Global General Privacy Policy and Notice

Last Updated: April 30 2021

This Global General Privacy Policy and Notice (this “Notice”) informs you of the personal information that Indivior Plc and its affiliated companies (“Indivior” “us” “our” and “we”) may collect, and how it is used and managed.

Indivior has various entities throughout the world, including those listed here and, unless stated otherwise in a specific notice provided to you, the entity with which you have a relationship (together with Indivior UK Limited for persons within the EU, Canada, and Israel) is the controller of your data.

This Notice is intended for:

  • visitors to Indivior’s websites;
  • members of the general public who liaise with Indivior;
  • employees and other persons acting on behalf of the businesses and organizations Indivior interacts with (such as our partners, vendors and customers); and
  • any individual receiving this Notice who has not received a more specific notice as described below.

Personal information means any information or piece of information which could be used to identify, directly or indirectly, a natural person (hereinafter “Data”). This Notice provides you with key information on our general practices regarding the management of Data, including in particular:

A) The Data we obtain and how it is obtained;

B) Our processing, use, and management of Data;

C) How we keep Data safe;

D) Your rights and choices regarding your Data;

E) Our contact points;

F) Specific notice for certain circumstances; and

G) Changes to this Notice.

Please read this Notice carefully to understand our policies and practices regarding your Data, and how we will treat it. If you do not agree with our policies and practices, please contact us to request that we no longer process your Data and we will take appropriate action in this regard. However, if we no longer process your Data, we may not be able to provide you with the information, goods, or services as may be requested.

A)     THE DATA WE OBTAIN AND HOW IT IS OBTAINED

The type of Data collected

The type of information collected depends significantly on the way you interact with us, for example, whether you are a service provider, a healthcare professional or user of our website. As such, the information we may obtain includes:

  • Digital information

This includes information about your device and your usage of our websites (including your IP address); details of your network, browser, operating systems, and other online identifiers; geo-location information; access time; and pages viewed and URLs clicked-on. Such information may be obtained via cookies used on our websites (for further information please see the Cookies subsection below);

  • Administrative and general contact information

Such information is created when you interact (directly or indirectly) with Indivior and provide relevant information such as name, gender, age or date of birth, telephone numbers, e-mail addresses, professional registration details, government issued identification details, job titles, and associated payment information;

  • Health information

Such information can be specific to individuals, but is mostly non-specific, and may include information relating to an individual’s health conditions, treatment, and medical history. This is obtained only where necessary and strictly permitted under applicable law (including in relation to Indivior’s global safety systems and risk management plans, and as part of clinical studies).

  • Audio Visual

This includes voice recordings, photos, and videos as may be provided or obtained from time to time.

How we obtain the Data:

In many circumstances, Indivior will collect Data from you or your representatives, though sometimes we may obtain it from public or third-party providers, including those as set out below:

Data received directly from you:

Data is often received directly from you when you:

  • Reach out to Indivior to obtain information from us, ask us to answer queries, or otherwise provide support to you;
  • Create an account with Indivior (including as a partner, vendor and customer);
  • Use our websites;
  • Sign-up to receive any information or updates;
  • Access our social media content or interact with us on such platforms;
  • Engage with Indivior representatives;
  • Register for or attend an Indivior event (in person or online); and
  • Share adverse events or medical information enquiries with us.

Data from public or third-party providers:

Indivior also obtains Data from:

  • Publicly accessible sources;
  • Healthcare provider directories;
  • Events management agencies; and
  • Vendor agencies, including market research and media agencies.

This Data collected from these other sources may include name, gender, telephone numbers, e-mail addresses, addresses, professional registration details, job titles, and government-issued identification details.

Specifics relating to Data obtained when you use our websites:

When you use Indivior’s websites, this Notice is part of and is incorporated into the Terms of Use which is a legally binding agreement between you and Indivior. When you use our websites, we will obtain certain Digital information, as described above, and manage such information in accordance with this Notice. BY ACCESSING, BROWSING OR USING OUR WEBSITES, YOU ACKNOWLEDGE YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS NOTICE, AND ANY UPDATES THEREOF.

B)     OUR PROCESSING, USE AND MANAGEMENT OF DATA

Our Processing of Your Data

There are various lawful bases on which we process your Data including:

  • Where necessary to support our legitimate interests, including:
    • Sending materials to you (where applicable under law, you may have the right to opt out of receiving marketing communications);
    • Conducting due diligence, audits, and investigations;
    • Ensuring compliance with relevant requirements associated with our business, such as anti-bribery and transparency requirements;
    • Defending or making legal claims;
    • Researching our products, markets, and business (including obtaining information on how these items are perceived and may be improved);
    • Administering and completing transactions (sales and purchases) and managing relationships and issues around such transactions;
    • Reaching out to you to provide information about our products or to request input on surveys relating to our products or services;
    • Responding to and handling your queries or requests;
    • Storing information as necessary for effective operations;
    • Conducting training, including gathering and sharing information and feedback on our products and services;
    • Protecting our, and your, rights and privacy.
  • Negotiating or performing a contract (such as obtaining or delivering services or products, and administering associated issues and payments);
  • Compliance with a legal obligation (for example maintaining certain records such as accounting details to fulfil reporting requirements, and maintaining global safety systems and risk management plans);
  • Where you have provided your consent, where necessary under applicable law (for example where required to obtain certain sensitive information or place cookies on your device);
  • Protection of the vital interest of a person (for example obtaining help for someone if they are ill); and
  • Processing is necessary in the field of employment, including applications for employment
  • Processing is necessary for reasons of substantial public interest;
  • Processing relates to personal data which are manifestly made public by the data subject; and
  • To establish, exercise, or defend any legal claims or proceedings.

In the normal course of business, we do not seek to collect or use patient Data; however, it is possible that patient Data may be provided to us, including for example if the details of such patients are reported to us by a third party as part of our monitoring of products pursuant to our global safety systems and risk management plans; or if participating in a study (in which case detailed notice will be given and consent sought). To help protect patient privacy, such Data is often provided to Indivior on an anonymised or pseudonymised basis.

In certain circumstances, such as if you are a healthcare professional with whom we interact, or a patient participating in an Indivior-related activity or study, we may provide you with a separate privacy notice, or a form to obtain your consent. In such instances, these privacy notices and consent forms provide further details beyond those set out here and take precedence over this Notice.

If you are a healthcare professional, please also see “Specific notice for certain circumstances” below.

Our Use and Management of Your Data

We use your Data for various purposes, including to:

  • Manage your account and relationship with Indivior;
  • Provide and administer our products and services;
  • Respond to any queries raised by you, and to provide you with relevant information as may be of interest to you.
  • Invite you to relevant events and to participate in research or surveys as needed;
  • Ensure access to certain websites, events, and activities is appropriately managed and authenticated;
  • Develop, update, or refine our products;
  • Better understand how our products, markets, and business are perceived and may be improved;
  • Manage any adverse events notified to us and administer our global safety systems and risk management plans;
  • Maintain and, where relevant, report appropriate records of transactions, including without limitation our relationship with healthcare professionals;
  • Ensure compliance with applicable legal requirements, regulations, and requests from relevant authorities (including any investigations to ensure compliance with such requirements); and
  • As reasonably needed on any proposed or actual sale or transfer of any part of our business.

Cookies

When you use or visit our websites, we collect information about your usage and activity using cookies, web beacons, and other technologies. Third parties may also view, edit, or set their own cookies. We and our third-party service providers, affiliates, and other business partners may also place web beacons for these third parties. The use of these technologies by third parties is subject to their own privacy policies and is not covered by this Notice, except as required by law. See our Cookies Policy for more details.

With Whom We May Share Your Data

Data you submit to one or more Indivior companies may be shared with other Indivior group companies pursuant to our intragroup arrangements incorporating standard contractual clauses designed to protect and properly administer such Data.

Data may be disclosed or transferred to a third party if we sell, transfer, divest, or disclose all or a portion of our business or assets to another company in connection with or during negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction, or similar proceeding.

Data may also be disclosed to government authorities or other relevant third parties in order to comply with applicable legal requirements, judicial proceedings, court orders, legal process, or lawful requests from governmental authorities.

Data may also be shared with our service providers who perform certain functions or services on our behalf. These include:

  • Event organisers or media/communication agencies as needed to manage events and communications;
  • Designated services providers and distributors facilitating the distribution and promotion of products;
  • Data hosting or storage providers to ensure secure back-up and storage of information;
  • Clinical trial and data analytics providers as necessary for development, evaluation, and monitoring of products;
  • Providers who manage our global safety system and risk management plans;
  • Technology providers who support administration of our business and websites;
  • Professional advisors and consultants, such as lawyers, auditors, and accountants; and
  • Other companies and organizations as needed for fraud protection and credit risk reductions.

International Transfers

We are a global business and, as part of our operations, your Data may be transferred globally (including outside your country or the country in which your Data is collected). The laws and regulations in these countries may not be the same as the laws in your country.

We have put in place safeguards (such as standard contractual clauses) to provide adequate protection of Data, in accordance with applicable legal requirements. For more information on the safeguards in place, please contact us using the contact details listed below.

Social Networking Services

We use social networking services such as Twitter, Facebook, and YouTube to communicate with the public about our work. When you communicate with us using these services, we may collect your personal information, but we only use it to help us to communicate with you and the public. The social networking service may also handle your personal information for its own purposes. These services have their own privacy policies. You can access the privacy policies for Twitter, Facebook and YouTube (a Google company) on their websites.

C)     HOW WE KEEP DATA SAFE

How We Protect Your Data

We have put in place reasonable and appropriate organizational and technological controls to protect Data from accidental loss, alteration, or unauthorized use or disclosure. In addition, we take reasonable steps to limit access to your Data to those employees, agents, contractors, and other third parties who have a business need to know such Data to perform their assigned functions.

How Long We Will Keep Your Data

We will retain your Data for as long as reasonably necessary to fulfil the purposes for which it was obtained, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation and we believe the Data is relevant.

To determine the appropriate retention period for Data we consider: the necessity to retain the Data; the amount, nature, and sensitivity of the Data; the potential risk of harm from unauthorised use or disclosure of your Data; the purposes for which we process your Data; whether we can achieve these purposes through other means; and the applicable legal, regulatory, tax, accounting or other similar requirements.

E)     YOUR RIGHTS AND CHOICES REGARDING YOUR DATA

You may have various rights with respect to your Data, which will depend on various factors including the local laws in your country. Some rights may be subject to exceptions. For your own protection and that of others, we may need to verify your identity before you exercise such rights. Where applicable under local law, these rights may include:

  • Access and correction

If we process Data about you, then you may have the right under relevant data privacy laws to know that your Data is being processed, to request access to and copies of your Data, or to correct any inaccuracies.

  • Right of erasure

You have the right to ask us to erase your personal information, subject to certain exceptions.

  • Right of complaint

You may lodge a complaint with your local Data Privacy Supervisory Authority (which within Europe include those listed here.

  • Opting out of further communications from us and withdrawal of consent

If you have elected to receive information about our products or services and wish to opt-out of receiving such information, you can do so by contacting Indivior as described below. You should clearly state on all communications: your name, key details, and the information you no longer wish to receive.

Where you have provided consent to process your data and where applicable under local law, you may have the right to withdraw such consent, in which instance you can contact us as specified below explaining the position and clearly stating the consent which is being withdrawn.

  • Right to data portability

In some circumstances, you have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you in a commonly used and machine-readable format.

  • Right to restriction

You have the right to ask us to restrict the processing of your information in certain circumstances.

  • Right to object

Where we rely on our legitimate interests to process your Data, you have the right to object to the continued processing of your Data.

To exercise your rights, or if you have any questions about your rights or a pending request, please contact Indivior as described below. You should clearly state on all communications: your name, key details you think are relevant, and the reason for your request (please do not provide any details you do not wish us to obtain unless necessary for us to process your request).

Children’s Privacy

We do not intend to process data of any child, nor are our websites intended for  use by children. Although we may from time to time obtain Data relating to a person under the age of 18 (including if such details are reported to us as a patient, in which case they shall be managed as described above), we would only obtain and process data on children in accordance with relevant legal requirements (including obtaining consent where required).  Nevertheless, if as a parent or guardian you believe your child may have provided Data to us, you should contact us as described below and we will use reasonable efforts to review such Data and take appropriate action.

E)     CONTACT POINTS

Should you wish to contact us, including to exercise your rights as described above, or if you have any queries or concerns regarding this Notice or our use of your Data, please email our Data Protection Officer at Privacy@Indivior.com. You may also write to us at Indivior, Attention: Data Protection Officer, 10710 Midlothian Turnpike, North Chesterfield, VA 23235 United States, or call us at +1 804 379 1090.

F)      SPECIFIC NOTICE FOR CERTAIN CIRCUMSTANCES.

California Consumer Protection Act

Kindly note that Indivior has established a policy providing further details relevant to California residents covered by the California Consumer Protection Act.

Healthcare Professionals

We have also created specific notices in English, German, French and Italian for healthcare professionals in Europe and Canada which provide additional details on the management of their data.

G)      CHANGES TO THIS PRIVACY NOTICE

We may update our Privacy Notice from time to time to provide you with more information about how and why we process your personal data or in response to changes in our data processing activities or policies. If we make any material changes that have an impact on you, we will notify you of these changes before they take effect, for instance by sending you an email, by means of a notice on our website or by using other appropriate methods. We encourage you to periodically review this Notice to learn how Indivior processes and protects your personal information. You will be able to see when we last updated the Notice by checking the “last updated” date at the top of the Notice.