Suspected adverse event
and product complaint privacy notice
Inceptua S.A. and all its affiliates, branches and subsidiaries. (“we”, “us”, “our”, “INCEPTUA”) are committed to protecting your privacy, and we treat all your personal data in accordance with the applicable laws regulations and our internal policies.
When a suspected adverse event concerning one of the medicinal products supplied by us is reported to us, we will collect certain information that can be used to identify you (“personal data”).
This privacy notice explains how we use the personal data we they receive in connection with a suspected adverse event. It also explains your rights in relation to your personal data.
WHO DOES THIS PRIVACY NOTICE APPLY TO?
This notice applies to you if you are:
- identified in a report of a suspected adverse event or product complaint; or
- you are reporting a suspected adverse event or product complaint on behalf of someone else
The provision of your personal data is voluntary (unless you are a healthcare professional who is obliged to report adverse events), however if you do not provide your personal data, we will not be able to address your query.
PURPOSE OF THE COLLECTION OF DATA
The purpose of collecting data from you will depend on the type of processing activity:
We will not use this information for any other purpose than for the ones here defined, and we will not share the data with any third parties, except when we are legally obliged to do so or if the third parties are services providers of the Inceptua Group, and relevant for the processing of your data.
CATEGORIES OF PERSONAL DATA AND HOW WE COLLECT IT
The type of information that we collect from you will depend on the data subject and the type of processing activity:
For both activities, we collect personal data directly from you when you report a suspected adverse event or product complaint directly to us. We may also collect personal data about you indirectly from third parties when they report a suspected adverse event or product complaint.
LEGAL BASIS OF THE DATA WE COLLECT
Inceptua processes relevant Personal Data, including special categories of personal data, in accordance with the GDPR, based on:
- Consent: where we have obtained it explicitly
- Legitimate interests: in assessing our products performance and safety and meeting our industry and regulatory obligations.
- Legal obligations: with respect to suspected adverse event reporting.
- Vital interests: to protect your vital interests, or the vital interests of other individuals that may be impacted by the suspected adverse event.
- Public interest: where it is needed in the public interest, such as protecting against serious threats to health and ensuring high standards of our medicinal products and related healthcare.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, altered or disclosed in an unauthorized way. This includes encryption of data and use of pseudonymization, whenever applicable.
We have put in place procedures to deal with suspected data security breaches and will notify you and any applicable regulators of breaches in accordance with relevant legal requirements.
We do not use automated decision-making or profiling as part of our business operations in relation to suspected adverse event reporting.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of legal or reporting requirements.
TRANSFER OF PERSONAL DATA OUTSIDE OF EUROPE
For the purposes outlined above, Inceptua may transfer your personal data to a third-party. Some of the third parties referred to above may process your personal data outside of your country. If that is the case, we only transfer your personal data either to countries where the EU Commission has decided that they have an adequate level of data protection, or we take measures to ensure that all recipients provide an adequate level of data protection. For example, by entering into appropriate data transfer agreements.
WHAT RIGHTS DO YOU HAVE?
Under certain circumstances you have the right to:
- Request access to your personal data.
- Request correction or erasure if the data is inaccurate or processed for purposes not stated above.
- Object to processing, in certain circumstances.
- Request the restriction of processing, under certain circumstances.
- Request that we transfer personal data that you have provided to us to you or another party.
- Request information on the identities or categories of third parties to which your personal data is transferred,
- Lodge a complaint with the data protection authority in your country.
If have any questions about how we process your personal data or want to exercise one of your rights, you can contact us writing us to: email@example.com
The controller responsible for processing your personal data is the entity registered as the Marketing Authorization Holder for the concerned medicinal product, indicated in the patient information leaflet.
LAST UPDATED: March 2020