e.g. monitoring, reporting, investigation) (a) Contact
    (b) Professional
    (c) Customer
    (d) Health
    (e) Disclosable     		(a) Necessary to comply with a legal obligation
    (b) Necessary for our legitimate interests (collecting information about the effects of our products)
    (c) Required for substantial public interest
    To prepare a HCPs' CV library (a) Contact
    (b) Professional
    (c) Customer     		Necessary for our legitimate interests (enabling us to keep records about HCPs we engage with)

    Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time. If you opt out of receiving marketing communications, you may still receive service-related communications that are essential for administrative or customer service purposes.

    Your Rights

    You have the right to access any Personal Data that we process about you and to request information about:

    • • What Personal Data we hold about you
    • • The purposes of the processing
    • • The categories of Personal Data concerned
    • • The recipients to whom the Personal Data has/will be disclosed
    • • How long we intend to store your Personal Data for
    • • If we did not collect the Personal Data directly from you, information about the source.

    You may also be able to:

    • • Request correction of the Personal Data that we hold about you;
    • • Request erasure of your Personal Data in certain circumstances;
    • • Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your Personal Data);
    • • Object at any time to the processing of your Personal Data for direct marketing purposes;
    • • Withdraw consent at any time where we are relying on consent to process your Personal Data; and
    • • Request restriction of your Personal Data.

    If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request. This is to ensure that your data is protected and kept secure. We will respond to your request as soon as reasonably practicable.

    When asked to provide Personal Data, you may decline. However, choosing not to provide necessary information may limit our ability to supply you with requested services.

    Data Security

    We take your privacy very seriously and use reasonable organizational, technical, and administrative measures in order to protect your Personal Data. We work hard to protect you and your information from unauthorised access, alteration, disclosure, or destruction and have several layers of security measures in place, this includes encrypting your Personal Data in transit and at rest.

    UTILLIZZO DA PARTE DEI MINORI

    I nostri siti web e servizi online non sono destinati all’uso da parte di persone di età inferiore ai 18 anni.

    Data Retention Period

    We only retain your Personal Data for as long as reasonably necessary to fulfil the purpose(s) for which it was obtained in this Privacy Notice, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We have strict review and retention policies in place to meet these obligations.

    When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymize it or, if this is not possible (for example, if your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until it can be safely deleted.

    Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.

    Please note that we may need to retain certain types of Personal Data for recordkeeping or legal or regulatory compliance purposes.

    Transfers Outside the EU/EEA or the UK

    Your Personal Data may be transferred to, and processed in, countries other than the one from which you access our website or in which you reside. Those countries may have data-protection laws that differ from those of your applicable jurisdiction.

    The servers of this website are located in the Republic of Korea (South). We may transfer your Personal Data with legitimate purpose to other members of the Celltrion group of companies, third party service providers, and business partners located around the world.

    Whenever we transfer your personal data out of the EU/EEA or the UK, we ensure that a similar degree of protection is afforded to and that your Personal Data will remain protected in accordance with this Privacy Notice. These measures include using the European Commission’s Standard Contractual Clauses together with the UK International Data Transfer Addendum, or relying on applicable adequacy decisions, to lawfully transfer your Personal Data outside the EU/EEA or the UK.

    Our Standard Contractual Clauses can be provided on request. We have implemented similar appropriate safeguards with our third-party service providers and partners and further details can be provided upon request.

    At the same time, as of the last updated date of this Privacy Notice, the European Commission and the Information Commissioner's Office (the ICO) has adopted an adequacy decision for Republic of Korea (South Korea) since 17 December 2021 and 23 November 2022 respectively, which means that free unrestricted transfers of personal data from the European Economic Area (EEA) and/or the UK to private and public entities in South Korea will be permitted from that date onwards (including remote access from South Korea) without the need for certain restrictions such as, but not limited to, implementation of Standard Contractual Clauses.

    Appropriate safeguards have also been implemented with our third-party service providers and partners as required. Further details, along with our Standard Contractual Clauses, can be provided upon request.

    Use by Minors

    Our websites and online services are not intended to be used by anyone under the age of 18.

    We respect the privacy of minors (and/or vulnerable individuals) and do not knowingly collect, use or disclose Personal Data of minors (as defined under local law) or vulnerable individuals without verifiable consent from a parent or guardian.

    Still, if we become aware that the information submitted to or collected by us is Personal Data of a minor without first receiving verifiable consent from a parent or guardian, we will take prompt steps to delete such Personal Data. If a parent or guardian wishes to raise a concern regarding Personal Data pertaining to a minor, please use the details in the “Contact Us” section below.

    Third-party links

    This website includes links to third-party websites. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

    Contact Us

    If you have any questions or concerns about our use of your Personal Data, please contact our data privacy contact at dpo.cthc@celltrion.com

    Lodging a Complaint

    If you want to contact us about any of your rights or complain about how we use your information, you can contact us on the details set out below. We’ll do our best to help but if you are still not satisfied, you can lodge a complaint with your local Data Protection Authority (DPA). A list of the EU DPAs is available at: https://edpb.europa.eu/about-edpb/board/members_en.

    Updates

    We may update this Privacy Notice from time to time in response to changing legal, technical, or business developments. This Privacy Notice was last updated as of the “Last Updated” date shown above.