This privacy notice provides information about how Ipsen Biopharmaceuticals, Inc., headquartered at One Main Street, Cambridge, Massachusetts 02142, United States, and its affiliates and subsidiaries, including affiliates in European countries governed by the EU’s General Data Protection Regulation (“GDPR”) (including Ipsen Pharma SAS, headquartered at 65, quai Georges Gorse – 92100 Boulogne-Billancourt, France) or the United Kingdom’s General Data Protection Regulation (“UK GDPR”) (“Ipsen,” “we,” “our,” or “us”) processes the personal information we collect about Healthcare Providers and Formulary customers. For more information about Ipsen’s processing of personal information, please see Ipsen’s US Privacy Policy and Global Privacy Policy. Additionally, US residents can find further disclosures at our Supplement Website Privacy Notice.
Who is the controller of your personal information?
Ipsen is the data controller for the personal data processing described below. Generally, Ipsen processes the information of US-based Healthcare Provider and Formulary customers (collectively, “Customer Data”) in the United States. From time to time, because Ipsen is a global company and certain activities are performed by global affiliates, Customer Data is also processed by Ipsen’s global affiliates.
What personal information do we collect about you?
We, and our vendors, collect, use, and disclose the following types of personal information as Customer Data:
- Information You Provide –
- Identifying information such as your name and date of birth;
- Contact information such as your physical address, email address, and phone number;
- Government identifiers, such as your Social Security number on an IRS W-9 form;
- Financial information, such as information we may collect if we engage you as a consultant or speaker;
- Employment history, education history, and any other information you submit in connection with consulting or speaker contracting; and
- Any other information you provide when you use Ipsen websites, contact us, or otherwise interact with us online or offline.
You are not required to provide your personal information to us. However, if you decide not to do so, we may not be able to interact with you or contract with you, if applicable.
- Information We Collect From Other Sources –
- Information we may collect from publicly-available sources, such as your employment history or publications history that is publicly available online; and
- Information we may receive from our vendors or third parties.
- Insights We Develop Upon Interacting with You –
- Ipsen may develop insights into your professional opinions and conduct through interactions with you, which can include aggregating information about you.
Why are we allowed to collect, use, and disclose your personal information?
When Customer Data is processed by Ipsen in the US, the Customer Data were either publicly available, were provided by you, or were insights that we derived through interactions with you and are processed consistent with US privacy laws. For example, if you are a consultant of Ipsen, then Ipsen may have selected you as a consultant because of your publicly available publications history, may have collected financial personal information from you for payment and Sunshine reporting purposes, and may have developed insights (which some states treat as personal information) about you professionally because of your comments about a therapeutic area or treatment landscape. As another example, if you are a customer on whom Ipsen calls, then Ipsen had collected publicly available information about you in your professional capacity and may have developed insights about you professionally from your interactions with Ipsen personnel.
We may use and disclose the information we collect for a number of purposes, including, but not limited to:
- Providing you with services or information (e.g., newsletters) you request or may find useful, including notices regarding relevant medical conditions and treatment;
- Engaging in scientific exchange;
- Processing your requests (such as when applying for a grant or signing up for a speaker program);
- Delivering marketing communications that may be of interest to you, including the delivery of targeted advertisements that are based on your previous online activity on our websites and other third-party websites (for example, if you view a page on our websites about a particular Ipsen product, you may receive an online advertisement for that product or a related product on a different page on our websites or on other websites you visit);
- Developing or improving our products and services;
- Helping our third-party partners and vendors better understand the demographics and preferences of our users;
- Providing you with information about our services or providing required notices;
- Allowing us to improve our websites and the services we provide, such as by better tailoring our content to our users’ needs and preferences;
- Communicating with you about and processing your application for employment with Ipsen;
- Generating and analyzing statistics about your use of our websites or other services;
- Detecting, preventing, and responding to fraud and intellectual property infringement; and
- Developing insights into your professional opinions and conduct; and
- Complying with applicable law, including, without limitation, ensuring our sales efforts target healthcare professionals who treat eligible patients, ensuring individuals with whom Ipsen interacts are not excluded from participation in federal healthcare programs, facilitating administrative transfers during entity changes (including sale of all or part of a business), and fulfilling our legal rights and obligations in transparency, contract, fraud and abuse, and litigation legal matters.
When Customer Data is processed by Ipsen in Europe, Ipsen processes the Customer Data for a range of purposes and relies on a number of different legal bases for that processing, as detailed in the table below.
| Legal bases | Purposes |
| Article 6 1 (b) Contract | We process personal information for the purposes of contracting with you for consulting or speaker engagements, or when you represent entities with which we may contract. |
| Article 6 1 (f) Legitimate Interests | We process your personal information for the following legitimate interests: • Providing you with services or information (e.g., newsletters) you request or may find useful, including notices regarding relevant medical conditions and treatment; • Engaging in scientific exchange; • Processing your requests (such as when applying for a grant or signing up for a speaker program); • Delivering marketing communications that may be of interest to you, including the delivery of targeted advertisements that are based on your previous online activity on our websites and other third-party websites (for example, if you view a page on our websites about a particular Ipsen product, you may receive an online advertisement for that product or a related product on a different page on our websites or on other websites you visit); • Developing or improving products and services; • Helping our third-party partners and vendors better understand the demographics and preferences of our users; • Providing you with information about our services or providing required notices; • Allowing us to improve our websites and the services we provide, such as by better tailoring our content to our users’ needs and preferences; • Communicating with you about and processing your application for employment with Ipsen; • Generating and analyzing statistics about your use of our websites or other services; • Detecting, preventing, and responding to fraud and intellectual property infringement; and • Developing insights into your professional opinions and conduct. |
| Article 6 1 (c) Legal Obligation | We process personal information for the purposes of meeting our legal obligations including, without limitation, ensuring our sales efforts target healthcare professionals who treat eligible patients, ensuring individuals with whom Ipsen interacts are not excluded from participation in federal healthcare programs, facilitating administrative transfers during entity changes (including sale of all or part of a business), and fulfilling our legal rights and obligations in transparency, contract, fraud and abuse, and litigation legal matters |
| Article 6 1 (a) Consent | We ask for your consent for processing your personal information when you opt into receiving SMS text messages from Ipsen. |
We will not use solely automated processing, including profiling, to make decisions that produce legal or similarly significant effects about you.
Where do we get your personal information from?
We obtain your personal information directly from you, from publicly-available sources, and from our vendors and third parties when they disclose personal information to us. We also obtain personal information about you from insights we have developed through interaction with you.
To whom do we disclose your personal information?
- To our employees. Personal information related to you will be accessed by authorised employees at Ipsen, with a relevant and tangible need to access your personal information.
- To our vendors. Personal information related to you may be processed by our vendors to whom we disclose such personal information. Ipsen engages vendors to undertake various activities on our behalf. Examples of these providers include speaker bureau and advisor management vendors. Such vendors may only process your personal information in accordance with Ipsen’s express instructions and are contractually restricted from your personal information for their own purposes.
- To third parties. Personal information related to you may also be processed by third parties to whom we disclose such personal information. We may disclose your personal information to any third party with your consent or at your direction. We may also disclose your personal information to third parties for the business purposes listed above, including to market/advertise our products and services and to comply with applicable law.
How long do we keep your personal information?
We will only retain your personal information in order to meet our operational needs and to comply with our legal requirements, in accordance with Ipsen’s retention policies.
How do we protect your personal information?
To prevent unauthorized access, maintain data accuracy, and ensure the correct use of personal information, Ipsen and our vendors have put in place appropriate physical, electronic, and organizational procedures to safeguard and secure the personal information we collect.
Do we transfer personal information outside of your home country?
We work all over the world. Therefore, your personal information may be processed, accessed, or stored in a country outside the country where you are located, which may not offer the same level of protection of personal information as your home country.
When we transfer personal information to external companies in other countries, or across our global Ipsen entities, we will protect it by putting in place appropriate contractual agreements. When we transfer personal information from Ipsen companies in the European Economic Area (“EEA”) to a third country without an adequacy decision from the EU Commission, we will do so on the basis of standard contractual clauses approved by the European Commission. Similarly, we will protect personal information transfers from other countries, including the UK and Switzerland, using appropriate contractual clauses approved by the relevant authorities in those countries. To obtain a copy of the safeguards we have implemented to facilitate such transfers of your personal information, you can contact us via the contact information provided below.
What are your rights regarding your personal information?
You may have the following rights regarding your personal information, depending on the circumstances and applicable legislation:
| Right | What does this mean? |
| 1. The right of access | You have the right to obtain access to the information processed by Ipsen. |
| 2. The right to rectification | You are entitled to have your information corrected if it is inaccurate or incomplete. |
| 3. The right to erasure | This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for Ipsen to keep using it. This is not a general right to erasure; there are exceptions. |
| 4. The right to restrict processing | You have rights to ‘block’ or suppress further use of your information in certain circumstances. When processing is restricted, Ipsen can still store your information, but may not use it further. |
| 5. The right to data portability | You have rights to obtain and reuse your personal data in a structured, commonly used, and machine-readable format in certain circumstances. |
| 6. The right to object | You have the right to object to certain types of processing, in certain circumstances. |
| 7. The right to withdraw consent | If we are using your personal data on the basis of your consent, you have the right to withdraw that consent at any time. |
Further, US residents may have additional rights under US state privacy laws, depending on your state of residence, including rights to access, correct, delete your personal information, opt out of the sale/sharing of your personal information, and limit the use of your sensitive personal information. For more information about those rights, please see our Supplement Website Privacy Notice.
If you would like to exercise your rights related to your personal information, please contact us via the methods listed below:
Related to processing of personal information by Ipsen in the US: To exercise your rights regarding your personal information in the US, you may complete this US Data Request Form or call us toll free from the US at 844-975-1739.
Related to processing of personal information by Ipsen outside of the US:
If you would like to exercise your rights regarding your personal information, please use this form, which is our Global data request form.
If you would like to ask us about how we handle your personal information, you can contact our Global Privacy team by contacting dataprivacy@ipsen.com.
If you are not satisfied with how Ipsen is handling your personal information, or you think that our processing is not compliant with data protection laws, you have the right to complain to the relevant data protection supervisory authority.
The data protection supervisory authority is:
The Commission Nationale de l’Informatique et des Libertés (CNIL), 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, FRANCE.
Additional Disclosures for US Residents
For additional disclosures for US residents, please see our Supplement Website Privacy Notice, which includes more US-related information about:
- Categories of Personal Information Collected and Disclosed
- Retention of Personal Information.
- Sale of Personal Information and Sharing for Cross-Context Behavioral Advertising
- Opt-Out Preference Signals
- Sources from Which We Collect Personal Information
- Purposes for Collection and Disclosure of Personal Information
- Categories of Entities to Whom We Disclose Personal Information
- Data Subject Rights
- Other Disclosures
- Contacting Us
- Notice Regarding Personal Information Collected from California Employees, Contractors, and Applicants
Last updated March 13, 2025