Online Media Monitoring

Who is the controller of your personal information?

Ipsen Pharma SAS, headquartered at 65, quai Georges Gorse – 92100 Boulogne-Billancourt, France, and its affiliates, are data controllers for the personal data processing described (referred to as Ipsen, we or us in this notice).

What personal information do we collect about you?

When we run our media monitoring activities, we use keywords and other search parameters to collect information from our own websites and other publicly available sources, such as Wikipedia and social media sites like LinkedIn. Our primary aim is to create aggregated analysis, however through the process of searching content and results we will collect certain personal data incidentally. This includes:

• Identification: your name, username, pseudonym, handle, or other identifier;
• Professional: your job title or profession (including category of profession, for example “CEO”);

We may also analyse the personal data in individual posts to infer other information about you, in order to group the analyses by different stakeholder groups.

In some cases, we may monitor the performance of the posts of key stakeholders, but we will not use that information to target or contact that person, but rather to meet our aims of understanding volume of relevant content.  

Why are we allowed to collect and use your personal information?

We process personal data in media monitoring activity for the following legal bases.

Where we collect special categories of personal data about you, we need an additional legal basis. If the personal data is related to adverse events or side effects, we will rely on GDPR (EU and UK) Article 9 2 (i), which is about managing the quality and safety of medicines.

If we come across other special category data during monitoring activity (though this is not our aim or intention), then we will rely on the fact that such data has been manifestly made public, which is Article 9 2 (e).

We will not use any of this data to target and profile you on the basis of sensitive categories of personal data (e.g. health status, sexual orientation, political beliefs, etc.).

Where do we get your personal data from?

In our media monitoring activity, we collect data indirectly by running keyword and targeted searches on a range of publicly available sources. This includes Online News Sites, Websites, Forums, Wikipedia, LinkedIn, X, Instagram, YouTube and Facebook. For example, we may collect information on how users on X or LinkedIn comment on Ipsen as a company or on specific campaigns, such as one of our disease areas.

We will only obtain data, based on the privacy settings you have set on any social media sites you use. You can control these settings on the social media sites themselves and you can also refer to their privacy notices or policies to check how your personal data is used by each platform.

We analyze media using a range of tools including Brandwatch, Google Trends and Keywordtool.io. We also access content through the developers API provided from one each social media sites LinkedIn, X, Instagram, YouTube and Facebook. We analyze key areas of interest, topics and themes which may include personal data, as described above.

We also track activities on our own websites using analytics software Piwik PRO (see the website user privacy notice for more information on this, and the pop-ups that appear on our websites when you visit them).

With whom do we share your personal information?

The main focus of our media monitoring activity is to create aggregated analyses that does not contain personal data. However, personal data is included, during the process to create those reports and we may also track some very key stakeholders’ activity. When we do have access to personal data, we ensure that it is only accessed by authorised employees at Ipsen, with a relevant and tangible need to access the information.

We also work with suppliers who, when relevant may have access to personal data. When we do this, we ensure that these suppliers have appropriate technical and organisational measures in place and that they only process the personal data on Ipsen’s instructions. For media monitoring, we will work with Burson and they will sub-contract with Brandwatch to carry out our media searches. To find out how Brandwatch processes personal data, please see their author privacy statement on their website (Brandwatch).

How long do we keep your personal information?

We will only retain your information for the duration of up to 6 months, in order to meet our operational needs and to comply with legislative requirements for retention in line with Ipsen’s retention policies.

How do we protect your personal information?

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Ipsen and its third-party service providers have put in place appropriate physical, electronic, and organizational procedures to safeguard and secure the information we collect.

Transfer of personal data outside of your home country?

We work all over the world. Therefore, personal data may be processed, accessed, or stored in a country outside the country where you are located, which may not offer the same level of protection of personal data as your home country.

When we transfer personal data to external companies in other countries, or across our International Ipsen entities, we will protect personal data by putting in place appropriate contractual agreements. When we transfer personal data from Ipsen companies in the European Economic Area (“EEA”) to a third country without an adequacy decision from the EU Commission, we will do so on the basis of standard contractual clauses approved by the European Commission. Similarly, we will protect personal data transfers from other countries including the UK and Switzerland using appropriate contractual clauses approved by the relevant authorities in those countries.

What are your rights regarding your information?

You may have the following rights regarding your information depending on the circumstances and applicable legislation:

Contact information

If you would like to exercise any of these rights by contacting us at Ipsen, please use this form.

However, please be aware that we may not be able to identify you through the information that has been processed for us, and so we may need to ask for further information from you to be able to deal with your request.

Where your personal data has come from posts on social media, you have control over what you want to post on those sites and how you make that available via the site’s privacy settings. You can also exercise your rights directly with those social media sites and also with Brandwatch directly, by referring to the relevant information on their websites.

If you would like to ask us about how Ipsen handles your personal data, or have any concerns or questions, you can contact our Global Privacy team at dataprivacy@ipsen.com

If you are not satisfied with how Ipsen is handling your personal data, or you think that our processing is not compliant with data protection laws you have the right to complain to the relevant data protection supervisory authority.

Our lead data protection supervisory authority is:

The Commission Nationale de l’Informatique et des Libertés (CNIL), 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, FRANCE.