Privacy notice for american healthcare professionals (Sunshine Act)



The Laboratoire français du Fractionnement et des Biotechnologies (hereinafter LFB SA) takes its legal obligations relating to the processing of personal data very seriously and implements various actions to ensure the protection of your data and the respect of your privacy.

In this context, LFB SA undertakes to provide clear and concise information to any person concerned, in particular American healthcare professionals, on the processing of their data.

The purpose of this notice is therefore to inform you, in full transparency, of the way in which your personal data is processed by LFB SA.

“LFB SA”, “we” and “us” are references to the data controller mentioned below.

  • Data controller:

LFB SA (3 avenue des tropiques – ZA de Courtaboeuf – 91940 les Ulis – France) acts as a data controller as defined in General Data Protection Regulation (GDPR).

  • Purpose of the processing:

We process your personal data for the following purposes:

  • Compliance with the American Physician Payments Sunshine Act (section 6002 of the Affordable Care Act of 2010) or related state laws (hereafter “Sunshine Act”)

In the context of this processing, the Sunshine Act requires drug manufacturers, as LFB SA, to collect and track all financial transactions made to American healthcare professionals and to report these transactions to the Centers of Medicare and Medicaid Services (CMS). It involves a processing of your personal data.

  • Legal basis:

We can only process your personal data if it is lawful. Processing is only lawful insofar as it is based on one of the legal bases mentioned in the applicable law (GDPR).

This legal base for the processing is to comply with the Sunshine Act.

  • Data subject:

This processing of personal data concerns the following data subject: American healthcare professionals.

  • Categories of personal data concerned:

We only process your personal data that is necessary for purposes above.

The following categories of personal data are concerned by the processing:

  • Information about your identity: such as name, surname
  • Information about your professional information: such as email / postal address, phone number, job title, identification in national registers, employer.
  • Information about financial transaction between LFB SA or its subsidiaries and you


  • Sources of personal data:

Personal data come:

  • Directly from you
  • From LFB SA or its subsidiaries (for the information about financial transaction).


  • Obligation to provide your personal data:

In the context of a relationship established between you and us, the processing of your data is mandatory and failure to provide your data may prevent the continuation of our relationship with you.

  • Recipients of personal data:

Depending upon their respective needs, recipients of all or part of the personal data are the following:

  • LFB SA, LFB BIOMEDICAMENTS and its subsidiaries if necessary
  • HEMA BIOLOGICS and its service provider MEDISPEND (American companies) in charge of transmitting information including personal data to the CMS website (
  • Our other service providers acting as a data processor on our behalf (within the limit necessary for the performance of the work we have entrusted to them).

In the event that personal data is entrusted to a data processor, an agreement will be concluded in order to ensure and guarantee that personal data is processed in accordance with our instructions and that adequate technical and organizational measures are taken to protect it.

  • Public authorities, government bodies, especially the CMS in the context of the processing.


  • Period for which the personal data will be stored:

Data necessary to comply with our legal obligations (Sunshine Act) are retained for the time required to meet these obligations.

  • Data transfers outside the European union:

Your personal data is processed by LFB SA in the European Union but may be transferred to countries outside the European Union (USA). In particular we transfer your data to HEMA BIOLOGICS an American company which is in charge transmitting your data (including financial data) to CMS.

  • Security:

We put in place technical and organizational measures allowing the protection of your personal data. We take reasonable steps to protect your data from loss, misuse, unauthorised access, disclosure, modification or destruction of your data.

  • Your rights:

Within the conditions and limits of the applicable regulations, you have the following rights:

  • Right of access: you can access the personal data that we hold about you.
  • Right of rectification: you can ask us to correct data that is inaccurate or incomplete.
  • Right to restriction of processing, in particular in the event that you dispute the accuracy of the personal data that we hold about you.

Under certain circumstances, we will not be able to respond to your request if you want to exercise your rights). In such a case, we will explain the reasons for our refusal.

  • Contact and reclamation:

 To exercise the above rights or for any questions relating to the processing of personal data, please send a request by email to or by post to the following address: LFB BIOMEDICAMENTS – Legal department – Data Protection Officer – 3 avenue des tropiques – ZA de Courtaboeuf – 91940 les Ulis – France).

 If you consider, after contacting us at the contact details above, that your rights are not respected or that data processing does not comply with data protection rules, you may lodge a complaint with a supervisory authority.

We may update this privacy notice from time to time by posting any revisions on our website. Please refer regularly to our website for updates.

Version: 06/30/2021