Santen Pharmaceuticals is using third-party service providers to support her in providing its services to all individuals concerned. In so doing Santen contracts out with such third parties on specific terms and conditions in accordance with applicable data protection laws and regulations including the European General Data Protection Regulation 2016/679 ("GDPR").
As a Data Controller, Santen aims to establish a high level of data protection and privacy for its data subjects and partners alike. To that end Santen has developed a specific Privacy and Security GDPR Processor Addendum ("GDPR Addendum") for use in its contractual arrangements with third party service providers acting for the benefit of Santen as Data Processors.
The GDPR Addendum sets out the scope, subject-matter, duration and purpose of the data processing, activities carried out by our data processors and their sub-processors as well as the types of personal data processed and the rights of data subjects. It also details the service providers' confidentiality obligations as data processors, cooperation regarding inquiries from data subjects and authorities, international data transfers, engagement of sub-processors, and the location and deletion of data. Finally, our security measures and personal data breach indemnity commitments are explained.
Moreover, if the Data Processor and /or any of its sub-processors, is located outside the European Union and/or the European Economic Area (EEA), in addition to our GDPR Addendum, we request our data processors to also execute the Standard Contractual Clauses (SCCs) for data transfers to third countries for Processors as approved by the European Commission.
This approach establishes and maintains a high level of data protection and privacy for our data subjects in the EU and beyond.