This Privacy Notice contains information about the collection, processing and use of personal data in the context of the NAVEX reporting system (the “Reporting System”). Please read this privacy information carefully before submitting a report.
If you do not want REGENERON to collect, process and use your personal data as described, you may submit your report anonymously. The disclosure of your personal data is voluntary, as is the use of the reporting system.
We would, however, appreciate it, if you could give us your name. Many investigations can be conducted more quickly and efficiently if the name of the reporter is known, since the person handling the report can get in touch with the reporter directly.
The Reporting System is a web and phone-based intake system provided by Regeneron to individuals for reporting suspected violations of laws or regulations or company policies.
We will use the personal information you provide via this reporting channel based on Article 6 1) f) GDPR for the purposes of receiving, managing and investigating your report, as necessary for the legitimate interests of Regeneron Pharmaceuticals, Inc., its affiliates, and subsidiaries (collectively “Regeneron”) to protect against as well as investigate actual or potential misconduct and violations of Company policies, guidelines, or applicable law. If a report received concerns an employee of Regeneron, the processing also serves to prevent criminal offences or other legal infringements in connection with the employment relationship.
Regeneron provides this Reporting System to individuals for confidential reporting to Regeneron of suspected violations of laws or regulations or company policies. Use of this Reporting System is entirely voluntary.
Using the Reporting System allows you to report specific indications of corruption, violations of financial reporting and accounting rules, theft, fraud, forging of documents, embezzlement, violations of competition and antitrust law, securities trading violations, insider trading, unauthorized disclosure of Regeneron trade secrets or confidential information, human rights violations, violations of labor and health protection regulations, including bullying and harassment, violation of environmental protection legislation, employees making business decisions based on personal interests and against the interests of the company, and any other criminal or improper behavior by employees that is related to their work at Regeneron, such as money laundering, data protection violations, tax offenses, product safety issues, violations of supply chain regulations, intentional submission of false compliance reports, and retaliation against employees who in good faith reported suspected compliance violations.
Please be aware that the information you supply about yourself, your colleagues, or any aspect of the company’s operations may result in decisions that affect others. Therefore, we ask that you only provide information you have reasonable grounds to believe is true. You will not be subject to retaliation for any report of a suspected violation that is made in good faith, even if it later turns out to be factually incorrect.
You can either provide your name and contact details or choose to remain anonymous.
The Reporting System captures the following personal data and information that you provide when you make a report:
If you report via telephone, we will document the conversation in the form of accurate minutes and offer you the opportunity to check, rectify and agree that they are accurate.
The information you submit will be treated confidentially except in cases where this is not possible because of legal requirements, in which case the information will be handled sensitively.
If you have disclosed your identity to us, we will treat your identity confidentially during the internal investigation process. However, it may be necessary to disclose your identity in communications with the authorities and/or courts. In certain cases, Regeneron is also obliged under data protection law to inform the person implicated of the accusations made against him. As far as is legally possible, your identity as the reporter will not be disclosed and steps will also be taken to ensure that no conclusions can be drawn as to your identity as the reporting individual – insofar as this is permissible in accordance with Art. 14 GDPR.
NAVEX is our third-party service provider who provides technical support for the data collection and hosting of this reporting channel. Personal data that is entered in the reporting system or provided via telephone is stored in a database operated by NAVEX in the United States and transferred to Regeneron Pharmaceutical Inc. systems. NAVEX is committed to maintaining stringent privacy and security practices including those related to notice, choice, onward transfer, security, data integrity, access, and enforcement. In accordance with applicable laws, the company implemented the European Commission’s standard contractual clauses (a copy of which can be obtained by contacting using the details provided below) and appropriate other measures to protect your personal data, including when it is transferred outside your country of residence, e.g. to the United States. All data is encrypted, password-protected and stored at secure location so that access to the content of the data electronically stored is limited to a narrow circle of authorized persons of Regeneron and NAVEX employees.
The information you report will be evaluated by Regeneron. Once your report has been received, the Compliance Department checks whether an in-depth investigation is required. An investigation can be conducted by internal or external investigation specialists. External specialists whom we engage are bound to Regeneron by contractual or legal confidentiality obligations to keep confidential the information provided by you.
For the purpose of processing and investigating your report and subject to the provisions of local law, the personal data and information you provide may be accessed, processed and used by the relevant personnel of Regeneron, including Human Resources, Finance, Internal Audit, Legal, Corporate Compliance, management, external advisors (e.g. legal advisors), or, in limited circumstances, by technical staff at NAVEX.
Personal data and information you provide may also be disclosed to the police and/or other enforcement or regulatory authorities. The relevant bodies that receive and process personal data can be located in the US or in another country that may not provide the level of data protection available in your country of residence.
The personal data you provide will be kept as long as necessary to process your report, or, if applicable, as long as necessary to initiate sanctions or to meet legal or financial needs.
The data protection laws in the jurisdiction in which you reside may entitle you to specific rights in relation to your personal data.
In particular, and subject to the legal requirements, you may be entitled to
Our Data Privacy Office provides support with any data privacy related questions, comments, concerns or complaints or in case you wish to exercise any of your data privacy related rights. The Data Privacy Office may be contacted at: DataProtection@Regeneron.com.
The Data Privacy Office will always use reasonable efforts to address and settle any requests or complaints you bring to its attention. Besides contacting the Data Privacy Office, you always have the right to approach the competent data protection authority with your request or complaint.
With some exceptions, the subject of the report may request access to information concerning the report and request correction of personal data that is inaccurate or incomplete in accordance with applicable law. Similarly, with some exceptions, reporters may also access information about the report and request corrections of their personal data in accordance with applicable law. To make any such corrections, please contact Regeneron via the reporting system or contact Regeneron’s Compliance Department directly.
If you need further assistance regarding exercising your rights, please send your request to the Data Privacy Office by emailing us at DataProtection@Regeneron.com, by calling +1 844-835-4137 or by post mail at:
Regeneron Pharmaceuticals, Inc.
Chief Privacy Officer
777 Old Saw Mill River Rd.
Tarrytown, NY 10591-6707
You have the right to lodge a complaint directly with the relevant data protection authority or supervisory authority if you believe that we have processed information in a manner that is unlawful or breaches your rights under applicable data privacy law. If you are in the European Union you can find a listing of each EU country’s Data Protection Authority here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Without limiting any rights to complain directly to an authority, we are committed to protecting personal information, and complaints may be made directly with us.