Privacy notice
Concerning data processing in connection with pharmacovigilance and medical information service (“privacy notice”)
Concerning data processing in connection with pharmacovigilance and medical information service (“privacy notice”)
Gedeon Richter Plc. (H-1103 Budapest, Gyömrői út 19-21., Hungary, Cg. 01-10-040944 ) (hereinafter referred to as ”Richter” or ”we” or ”us”) as personal data controller at the subsidiary Gedeon Richter Nordics AB (SE-11123 Stockholm, Barnhusgatan 22, Sweden, organization number 556890-1663 ) undertakes to respect your rights to data protection and confidentiality and to protect your personal data. The purpose of this privacy notice is to explain how we process and protect your personal data and when
We will use the information that you (or another person) provide to us about yourself, or related to you when you through any channel (eg e-mail sent directly to us or contact us through one of our partners or through our website) ask us a question or notifies us of an adverse event/side effect or calls us to take necessary actions in connection with your request or notification.
This may include the processing of personal data about you as an identified or identifiable natural person (ie personal data) covered by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and on the repeal of Directive 95/46/EC (”General Data Protection Regulation” or ”GDPR”) and of applicable national law. According to the GDPR, you as the data subject have the right to submit a question or a complaint you may have to Richter (as the data controller) or a complaint against Richter to the data protection authority of the country where you are a permanent resident. In Sweden, this data protection authority is Datainspektionen (website: www.datainspektionen.se; city: Stockholm, Sweden; postal address: Drottninggatan 29, 5th floor, PO Box 8114, 104 20 Stockholm; e-mail address: [email protected]; telephone number: +46 8 657 6100). We recommend that before you ask the authority a question regarding the handling of your personal data, you first contact GR Nordics if you have questions or complaints by sending an e-mail to the e-mail address [email protected].
Name: Gedeon Richter Plc
Seat: H-1103 Budapest, 19-21 Gyömrői út, Hungary
Postal address: 1475 Budapest, P. O. Box 27, Hungary
Company registration number: Cg. 01-10-040944
Tax number: 10484878-2-44
Website: www.richter.hu
Email: [email protected]
3.1. Name: Gedeon Richter Nordics AB
CITY: Stockholm, Sweden
Mailing address: Barnhusgatan 22, 111 23, Stockholm, Sweden
Company registration number: 556890-1663
Website: www.gedeonrichter. se/no
CEO: Mats Jonsson
Email regarding data protection issues: [email protected]
Other data processors:
3.2. Name: ArisGlobal Limited
Seat: 16A, Lincoln Place, Dublin 2, Ireland
Website: https://www.arisglobal.com/contact-us/
3.3. Name: ProPharma Group
Website: https://www.propharmagroup.com/contact/
”Adverse event” is any adverse medical event in a patient or subject who has received a drug and which event is not necessarily causally related to this treatment.
”Side effect” is a harmful and unintended reaction to a drug. A causal relationship between a drug and the reaction is suspected.
”Personal data controller” is the natural or legal person, public authority, body or other organization which, alone or together with others, decides on the purpose and methods of the processing of personal data; whereby the purposes and methods of such processing are set out in Union or Member State law, and the controller or specific criteria for the appointment of this may be set out in Union or Member State law.
”Data processor” is a natural or legal person, public authority, body or other organization that processes personal data on behalf of the data controller;
”EudraVigilance” is a centralized European database of suspected side effects on medicines that are approved or are being studied in clinical trials within the European Economic Area (EEA).
”GDPR” is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and repealing Directive 95/46/EC (general data protection regulation).
”Medical Information Service” is an organizational unit within Richter that provides information to customers, healthcare professionals and/or the public about products marketed by Richter.
”Pharmakovigilance” is a compound word of pharmakon (Greek for drug) and vigilare (Latin for guarding) which aims to protect against the side effects of pharmaceutical products. Safeguarding means ensuring the safe use of medicines, assessing their effectiveness and monitoring new and known side effects. The term pharmacovigilance encompasses any activity carried out to ensure the safe use of medicines. According to the World Health Organization (WHO) definition published in 2002, pharmacovigilance is ”the research and activities related to the detection, assessment, understanding and prevention of side effects or other drug-related problems.”
”Personal data” is any information relating to an identified or identifiable natural person (”the data subject”). An identifiable natural person is a person who can be directly or indirectly identified specifically by reference to an identifier such as a name, an identification number, location data or online identifiers or one or more factors specific to the natural person’s physical, physiological, genetic, psychological, economic, cultural or social identity.
Possible sources of information are described in point 6.2 below. Consequently, we do not always receive information directly from the data subjects (persons directly affected by the side effect or product-related medical information requested).
Informing the data subjects about the data processing is a confidentiality principle. We are obliged to do this even if we do not receive the personal data directly from the data subjects themselves. Sometimes, however, we do not have sufficient information about the registrants (for example, contact details may be missing). In such cases, we cannot contact the data subjects directly to inform them since we have received information about them from the reporter.
When the source of information (ie the reporter) is not the data subject himself, we encourage the reporter to inform the data subject (the person directly affected) that the privacy notice exists and where to read it. It is desirable that the URL link to this privacy notice be forwarded, or at least that reference is made to the content and/or location of the privacy notice.
We will process personal data according to the following conditions.
Richter handles personal data to enable Richter
In order to monitor the safety profile of our products, we can
Richter is required by pharmacovigilance legislation to record, process and store information on adverse events/side effects and personal data included in such reports, and further to submit these reports in accordance with applicable statutory regulations.
Such statutory regulations are:
Personal information about
The patient
Rapporteur
Richter archives and stores pharmacovigilance data for as long as the product is approved and for a further 10 years after the marketing authorization has expired.
However, local regulations may be stricter.
/Based on GVP module VI. C.2.2.
and
Article 12, paragraph 2, of Commission Implementing Regulation (EU) No. 520/2012 of 19 June 2012 on the pharmacovigilance of medicinal products provided for in Regulation (EC) No. 726/2004 of the European Parliament and of the Council and Directive 2001/83/EC of the European Parliament and of the Council
Richter may receive information about adverse events/side effects from the following sources:
In most cases, however, we receive personal data from the above-mentioned sources through direct transmission of information. We do not initially require people to send reports of an adverse event/side effect, but if we receive information about an adverse event/side effect that may be related to one of our products, we are required by law to collect information about the case and process it in accordance with the established procedure for pharmacovigilance. This means that we are obliged by law to process personal data when we have become aware of such data.
Please note that healthcare professionals are required by law to report adverse reactions they receive information about.
Please also note that we are always obliged to administer and register the contact details (name and other contact details) of the person who reports an adverse event/side effect.
Richter can receive information about adverse events/side effects addressed directly to Richter in the following forms through the channels listed below:
Electronic – written / by mail – written / in person – oral
The procedure for pharmacovigilance reporting is strictly regulated by European Union and national laws. During the processing of reports, we may take the following actions:
According to the legislation on the safety monitoring of medicines, Richter can pass on personal data in connection with pharmacovigilance information
We will process personal data according to the following terms unless the question/request relates to pharmacovigilance-related matters, in which case section 6 applies.
To answer your questions and follow up on your request.
The consent you previously provided.
Your contact information and the information you provided in your request.
(eg: name, email address, phone number, health-related information, and other information that you provide to us in your message.)
Until your question/request has been answered, the data will be saved for a maximum of five years.
Richter may obtain medical information and medical inquiries from the sources below.
Richter can receive requests/questions made directly to Richter in the following forms through the channels listed below:
Electronic – written / by mail – written / in person – oral
During the processing of data that we have received, we may take the following actions:
In order to answer your questions or follow up on your request, Richter may pass on personal data:
We will process personal data according to the following terms, unless the question/request relates to pharmacovigilance-related matters, in which case section6 applies, or questions/requests for medical information, in which case Sec7 applies.
To answer your request.
The consent you previously provided.
Your contact information and the information you provided in your request.
(eg: name, email address, phone number, health-related information, and other information that you provide to us in your message.)
Until your question/request has been answered, the data will be saved for a maximum of five years.
Richter may receive requests from the following sources:
Richter can receive other requests made directly to Richter in the following forms via the channels listed below:
Electronic – written / by mail – written / in person – oral
During the processing of requests, we may take the following actions:
Richter can pass on personal data in connection with the request:
When we handle (including pass on) personal data, we always ensure that the personal data is handled confidentially and apply limited access to personal data, oblige our partners and service providers to use contractual security measures, follow internal procedures to fulfil our obligations regarding data protection, take sufficient technical and organizational measures to protect personal data, and we ensure data protection principles, in particular the principle of minimizing data and time and limited purpose.
You have the right:
If you object to the use of your personal data, you can also request that we restrict the processing of this data.
If we use your personal data on the basis of your consent, in most cases you can withdraw this consent.
Please note that the above rights may be limited. We are obliged by law to process data on the pharmacovigilance of medicines. In these cases, we may not delete some of your personal data.
If permitted by law, we will of course terminate data processing and delete your data for this purpose.
If you wish to exercise your rights, please send your request to one of the contacts listed above. You also have the right to lodge a complaint with the data protection authority specified in the first section of this privacy notice.
Please also note that we may need to verify your identity before complying with your request. We may therefore ask you to provide us with additional information.