Data Protection at Fresenius Kabi

We welcome your interest in Fresenius Kabi AG (“Fresenius Kabi”). Protecting the personal data of our patients, healthcare professionals, suppliers, customers and other business contacts is important to us. As a global healthcare company in the digital age, data forms a cornerstone and enabler of our worldwide business. With data being one of our key assets we need to ensure that it is appropriately handled and protected.

This site explains how our organization incorporates data protection into its operations. We also explain how your data is used in our processes. Furthermore, you will find information on how to obtain insight and execute your rights.

Our Data Protection Organization

Fresenius Kabi operates a central data protection center of competence. This center has set up a data protection management framework in alignment with ISO 29100 (privacy framework for the protection of personally identifiable information). The competence center aims to implement a harmonized and consistent way of processing personal data across all Fresenius Kabi entities. It sets the policies, procedures and standards for data protection and provides tools and processes for the employees as well as training and awareness material. Furthermore, this center provides expertise on all data protection topics.

Our local data privacy advisors at the various Fresenius Kabi legal entities support local management in their compliance efforts. They do this by executing risk and compliance assessments for the different data processing activities. With these assessments we aim to integrate data protection requirements into the design of our processes and IT systems.

At Fresenius Kabi, we know information security is important to our customers, patients, and business partners. We are committed to maintaining information security through responsible management, appropriate use, and protection in accordance with legal and regulatory requirements and our agreements. 

The monitoring of our data protection compliance efforts is overseen by our data protection officer.

Our Data Protection Policy

The Fresenius Kabi Group has adopted Binding Corporate Rules on the protection of personal data. These rules have been approved by the European Data Protection Authorities and describe the principles for protecting personal data and determine how we apply them when collecting and processing personal data.

The Fresenius Binding Corporate Rules and associated security policies and procedures aim to create a global adequate and uniform level of data protection across our group. They also set the rules for the internal data transfers between Fresenius Kabi companies and our internal service provider worldwide.

If you interact with us, as a healthcare professional, business contact, or website user, also if you report an adverse event or submit a data subject request, we collect and use your personal data. In the data protection statements below, we explain how we collect and use your data in these different contexts.

Business contacts (vendors, clients, interested business contacts)

As our business contact, we mostly collect and use your personal data in order to prepare, fulfill or perform an agreement or contract with you or with your organization for the provision of products and services. This includes:

  • the evaluation of our relationship with the company you work for (business partner evaluation), and
  • the fulfillment of compliance requirements such as business partner due diligence, sanction list screening and money laundering laws.

Healthcare professionals

If you are a healthcare professional we mostly collect and use your data to send you product and service related information and to assess whether you are a suitable contact for specific business needs, e.g., when we look for an expert in a certain field or for a specific product.

Website users

If you are using our website, we also collect data about you. 

Reporters of adverse reactions or events

We collect, use and report personal data of patients using our products and of reporters of adverse reactions or events. 

You have the right to file a complaint about the way we manage your personal data with our data protection officer or with the data protection authority.