1. Angelini Pharma
  2. Privacy
  3. Privacy notice for pharmacovigilance

Privacy notice for pharmacovigilance

AP25 G 1440 Pharmacovigilance

Privacy notice relating to pharmacovigilance reports

(“Pharmacovigilance”)

Last update October 08, 2020

 

The company Angelini Pharma S.p.A. (hereinafter "Angelini" or "Data Controller"), pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter "GDPR” or "General Data Protection Regulation") and Legislative Decree 196/2003 (Privacy Code), provides you with the following information on the processing of your personal data, in your capacity as “reporting party” of adverse events and reactions subject to pharmacovigilance obligations or as subject to whom the report refers (“patient”).

  1. Data Controller and Data Protection Officer (DPO)
    The Data Controller is Angelini Pharma S.p.A., with registered office in Viale Amelia n. 70, 00181 - Rome (Rome), Italy, email: privacy.italia@angelinipharma.com.
    The Data Controller has appointed a Data Protection Officer (DPO), who can be contacted directly at the following addresses: Data Protection Officer - DPO c/o Angelini Pharma S.p.A., Viale Amelia n. 70, 00181 - Rome (Rome), Italy, email: dpo.italia@angelinipharma.com.

  2. Purposes of processing and legal basis for the processing 
    All personal data provided by you is processed in compliance with the provisions of the law in a correct, lawful and transparent manner for the purpose set out below and according to the following conditions of lawfulness (legal basis of the processing).

    Purposes of the processing Legal basis of the processing

    Proper and comprehensive management of reports relating to pharmacovigilance.

    In particular, to: (i) investigate the adverse event; (ii) contact the reporting party to obtain, if necessary, additional information with respect to that already communicated ("follow-up"); (iii) compare the information on the adverse event with information on other adverse events received by the Data Controller to analyze the safety of the product or of a generic component or of an active ingredient as a whole; (iv) provide the competent authorities with the information required by law, so that they can analyze the safety of the product as a whole or of a generic component or an active ingredient [Pharmacovigilance].

    The processing of your personal data for this purpose is a legal obligation (Art 6.1.d of the GDPR).

    The processing of “special categories of personal data” is necessary for reasons of public interest in the public health care sector, by way of guarantee of high quality and safety parameters in medicinal products and medical devices (Art. 9.2.i of the GDPR).
  3. Categories of data processed
    The Data Controller will process the following categories of your personal data:
    • as “reporting party”, as a guarantee of the exactness and pertinence of data and its verifiability for the purpose of the scientific assessment of the reports: e-mail address or telephone number, to obtain, if necessary, additional information with respect to that already communicated (“follow-up”); and, in order to manage the report correctly, any classification as medical-health care professional (for example doctor, dentist, nurse, pharmacist, medical examiner) or type of non health care professional, such as patient, attorney or person in relation to the subject to whom the report refers (for example friend, relative, assistant);
    • as the subject to whom the report refers (the “patient”): initials of name and surname, city and country of residence, age (or age range) and/or date of birth, gender, height and weight and data relating to sex life or which reveals racial or ethnic origin, health of the subject (medical history, any current or previous pathologies, pharmacological and non-pharmacological therapies, pregnancy, breast-feeding) “special categories of personal data”) concerned by pharmacovigilance obligations, in particular in respect of “Safety information” on the medicinal product, such as adverse reactions, special situations (abuse, overdose, improper use (misuse), therapeutic error, “off-label” use, occupational exposure), exposure during pregnancy or breast-feeding, with or without associated adverse reactions, lack of efficacy or suspected transmission of infectious agent through the medicinal product.
  4. Data Source
    Your personal data will be obtained by the Data Controller:
    • directly from you and your interaction with us;
    • by the “reporting party”, if a subject other than the subject to whom the report refers;
    from other pharmaceutical companies, including companies of the Angelini Pharma Group, bound to the Data Controller by license contracts and distribution agreements for pharmaceutical products.
  5. Nature of data provision 
    The provision of your personal data for pharmacovigilance is mandatory insofar as it derives from provisions of the law.
  6. Processing methods
    Data processing is carried out using both automated and non-automated tools, with logic strictly related to the purposes of the processing and, in any case, with methods and procedures able to ensure the security and confidentiality of the data.Categories of personal data recipients

  7. Categories of personal data recipients
    For the purposes indicated above (paragraph 2), your personal data may be communicated:

    • to persons authorized by the Data Controller to carry out personal data processing operations (employees or collaborators of the Data Controller);
    • to the data processors appointed by the Data Controller (suppliers of computer, technological and telematic services; pharmacovigilance reporting management service providers);
    • to autonomous data controllers (national and European medicine and drug agencies, other pharmaceutical companies, including companies of the Angelini Pharma Group, bound to the Data Controller by license contracts and distribution agreements for pharmaceutical products or, in the case of transfer of marketing authorizations for the pharmaceutical product).

    Your data may also be transmitted in accordance with the law to tax authorities, police and judicial and administrative authorities, for the assessment and prosecution of crimes, prevention and protection from threats to public security, to allow the Data Controller to ascertain, exercise or defend a right in court, as well as for other reasons related to the protection of the rights and freedoms of others.

  8. Data retention period
    We store your personal data for a limited period of time. After the expiry of this period, your data will be permanently deleted or in any case rendered irreversibly anonymous.
    Your personal data will be stored in accordance with the terms and criteria specified below:
    • for pharmacovigilance (purpose pursuant to paragraph 2) as long as the medical product is authorised and for at least 10 (ten) years after the marketing authorisation has expired.

    For technical reasons, the termination of the processing and the consequent deletion of your personal data, or its anonymization, will take place within 30 (thirty) days from the terms indicated above.
    This is without prejudice to cases where retention for a longer period is required for any litigation, requests by the competent authorities or under applicable law.

  9. Transfer of personal data outside the EU/EEA
    Your personal data may be transferred to countries outside the European Union (EU) or the European Economic Area (EEA) which, however, offer an adequate level of data protection, as established by specific resolutions issued by the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).
    The transfer of your personal data to countries that do not belong to the EU/EEA and that do not ensure adequate levels of protection will be carried out only after the Data Controller and the recipients of the data have concluded specific agreements, containing safeguard clauses and appropriate guarantees for the protection of your personal data, so-called "standard contractual clauses", also approved by the European Commission.  
  10. Rights of the data subject
    The data subject, i.e. You, may exercise, in relation to the processing of the data described herein, the rights provided for by the applicable legislation on the personal data protection, including the right to:
    • have confirmation as to whether or not personal data concerning you are being processed and, if so, to obtain access to the data and related information (in particular, the purposes of the processing; categories of personal data processed; recipients or categories of recipients to whom the data have been or will be communicated; the period of retention of the data or the criterion for determining it; the existence of the right to rectify or erase the data or to limit or oppose the processing; the right to lodge a complaint with a supervisory authority; the origin of the data; the possible existence of an automated decision-making process, including profiling and, in such cases, significant information on the logic used and the importance and expected consequences of such processing for the data subject; the appropriate safeguards in case of transfer of personal data outside the EU/EEA), as well as a copy of such personal data, provided that this does not harm the rights and freedoms of others (right of access);
    • obtain the rectification of your personal data, i.e. to obtain the correction, modification or updating of any inaccurate or no longer correct data, as well as to obtain the integration of incomplete personal data, including by providing a supplementary statement (right of rectification);
    • request the erasure of your personal data when these, in particular, (i) are no longer necessary with respect to the purposes for which they were collected or processed, or (ii) they have been processed unlawfully, or (iii) they must be erased in order to comply with a legal obligation (right to be forgotten). Erasure may not be carried out if, in particular, the processing is necessary for the fulfillment of a legal obligation or for reasons of public interest or for the establishment, exercise or defense of a right in court;
    • obtain a restriction on the processing of your personal data, i.e. that the Data Controller retains such data without being able to use them. This right can be exercised only when, in particular, (i) the accuracy of the personal data is contested, for the period necessary for the Data Controller to verify the accuracy of such data, or (ii) the processing of the data is unlawful and a restriction on the use of the data is requested, instead of their erasure, or (iii) although the Data Controller no longer needs them for the purposes of processing, the personal data are necessary for you to establish, exercise or defend legal claims (right to restriction).

    To exercise these rights you can contact the Data Controller at any time, writing to Angelini S.p.A., viale Amelia n. 70, 00181 - Rome (Rome), Italy or at the email address privacy.italia@angelinipharma.com or by writing to the Data Protection Officer (DPO) c/o Angelini S.p.A., viale Amelia n. 70, 00181 - Rome (Rome), Italy, or to the email address dpo.italia@angelinipharma.com.

  11. Complaint
    If you believe that your personal data has been processed unlawfully, you have the right to lodge a complaint with the data protection authority (in Italy, the Garante per la protezione dei dati personali, for more information www.garanteprivacy.it).
    The complaint can also be made to a data protection authority other than that of Italy, if said data protection authority is that of the EU Member State in which you have your habitual place of residence or of the place where the alleged breach took place.
  12. Changes to this notice
    The constant evolution of our activities could lead to changes in the characteristics of the processing of your personal data described above. As a result, this privacy notice may be subject to changes and additions over time, which may also be necessary with regard to new legislation on the personal data protection.
    In the event of significant changes to this notice, we will notify You accordingly.

See also