Delivering quality therapy since 1901

PRIVACY NOTICE

​FOR DATA PROCESSING CONNECTED TO PHARMACOVIGILANCE AND MEDICAL INFORMATION SERVICE​ 



("Privacy Notice")

​​

 

1.       BACKGROUND

Gedeon Richter Plc. (seat: 1103 Budapest Gyömrői út 19-21.; Company Registration Number: 01-10-040944;) (hereinafter referred to as "Richter" or "we" or "us") as data controller is firmly committed to respecting your data protection and privacy rights and protecting your personal data. Therefore, this Privacy Notice aims to explain how we process and protect your personal data when

  • you report an adverse event/adverse drug reaction in connection with our product(s),
  • you request information about one or more of our products, or
  • you submit other claims or questions connected to pharmacovigilance issues, adverse events/adverse drug reactions or medical issues.

    We will use the information you (or other person) provided for us about yourself or connected to you, by sending us via any channel (e.g. direct email or contacting us through one of our partners or through our websites) a question or an adverse event / adverse drug reaction notification, or by calling us in order to take the necessary actions regarding your request or notification.

    This may include the processing of personal information relating to you as an identified or identifiable natural person (i.e. personal data) which is subject to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("General Data Protection Regulation" or "GDPR"), and furthermore the Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information. Under the GDPR, you as data subject has the right to submit any question or complaint you may have to Richter (as data controller) or a complaint against Richter to the data protection supervisory authority of your habitual residence. In Hungary, this data protection supervisory authority is the National Authority for Data Protection and Freedom of Information (seat: 1024 Budapest, Szilágyi Erzsébet fasor 22/C; website: www.naih.hu; phone: +36 1 391 1400; fax: +36 1 391 1410; email address: ugyfelszolgalat@naih.hu). We recommend to contact Richter as data controller first if you have any questions or complaints before submitting a query to the authority regarding the handling of your personal data by sending an email to the email address dataprotection@richter.hu or a postal letter to Richter's Legal and Global Operations Management Department (postal address: 1475 Budapest Pf.: 27 ).

     

2.       CONTACT DETAILS OF THE DATA CONTROLLER AND ITS DATA PROTECTION OFFICER

2.1.    DATA CONTROLLER

Name: Gedeon Richter Plc.

Seat: H-1103 Budapest, Gyömrői út 19-21., Hungary

Company registration number: 01-10-040944

Tax number: 10484878-2-44

Website: https://www.richter.hu

Managing Director: Mr. Gábor Orbán

 

2.2.    DATA PROTECTION OFFICER

Email address: dataprotection@richter.hu

Postal address: 1475 Budapest Pf.: 27

 

3.       DETAILS ON THE DATA PROCESSOR

  1. Name: ArisGlobal Limited

    Seat: 16A, Lincoln Place, Dublin 2, Ireland

    Website: https://www.arisglobal.com/

    Data processing activities of the data processor: ArisGlobal provides a drug safety database which helps us to record, monitor and follow-up adverse events/adverse drug reactions, and allows us to forward the reports to the regulatory authority to fulfil our legal obligations.

     
  2. Name: Bioclinica Safety and Regulatory Solutions 

    Seat: 120P – 122P, Belagola Industrial Area K.R.S. Road, Metagalli, Mysore – 570 016

    Website: https://www.bioclinica.com/

    Data processing activities of the data processor: Bioclinica performs case processing activities in the Arisg safety database.

     

4.       DEFINITIONS

"Adverse event" means any untoward medical occurrence in a patient or clinical trial subject administered a medicinal product and which does not necessarily have a causal relationship with this treatment.

"Adverse drug reaction" means a response to a medicinal product which is noxious and unintended. A causal relationship between a medicinal product and an occurrence is suspected.

"Data controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

"Data processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

"EudraVigilance" means a centralised European database of suspected adverse reactions to medicines that are authorised or being studied in clinical trials in the European Economic Area (EEA).

"GDPR" means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

"Medical Information Service" means an organizational unit within Richter which provides information to customers, healthcare professionals and/or the members of the public on the products marketed by Richter.

"Pharmacovigilance" a compound word derived from pharmakon (Greek for drug) and vigilare (Latin for to keep watch) that means guarding against the adverse effects of pharmaceutical products. Guarding means ensuring the safe use of drugs, assessing their efficacy and monitoring new and known side effects. The term pharmacovigilance includes any activity carried out in order to ensure the safe use of drugs. According to the World Health Organisation (WHO) definition published in 2002, pharmacovigilance "is defined as the science and activities relating to the detection, assessment, understanding and prevention of adverse effects or any other drug-related problems."

"Personal data" means any information relating to an identified or identifiable natural person ('data subject'). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

5.       HOW SHOULD THE DATA SUBJECT BE INFORMED ABOUT THIS PRIVACY NOTICE?

As we describe the possible sources of information in Point 6.2 below, it is not an ultimate situation that we receive information directly from the data subjects (persons who are directly concerned by the adverse event or require product-related medical information).

Informing data subjects about the data processing is a privacy principle. We are bound by this obligation even if the personal data is not received directly from the data subject her/himself. However, in some cases we do not possess enough information about the data subject (including the lack of contact data). In such cases we are not able to directly contact the data subjects and inform them directly, after we receive an information on them from the reporter.

For cases, when the source of information (i.e. reporter) is not the data subject her/himself, we suggest and encourage the reporter to inform the data subject (directly affected person) about the existence and availability of this Privacy Notice. It is desirable to share the URL link to this Privacy Notice, or at least refer to the content and/or the environment where the Privacy Notice can be found.

 

6.       PHARMACOVIGILANCE

    6.1. WHAT ARE THE CIRCUMSTANCES OF THE PERSONAL DATA PROCESSING?

    We will process the personal data with the following circumstances.

Purposes of our data processing Legal basis of our data processing What personal data may we handle? How long do we keep these data?

Richter handles personal data in order to facilitate that Richter

  • is able to fulfil its obligations prescribed by the legal regulations in connection with the reported adverse events /adverse drug reactions;
  • is able to operate the drug safety monitoring system;
  • is able to fulfil the reporting obligation of adverse drug reactions prescribed by legal regulations.

     

In order to be able to monitor the safety profile of our products, we may

  • assess the reported adverse event / adverse drug reaction information;
  • gather further information about the adverse event / adverse drug reaction and the circumstances;
  • reply to reporters.
  • follow-up reports.

     

Richter is obliged by pharmacovigilance legislation to record, process and store information on adverse events / adverse drug reactions and personal data included in such reposts, furthermore to submit these reports according to the applicable legal regulations.

Such legal regulations are:

  • Commission Implementing Regulation (EU) No 520/2012 of 19 June 2012 on the performance of pharmacovigilance activities provided for in Regulation (EC) No 726/2004 of the European Parliament and of the Council and Directive 2001/83/EC of the European Parliament and of the Council;
  • Guideline on good pharmacovigilance practices (GVP) – Module VI – Collection, management and submission of reports of suspected adverse reactions to medicinal products;
  • 15/2012. (VIII. 22.) Decree of the Minister of Human Capacities

Personal data of the

  • Patient
  • Contact details (e.g. name, email address, phone number, address)
  • Age, sex, sexual life
  • Weight, height
  • Ethnic origin
  • Information of patient's relatives
  • Past and current medicinal therapies or remedies
  • Medical status
  • Medical history
     
  • Reporter
  • Contact details (e.g. name, email address, phone number, address)
  • Profession
  • Relationship with the patient

Richter archives and stores the pharmacovigilance data as long as the product is authorised and for an additional 10 years after the marketing authorisation has ceased to exist.

 

/Based on GVP module VI. C.2.2.

and

paragraph 2 of Article 12 of Commission Implementing Regulation (EU) No 520/2012 of 19 June 2012 on the performance of pharmacovigilance activities provided for in Regulation (EC) No 726/2004 of the European Parliament and of the Council and Directive 2001/83/EC of the European Parliament and of the Coun​cil/

    6.2. ​WHAT/WHO IS THE SOURCE OF THE ADVERSE EVENT / ADVERSE DRUG REACTION INFORMATION?

    Richter may receive information on adverse events / adverse drug reactions from the below sources:

  • patient;
  • healthcare processional (e.g. doctors, pharmacists, nurses, vets, dentists, opticians, chiropodists, midwives, laboratory directors, bio-medical operatives, physiotherapists, nutritionists);
  • third person (e.g. family member of the patient, attorney-at-law, colleague);
  • public source (e.g. professional articles);
  • other source.

    However, in most of the cases we will receive personal data from the above sources with direct data sharing, and originally we do not oblige persons to send us an adverse event / adverse drug reaction report, in case we receive any information concerning an adverse event / adverse drug reaction which might be in connection with any of our products, we are obliged by law to collect information on the case and handle it according to the defined pharmacovigilance procedure. This results that we are obliged by law to process personal data, after we will be familiar with such data.

    Please note that healthcare professionals are obliged by law to report about adverse drug reaction they receive information on.

    Please also note that we are always obliged to administer and register the contact details (name and other contact data) of the reporter of adverse event / adverse drug reaction.

     
  • 6.3. FORMS OF RECEIVING INFORMATION

    Richter may receive information addressed directly to Richter on adverse events / adverse drug reactions in the below forms, through the below listed channels:

  • Electronic - written / postal - written / personal - oral
  • email communication;
  • personal communication;
  • phone communication;
  • Richter's websites, social media;
  • postal letter.

     
  • 6.4. WHAT DO WE DO WITH THE INFORMATION ON ADVERSE EVENT / ADVERSE DRUG REACTION?

    The pharmacovigilance reporting procedure is strictly regulated by the European Union and national legal regulations. During the handling of the reports we may carry out the following actions:

  • Receiving the information on adverse event / adverse drug reaction via e-mail, via websites, via phone calls, via postal letters, via personal information sharing, via public source search.
  • Registering and processing the adverse event / adverse drug reaction into our own, national and international databases.
  • Assessing the adverse event / adverse drug reaction (i.e. medical evaluation of the adverse event report).
  • Follow up the adverse event. (I.e. asking questions in connection with the adverse event if the originally provided or available information is not sufficient for the complex evaluation of the case.)
  • Transferring and disclosing data on adverse event / adverse drug reaction to recipients listed in Point 6.5 below.

     
  • 6.5. ​DO WE DISCLOSE OR TRANSFER YOUR PERSONAL DATA?

    According to the pharmacovigilance legislation Richter may share personal data in connection with pharmacovigilance information

  • with entities (affiliates and representative offices) within Richter group;
  • with regulatory authorities, national health authorities, including submitting the case into EudraVigilance system (however transferring personal data to EudraVigilance system is very rare since anonym data are sufficient);
  • with Richter's service providers who are part of Richter's pharmacovigilance system and processes. We provide appropriate safeguards and guaranties for the data transfers (including data transfers to service providers established in third countries)
  • with commercial partners (with whom we commercialize the same pharmaceutical products in different countries based on commercial agreements).

     

7.       MEDICAL INFORMATION SERVICE

7.1.    WHAT ARE THE CIRCUMSTANCES OF THE PERSONAL DATA PROCESSING?

We will process the personal data with the following circumstances, unless the question/request concerns Pharmacovigilance related issues because in such case, Section 6 shall apply.

Purpose of our data processing Legal basis of our data processing What personal data may we handle? How long do we keep these data?
To reply to your question and to follow-up your request.Your previously given informed consent.

Your contact details and the data provided in your request.

(e.g.: name, email, phone number, health related data, other data which you share with us in your communication.)

Until your question/request is answered but the data will be kept for five years at the latest.

 

7.2.    WHAT/WHO IS THE SOURCE OF THE MEDICAL INFORMATION REQUEST/QUESTIONS?

Richter may receive medical information, medical enquiry from the below sources.

  • patient;
  • healthcare processional (e.g. doctors, pharmacists, nurses, vets, dentists, opticians, chiropodists, midwives, laboratory directors, bio-medical operatives, physiotherapists, nutritionists);
  • third person (e.g. family member of the patient, attorney-at-law, colleague).

     
7.3. ​FORMS OF RECEIVING MEDICAL INFORMATION REQUEST/QUESTION
Richter may receive medical information requests/questions addressed directly to Richter in the below forms, through the below listed channels:
  • Electronic - written / postal - written / personal - oral;
  • personal communication;
  • phone communication;
  • Richter's websites, social media;
  • postal letter.

     
7.4. ​WHAT DO WE DO WITH THE MEDICAL INFORMATION, MEDICAL ENQUIRY?
During the processing of the data that we have received, we may carry out the following actions:
  • Receiving the information via e-mail, via websites (including social media), via phone calls, via postal letters, via personal information sharing.
  • Registering and processing the medical information into our own, or the contractual Partner's databases.
  • Assessing the medical information.
  • Follow up the medical enquiry.
  • Transferring and disclosing personal data to recipients listed in Point 7.5 below.

     
7.5. ​DO WE DISCLOSE OR TRANSFER YOUR PERSONAL DATA?
​In order to follow-up your questions or reply to your request Richter may share personal data:
  • with entities (Gedeon Richter Plc. as the mother company, other affiliates and representative offices) within Richter group;
  • with Richter's service providers who are part of Richter's medical information system and processes.

     

8.       OTHER REQUESTS

8.1.    WHAT ARE THE CIRCUMSTANCES OF THE PERSONAL DATA PROCESSING?

We will process the personal data with the following circumstances, unless the question/request concerns Pharmacovigilance related issues because in such case, Section 6 shall apply or medical information requests/questions because in such case Section 7 shall apply.

Purpose of our data processing Legal basis of our data processing What personal data may we handle? How long do we keep these data?
To fulfil your request.Your previously given informed consent.

Your contact details and the data provided in your request.

(e.g.: name, email, phone number, health related data, other data which you share with us in your communication.)

Until your question/request is answered but the data will be kept for five years at the latest.

 

8.2.    WHAT/WHO IS THE SOURCE OF THE REQUEST?

Richter may receive requests from the below sources.

  • patient;
  • healthcare processional (e.g. doctors, pharmacists, nurses, vets, dentists, opticians, chiropodists, midwives, laboratory directors, bio-medical operatives, physiotherapists, nutritionists);
  • third person (e.g. family member of the patient, attorney-at-law);
  • other source.
     
8.3. ​FORMS OF RECEIVING OTHER REQUESTS
Richter may receive other requests addressed directly to Richter in the below forms, through the below listed channels:
  • Electronic - written / postal - written / personal - oral
  • ​email communication;
  • personal communication;
  • phone communication;
  • Richter's websites;
  • postal letter.

     
8.4. ​WHAT DO WE DO WITH THE REQUEST?
During the handling of the requests we may carry out the following actions:
  • Receiving the request via e-mail, via websites (including social media), via phone calls, via postal letters, via personal information sharing,
  • Registering and processing the request into our own databases.
  • Assessing the request.
  • Follow up the request.
  • Transferring and disclosing personal data to recipients listed in Point 8.5 below.

     
8.5. ​DO WE DISCLOSE OR TRANSFER YOUR PERSONAL DATA?
Richter may share personal data in connection with the request:
  • with entities (Gedeon Richter Plc. as the mother company, other affiliates and representative offices) within Richter group;
  • with Richter's contractual partners (e.g. with attorney-at-laws, advisors, external experts, commercial partners).

     

9.       WHAT SAFEGUARDS DO WE USE?

When we handle (including disclose) personal data, we always ensure confidentiality of the personal data, apply restricted access to the personal data, impose contractual safeguards on our partners and service providers, operate internal procedures in order to comply with our data protection obligations, operate sufficient technical and organizational measures to protect the personal data, and we ensure the data protection principles, especially the principle of data minimisation and time and purpose limitation.

 

 

10.   WHICH RIGHTS DO YOU HAVE OVER YOUR PERSONAL DATA

You have the right:

  • to request access to your personal data,
  • to request transfer of your personal data to you or to another person,
  • to restrict the processing of your personal data,
  • to correct or erase incorrect or outdated information,
  • to delete your personal data (as regards personal data which are processed based on your consent),
  • to object the processing of your personal data in specific cases (as regards personal data which are processed based on our legitimate interest and legal regulation).

    If you contest the use of your personal data, you can also ask that we restrict the processing of these data.

    If we use your personal data based on your consent, you can withdraw this consent in most of the cases.

    Please note, that the above-mentioned rights may be limited. We are obliged by law to process pharmacovigilance data. In these cases, we are not allowed to delete some of your personal data.

    Of course, if the legal regulations allow us, we will stop the data processing and delete your data for such purpose.

    To exercise your rights, please send us your request to one of our contact data as detailed above. Also, you have the right to submit a complaint to the data protection supervisory authority as detailed in the first, background section of this Privacy Notice.

Please also note that we may need to check your identity before we comply with your request. Therefore, we may ask you to provide us with some additional data.​