Ferring Privacy Notice for Job Applicants

Thank you for applying for a position at Ferring. At Ferring, your privacy is important to us and we are committed to ensuring our data protection practices adhere to applicable European and local national data protection regulations.

This Privacy Notice will provide information as to how Ferring will collect, hold and process your personal data, and will describe the ways in which we will ensure your personal data is protected in accordance with the applicable regulations.

This Privacy Notice applies only to administering and processing your application, and to assess your eligibility for the role to which you are applying, and other purposes outlined in the privacy notice. If you visit another website related to or recommended by Ferring, please consult the privacy notice on the respective website.

What personal data is collected?

Personal data means all information that relates to an identified or identifiable individual, which means you. This may include your name, postal address, phone number, email address or any other information which may be used to identify you personally. For the purpose of administering and processing your application, Ferring will collect, process, store and use the following types of personal data (which we call “applicant data”):

• Identification data, such as your full name, home address, telephone number, e-mail address, nationality, driver’s license details (where needed to fulfil employment duties).
• Personal information, such as your date of birth, gender (if included in the CV) and, if necessary and permitted by law, health and medical data, such as information on disability, relevant for the performance of your work: for instance, where we would be required to make work or workspace adaptations or adjustments.
• Education and work experience, such as contact details for your current/former employer, information about your educational background, work experience and other related experience.
• Other application data, such as the information contained in your application/CV or information you disclose during the application process such as pictures, certifications, areas of interests and other information you decide to voluntarily share with Ferring during the recruitment process.
• Information collected as part of the interview process, such as notes taken during your interview, information provided by recruitment agencies and through personality tests and/or capability tests where relevant.
• Background check information, such as information obtained through reference checks and confirmation of your education and employment history, and criminal record data, where relevant and appropriate to the role for which you are applying.

How Ferring will use your personal data

Ferring, as the data controller, on behalf of affiliates of the Ferring Group will only process your personal data where there is a legal basis for doing so, and where it is necessary to carry out the purpose for which it was collected. The legal basis for processing your personal data will depend on the purpose for which the data was collected, as well as how far you proceed in the recruitment process.

The purposes for which Ferring collects and uses applicant data, in connection with your application for a position with us, are:

• Administering and processing your application;
• To determine your eligibility for the role for which you are applying;
• Conducting background checks as part of the recruitment process;
• Complying with applicable laws, such as employment laws, and employment-related requirements;
• Communicating with you and third parties (e.g. external recruitment agencies, referees, former employers (with prior consent);
• Responding to and complying with requests and legal demands from regulators or other authorities within or outside your home country, which involves the processing of identification data and contact details.

Handling of applications

Ferring will as part of the recruitment process, upon receiving the applicant data provided by you, assess your eligibility for the position, to which you applied. The legal basis for these activities will be the legitimate interest of administrating and processing your application, determining your eligibility, conducting background checks, complying with applicable laws, communicating with you and third parties and complying with requests.

Assessments

Ferring will, as part of the recruitment process, invite you for assessments in order to evaluate you as a candidate for the position to which you are applying. The information will be collected as part of the interview process. The legal basis for processing your personal data will be in the legitimate interest of assessing your eligibility for the position and you consent to the processing of any sensitive data that may appear in personality tests.

Your personal data will only be used for the specific purpose for which it was collected and will not be used for any other purpose without notifying you in advance and/or obtaining the appropriate consent.

Retention of personal data

Ferring will follow the appropriate actions to ensure your personal data is retained only for the period required to fulfil the purposes outlined in this Privacy Notice. Ferring will only retain personal data for a longer period if required or permitted by law or by applicable regulations within the pharmaceutical industry.

For Successful applicants: Ferring will, for the purpose of administering and processing your offer and future employment with us, retain the personal data collected from you during the recruitment process and transfer it from your candidate record to your employee record.

For unsuccessful applicants: Unsuccessful applicant data is retained for a maximum of 12 months from the date of your last application. After this period of time, your personal data will be deleted from our systems.

Your Rights

If and when we collect, hold and process your personal data, you will be afforded specific rights as a data subject. Ferring will give effect to these rights in accordance with the applicable European and local national data protection laws.

• Right to access and rectification: you have the right to request a copy of the information we hold about you, as well as the right to request the correction of the personal data we hold if it is inaccurate.
• Right to erasure and restriction of processing: you have the right to request the erasure of your personal data or the restriction of processing your personal data. These rights are limited and will apply only in certain circumstances and where no exemptions apply.
• Right to data portability: you have the right to request a copy of the personal data we hold, as well as the right to request that this data be transferred to another controller. This right is subject to certain conditions and may not apply, for example, if not permitted for reasons of public interest, or is not technically feasible.
• Right to object: you have the right to object to the processing of your personal data. If the data is processed for reasons of public interest, scientific or statistical purposes, you may still object and it will be our responsibility to demonstrate the legitimacy of processing the data.
• You have the right to contact or lodge a complaint with your local data protection supervisory authority.

If you would like to submit a request in relation to a data subject right, please use the Data Subject Contact Form.

How Ferring may transfer or share your personal data

Due to the global nature of Ferring operations, we may also disclose your personal data to third parties, including within and outside the Ferring Group in the jurisdictions where Ferring entities are located, for the following processing purposes:

Within the Ferring Group. As the Ferring entity to which you are applying is part of a wider group with headquarters in Switzerland and entities located across several regions, also outside the EU/EEA, Ferring may transfer the applicant data to, or otherwise allow access to such data by other entities within the Ferring Group. Any such transfers will be safeguarded by internal international data transfer agreements between such Ferring entities, to ensure that your personal data is protected in accordance with the applicable European and national data protection laws.

Data processors. Where necessary for the processing purpose of recruitment, personal data will be shared with one or more third parties, whether affiliated or unaffiliated, to process applicant data under appropriate instructions (“data processors”). Data processors, including recruitment companies and IT services companies, will be subject to contractual obligations to implement appropriate technical and organizational security measures for the safeguarding of the personal data and to process the personal data only as instructed. To ensure compliance with the data protection requirements for transferring personal data outside of the EU/EEA, Ferring will carry out the required assessments and identify the adequate means. In accordance with our current practice, Ferring will continue to ensure that no transfers of data outside of the EU/EEA happen without an appropriate data transfer structure in place such as adequacy decisions, binding corporate rules, standard data protection clauses and codes of conduct. In some cases, the transfer might rely on derogations such as consent, performance of contract, public interest, legal claims, to protect vital interests or law.

Ferring will, in certain circumstances, share your personal data with third parties, such as vendors, contractors, partners or agents, if necessary to achieve the notified purposes, or if such third parties are assisting Ferring with the processing of the data. Ferring will only disclose personal data about you to a third party in the following circumstances:

• Relevant consent has been provided by you;
• where applicable, as a result of a request by you as a data subject;
• where there is a legal basis for the disclosure of the data and you have been provided with suitable notice of this;
• where we are required to do so under applicable laws or as a result of a court order; or
• where Ferring decides to sell, buy, merge or otherwise reorganize its business structure.

Ferring will never sell your information to a third party.

Security Information

Ferring maintains a number of appropriate technical and organizational security measures to safeguard your personal data from unauthorized access, use, disclosure, accidental destruction or loss. For example, where appropriate, Ferring is committed to the encryption, anonymization or pseudonymization of personal data, and personal data will be stored securely in a designated system. Our internal policies and procedures are designed to prioritize and promote the protection of personal data.

While our data security measures are continually evaluated and updated, the security of data transferred via the internet from a computer or other device cannot be guaranteed and you are encouraged to take steps to protect yourself online and against unauthorized use of your passwords, and mobile devices, as well as installing the appropriate firewall, anti-virus and anti-spyware protections for your computer.

A non-exhaustive list of possible data incidents may include,

• a lost/stolen laptop;
• an external hacker;
• an email containing personal data sent in error;
• information lost in transit; or
• documents left in unsecured location.

For the processing of personal data, throughout the recruitment process, Ferring will ensure data processors handling applicant data on behalf of Ferring have appropriate security measures in place.

If you suspect any security compromise or detect vulnerabilities, it is essential to report these data incidents immediately by using the Data Subject Contact Form.

Contact information

(i) If you have any questions or comments regarding this Privacy Notice or the processing of your application, and to assess your eligibility for the role for which you are applying, please get in touch with your Ferring contact person.

(ii) In case you wish to:

• Report a data incident or suspected personal data breach;
• Submit a request to exercise your rights as a data subject; or
• Contact the Global Data Protection Officer with a general enquiry,

please utilize the Data Subject Contact Form.

Alternatively, mail us to the following address:

(Att.: Data Protection Officer)
Ferring International Center S.A.
Chemin De la Vergognausaz 50
1162 St Prex
Switzerland

or, at the EU Representative for GDPR,
(Att.: Data Protection Officer)
Ferring International PharmaScience Center (IPC)
Amager Strandvej 405
2770 Kastrup
Denmark