Endo Privacy Policy GDPR Addendum

1. GENERAL

This Privacy Policy Addendum (the "Addendum") applies in circumstances where Endo Pharmaceuticals Inc. or its affiliates (Endo), as data controller, is subject to the EU General Data Protection Regulation (“GDPR”).

This Addendum should be read in conjunction with the Endo Privacy Policy to understand our use of your personal data. In this Addendum, we set out further information on our processing activities and we also set out details of the rights which you have under the GDPR.

2. HOW WE USE PERSONAL DATA

The purposes for which we use personal data and the legal basis for why that processing is necessary or permitted are:

Purpose for Processing Legal Basis for Processing
Endo will use information it collects as necessary to provide the Site. This use of your data is necessary for our legitimate business interest in managing our business, provided our business interests are not overridden by your interest.

Please note that you have a right to object to processing of your personal data where that processing is carried on for our legitimate interest.
Endo shares information with Endo’s suppliers and third-party service providers that help us operate, analyze and improve the Site. (a) to support our legitimate interests in managing our business and providing our services provided such interests are not overridden by the rights and interests of data subjects concerned, (b) to comply with our legal obligations, or (c) to protect vital interests.
Endo may share and transfer personal data if Endo is involved in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control by Endo or its parent or affiliated companies (in each case, whether in whole or in part). (a) to support our legitimate interests in managing our business and providing our services provided such interests are not overridden by the rights and interests of data subjects concerned, (b) to comply with our legal obligations.
Endo also shares information: (i) as required or permitted by law, including any requirements from government agencies and taxing authorities; (ii) if we determine that disclosure of specific information is necessary to comply with the request of a law enforcement or regulatory agency or other legal process; (iii) to protect the rights, privacy, property, interests or safety of Endo or our affiliated companies, customers, employees or the general public; (iv) to pursue available remedies or limit damages; (v) to enforce Endo’s agreements with you; and (vi) to respond to an emergency. (a) This use of your data is necessary in order for us to comply with any legal or regulatory obligations, or (b) to protect vital interests.

3. TRANSFER OF PERSONAL DATA OUTSIDE THE EEA

To the limited extent that it is necessary to transfer personal data outside of the EEA, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data, including standard contractual clauses under Article 46.2 of the GDPR. Please contact us if you wish to obtain information concerning such safeguards (see Contact Us below).

4. YOUR RIGHTS

To the extent that we are a controller of your personal data you may request access to, rectification, or erasure of your personal data, or restriction of processing or object to processing of your personal data, as well as the right to data portability. In each case, these rights are subject to restrictions as laid down by law. The following is a summary of your rights:

  • The right of access enables you to receive a copy of your personal data;
  • The right to rectification enables you to correct any inaccurate or incomplete personal data we hold about you;
  • The right to erasure enables you to ask us to delete your personal data in certain circumstances;
  • The right to restrict processing enables you to ask us to halt the processing of your personal data in certain circumstances;
  • The right to object enables you to object to us processing your personal data on the basis of our legitimate interests (or those of a third party);
  • The right to data portability enables you to request us to transmit personal data that you have provided to us, to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible;
  • You have the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the GDPR.

If you wish to exercise any of these rights, please contact us (see Contact Us below). We will respond to your request within one month. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request. We may request proof of identification to verify your request. We have the right to refuse your request where there is a basis to do so in law, or if your request is manifestly unfounded or excessive, or to the extent necessary for important objectives of public interest.

5. CHANGES TO THIS ADDENDUM

We reserve the right to change this Addendum from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this Addendum. Your continued use of the Site or any of our services after we make changes is deemed to be an acknowledgment of those changes, so please check this Addendum periodically for updates.

6. CONTACT US

If you require any further clarification regarding this Addendum, please contact: privacy@endo.com

Last Updated: June 22 2018.