Privacy Notice

Introduction

This Privacy Notice generally describes the ways in which Dr.Reddy’s, its Affiliates, subsidiaries and entities (“Dr.Reddy’s”/ “Company/ “we” / “our”) collect, hold, use and process and dispose off information about individual persons, including its employees, customers, suppliers, Key opinion leaders (KOLs), patients, and Health Care Professionals (HCPs) (“Data Subject”/ “you” / “your”) under applicable privacy laws and regulations. Depending on the category of data subject you belong to, you will find more detailed information on the processing activities carried out by Dr.Reddy’s with your Personal Information, Personal Sensitive Information and/or any data related to clinical trials (together and separately called “Personal Data”) within the documents linked below (please see section “How Personal Data will be used?”). For the purposes of this Privacy Notice “Dr.Reddy’s”, “Company”, “we” and/or “our” will refer to the company considered as data controller of your Personal Data; to determine which company is the data controller of your personal information please see section “Identity and contact details of controller and Global Data Privacy officers” below.

Undertaking

Dr.Reddy’s is committed to protect the privacy of Personal Data and handling the same in a responsible manner in accordance with the Regulation 2016/679 (the "General Data Protection Regulation" or "GDPR", interchangeably) and any other relevant privacy legislations in the countries of our operations.

We will not knowingly collect, use or disclose Personal Data from a minor under the age of 18, without obtaining prior consent from a person with parental responsibility (e.g., a parent or guardian) through direct off-line contact. We will provide the person with parental responsibility with the relevant information regarding the processing of the child’s Personal Data.

Dr.Reddy’s will always handle your Personal Data in accordance with the ‘Global Data Privacy Framework’ including any other document(s) referred to and/or linked thereto. Global Data Privacy Framework is located on the Company’s homepage.

How personal data will be used?

Please, find below the information on how Dr.Reddy’s processes your Personal Data, depending on the category of data subject you belong to.

  • If you are an employee / customer / supplier / Key Opinion Leader (KOL), Health Care Professional (HCP) of Dr.Reddy’s, please check our Global Data Privacy Framework including any other document(s) referred to and/or linked thereto for information on how Dr.Reddy’s processes your Personal Data, the legal basis for such processing and retention of the same, whom we disclose; as well as information on the international transfer of your data.
  • If you are a patient engaged in clinical trial of Dr.Reddy’s, please check our Global Data Privacy Framework including any other document(s) referred to and/or linked thereto for information on how Dr.Reddy’s processes your Personal Data, the legal basis for such processing and retention of the same, whom we disclose; as well as information on the international transfer of your data.

To whom we disclose your Personal Data? Will my data be transferred outside the European Economic Area?

Your Personal Data may be transferred by the data controller to comply with legal or contractual requirements. In addition, we may also provide your Personal Data to third-party service providers (including but not limited to for purposes of payroll processing, accommodation, booking travel tickets, rewarding employees, providing experience certificate, completion of exit formalities, expense reimbursement, business emails, etc.) to the extent permitted by and in accordance with the local Privacy Laws and Regulations.

Further, your Personal Data may be disclosed:

  • as permitted or required by applicable law or regulatory requirements. In such a case, we will endeavor to disclose only the requested information under the circumstances;
  • to comply with valid legal processes such as search warrants, subpoenas or court orders;
  • as part of Dr.Reddy’s regular reporting obligations;
  • to protect the rights and properties of Dr.Reddy’s; or
  • during emergency situations or where necessary to protect the safety of a person or group of persons;

You may find information on the international transfer of your Personal Data carried out by Dr. Reddys within the relevant informative document as described in section "How personal data will be used?" above.

Dr.Reddy’s to its best efforts will ensure that your Personal Data transferred will be subject to the same protection regime as if retained locally. In addition, the Company will ensure that third party service provider(s) take appropriate technical and other measures to protect the security and confidentiality of your Personal Data.

For how long Dr.Reddy’s will keep your Personal Data?

Your Personal Data will be stored for a period allowed under applicable laws of the countries of our operations. Except as otherwise permitted or required by applicable law or regulatory requirements, Dr.Reddy’s endeavors to retain your Personal Data only for as long as it believes is necessary to fulfill the purposes for which the Personal Data was collected (including, for meeting any legal, accounting or other reporting requirements or obligations). We may, instead of destroying or erasing your Personal Data, make it anonymous such that it cannot be associated with or tracked back to you.

Your rights

  • You have the right to request for an access to and rectification or erasure of your Personal Data, to restrict processing or otherwise, and data portability.
  • If you have provided consent for processing of your Personal Data, you have the right (in certain circumstances) to withdraw the said consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
  • You can request to review, verify or correct your Personal Data.
  • You can lodge a complaint to our Data Privacy Office if you believe that we have not complied with the requirements of the applicable data protection legislation, regarding your Personal Data. If you consider that the exercise of your rights has not been appropriately addressed by Dr.Reddy’s, you have the right to lodge a complaint with a supervisory authority.

Note:

  • Any such communication must be in writing.
  • When you exercise any of your rights, we may request specific information from you to enable us to confirm your identity. If you require assistance, please contact our Data Privacy Office.
  • The rights are not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to address the exercise of your rights. In addition, your Personal Data may have been destroyed, erased or anonymized in accordance with our record retention obligations and practices and with the data minimisation principle.

Data Controller

Dr.Reddy’s is the controller and may also be the processor of your Personal Data for the purposes of the applicable Privacy Laws and Regulations / In order to determine who is considered as data controller of your Personal Data, please note that:

  • If you are an employee of Dr.Reddy’s, the data controller of your Personal Data is the Company with whom you have signed the employment contract.
  • If you are a customer/supplier/ Key Opinion Leaders (KOL)/ health care professional (HCP), the data controller of your Personal Data is the Company with whom you have signed the contract.
  • If you are a patient engaged in clinical trials, the data controller of your Personal Data is the Company with whom you have signed the contract/ consent form.

Measures

Dr.Reddy’s to implement the technical and organizational measures necessary to ensure the security of Personal Data. Personal Data is to be protected against unauthorized disclosure and/or any form of unlawful processing. The measures ensure meeting applicable requirements and a level of security appropriate to the nature of the data to be protected and the risks arising from processing such data.

Implementation

Dr.Reddy’s is responsible for implementing and enforcing compliance with the applicable data protection legislation. The procedures for third-party processing of Personal Data pursuant to a contractual agreement are to be defined in writing. Dr.Reddy’s shall satisfy itself that the contracted third party is processing the data properly and that it is complying with the principles set forth in Global Data Privacy Framework including any other document(s) referred to and/or linked thereto and this Privacy Notice. If at any time a third party is unable to ensure the adequate security of Personal Data, Dr.Reddy’s may at its discretion terminate the contract with the third party.

Revisions to this Privacy Notice

Dr.Reddy’s may from time to time make changes to it Global Data Privacy Framework including any other document(s) referred to and/or linked thereto and this Privacy Notice to reflect changes in its legal or regulatory obligations or the way we deal with your Personal Data. Any revision/modification of Global Data Privacy Framework including any other document(s) referred to and/or linked thereto and this Privacy Notice will be communicated appropriately.

Contact Us

Should you have any questions about our privacy policy and practices, or if you have any concern, feel free to contact our data privacy officer at:

E-mail ID: dataprivacy@drreddys.com

Address:
Data Privacy Officer,
Dr.Reddy’s Laboratories Limited,
D.No: 8-2-337,
Road No: 3, Banjara Hills
Hyderabad – 500034
India.