The company Neopharmed Gentili S.p.A (hereinafter referred to as the “Data Controller”), would like to provide you with the following specific information regarding the ways in which your personal data is processed pursuant to Art. 13 of EU Regulation 2016/679 “GDPR” (hereinafter, the “Privacy Policy").
1. Data Controller and contact information
Neopharmed Gentili S.p.A. Is the Data Controller.
The company is headquartered in Via San Giuseppe Cottolengo n. 15, 20143, Milan, Italy, e-mail: privacy@neogen.it.
2. The Company has appointed a Data Protection Officer (DPO) who can be reached at the following e-mail address: dpo@neogen.it.
3. Types of data processed and purposes for the processing
We hereby inform you that the Data Controller shall process your data exclusively for the purposes strictly related to the execution of Pharmacovigilance activities, as required by law (Directive 2010/84 of the European Parliament and of the Council of 15 December 2010), and specifically for purposes related to the management of the report (to investigate the adverse event, to compare the report with other reports of adverse events already received, to provide the Authorities with as accurate and precise information as possible). The reference legislation requires ensuring that adverse events are traceable and available for follow-up. Therefore, for the completed assessment of the report, it will be useful to be able to contact the report author again.
For the purposes described, the Data Controller may process data:
A) of the party to whom the adverse event refers to
Personal data (first and last name initials, age, date of birth, year of birth and the like), details suited to reveal the state of health, and contact information. Your data shall therefore be pseudonymized.
B) of the party filing the report
Personal data (full first and last name), profession and/or relationship with the subject to whom the adverse event refers to.
4. Nature of data processing and legal basis
The processing (and submission) of your personal data is essential for the execution of Pharmacovigilance activities the Data Controller is required to carry out, and as such it is necessary:
- in order to comply with a legal obligation to which the Data Controller is subject to (Art. 6(1)(c));
- for reasons of public interest in the field of public health, such as protection against serious cross-border health threats or the guarantee of high standards of quality and safety of health and medical products and devices (Art. 9(II)(i));
Failure to provide data prevents the Data Controller from establishing and managing the relationship with the data subject and from carrying out the consequent and necessary actions. Failure to provide data prevents the Data Controller from establishing and managing the relationship with the data subject and from carrying out the consequent and necessary actions.
5. Data processing methods and data retention time
Your personal data shall be processed with both automated tools and in paper form, for the time strictly necessary to achieve the purposes for which they were collected and, in any case, for the duration of the life cycle of the product to which the adverse event refers to, and for a further 10 years from the withdrawal of the product itself from the market.
When your personal data are processed with IT tools, they are entered into an interconnected database system, accessible only by authorized agents. Said system is protected by security measures (firewalls and other protections) suitable to minimize the risks of third-party intrusion, deterioration of data and/or accidental destruction of the same. It is also constantly monitored by authorized managers. Security measures are constantly updated.
6. Persons authorized to process data
Your personal data shall be processed by the Data Controller by means of his/her agents (belonging to the Pharmacovigilance office) and may be known by the subsidiaries/investees related to the Data Controller.
Your personal data may be communicated, for the purposes mentioned above, to external persons specifically appointed as Data Processors, including but not limited to those who carry out maintenance and support for the Database of adverse reactions and related services.
A list of the persons appointed as Data Processors is present at the main office of the Data Controller.
The strictly necessary personal data shall be communicated, where applicable, to the following categories of independent Data Controllers, who will process them exclusively for the purposes specified below, without being able to make other use of them:
- authorities and public administrations, for the performance of institutional functions, within the limits established by law and regulations (Regulatory Authorities, AIFA; EMEA etc ...);
- other pharmaceutical companies that hold marketing authorizations, for the fulfillment of legal obligations, within the limits established by pharmacovigilance agreements.
7. Data transfers to third countries The Data Controller reserves the right to transfer your Data to countries outside the European Union if the transfer is covered by adequate decisions issued by the European Commission or by appropriate safeguards provided by the current legislation.
8. Rights of the data subject
At any time, you are entitled to exercise the following rights under Art. 15 et seq. of EU Regulation 2016/679:
i. right of access (art. 15 GDPR);
ii. right of rectification (art. 16 GDPR), erasure (art. 17 GDPR) or restriction (art. 18 GDPR);
iii. right to object to the processing (art. 21 GDPR);
iv. right to data portability (art. 20 GDPR);
v. the right to file a complaint with a privacy supervisory authority (Italian Data Protection Authority) (art. 77 GDPR)
To exercise the aforementioned rights, file a report or request additional information regarding the methods by which personal data is processed, please forward all requests by mail to Neopharmed Gentili S.p.A., Via San Giuseppe Cottolengo n. 15, 20143, Milan, Italy or by e-mail to privacy@neogen.it. You may also contact the DPO at the following e-mail address: dpo@neogen.it.