What is this document about.

Opella is a multinational group that includes Opella Healthcare with its affiliates and subsidiaries (collectively “Opella”, “we”, or “us”).  

Your Personal Data (or Data) is any information that is about you, or is related to you and used to learn, evaluate, or decide something about you. Opella understands the importance of privacy and the protection of Personal Data and is committed to ensure protection and security of Data we process.  

This Global Privacy Notice explains how and why we may process your Personal Data when you interact with us as a representative, owner, employee or collaborator of one of our suppliers, vendors and service providers.  

If you interact with us in different capacities (e.g., as a visitor to our websites or a participant in an event) or if certain jurisdictions apply to you, please refer to the other relevant Privacy Notices on Opella.com for additional information. 
 

Who is responsible for using and protecting your Data. 

IMPORTANT - For ease of reference, in the remainder of this Global Privacy Notice: 

  • "vendor”, “the vendor” or “your vendor" will be used to indicate the vendor, supplier or service provider that you represent, own, work for or work with; 
  • "services" will be used to refer to the services provided to us by the Supplier in the provision of which you are involved. 
     

Opella is composed of many companies around the world. (A full list is available at: https://www.opella.com/en/privacy-center/documents/ListOfOpellaAffiliates-en-GL). 

Depending on the services delivered by the vendor to us, different Opella companies may be responsible for processing your Personal Data, for different purposes.  

As a general criterion, the Opella company or companies which have a contractual relationship with the vendor for the delivery of the services are normally responsible for processing your Personal Data in such context.   

Refer to the vendor to receive detailed information on which Opella company or companies have a contractual agreement concerning the services.
 

What Data we collect about you and why.

The Personal Data we may collect about you belongs to the following categories:

  • Personal identification data, such as name, surname, date of birth, national ID, email address and telephone number;  
  • Images, such as CCTV and other video-recordings;  
  • Contact details, such as home address, email addresses, phone numbers, and emergency contact information;  
  • Communication information, such as email subject line and contents, voice mail, IM contents, communication logs and meta-data (e.g., date, time, duration, location, addressees, sender, etc.); 
  • Financial information, such as financial account data (e.g., bank account), financial transaction data (only if and limited to what is necessary to execute the contract between us and the vendor);  
  • Educational and professional qualifications, such as academic degrees or diplomas, professional certifications or licenses, training or workshop completions, scholarships or academic awards, membership in professional bodies, published works or research, relevant coursework or specialized training, examinations or tests passed, languages spoken;  
  • Organizational affiliation data, such as company or organization, job title, role, function, department, BU or division, manager or supervisor's name, office or location assignment, project or task group associations, functional responsibilities or domain areas;  
  • Travel, transport and mobility information, such as itineraries, destinations, transport tickets, commute information, reservations, travel-related expenses; 
  • Device and equipment information, such as the IP address, device type, unique device identification number, browser type, operating system, broad geographic location (e.g., country or area), and other technical information;  
  • Interaction and activity logs, such as computer login times, application login/logout time, file downloads, internet navigation history and other operational behaviors. 
     

In addition, in certain countries or contexts, we may process the following categories of data only when it is strictly necessary to comply with our legal or regulatory obligations, or to mitigate high-risks, and subject to completion of thorough risk assessments and adoption of state-of-the art security measures: 

  • Medical, health and impairment information, such as workplace injury and incident reports, disability accommodation information; 
  • Judicial information, such as background check data; 
  • Biometric information, such as fingerprints, or facial patterns. 


Depending on the nature and scope of your relationship with us, we may process such Personal Data for one or more of the following purposes: 

  • to handle financial and contractual matters, for example to identify, evaluate, and select sources for products, services or assets, and to handle and oversee agreements with vendors;  
  • to manage and nurture the relationship with our business contacts, for example to establish, maintain, and optimize relationships with vendors; 
  • to conduct, manage and improve business operations, for example to oversee the receipt, storage, and transportation of goods within the company's supply chain; 
  • to manage recruitment and onboarding of external workforce, for example to allow for selection of external workforce, facilitate the onboarding and access to company infrastructure and premises; 
  • to manage workforce and organization, for example to organize and oversee the structure of the organization and its people (including external workforce); 
  • to manage offboarding of external workforce, for example to ensure a smooth and compliant transition out of the organization. This encompasses activities such as ensuring the return of company property, revoking access to company systems and premises.  
  • to develop and operate our digital platforms and tools, for example to oversee the company's digital infrastructure, backup, and disaster recovery processes, or to track, monitor, and manage the company's inventory of digital devices and assets.  
  • to protect our staff, visitors, assets and information, for example through access controls and surveillance (including CCTV) to ensures the physical and digital integrity of our locations and assets; 
  • to fulfill our legal, regulatory, ethical and compliance obligations, for example to ensure compliance with regulations regarding pharmacovigilance, health & safety, or privacy as well as by fighting against fraud, conducting internal investigations, audit, managing conflict of interest reporting. 
  • to protect ourselves from financial, reputational and regulatory risk and liability, for example to design, implement, monitor, and refine Ethics and Business Integrity programs within the organization, to monitor and enforce compliance with internal policies and procedures, to prepare, plan and execute audit activities, to document mitigating actions and their status, and to distribute reports to relevant stakeholders.  
  • to establish, exercise or defend our legal rights, for example to handle and oversee disputes, claims, and litigations.  


We process Personal Data for the purposes described above based on applicable legal grounds, which may include the necessity to provide requested services, compliance with legal obligations, legitimate business interests, or consent where required by law. 

Should you interact with us in one or more of the following capacities:

  • job applicants; 
  • visitors to our websites and social media; 
  • consumer; 
  • visitors to Opella’s locations; 
  • participants in events and training; 
  • participants in prize contests; 
     

please refer to the corresponding Global Privacy Notices published on Opella.com to learn more about additional uses of your Data in such contexts.
 

How we collect your Data.

Depending on the nature and scope of your relationship with us, we may collect your Personal Data from different sources and in a variety of circumstances and ways: 

  • directly and knowingly from you; 
  • though automated tools or tracking technologies; 
  • from other affiliates of Opella; 
  • from Partners or Service Providers (including the vendor you represent, own, work for or work with). 

In addition, new Data about you may be inferred, derived, generated as part of the processing (for example compliance records, communication logs, training completion records, access logs, or incident reports, etc.).  

If we obtain your Personal Data from more than one source, we may combine or link such Data and use it for purposes compatible with those for which it was originally collected. 

Who can access your Data. 

Only authorized recipients have access to your Personal Data to perform the activities described above. Such recipients may include:

  • employees and staff of Opella affiliates and subsidiaries, to allow for the processing of your Data for the purposes described in the previous sections;    
  • our partners such as other service providers, contractors, business partners or vendors, acting upon our instructions for to support the processing of your Data for the purposes described in the previous sections; 
  • supervisory & regulation bodies, public authorities, courts, and law enforcement bodies. This may happen, for example, in circumstances that include, but are not limited to fulfilling our reporting obligation; responding to requests from them; when it is necessary to establish, exercise, or defend legal claims; when you request us to do so if this does not constitute a violation of our or others' rights; when it is necessary to prevent physical harm or material financial losses to us or others; 
  • professional Advisors and Auditors. 


Whenever required by the applicable law, we enter into contractual agreements with these recipients to ensure they provide adequate data protection measures, they commit not to use the Data for purposes other than those described in this Global Privacy Notice and cooperate with us to ensure that your rights can be effectively exercised. 

Where is your Data processed.

We are part of a multinational group with employees, affiliates, partners and service providers located around the world. Consequently, your Data may be processed in and accessed from countries where different data protection laws apply.  

When Personal Data is transferred to or accessed from other jurisdictions, we adopt one of the mechanisms provided by the law to ensure an equivalent level of protection of your Data in the destination country. This includes, for example, the adoption of the Standard Contractual Clauses. 

How long we keep your Data. 

Your Data will be kept for a period not exceeding the time necessary to achieve the purposes for which it was collected. The criteria for determining the retention period of the Personal Data consider the period of permitted processing (for all the relevant purposes), applicable regulations affecting the minimum or maximum retention period (if any), limitation of rights, and legal bases for processing.

How we protect your Data.

While we strive to protect your Personal Data, no Data transmission, use or storage can be guaranteed as 100% secure. To protect your Data, we adopt technical and organizational measures aimed at reasonably mitigating the risk that such Data is leaked, lost, or used for unauthorized purposes. 

If a security incident occurs and affects your Personal Data, we will take reasonable actions to mitigate possible impacts on you. When the incident is likely to result in serious harm this may include a notification to you or to competent authorities. 

Your rights.

You have rights regarding your Personal Data which may include, for example: 

  • have access to, and receive a copy of your Data; 
  • obtain the rectification of your Data, should it be inaccurate, incomplete, or obsolete; 
  • obtain the deletion of your Data in situations set forth by applicable data protection laws; 
  • withdraw your consent to data processing at any time, without affecting the lawfulness of processing, where your Data has been collected and processed on the basis of your consent; 
  • object to the processing of your Data, where it has been collected and processed on the basis of our legitimate interests; 
  • request a limitation of data processing activities, in the situations set forth by applicable laws; 
  • request that some of the Data you provided to us is brought to you, or to another company, in a commonly used, machine-readable format. 
     

Your rights may vary depending on the privacy laws applicable to the specific use of your Data. 

If you want to exercise any of your rights, please submit a request using this online form https://www.opella.com/en/privacy-center or use the other contact indicated in this or other privacy notices, as well as in the list of Opella affiliates available at: https://www.opella.com/en/privacy-center/documents/ListOfOpellaAffiliates-en-GL.  

You are also entitled to lodge a complaint with your local Data Protection Authority. 

Contact us.

If you have a question or any concerns regarding our use of your Data, visit https://www.opella.com/en/contact.  

Where a Data Protection Officer or equivalent role is designated, you can also contact them. For further details consult the list of Opella affiliates available at: https://www.opella.com/en/privacy-center/documents/ListOfOpellaAffiliates-en-GL.  

Changes to this Global Privacy Notice.

We may update this Global Privacy Notice periodically to reflect changes in the law or our practices. We encourage you to check this page periodically.